Servers

Intel NIC 82579LM install on ESXi 5.1

Posted on by Andy

Hello,

i had recently the problem that i installed ESXi 5.1 on the local network. Installation and configuration went smoothly but the network card was not recognized. After some reading i found the answer, install a community-compiled driver for that card.

Here a quick how i've got the Intel 82579LM to work:

  1. Download the needed driver here. net-e1000e-2.1.4.x86_64.vib and put it on the disk
  2. Go to your ESXi and make sure that at least your ESXi Shell is enabled then go to the terminal using CTRL+ALT+F1
  3. Login with your root password
  4. Go to the folder you where you stored the driver
  5. Copy the driver to another place
    # cp /path/to/net-e1000 /tmp
  6. Put ESXi into maintenace mode
    # esxcli system maintenanceMode set -e true -t 0
  7. Set the host software level to community
    # esxcli software acceptance set –level=CommunitySupported
  8. Now install the driver
    # esxcli software vib install -v /tmp/net-e1000e-2.1.4.x86_64.vib (path must be absolute)
  9. And exit the maintenance mode
    # esxcli system maintenanceMode set -e false -t 0
  10. That's it, reboot the machine.

Sources: here

Click here for more drivers.

Locale problem in CentOS

Posted on by Andy

hello,

when executing some programs like bash, python, perl or yum you can sometimes encounter messages like these:

"-bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8)"

or

"Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.UTF-8""

The fix for this bug is quite simple, just add following line to your /etc/sysconfig/i18n:

LC_CTYPE="en_US.UTF-8"

and the world is nice again 🙂

Update:
If using the MacOSX Terminal you can also deactivate the option "Set locale environment…" in the Terminal -> Settings -> Advanced tab.

Easyrsa for pfSense 1.2.3

Posted on by Andy

You can use easy-rsa on pfSense to generate your OpenVPN keys.

WARNING: This may not be the ideal situation for deploying your PKI. If your OpenVPN server is compromised, your entire PKI will be compromised. This is typically of very little concern, as access to the firewall is highly restricted, and in most networks it's likely the most secure and least accessible device on the network.

Install

Just run the following from a SSH session:

# fetch -o – http://files.pfsense.org/misc/easyrsa-setup.txt | /bin/sh

This will download the files, extract them, and remove the downloaded file. After doing this, you will be prompted to run the next step manually. Copy and paste the last line displayed to generate your certificates (NOTE: If you have gone through this process previously, repeating this will wipe out all your existing certificates!)

# cd /root/easyrsa4pfsense && ./PFSENSE_RUN_ME_FIRST

This will first prompt you for your location and organization information, to be used when generating the certificate authority and initial certificates, and as defaults when creating additional certificates in the future. It will then create your certificate authority, a server certificate, and one client certificate. These files can be found in the /root/easyrsa4pfsense/keys/ directory.

If you are prompted for a challenge password, you most likely will want to leave it blank. Press enter at the challenge password prompt, and again on the confirm prompt.

Creating a client key

To create a new client key, SSH into the firewall, choose option 8 and run:

# cd /root/easyrsa4pfsense
source vars
./build-key clientXXXX

Where clientXXXX is the name of the client.

You'll then find the client's keys in /root/easyrsa4pfsense/keys/

Revoke a client key

To revoke the key for client1:

# cd /root/easyrsa4pfsense/
# source vars
# ./revoke-full client1

Which will update the crl.pem file, the contents of which need to go into the pfSense OpenVPN GUI in the CRL field.

source: PFSense Docs