Menu Categories Author

Nubis Novem

IT consulting company with real cloud experience

Author: Andrei Spassibojko

Self Control: Windows server connected by VPN service to itself

There were times when we were looking for simple yet unorthodox solutions; and this case was one of them. Imagine, if there was a Windows 2012 server with its standard VPN service (RAS, or, Remote Access, actually), configured and operational. The only problem was that static IP of the server (as seen by a connected user) was not up at all times. For instance, assume DHCP IP range for VPN clients was 172.0.2.1 – 172.0.2.199. That makes first address of the range, 172.0.2.1 the server’s address that is accessible by VPN clients (inside VPN tunnel). When server just started that IP would be down – not even pingable, let alone not routable. The IP address becomes live as soon as first VPN client is connected from outside to the RAS service. That presented a challenge for application jobs configured to run in both modes: locally on the server and from remote locations connected to the server. We would configure 172.0.2.1 as a universal connection point for all the applications and grant proper server firewall exclusions, though… they would not be able to connect if no external users connected to the VPN service yet.

Read more

Archive-Zip for Perl, a moody princess: limitations, shortcomings, workarounds

The Archive-Zip Perl module introduced as early as January 2001, then supported by several maintainers with regular updates. Most of the time Archive-Zip is alright, but there are limitations. 2016 is about to be over and the Archive-Zip still does not know how to handle newer “64bit” header ZIP format. Not only it cannot read them 64bit ZIPs; alas, it would not create those, also. With older “32bit” header ZIP archives compressing larger amount of data files presents a bigger challenge than it should. Yes, you might use a different compression format or technique. But what if we must stick with the good old ZIP file as our standard? Here is a recipe on how to handle that.

Read more

Shrewsoft VPN Client for OS X El Capitan Saga revisited

Just a quick note as we have had a few reports lately that Shrewsoft VPN client package for Mac OS X (El Capitan release) was missing in main homebrew repository. That caused troubles for folks trying to use our recipe on that subject from last year.

Read more

Lack of context type for Perl hash arrays

Just some random thoughts on a napkin. Please do not shoot the messenger, but Perl would gain a lot in readability if it had reduced even more some of its generic constructs with better use of unambiguous context. For instance, who is in favor of a separate context type for hash arrays (associative arrays usually defined as %hasharrayname), please raise your hands.

Read more

Handling multiple external IP addresses with Palo Alto PA-3020

Another showcase with Palo Alto PA-3020 firewall hardware device by Palo Alto Networks running PAN OS 6.0 (PA-3000 series). This time we would like to discuss a use of multiple IP addresses on the external interface. Say, you are running into a situation where more than one HTTPS web services should be offered to the public, but they are based on separate hardware resources internally. The simple solution would be to use another IP address for incoming connection on TCP port 443 and create another NAT policy rule for that additional address.

Read more

How to protect Remote Desktop Service with valid SSL certificate in Windows 2008, 2012, 2016

It is typical for a Windows server to have a auto-generated self-signed certificate for its Remote Desktop service. Not a good practice. Especially when RDP service is exposed on the internet (via TCP port 3389 that would be open in firewall). Here are a few simple steps to install a valid SSL certificate to be used with RDP to protect the host identity and encrypt your remote desktop sessions properly.

Read more

Perl: random order list howto

First Perl recipe here, to our best knowledge. The idea is very simple and obvious: using random function rand for randomly ordering values inside a sort pipeline. It could be used for any Perl lists or arrays random ordering, though we decided to sort hash array keys (as we tend to use that a lot in a form of hash array references).

Read more