Jakub Kramarz

System Administrator at Virtuslab.

Read this first

Configuring 802.1q trunk between UniFi AP and Juniper EX switch


After configuring 802.1q VLAN trunking on port, according to UniFi Wireless Controller, AP is now in Disconnected or Adoption Failed state.


Tap the traffic (e.g. using port reflector). UniFi AP expects no VLAN tagging on native VLAN, tagged packets on management interface will get discarded. If you’ve a lot of DHCP Discover and DHCP Offer packets but no DHCP Request packets, check if your native VLAN packets are not tagged.

Running show ethernet-switching interfaces will probably describe default VLAN as tagged and untagged at the same time:

Interface State VLAN members Tag Tagging Blocking ge-0/0/1.0 up default 1 untagged unblocked VLAN2 2 tagged unblocked VLAN3 3 tagged unblocked VLAN4 4 tagged unblocked default 1 tagged unblocked 


802.1q VLAN members definition must not contain default VLAN, so ingress and egress packets in will not need and will not...

Continue reading →

Atlassian Crowd authentication for OpenVPN

In whichever IT company you work, whatever its size and whatever its form is at some point in time requirement to extend a private network over public network will appear. If you are Windows-guy (or gal, of course) in Windows-based-company - good for you, deploying Remote Access Server role will do the job. Else if there is Linux everywhere - a day of struggling with StrongSwan should be enough.

But what you can do, if your environment is highly heterogeneous and your teammates are not willing to abandon their shiny Mac OS, stable FreeBSDs and crazy Mameos [1] and switch to consistent platform?

We’ve turned to OpenVPN, as its behavior is consistent over all of these platforms.

[1]: Ok, the last two were just an exaggeration, we’ve blooming Apple garden, greenhouse built of multiple Windows kinds and a Linux distro for every single old African word.

Attempt first: Certificate...

Continue reading →