Radovan Brezula

Author Archives: Radovan Brezula

Check Point GAiA as Personal Firewall on Linux – Part2

This is the second part of the tutorial that aims to deploy Check Point Gaia as a personal firewall under Linux. Let' assume that we have created underlying network infrastructure with the scripts create_taps.sh and bridge_interfaces.sh in Part1. This part goes further and explains Gaia installation on QEMU virtual machine (VM).  We will use the same network topology depicted on the Picture 1.1 of the part 1. Let's start with the point 2.

Picture 1.1 Network Topology

2. Checkpoint Gaia Installation

First, we need to create an empty qcow VM disk with qemu-img utility as we want to install Gaia into this image.

$ /usr/local/bin/qemu-img create -f qcow2 checkpoint.img 100G

As we downloaded Gaia ISO image in the part1 of the tutorial, we can start Checkpoint Gaia VM machine with the ISO attached  to Qemu cdrom.

$ sudo /usr/local/bin/qemu-system-x86_64 -m 4096M -enable-kvm -smp 2 \
-boot d -cdrom Check_Point_R80.10_T462_Gaia.iso checkpoint.img  \
-netdev tap,id=net0,ifname=tap0,script=no,downscript=no \
-device e1000,netdev=net0,mac=00:11:22:33:44:00 \
-netdev tap,id=net1,ifname=tap1,script=no,downscript=no \
-device e1000,netdev=net1,mac=00:11:22:33:44:01 \
-netdev tap,id=net2,ifname=tap2,script=no,downscript=no \
-device e1000,netdev=net2,mac=00:11:22:33:44:02

Below are the configuration options.

Select:
- Install Gaia on this system
- Proceed with the installation
- Keyboard - US
- Partition Continue reading

Ubuntu 18.04 Overheating

Since the upgrade from Ubuntu 16.04 LTS to Ubuntu 18.04, my laptop ASUS k55VM) is overheating and goes to critical temperature shutdown. The temperature varies between 70 and 85°C with doing nothing and then goes up to 95 with watching YouTube videos before shutdown. I have tried to clean fans from dust, blacklisted noveau driver but nothing helped. Finally, I have been successful with searching for workaround that is working for me. The issue here is intel_pstate scaling driver which does not reduce the processor speed when temperature increases.

The driver is not modular and it is built-in with kernel so we cannot unload it. However, we can disable it at boot by editing grub configuration. Firstly, check if your system is using the intel_pstate frequency scaling driver. If not, overheating is not caused by the intel_pstate driver and you need to figure out the cause by yourself.

$ cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_driver

intel_pstate
intel_pstate
intel_pstate
intel_pstate
intel_pstate
intel_pstate
intel_pstate
intel_pstate

Solution 1 - Disabling intel_pstate at Boot by Editing Grub Configuration

Open /etc/default/grub with editor and locate the line that begins with:

GRUB_CMDLINE_LINUX_DEFAULT

Add intel_pstate=disable at the end of that string as below.

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash intel_pstate=disable"

Now, execute:

Update Continue reading

Check Point GAiA as Personal Firewall on Linux – Part1

Check Point GAiA is the next generation Secure Operating System for all Check Point appliances, open servers and virtualized gateways. In this tutorial we will create a network infrastructure which supports usage of Gaia Qemu VM as a personal firewall on Ubuntu Linux. We will also go through the entire installation of Gaia on Qemu VM. This firewall appliance can be used up to 15 days period covered by a free trial Gaia license (no registration needed).

Hardware:  Asus K55VM laptop:
- Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
- RAM - 2 x Kingston DDR3 8192MB,
- HDD - ST1000LM024 HN-M101MBB 1000GB

Hardware requirements:
- Gaia QEMU VM: RAM - 4096MB, HDD - 15GB
- Windows 7 QEMU VM: RAM 2048MB, HDD - 15 GB

Software:
Host - Kubuntu Linux 18.04.1 LTS with installed QEMU emulator version 3.0.0 and KVM module
Guest 1 - Checkpoint GAiA R80.10, OS build 462, OS kernel version 2.6.18-92cpx86_64
Guest 2 - Windows 7 Home Premium, x86 with installed Smart Console R80.10 Build 991140073

Credentials - username/password:
- Gaia web portal: admin/check123point
- Gaia expert mode: check123point
- Windows 7: no password Continue reading

VyOS 1.2.0 Epa2 Realased

Finally, VyOS 1.2 epa2 ISO live image is released to subscribers. VyOS is a Linux-based network operating system that provides software-based network routing, firewall, and VPN functionality.

