Mikrotik OSPF Routing Distance Ignored

Discussion: Every routing protocol has a default distance to help the router to decide which route to use in case of multiple routes for the same destination. For Mikrotik routers these distances are listed here:https://wiki.mikrotik.com/wiki/Manual:Route_Selection_Algorithm_in_RouterOSIf you want to configure a backup link that is only activated when the OSPF main route is missing, you can …

Mikrotik OSPF Routing Distance Ignored Read More »

ARP and Broadcast Packets Missing

Problem: A Linux box with Debian 9 (kernel 4.9) on a HP server with Intel i40e (X710) network cards, is not reachable from neighbor machines, because ARP does not work. Discussion: while testing with tcpdump ARP worked, but later ARP stopped working again. When tcpdump is used with “-p” (non promiscuous mode) you can see …

ARP and Broadcast Packets Missing Read More »

MITMProxy and IOS 13

Problem: if you want to debug a IOS app with MITMProxy, the iPhone needs to trust the MITMProxy CA. This is done by going to http://mitm.it/ and clicking on the apple symbol. Then you have to accept the “profile” in Settings “downloaded profiles”. Then you have to trust this new CA cert in “Settings” “General” …

MITMProxy and IOS 13 Read More »

Linux Live-boot Fails after Debian/Devuan Update

Problem: after updating from Debian 8 to Devuan 2 the overlay live-boot failes with “no such device” Discussion: I use a bootable USB stick combined with live-boot. In this case the USB stick partition 3 is a normal ext4 file system used as read only “plainroot” filesystem. Live-boot overlays this with an ramfs.As I don’t …

Linux Live-boot Fails after Debian/Devuan Update Read More »

Greenlock(-express) Letsencrypt Fails with ECONNRESET

Problem: after upgrading vom greenlock-express v2.0 to v2.5 and switching from acme-v1 to acme-v2 every attempt to register a new TLS cert with Letsencrypt fails with “ECONNRESET” Discussion: the new version of greenlock tries to validate the .well-known/acme-challenge file before asking letsencrypt for the certificate.If your webserver is behind a loadbalancer or firewall and the …

Greenlock(-express) Letsencrypt Fails with ECONNRESET Read More »

Apache Start Hangs during Reboot of a KVM Virtual Server

Problem: Apache needs very long to start on a virtual server running on a KVM/QEMU virtual maschine. Solution: Apache needs a RNG (random number generator) for startup, probably because of TLS. A pure virtual maschine has no RNG device per default. If you add an RNG device to the virtual maschine configuration, apache startup is …

Apache Start Hangs during Reboot of a KVM Virtual Server Read More »

Sparse Files Howto

Unix file systems like ext3/4 can store files which are partly empty more efficiently by not storing blocks with all zeros. These files are called sparse files. When reading these files every things works as normal but “all zero” blocks don’t wast space on the drive. This can be useful for different application. For example …

Sparse Files Howto Read More »

DELL iDRAC6 with Java8

Problem: The remote console feature of a Dell R710 server does not open with an Linux client with errors like these: Connection failed, Unsigned Java Applett, etc Solution: I had to change three things:in /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/java.security I had to change to these lines: And in ~/.java/deployment/deployment.properties I changed these lines: And there is still a small …

DELL iDRAC6 with Java8 Read More »