Notes from the desk of Adam Botbyl

Tired of Error Code 61?
Open terminal and:

sudo mkdir -p /Applications/Citrix\ ICA\ Client/keystore/cacerts/
sudo cp <.crt file> /Applications/Citrix\ ICA\ Client/keystore/cacerts/

For Comodo Intermediate CA Cert

sudo curl "https://support.comodo.com/index.php?dload=Download&_m=downloads&_a=downloadfile&downloaditemid=101, https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=101&nav=0,1" -o /Applications/Citrix\ ICA\ Client/keystore/cacerts/COMODOHigh-AssuranceSecureServerCA.crt

Want to disable Terminal from re-opening tabs when it’s closed, without disabling system wide?

defaults write com.apple.Terminal NSQuitAlwaysKeepsWindows -bool false

Want to disable IPv6 Random Identifier / Temp Address?

sysctl -w net.inet6.ip6.use_tempaddr=0

Currently, HP’s LaserJet tools will barf on OS X Lion saying unsupported platform. This is easy enough to fix…

This specifically references the download of “HP LaserJet Pro Series Full Solution Software and Driver” version 2.0

1) Download the package and mount it
2) Copy “HP Installer.app” to your desktop out of the package
3) Open up Terminal and run:

nano ~/Desktop/HP\ Installer.app/Contents/Info.plist

4) Change

        <key>MaximumSystemVersion</key>
        <string>10.6</string>

to:

        <key>MaximumSystemVersion</key>
        <string>10.7</string>

5) ^X and save, then run the HP Installer.app

*Note* Although installed O.K. it seemed to install the printer as a fax (as well as the Fax device). Simply remove the non-fax fax from System Preferences and install a Printer, which it should find for you. Same for scanning.

After those minor tweaks everything worked 100%!

A minor annoyance of my Cisco 7970 running the SIP firmware was no DND button on incoming calls.

This was easily fixed by modifying the softKeyFile and adding a softkey to “Ring In,” as seen below:

<softKeySet  id="Ring In">
<softKey  keyID="Answer"></softKey>
<softKey  keyID="EndCall"></softKey>
</softKeySet>

Reload the phone, and you’re good to go!

It’s amazing that this late in the game that a majority of people still have not jumped on the IPv6 bandwagon.
After scouring AAAA records, I found only 3 official CPAN mirrors supporting IPv6.

ftp://mirror.xmission.com/CPAN/

http://cpan-du.viaverio.com/

http://cpan.llarian.net/

While working on a mod_perl project, I got a nice little error message:

[crit] (28)No space left on device: mod_rewrite: could not create rewrite_log_lock

I did not run out of disk space, but I did run out of IPC space.

To clear this I did a quick clear of IPC tables for/from www-data:

sudo ipcrm `ipcs -s | awk '/www-data/ {print "-s "$2}'` `ipcs -m | awk '/www-data/ {print "-m "$2}'` `ipcs -q | awk '/www-data/ {print "-q "$2}'`

After playing around with DD-WRT and connecting up with TunnelBroker, I decided to write a wanup script to auto-refresh TB on new WAN IP
This script is meant for a /jffs/etc/config/tb-ipv6.wanup script.
Wanup will be ran every time there is a change in the WAN interface status, so this could mean a new IP address. This script will detect that and refresh, otherwise it will ignore the request.

Upon execution, it will add TB’s ipv4 “ICMP” address (that ensures your tunnel is good) to iptables, login to TB and update the current WAN IP, then bring up the tunnel. Simple!

#####
# Simple shell script for Tunnel Broker IPv6
# Deployed for XX-WRT distributions
# Copyright (C) 2010 Adam Botbyl
# http://www.adambotbyl.com
#####

# TB_USERID is the HEX userid located in your TunnelBroker.net Home Page
# TB_PASSWORD is your plain-text password
# TB_TUNNEL_ID is the "Tunnel ID" ID of the tunnel located on the tunnels home page
# TB_SERVER_IP is the "Server IPv4 Address"
# TB_CLIENT_V6 is the "Client IPv6 Address"
# TUNNEL_IF is the name you'd like to use for the tunnel interface
# WAN_IF is the interface for your external IP address

TB_USERID=deadbeefcafedeadbeefcafedeadbeef
TB_PASSWORD=somepasshere
TB_TUNNEL_ID=11111
TB_SERVER_IP=216.218.224.42
TB_CLIENT_V6=2001:470:::2/64
TUNNEL_IF=tb-ipv6
WAN_IF=vlan2