Free subscription is available for contributors, nonprofits and educational and research institutions, and both long-time contributors. Everyone who contributed before the release model change gets a perpetual subscription, the amount of contributions doesn’t matter. After that, contributing within a given year will give us a yearly subscription. If you are not a subscriber you can still download VyOS rolling release or built the ISO image from the source code.

You can use my Bash and Expect scripts to automatize VyOS 1.2.0 installation to VMware disk image. The scripts are available in the Script (1.1) section. Firstly, run the script  deploy_vyos-1.2.0.sh and after the ISO images boots up, you can run the second script  install_vyos-1.2.0.sh. You can run the image using GNS3 project and test open-source routing.

Asterisk on Raspberry Pi

RaspPBX is a project which brings the free and open source Asterisk and FreePBX into Raspberry Pi board. RaspPBX turns Pi into a communications server which can be used by small businesses with up to 12 extensions. FreePBX is a web-based open source GUI  that controls and manages Asterisk. Our goal is to show installation of the latest RaspPBX into Raspberry Pi 3 Model B Rev 1.2.

The latest image available for download includes Asterisk 13.20.0 and FreePBX 14.0.2.10.

1. Download, Extract and Copy RaspPBX Image to SD Card

$ wget http://download.raspberry-asterisk.org/raspbx-04-04-2018.zip
$ sudo dd bs=4M if=raspbx-04-04-2018.img of=/dev/mmcblk0 status=progress conv=fsync
$ unzip raspbx-04-04-2018.zip

2. Utilize all space on your SD card

By default the image utilizes only 4GB of your SD card space. Login to the console with username root and password raspberry and issue the command below.

# raspi-config

Navigate to Advanced Options-> A1 Expand Filesystem Ensures that all of the SD card storage is available to the OS. The filesystem will be enlarged upon the next reboot.

3. Configure Static IP Address

Set static IP address for interface eth0.

# echo "interface eth0" >> /etc/dhcpcd.conf
# echo Continue reading

IPFire on Raspberry Pi 3B

IPFire is a modular opensource firewall distribution with a primary objective of security. IPFire employs a Stateful Packet Inspection (SPI) firewall, which is built on top of netfilter (the Linux packet filtering framework). The modular designs allows to extend basic functionality by installation of add-ons that can be easily deployed with the IPFire package management system - pakfire. Updates are digitally signed and encrypted.

During the installation of IPFire, the network is configured into different, separate segments (zones). These different segments may be enabled separately, depending on your requirements. Each segment represents a group of computers who share a common security level.

Green represents a "safe" area. This is where all regular clients will reside. It is usually comprised of a wired, local network. Clients on Green can access all other network segments without restriction. Red indicates "danger" or the connection to the Internet. Nothing from Red is permitted to pass through the firewall unless specifically configured by the administrator. Blue represents the "wireless" part of the local network. Since the wireless network has the potential for abuse, it is uniquely identified and specific rules govern clients on it. Clients on this network segment must be explicitly allowed Continue reading

LEDE on Raspberry PI

In December 2017, I created a home router based Linux piCore installed on Raspberry PI3. I use this router in everyday life in order to provide Internet connection for my home devices. So far I have not noticed any issues. However, the router offers only basic functionality. The number of packages that extends router's functionality is limited by the number of available PiCore extensions in repository. Therefore, it is better to load Raspberry with a advanced network distribution that provides a better customization of embedded netwrok devices with many available packages.

The article discusses an installation and configuration of Linux Embedded Development Environment (LEDE) on Raspberry PI3. LEDE is an opensource project that was created in 2016 as a fork of OpenWrt - Linux OS for embedded devices. In 2018, LEDE and OpenWrt projects reemerged and they announced their unification  under OpenWrt name .

1.  LEDE Installation

The part 1 discusses installation of LEDE on Raspberry Pi3 and resizing LEDE image. After copying LEDE to SD card, we need to resize file system in order to use full capacity of SD card.

