Menu Close

Author: palo73

Installing full Linux from Windows on USB with persistent storage

This guide will describe how to install a full Linux OS on an USB flash disk with permanent storage feature, i.e. the system does not lost your files after a reboot as usual live distribution does. The system is fully operable OS and transferable to any PC with all your installed and saved stuff.

There are several ways how to do it, for example using two usb keys, or making a bootable live USB key and then performing the installation (as is for example decribed here How to Install Linux OS on USB Drive and Run it On Any PC ).

Tools for a quick SIP diagnostics – ngrep, sipgrep and sngrep

Sometimes there is a need for simple and quick analysis or the troubleshooting of a SIP server and its call functions. Of course, we should use the well-known tcpdump, mentioned in the article Using tcpdump for SIP diagnostics. However, for some occasional Linux users this may be too difficult and unclear. Actually there exist some simpler utilities,, that could work fine, as ngrep, and for me newer sipgrep and sngrep (love at first sight).

All utils are directly available and can be installed online from Debian repo using apt-get install ngrep sipgrep sngrep.

SIP clients – security features analysis

Table provides the overview of security features of nine analysed open-source SIP clients (some sources call them the RTC communicator).

Source: P. Segeč, M. Moravčík, J. Hrabovský, J. Papán and J. Uramová, “Securing SIP infrastructures with PKI — The analysis,” 2017 15th International Conference on Emerging eLearning Technologies and Applications (ICETA), Stary Smokovec, 2017, pp. 1-8.
doi: 10.1109/ICETA.2017.8102525
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?rp=&arnumber=8102525&isnumber=8102457

Problem with a VoIP phone behind NAT – disabling FortiGate SIP ALG

Initial state and observed problems

Observed problems

We had observed a problem, where a SIP phone is registering, but the AOR record indicates, that as a Contact IP address the incorrect and strange private IP address is used. As is shown on following listing:

voip*CLI> pjsip show aor 1765
   Aor:  <Aor..............................................>  <MaxContact>
     Contact:     
   Aor:  1765                                                 1 Contact:  1765/sip:1765@10.16.42.46:65476              f123d14d1c NonQual         nan
 ParameterName        : ParameterValue
  =================================================
  authenticate_qualify : false
  contact              : sip:1765@10.16.42.46:65476
  default_expiration   : 7200
  mailboxes            :
  max_contacts         : 1
  maximum_expiration   : 7200
  minimum_expiration   : 60
  outbound_proxy       :
  qualify_frequency    : 0
  qualify_timeout      : 3.000000
  remove_existing      : true
  support_path         : false
  voicemail_extension  :

This cause a problem, where incoming phone calls (call on 1765 number) are not reaching the SIP phone. We had tried to solve the situations on the phone only modifying its NAT configuration and using STUN, but with no success. Then we setup the lab with two Cisco NAT to simulate the topo. It works perfectly. This indicate on a problem with the Fortigate firewall. Several posts indicates that it could be the SIP ALG problem, which is on Fortigate devices turned on by default and it modifies SIP messages.

Running Fortigate FW VM inside of GNS3

In this post we describe how to run Fortigate FW VM appliance inside of the GNS3 (local or remote).

Prerequisities and environment

  • GNS3
    • In my case of version 2.1.1 running on a remote linux server (physical HW, not GSN3 VM).
    Fortigate VM Image for KVM
    • In my case FortiGate for KVM platform Version 6.2.
    • Download from HERE using Fortigate.ONE account (may create for free).
    GNS3 Fortigate Appliance

    Note: FortiGate VM evaluation license

    FortiGate VM includes a limited embedded 15-day trial license that supports:

Tclsh script examples: how to generate router loop interfaces with IPv4 addresses

This example shows how to generate 254 loop interfaces with assigned ipv4 addresses 172.16.0.1/24 up to 172.16.255.1/24. The code is:

enable
tclsh
for {set i 0} {$i < 256} {incr i} {
ios_config "int loop $i" "ip address 172.16.$i.1 255.255.255.0"
}
ios_config "end"
tclquit

and you may just simply copy and paste it into a Cisco router CLI. Therefore first run tclsh within of privileged EXEC mode

How to kill ESET AV process

Eset AV sometimes prevents to run and install some applications, for example microtorrent client or virtualbox extension pack. If the AV pausing does not help, there is an option to kill the AV process using a standard way (using the task manager). However, Eset AV has enabled by default a Self-defense feature preventing to do that.

Therefore to be able to kill the process this feature has to be disabled. To do that follow:

Display CCNA curriculums locally

Once if we are allowed download zipped version of ccna curriculum (for example as an netacad instructor) we should be able run them locally without web server need. However there is a problem to display these curriculums by default as it contain embeded flash animation. This problem persists in different browsers (firefox, chrome, epiphany) for example.