## Begin processing....

# Convert password to MD5Sum
TB_PASSWORD=$(echo -n $TB_PASSWORD | md5sum | awk '// {print $1'});
# Fetch WAN IP Address
WAN_IP=$(ip -4 addr show dev $WAN_IF | awk '/inet / {print $2}' | cut -d/ -f1)
# If tunnel exists, get Tunnel's local address
TUNNEL_WAN_IP=$(ip tunnel show $TUNNEL_IF | awk '/'$TUNNEL_IF'/ {print $6}')
# Check IPTables to see if we have a allow for ICMP from TB (Needed for the update URL to work
IPTABLES_ICMP=$(iptables -nL|awk '/icmp --  66.220.2.74/ {print $1}')

start_tunnel () {
        if [ -z $IPTABLES_ICMP ]; then
                echo -n Allowing HE ICMP...
                iptables -I INPUT -s 66.220.2.74 -p icmp -j ACCEPT
        fi
        echo -n Updating TB Client V4...
        # For whatever reason DD-WRT did not support HTTPS in wget (!?!?), so we have to do this unencrypted
        if [ ! -z $(wget -q -O - "http://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=$WAN_IP&pass=$TB_PASSWORD&user_id=$TB_USERID&tunnel_id=$TB_TUNNEL_ID" | awk '/not valid/ {print $1}') ]; then
                echo -n TB User/Pass Invalid...
        fi
        echo -n Building...
        ip tunnel add $TUNNEL_IF mode sit remote $TB_SERVER_IP local $WAN_IP ttl 255
        ip link set $TUNNEL_IF up
        echo -n Addressing...
        ip -6 addr add $TB_CLIENT_V6 dev $TUNNEL_IF
        echo -n Routing...
        ip -6 route add ::/0 dev $TUNNEL_IF
        echo Done!
}

stop_tunnel ()  {
        echo -n Removing...
        ip tunnel del $TUNNEL_IF
}

echo -n HE IPv6...
if [ -n $WAN_IP ]; then
        if [ ! -z $TUNNEL_WAN_IP ]; then
                if [ $TUNNEL_WAN_IP != $WAN_IP ]; then
                        echo -n Restarting tunnel...
                        stop_tunnel
                        start_tunnel
                else
                        echo Already Established!
                fi
        else
                start_tunnel;
        fi
else
        echo No WAN IP...Abort!
fi

There’s a bunch of information on how to get the Cisco 79XX series working with Asterisk for pre 9.X firmwares.
In 9.x Cisco changed the default transport method to TCP, so one would have to setup SIP over TCP in asterisk and add the transport method to the user.

After some digging, I found out how to change this transport in the SEP.xml.cnf file:

UDP

<transportLayerProtocol>2</transportLayerProtocol>

TLS Auth/Encryption

<transportLayerProtocol>3</transportLayerProtocol>

TCP

<transportLayerProtocol>4</transportLayerProtocol>

Windows has it’s Microsoftish implementation of IPv6 and does not use EUI-64 for IPv6 Addressing.
This is masked in the efforts of “Security,” but it seems to be more of a nuisance and obscurity.

To disable this and make it more “typical” IPv6 one can disable the “privacy state” and “randomize identifiers” bits with netsh by:

(running as admin/privileged)

netsh interface ipv6 set privacy state=disable
netsh interface ipv6 set global randomizeidentifiers=disabled

Reset your link, and you’re back!

In a IPv6 only network, one would generally wish to send DNS information to it’s IPv6 clients for auto-configuration.

To do this, first one must create a IPv6 DHCP Pool

Router# conf t
Router(config)# ipv6 dhcp pool my-ipv6-dns
Router(config-dhcp)# dns-server 2001:470:20::2
Router(config-dhcp)#

Now, on the IPv6 Interface set ipv6 nd other-config parameter and DHCP server pool

Router(config)# interface fastEthernet 0/1
Router(config-if)# ipv6 nd other-config-flag
Router(config-if)# ipv6 dhcp server my-ipv6-dns

ipv6 nd other-config will tell the client to request other (non prefix/route information) via DHCPv6
And now you’re set. This should work for both Windows and Linux IPv6 Clients
Note, on Ubuntu I also needed to install wide-dhcpv6-client, and ensure I did not have resolvconf installed. Otherwise it will never configure with NetworkManager