1.1 Downloading and Extracting LEDE for Raspberry PI3

$ wget https://downloads.lede-project.org/releases/17.01.4/targets/brcm2708/bcm2710/lede-17.01.4-brcm2708-bcm2710-rpi-3-ext4-sdcard.img.gz

$ Continue reading

EIGRP Support in FRRouting 5.0.1

Recently, I have created Linux Core 9.0 x86-64 VMware Disk (VMDK) and installed FRRrouting suite 5.0.1 on the top of it in order to test current EIGRP support in Linux (RFC 7868).

The last time I tested EIGRP with FRR 3.1-dev installed on Linux Core, FRR suffered from many bugs. In fact, they were so serious so EIGRP was not ready for use. Unfortunately, they are also presented in FRR version 5.0.1. Therefore, I advise you to use another IGP routing daemons such as OSPF or IS-IS available in FRR until the issues are resolved.

Anyway, you can use my Core Linux VMDK disk with installed FRRouting 5.0.1 to practice routing in Linux. Thanks to using minimalistic Core Linux distribution, the size of image is only about 86 MB. The Core kernel is compiled with enabled option MULTIPATH so you can test equal cost multipath routing with OSPF. The image is available in Linux Core Router/Switch appliances.

Openswitch OPX 3.0.0 Installation On Ubuntu 18.04.1 LTS

I have covered installation of Openswitch OPX 2.3.2 on Linux Ubuntu 16.04 in a previous article. I will go further with this time and cover installation of Openswitch 3.0.0 on Ubuntu 18.04 (upgrade from 16.04). Firstly, it is worth to add that I haven't been successful with installation of any OPX version on Ubuntu 18.0.4.1. I have done several test with different Oracle VirtualBox versions (5.1, 5,2) but I have always got the error message VBoxManage: error: Code NS_ERROR_FACTORY_NOT_REGISTERED (0x80040154) - Class not registered (extended info not available). According to the words of developers installation of OPX 3.0.0 has been tested with Ubuntu 16.04 and Oracle VirtualBox 5.2.

1. Openswitch OPX 3.0.0 Installationon Ubuntu 18.04.1 Using Nested Virtualization

As I do not posses any spare hardware I decided to do a little workaround with the help of nested virtualization. Nested virtualization refers to virtualization that runs inside an already virtualized environment. In other words, it is the ability to run a hypervisor inside of a virtual machine (VM), which itself runs on a hypervisor. I installed Openswitch OPX 3.0.0 Continue reading

Openswitch OPX in GNS3

The previous article discusses an installation of Openswitch OPX on VirtualBox using lvm tool. We have extracted Openswitch OPX VDI disk from VirtualBoxVM and run the disk with Qemu. The image has been subsequently customized using the after install script in order to run it inside GNS3. Finally, we have tested the image within a simple GNS3 lab that proves its functionality. This article goes further and we are going to test VLANs bridging using Linux native commands.

Picture 1 - Network Topology

The lab consists of three Openswitch OPX 2.3.2 instances powered by Qemu hypervisor. The device OPX-Distrib1 is multilayer switch that is responsible for routing between VLANs 10,20,30,40 and 50. The VLANs 10-40 are end-users VLANs and the VLAN50 is used for management. The switches OPX-Access1 and OPX-Access2 are L2 switches with the port e101-001-0 configured as the trunk ports. End users are connected to the access ports e101-002-0 and e101-003-0 on both access switches.

Note: Customized Openswitch OPX 2.3.3 vdi disk can be downloaded in Download section. Login name is opxUser and the password is not set.

1. End User Computers and Management PC Configuration

In order to save memory of host, Continue reading

Crypto Energy Consumption Overtakes

I am more than happy to publish the new infographic " Crypto Energy Consumption Overtakes" with the help of my friends from btxchange.io. As we know, cryptocurrency mining is very popular nowadays but it comes with huge drawback in form of huge electricity consumption. The infographic finds out the most surprising numbers for crypto energy volumes. Enjoy reading.

