I’ve been using OpenVPN for years and enjoy the convenience that OpenVPN only require one TCP or UDP port, which is fairly easy to set up even when one of the site is behind NAT or having dynamic IP. In comparison, setup IPsec is more complicated in this case.
However, EdgeRouter hardware offloading does not support OpenVPN. In this example, we will set up IPsec site-to-site using EdgeRouter, with one site having static IP, another site is using dynamic Internet IP and behind a NAT device (e.g. ISP-provided router). In my case, the ISP-provided router is an Optus/Sagemcom router, and the example config is available in another article. If your environment is not that complicated, refer to Ubiquiti help articles.
Continue reading “EdgeRouter IPsec site-to-site config example – one site static IP, another site dynamic Internet IP and behind NAT”
This article illustrates how to set up Optus router to forward UDP 500, UDP 4500, ESP and AH to the VPN gateway. This is required when setting up IPsec VPN gateway (e.g. EdgeRouter) behind NAT device (e.g. Optus router).
Continue reading “Optus (Sagemcom) router config example for forwarding IPsec VPN traffic”
This article illustrates how to use Route 53 and Lambda to setup single-tenant DDNS service, with code examples.
It’s technically possible to use a Python script as a DDNS client to update the DNS record on Route 53 directly. However, an AWS access key and secret access key need to be loaded to that node. If that node is compromised, other DNS records in that hosted zone may get tempered because IAM policy does not allow fine-grained permission on a single DNS record. The risk can be mitigated using AWS Lambda.
Continue reading “Dynamic DNS using Route 53 and Lambda”
S3 object lock is a feature to prevent permanent deletion on S3 objects, by accident and deliberate. This article focus on retention period in governance mode. For legal hold, please refer to another article.
Continue reading “Amazon S3 object lock (retention period) in Python with IAM policy example”
S3 buckets and objects have their own object lock configuration. This article explains how it works.
Continue reading “Amazon S3 object lock configuration on buckets and objects”
S3 object lock is a feature to prevent permanent deletion on S3 objects, by accident and deliberate. This article focus on legal hold. For setting the retention period in governance mode, please refer to another article.
Continue reading “Amazon S3 object lock (legal hold) in Python with IAM policy example”
Update: I strongly against updating to Android 9 due to a bug in adaptive brightness.
I’ve purchased Asus ZenFone 5 model ZE620KL (4GB RAM, 64GB storage) in November 2018 in Taiwan at 8,800 NTD (~400 AUD). I’ve been using it for two months – it is reliable and offers good value of money.
Continue reading “Asus ZenFone 5 ZE620KL (2018) review – two months after purchase”
This is part of the note I took after I started at Macquarie University in 2016.
Continue reading “Banking in Australia”
I don’t have a car so sometimes I make a day trip to NSW National Park by taking public transport. This is what I learned by visiting different parks and checking news on those areas.
Continue reading “Safety in NSW National Parks – it’s beautiful but could be dangerous”
This was part of the note I took in 2016 after I stared in Macquarie University. These notes are not Macquarie-specific.
Continue reading “Tips for people new to Australia”
Here’s the note I took while I started at Macquarie in 2016. These notes are specific to Macquarie University.
Continue reading “Tips for whom just started at Macquarie University”
In most of the small and medium-sized enterprises (SMEs), we don’t have IT department and sometimes hire third-party for installation and setup. This post provides a checklist for things need to be aware while setting up Cisco Aironet 2800 access points.
Continue reading “Cisco Aironet 2800 installation checklist”
Several days ago I noticed one of my backup to Amazon S3 was failed because the file is larger than 5GB and I didn’t use multipart upload. Code snippet as below. Works on AWS SDK for Ruby v3.
Continue reading “Upload file larger than 5GB to Amazon S3 with Ruby”
This is a safe deposit box comparison I composed in December 2017 by comparing Guardian Vaults, Custodian Vaults, Westpac and Commonwealth Bank safe deposit boxes. Be aware that my purpose is to store A4 sized documents so I cannot use the smallest box.
