Docker Image for Azure CLI and Azure Powershell

If you are a MAC or Linux user like I am and you like to manage your azure environment with azure-cli or azure-powershell you can use the following docker Image: cvugrinec/ubuntu-azure-powershellandcli:latest

Just type the following:

docker run –it  cvugrinec/ubuntu-azure-powershellandcli /bin/sh

Please note that for azure-powershell only ARM mode is supported. Azure cli supports ASM and ARM mode.

Setup VPN server and client on MACOS

You like to access your home network from outside your network. For example you are on holiday or at work, via Internet access you like to access your home network to view the WIFI IP camera at your house or just access some files on your server at home.

If you don’t like your network to be accessible for the whole internet you can use the same technology that some companies use; a VPN. A Virtual Private Network (VPN) makes your network available through another (slightly bigger) network…in our case: the internet 🙂

In order to establish this you need to do the following:

  • Setup a VPN server
  • Make your VPN server available through your router or cable modem
  • Test this with your VPN client, you need to configure this as well

I have the following stuff and this article is based on this equipment:

  • IMAC (running Yosemite 10.10.3)
  • MAC AIRPORT EXTREME Router
  • Cable Modem provided by Internet provider (davolink)
  • Iphone 6 (needed for external internet connection) will be needed in order to test the client (my setup (and probably yours too) will not allow external access through your cable modem within the same connection…therefore you need to test your client with another connection)

I am providing this information and I am aware that this could be dangerous for evil-do-ers…but I trust in the goodness of people and that sharing this information would do more good than bad:

Schermafbeelding 2015 07 05 om 23 12 27 Setup VPN MACOS server

Your MAC comes default with all the VPN server stuff installed. There are many VPN servers available from the app store, but if you don’t mind executing some commands within your terminal to configure your built-in VPN server you don’t need to buy stuff. You can configure 2 VPN methods, PPTP or L2TP…you can configure them both, but when connecting you need to choose one of them.

In my network the IMAC with IP 10.0.1.10 (Comp1) will be configured as VPN server: On Comp1, open a terminal and execute the following command:

Create shared key (needed for L2PT) and add to keychain sudo security add-generic-password -a com.apple.ppp.l2tp -s com.apple.net.racoon -T /usr/sbin/racoon -p “SHARED-SECRET-PHRASE” /Library/Keychains/System.keychain Configure the builtin VPND service

  • chown root:wheel /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist
  • chmod 644 /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist
  • vi /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist
  • configure lines 19-20, the OfferedServersAddress
  • configure lines 29-30, the DestAddressRanges
  • create a LaunchD file (will start automatically after reboot)
  • vi /Library/LaunchDaemons/com.apple.ppp.l2tp.plist
  • chown root:wheel /Library/LaunchDaemons/com.apple.ppp.l2tp.plist
  • chmod 644 /Library/LaunchDaemons/com.apple.ppp.l2tp.plist
  • enter the following contents:  
<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd“>
<plist version=”1.0″>
<dict>
<key>Label</key>
<string>com.apple.ppp.l2tp</string>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/vpnd</string>
<string>-x</string>
<string>-i</string>
<string>com.apple.ppp.l2tp</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
  • Start the service manually: sudo launchctl load -w /Library/LaunchDaemons/com.apple.ppp.l2tp.plist 

I used the following (excellent) blog as source: http://jonsview.com/how-to-setup-os-x-10-9-as-a-l2tp-vpn-server-without-apples-server-app

After running this, when you do an netstat -an, you should be listening to port 1701 in case of L2TP or 1723 in case of PPTP. If you are not then please check if the VPN Daemon is running, otherwise start it with: vpnd

Note: When you have configured your VPN server you can test it directly within your WIFI network (so not yet from outside). At least you know if your vpn server is working… My comp1 , has IP address 10.0.1.10, so when I do the following command: nmap 10.0.1.10 , I should see at least port 1723 listening (for PPTP) or 1701 (for L2TP)

Please note the following ports:

  • UDP port 500 for ISAKMP/ IKE
  • UDP 1701 for L2TP
  • UDP 4500 for IPSEC NAT Traversal (had to wiki this one 🙂
  • TCP 1723 for PPTP

Configure (cable modem) router 

First determine what your external IP address is, This is the address your network will be accessible from, you can find this out by navigating to:

http://whatismyipaddress.com/  or look in the configuration of your router and lookup the value of the WAP IP ADDRESS element

Now configure your cable modem router, in my case I go to the following URL : http://192.168.1.1

There are 2 ways (at least on my cable modem) to make your network accessible…via NAT PORT Forwarding, you will see the following screen:

 

Schermafbeelding 2015 07 05 om 23 51 48

Here you configure your port forwarding per PORT (see overview above, for e.g. port 1723) how to forward it to the next host in your network…in my case 192.168.1.6 (see overview of landscape above).

