Compaq-HP Proliant Server and Blade Checks (v2.12)

Got a few nice inputs from George Hansper, who thought it better to indicate more details about single component units in order to have the possibility to exclude some specific device.

This may not be a best practice to be followed, but nevertheless is a valid requirement in some specific and possibly temporary cases.

Thanks George for pointing out and testing the current version!

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

DOWNLOAD:  check plugins for Compaq/HP (6102 downloads )

Compaq-HP Proliant Server and Blade Checks (v2.11)

Some more testing done by Martin Boer together with some nice feedback on how to shorten down and beautify the code:

  • replaced a lot of silly ‘elsif’ statements with a single (but safe) ‘eval’
  • introduced a ‘-w’ parameter to set some failures to WARNING states instead of CRITICAL since “you don’t consider a bad disk in a RAID configuration necessarily something you want to find out in the middle of the night”

Since I published this without much testing, that would now be up to you guys 😉

1 Star2 Stars3 Stars4 Stars5 Stars (11 votes, average: 3.82 out of 5)
Loading...

DOWNLOAD: check plugins for Compaq/HP (6700 downloads )

iPhone / iPad VPNs to Ubuntu Server 8.04/10.04 (v1.1)

Hi everyone,

lately I have been testing more than one IPsec configuration and I’m not convinced by what is currently provided by Ubuntu/Debian and I now don’t think OpenSWAN to be the best solution available.

Actually I ran into the following issues while trying OpenSWAN and StrongSWAN as provided by Ubuntu 8.04 and 10.04:

  • Ubuntu 8.04 LTS (openswan 2.4.9): client connections are dropped after 60 minutes (see http://lists.openswan.org/pipermail/users/2009-July/017098.html)
  • Ubuntu 10.04 LTS (openswan 2.6.23): responses to L2TP requests are not encapsulated in IPsec; since the original L2TP request was encapsulated in IPsec any client located behind a NAT-device (ADSL router, internal company network et. al.) won’t be able to receive the response – the response will be dropped by the NAT-device (see http://bugs.xelerance.com/view.php?id=1004)
  • Ubuntu 8.04 LTS (strongswan 4.1.9) and Ubuntu 10.04 LTS (strongswan 4.3.2): NAT-T support is not enabled in the binary; this is defined as “not safe” in the build script “debian/rules” which is more or less a bit of a headache, since everyone of us trying to use a mobile device from WIFI networks will at some point in time need support for this

While trying out different versions of OpenSWAN I stumbled from one issue (and bug) into the next. I finally decided to settle for StrongSWAN and followed Niels’ advice (see http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/) on how to re-build a StrongSWAN package with NAT-T support.

Even though I’m no security expert, I believe it to be a bad choice by the original package maintainers not to include NAT-T support. It should be up to us sys-admins to decide whether or not we want to activate it. If you don’t compile support for it into the binary, you take the choice for this vital component (IMHO) away from us! Just put “nat_traversal=no” and a nice comment about it “possibly” not being safe into the package’s default configuration file!

PLEASE NOTICE: StrongSWAN’s NAT-T “possibly not being safe” does not refer to an implementation issue with this feature but to the specification itself!!

I guess not everyone has a mind to re-build the whole package, so I’ll provide pre-compiled StrongSWAN packages with activated NAT-T support for Ubuntu 8.04 LTS / 10.04 LTS.

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 4.75 out of 5)
Loading...

DOWNLOADS: iPhone / iPad VPN and firewall example configuration (6441 downloads )

Whatever you think about this short post – please drop me a note at info@crowdedplace.com or otherwise simple use the yellow button at the right… 🙂