Continue reading “Safe deposit box comparison 2017 – Sydney CBD”
Not every file system do data block checksumming. And the most popular one on Linux ecosystem – ext4 file system – is one of them. That means if there is a silent data corruption occur on the disk, it may not get noticed. The corrupted data may get backed up to the off-site storage device, and by time, the backup will get corrupted after it’s been replaced by up-to-date (corrupted) version. This is potentially dangerous if the data need to be stored for a long period of time.
Continue reading “Data integrity – why I choose Btrfs (silent data corruption)”
While changing the password on Cisco Aironet 2800 controller over web-based management interface, it will update the password for the web interface and SSH login of the controller. However, it will not update the SSH login on every access points. This post provides a solution to change the SSH login for all the access points.
Continue reading “Changing Cisco Aironet 2800 SSH password on every AP”
VLAN configuration is very different between HP and Cisco switches. HP is VLAN centred and Cisco is based on physical port. While managing Cisco switches, using a script to generate the config may ease the task. This post proposes a simple script to generate the config.
Continue reading “VLAN config generation with Ruby for Cisco Catalyst 3750”
Only two lines
time timezone 600
time daylight-time-rule user-defined begin-date 10/01 end-date 04/01
Continue reading “HP ProCurve Switch 5400zl timezone and daylight saving configuration in Sydney”
Only two lines
clock timezone AEST 10
clock summer-time AEDT recurring 1 Sun Oct 2:00 1 Sun Apr 3:00
Continue reading “Cisco ASA timezone and daylight saving configuration in Sydney”
Discount is a C implementation of Markdown, and Markdown a text-to-HTML converter written in Perl. They are pretty similar but different in the following behaviours
- Discount will replace double quote
“” and single and double quote
’. Where Markdown will keep the single and double quote as-is.
- To have a second level indentation on bullet points, Discount require two spaces, where Markdown only require one.
Continue reading “Difference between Markdown and Discount”
It is risky to issue a command like
Continue reading “Prevent accidental erasure of internal drive while using dd to write USB flash drive”
sudo dd if=image of=/dev/sdb bs=1M due to the risk of typing
sdb to something else (e.g. internal drive). If an error has been made, the internal hard drive may get erased. This post proposes a solution by using udev rules, which will allow read/write access to USB drive without
sudo and no password required. These udev rules does not affect SATA-based storage devices.
ThinkPad X280 running Ubuntu 18.04 allows a brightness level from 0 to 1515. However, the Fn+F5/F6 hotkey only allows 21 levels of control. This post provides a solution and easy-to-use script for brightness control, best use with Guake.
Continue reading “Precision brightness control on X280 running Ubuntu 18.04 (bionic)”
Before purchasing ThinkPad X280, I was concerned about the CPU throttling bug. It’s a bug which will throttle the CPU performance once it’s been triggered and will not restore the performance without a reboot.
I’ve developed a Ruby script for this test, and run it on X280 with i5-8250U processor. I did not reproduce the throttling issue that requires a reboot to restore the performance – whether the machine is powered by battery or connected to the power supply. However, I did discover a symptom which will under-clock the process to 123MHz under the certain load.
Continue reading “ThinkPad X280 CPU load and throttling test on Ubuntu 18.04 (bionic)”
I’m an everyday Linux (Ubuntu) user moving from X201s to X280. This is my review after installing Ubuntu 18.04 (bionic) on X280.
Continue reading “Review for ThinkPad X280 running Ubuntu 18.04 (bionic)”
I’ve followed the instructions from Bitnami for installing Let’s Encrypt certificate on Amazon Lightsail instance with Bitnami WordPress preloaded. The guide is very user-friendly and easy to follow. However, there is room for improvement in step 5 in certificate renewal.
Continue reading “Improved Let’s Encrypt certificate renewal on Bitnami WordPress”