Jakub Kramarz

IT Security Consultant

Read this first

Configuring 802.1q trunk between UniFi AP and Juniper EX switch

Problem:

After configuring 802.1q VLAN trunking on port, according to UniFi Wireless Controller, AP is now in Disconnected or Adoption Failed state.

Diagnosis:

Tap the traffic (e.g. using port reflector). UniFi AP expects no VLAN tagging on native VLAN, tagged packets on management interface will get discarded. If you’ve a lot of DHCP Discover and DHCP Offer packets but no DHCP Request packets, check if your native VLAN packets are not tagged.

Running show ethernet-switching interfaces will probably describe default VLAN as tagged and untagged at the same time:

Interface    State  VLAN members        Tag   Tagging  Blocking 
ge-0/0/1.0        up     default             1     untagged unblocked
                    VLAN2               2   tagged   unblocked
                    VLAN3               3   tagged   unblocked
                    VLAN4               4   tagged   unblocked
...

Continue reading →


Atlassian Crowd authentication for OpenVPN

In whichever IT company you work, whatever its size and whatever its form is at some point in time requirement to extend a private network over public network will appear. If you are Windows-guy (or gal, of course) in Windows-based-company - good for you, deploying Remote Access Server role will do the job. Else if there is Linux everywhere - a day of struggling with StrongSwan should be enough.

But what you can do, if your environment is highly heterogeneous and your teammates are not willing to abandon their shiny Mac OS, stable FreeBSDs and crazy Mameos [1] and switch to consistent platform?

We’ve turned to OpenVPN, as its behavior is consistent over all of these platforms.

[1]: Ok, the last two were just an exaggeration, we’ve blooming Apple garden, greenhouse built of multiple Windows kinds and a Linux distro for every single old African word.

Attempt first: Certificate

...

Continue reading →