Thursday, 14 August 2014

APM1 (Arduino 1280 based) Arducopter software

I've just acquired an older Arducopter quad and not had much luck with putting the newer versions of Arducopter onto the board because of its limited memory capacity. With a lot of digging and searching for the right Arduino IDEs and software versions - I've managed to build a couple of versions; one as per the source and one with some modules removed to make it fit onto the board. The hex files are attached below to hopefully save someone the pain of searching, compiling and failing. I'll also attach the IDE if you want to verify the code and compile yourselves.

Arducopter 2.3 and Arducopter 2.5.5 with NO CLI

The 2.5.5 firmware also has a few other modules removed as per this thread on DIY Drones.
Please be aware I've not tested the 2.5.5 version (yet) but the 2.3 release seems to fly perfectly well but again I've not tested the flight modes.


 # define GPS_PROTOCOL GPS_PROTOCOL_MTK16  
 # define CONFIG_RELAY      DISABLED  
 # define CAMERA         DISABLED  
 # define MOUNT         DISABLED  
 # define CLI_ENABLED      DISABLED  

The other files I've used to compile with and from are here:

Arduino 0022 (Relax Patch)
Arducopter firmware sources

Thursday, 29 May 2014

Fiddler SSL interception not working

Fiddler has been my go-to web application debugging tool for as long as I've needed one. Yesterday - it simply decided it didn't want to decrypt any more SSL traffic for me. No settings changed (no, really) or anything and I started seeing this error for every site I tried connecting to:

fiddler.network.https> HTTPS handshake to www.google.com failed. System.Security.Cryptography.CrytpographicException Cannot find the requested object.




Not a particularly helpful error message (at least not to someone who isn't the developer) so off to Google I went. A few hours of searching through various Google Group discussions mentioned some recent changes to the .NET framework which has changed certain cryptographic behaviours and broken things. The solution is to go to C:\Users\[your username]\Documents\fiddler2 and rename the file ClientCertificate.cer to something else. I'm not 100% certain on why this certificate would cause the problem in the first place but it fixed my SSL interception so I'm happy again. Full discussion from here.

Wednesday, 26 February 2014

F5 LTM Virtual Edition in Virtualbox

The F5 LTM Virtual Edition is a great way to get some experience with the product if you can't get your hands on any physical kit. If you're working your way way through the new certification path you'll need all the exposure and experience you can get so a local VM on a desktop hypervisor is ideal for practicing or having a poke around the web interface or CLI when you have some spare time.
I tend to use VirtualBox for my desktop virtualisation needs as it's cross platform and free, but there are no officially supported images provided by F5. After a bit of trial and error,  I've found the following setup to work nicely. Bear in mind though that you will need to acquire a trial license / base registration key. I don't know that F5 will be able to provide you this directly if you are an end user but your reseller or partner should be able to get you a 30 or 45 day evaluation license.

Firstly - download the Hyper-V VHD files for TMOS 11.5.0. (Link - registration required).
Extract the two VHD files into a folder wherever you like to keep your VMs.
Create a new virtual machine with the following properties:
Linux 2.6 / 3.0 Kernel (64-bit)
At least 2048MB of RAM (the more you have, the more modules you can potentially enable).
When prompted to add disks, skip this part and accept the warning.
When complete, edit the virtual machine settings and go to the storage tab.
Under store, find the SATA controller, add the largest of the VHD files first, then the one which has DATASTORE in the name.
Under network, add one interface (we'll add the rest later but this way we can make sure the management interface is eth0). I use host-only for my management network as it doesn't need internet access usually. Feel free to use whatever you need but the interface type should be PCNET PCI-ii. There's some stuff on F5 DevCentral that hints at there being VirtIO support in 11.2 but I've not tested it out yet.
Start the VM up from Virtualbox and check POST for errors / kernel panics but you should be fine. If you get any errors about MCP not running, go make a cup of tea and then try again. It'll load eventually :)

Once you've configured an IP address - check you can access it from a web browser on https://x.x.x.x. If you can, shut down the VM and we're ready to add some more interfaces.
Back in the network settings of your VM, add in as many interfaces as you need but make sure the type is the Intel PRO/1000 MT Server type.
Something to watch is the order of the interfaces; they might not match the order you've specified them in. You can use something like...

watch "ethtool ethX | grep detected"

and then disconnect and reconnect the virtual cable to see which interface maps where. Your finished VM settings should be similar to this...

That should be your lot - just activate your license and then start playing!

Tuesday, 3 September 2013

Check Point - Clear Identity Awareness user to IP mappings

It doesn't appear that there's an easy way on the Check Point CLI to remove all user to IP address mappings. You can revoke a single IP at a time - but for troubleshooting you might want to wipe out the whole lot.

Sounds like a job for a dirty bash one-liner!

(From expert mode of course)

 pep show user all | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -v '127.0.0.1' | xargs -i -p pdp revoke_ip {}  

Friday, 2 August 2013

Check Point - Linux Remote Access VPN with Shrew VPN client

A few years back I tried to get any sort of VPN client working on Ubuntu that would connect to a Check Point firewall. SSL Network Extender (SNX) works but requires additional configuration on the gateway, so I gave up.

Between then and now, Shrew Soft VPN client has added support for Check Point firewalls and works pretty well. I found the client crashed intermittently when setting up the profiles but after that the tunnel seemed stable. I've tested it on Ubuntu 12 and 13 (on 13 you have to compile from source as it's not in the Apt repositories yet) and both work ok.

The client is pretty straightforward to setup - once you know which options to use of course!

Hostname / IP address - IP or DNS name for your firewall
Auto Configuration - Leave this at 'ike config pull'.
Local Host - If you're using office mode with DHCP addresses, this will take care of picking up the address once the tunnel is up.

Client and name resolution tabs - leave these settings as default.
Authentication - assuming you haven't changed any of your remote access settings, Hybrid RSA + XAuth is what you need.
Authentication method:
Local Identity - User Fully Qualified Domain Name (make sure you leave the value blank however)
Remote Identity - Any
Credentials -> Server Certificate Authority File - This needs to be the Check Point internal CA certificate that issues the VPN certificate for your gateway. Setting it to 'any' doesn't appear to work.

Phase1


Phase 2


Policy - Leave policy generation set to 'auto' and untick the following two boxes.
Then, make sure you add in all of the remote networks you want to access over the tunnel and the software will add in the correct routes for your remote resources. 


Then you're all set to connect!