Wednesday, 3 February 2016

"Connection Failed: Enforce Firewall Policy failed" - on OSX Yosemite

According to SK106293 - this problem can be fixed via a hotfix from Check Point TAC.
I've tried the hotfix and it doesn't appear to perform any different. You still get the same error pop up and in the logs.
There is a workaround though - you need to manually disable the firewall on the client (if your policy allows for it).

First, shutdown the CP client from your menu bar.

Stop the CP services

 sudo launchctl unload /Library/LaunchDaemons/com.checkpoint.epc.service.plist  

Edit your Trac.defaults file at /Library/Application Support/Checkpoint/Endpoint Connect/Trac.defaults

The top line should read something similar to


(the formatting of this file is horrible - I've removed loads of spaces / tabs to make it more readable).

Change the value of '1' to '0'.

Restart the CP services then stop them again

 sudo launchctl load -w /Library/LaunchDaemons/com.checkpoint.epc.service.plist
 sudo launchctl unload /Library/LaunchDaemons/com.checkpoint.epc.service.plist  

This will start the services and decode your Trac.config file so you can edit it (make sure you stop the services again to be able to edit the decoded file!).

Find the line like <PARAM enable_firewall="true"></PARAM>  and edit the value 'true' to 'false'. You might have another like showing the name of your policy - I'm not sure it's required with the policy disabled but I edited mine from "desktop_policy" to "".

Save and close the file then finally start the services again.

 sudo launchctl load -w /Library/LaunchDaemons/com.checkpoint.epc.service.plist  

Start the Endpoint VPN application again from Launchpad and try to connect. If it works for you too - awesome! If it doesn't - sorry, best speak to TAC to get a proper solution.

Tuesday, 26 January 2016

How to recover X-Raid (Netgear) drives after a chassis failure.

A while back I used to have a Netgear ReadyNAS Duo. For the time, it was pretty good value for money and proved to be a reliable little NAS for streaming and backing up files.
What I never really considered was what I would do should the chassis fail and I'm left with numerous drives running a 'proprietary' RAID type (X-RAID) and potentially no source for a replacement chassis other than eBay or CEX.
I assumed it would be a matter of plug drives in through a number of SATA > USB adapters and just dragging the files off once the OS magically picked up and decoded whatever X-RAID was.
Luckily, I never had to find out but a friend's house recently caught a lightning strike which took out his router and the ethernet port on his NV+ (the NAS took the lightning, not the friend). The drives looked to be safe in the NAS but with no way to access them - the only solution was to put them in something else and see what we could do.

The thought was to add all the drives to machine with plenty of SATA ports available (four for the drives from the NAS plus one for the OS and restoration drive) and see what happens, X-RAID seems to be pretty close to RAID-5 so I doubt Netgear / Infrant messed around with it so much as to make it unreadable by anything else.
Ubuntu 14.04 is my go to OS here - so I installed that on a spare drive (at this point the NAS drives were absolutely nowhere near this machine for fear of overwriting them accidentally).
When your'e happy it's installed and running, power down and add the old X-RAID drives in. Once connected, boot up again.

WARNING: Don't run DF once you've mounted your drives with Fuse. There appears to be a bug that causes the fuseext process to crash and consume 100% CPU time. The 'du' command is slow (like, really slow) but won't crash your system.

Next, we'll need to make sure we've got the FUSE module installed for Ext2 filesystems. First we'll cheat a little and go into a root shell.

 sudo bash  

(Warning: this will put you in to a root shell. Be very careful what you type outside of this list as you can cause serious damage to things).
Next install the Fuse Ext2 package.

 apt-get install fuseext2  

Then, load the fuse module.

 modprobe fuse

Next, we'll scan our connected drives for LVM volumes with


Now we'll activate the volume we need

 vgchange -ay c 

(vgchange will search for all LVMs, '-ay c' will activate any volume named 'c' which is the name for the main volume on a ReadyNAS).

Make sure you have a mount point created to mount the reassembled volume in

 mkdir -p /mnt/readynas 

(just an example, call your directory whatever you like under /mnt/)

Then finally (fingers crossed here)

 fuseext2 -o ro -o sync_read /dev/c/c /mnt/readynas

All being well, you're data will all be available under /mnt/readynas (or whatever you called it). You're free to copy it off to a non RAID drive, thumb drive or whatever you have to hand.