As I am a lazy person…I configure a DMZ host

Schermafbeelding 2015 07 05 om 23 55 54

this means that all ports will be forwarded to the host defined in the DMZ host section…in my case 192.168.1.6

Configure internal wifi router

As I am the proud owner of an airport extreme, I can configure this device with the airport-configuration utility:

Schermafbeelding 2015 07 06 om 00 03 00

Select the airport extreme (the big fat one on top)…the other devices are just wifi extenders, they are not within the scope of this article

Configuring the airport extreme, go to the NETWORK tab:

Schermafbeelding 2015 07 06 om 00 05 41

Here you configure the ports mentioned earlier in the article, import field is the private IP-address field…this is the IP adress of the VPN server in your network… in my case is this comp1: 10.0.1.10

Schermafbeelding 2015 07 06 om 00 08 55

please note that you see DHCP and NAP on the Router Modus…this is the reason why I have a 192.168.1.x range from my cable modem…this one creates an own internal network within the 10.0.1.x range

Configure and test with VPN client

On your Iphone, go to Configuration —> General —> VPN…configure your external IP adres, your username and password of your IMAC and configure the shared key (in case of choosing the L2TP method)…the IP address I use is: 87.212.242.223…remember test this on an external connection (not within your wifi connection). In the APP store I downloaded FileBrowser…a nice tool to access services and files in your network.

If you have trouble connecting, please also check your firewall rules on your IMAC.

Enable 2nd localhost/ loopback adapter on MacOS

After a long time of absence….I have got my blogging mojo back 🙂

Yesterday I was looking for a way to enable a 2nd localhost on my mac. I found an article how to do this: http://extjs.eu/how-to-add-an-ip-address-to-loopback-interface-on-mac/

Reason for this desire is that I have a JBoss EAP multiple instance solution, on the same host I would like to have 6 or more instances running using 1 public address  with each their own localhost address. Local addresses are in the range of 127.0.0.1 – 127.255.255.254. This is needed for a security solution in which I like to expose the available services through a (security) proxy on a public interface and make the actual services listen on their own loopback interface address.

Anyway for Mac you add another loopback interface by doing this:

Create a file /Library/LaunchDaemons/yourname.plist with the following content:

<plist version=“1.0”>
    <dict>
        <key>Label</key>
            <string>YourLabel</string>
        <key>ProgramArguments</key>
            <array>
                <string>/sbin/ifconfig</string>
                <string>lo0</string>
                <string>alias</string>
                <string>127.0.0.2</string>
                <string>netmask</string>
                <string>255.255.255.0</string>
            </array>
        <key>RunAtLoad</key>
            <true/>
    </dict>
</plist>

After that do a reboot.

On MacOs connect to your VirtualBox instance

Start VirtualBox and Go to your preferences….

Schermafbeelding 2012 09 26 om 05 12 58

Select Network and add a HOST-ONLY network instance….

Schermafbeelding 2012 09 26 om 05 13 13

Configure the Virtual Host for eg. with the following values:

Schermafbeelding 2012 09 26 om 05 13 23

 

Once you have done that…your virtual box instances can use this virtual network interface, now configure the network settings for 1 of your virtual box instances…
Usually you would have something like this on Adapter 1: 

 

Schermafbeelding 2012 09 26 om 05 14 35

Configure the following for Adapter 2:

 

Schermafbeelding 2012 09 26 om 05 14 46

 

By the way…if you check your network settings from your mac…with ifconfig, you should be able to see the virtual adapter with the ip adress you just configured:

Schermafbeelding 2012 09 26 om 05 13 51

….

If your virtual box image is a linux (fedora) machine….configure 1 of the interfaces:

/etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1
BOOTPROTO=static
GATEWAY=192.168.189.1
IPADDR=192.168.189.100
NETMASK=255.255.255.0
ONBOOT=yes
TYPE=Ethernet

 

Connect with your MacOs to your VirtualBox using ssh

So now you have your virtualbox inplace and you like to connect to it right…

upload files do …whatever…

ok here is how to do it:

In your VM setttings, go to Network Adapter…

dont touch network adapter 1 (I suppose that one is working for you, you can connect outside , browse the Internet via the NAT option)

Configure the 2nd network adapter, select Network Bridge Adapter (notice the spelling error)….and bind it to one of your Virtual Ethernet Addresses…

I had vmnet1 and vmnet8….which on my mac (the host running VM) vmnet8 is 192.168.189.1

wpid-Schermafbeelding2011-11-10om18.42.57-2011-11-10-18-47.png

Start your Virtual Box and configure the 2nd network adapter manually

As root create the following file: /etc/sysconfig/network-scripts/ifcfg-eth1

Put the following jibberish in it:

DEVICE=eth1

BOOTPROTO=static

GATEWAY=192.168.189.1

IPADDR=192.168.189.100

NETMASK=255.255.255.0

ONBOOT=yes

TYPE=Ethernet

bring the interface up, by typing ifup eth1 (you can bring it down by ifdown eth1)

if correct you would see something like this: (after typing ifcfg -a)

wpid-Schermafbeelding2011-11-10om19.05.30-2011-11-10-18-47.png

so:

ETH1 is 192.168.189.100

NETMASK 255.255.255.0

GATEWAY 192.168.189.100

On your Host running the VM, your ifconfig -a output should be something like:

wpid-Schermafbeelding2011-11-10om19.08.23-2011-11-10-18-47.png

you can connect with ssh to your virtual box …you will see (it can take a bit longer than expected…so be patient….the network only option is quicker)

wpid-Schermafbeelding2011-11-10om19.11.01-2011-11-10-18-47.png

Mac os useradmin

Create Users on Snow leopard Darwin 127.0.0.1 10.8.0 Darwin Kernel Version 10.8.0: Tue Jun 7 16:33:36 PDT 2011; root:xnu-1504.15.3~1/RELEASE_I386 i386

as root:

dscl localhost -create /Local/Default/Users/mysql

put in proper group dscl localhost -create /Local/Default/Users/mysql PrimaryGroupID mysql