Crypto Energy Consumption Overtakes

I am more than happy to publish the new infographic " Crypto Energy Consumption Overtakes" with the help of my friends from btxchange.io. As we know, cryptocurrency mining is very popular nowadays but it comes with huge drawback in form of huge electricity consumption. The infographic finds out the most surprising numbers for crypto energy volumes. Enjoy reading.

Openswitch OPX Installation on Linux

We have recently covered installation of Openswitch OPS on Linux. Since the version 2.0, Openswitch OPS has transformed into to a completely new project, called Openswitch OPX Base. Similar to its predecessor, OpenSwitch OPX Base system also provides an abstraction of hardware devices of network switch platforms in a Linux OS environment. However, original Yocto OS has been replaced by an unmodified Linux kernel based on Debian Jessie distribution.

We can install OPX Base on a virtual machine, similar to installing OpenSwitch on hardware platforms. A virtual machine (VM) uses the same software binaries as those executed on S6000-ON devices. The main difference is that the low-level device drivers for the SAI and SDI libraries are replaced with the packages that support hardware simulation, and interact with the hardware simulation infrastructure.

A host machine running Openswitch OPX VM might be Windows, or Mac OS X with at least 8GB of RAM and 100GB available disk space, and Virtual Box installed. The virtual machine needs to have one network interface configured for the Management interface (eth0). The network adapter eth0 corresponds to the first adapter attached to the VM, e101-001-0 to the second adapter and so on, and e101-00N-1 to Continue reading

Openswitch OPX Installation on Linux

We have recently covered installation of Openswitch OPS on Linux. Since the version 2.0, Openswitch OPS has transformed into to a completely new project, called Openswitch OPX Base. Similar to its predecessor, OpenSwitch OPX Base system also provides an abstraction of hardware devices of network switch platforms in a Linux OS environment. However, original Yocto OS has been replaced by an unmodified Linux kernel based on Debian Jessie distribution.

We can install OPX Base on a virtual machine, similar to installing OpenSwitch on hardware platforms. A virtual machine (VM) uses the same software binaries as those executed on S6000-ON devices. The main difference is that the low-level device drivers for the SAI and SDI libraries are replaced with the packages that support hardware simulation, and interact with the hardware simulation infrastructure.

A host machine running Openswitch OPX VM might be Windows, or Mac OS X with at least 8GB of RAM and 100GB available disk space, and Virtual Box installed. The virtual machine needs to have one network interface configured for the Management interface (eth0). The network adapter eth0 corresponds to the first adapter attached to the VM, e101-001-0 to the second adapter and so on, and e101-00N-1 to Continue reading

Openswitch OPX Appliances

OpenSwitch OPX Base is an innovative operating system for network systems. It uses an unmodified Linux kernel and standard distribution to take advantage of rich ecosystem, and also provide flexibility in customizing your system according to your network needs.

Note: Openswitch OPX images are customized with my after install script  and they are ready for use in GNS3.

Openswitch OPX 2.3.2
https://drive.google.com/file/d/1Vdpjoz53R7Rx1HYi8KcEuRuNvQnMMn0f/view?usp=sharing
https://sourceforge.net/projects/gns-3/files/VirtualBox%20Appliances/OpenswitchOPX-2.3.2.zip
https://www.4shared.com/s/fQu2DUd9dca

Openswitch OPX Appliances

OpenSwitch OPX Base is an innovative operating system for network systems. It uses an unmodified Linux kernel and standard distribution to take advantage of rich ecosystem, and also provide flexibility in customizing your system according to your network needs.

Note: Openswitch OPX images are customized with my after install script  and they are ready for use in GNS3.

Openswitch OPX 2.3.2
https://drive.google.com/file/d/1Vdpjoz53R7Rx1HYi8KcEuRuNvQnMMn0f/view?usp=sharing
https://sourceforge.net/projects/gns-3/files/VirtualBox%20Appliances/OpenswitchOPX-2.3.2.zip
https://www.4shared.com/s/fQu2DUd9dca

16 Blockchain Disruptions

I am more than happy to publish the new infographic "16 Blockchain Disruptions" with the help of my friends from bitfortune.net.  As we know, blockchain enables decentralized transactions across a P2P network. The infographic lists 16 different industries that benefits from using the blockchain technology. Enjoy reading.

 

16 Blockchain Disruptions

I am more than happy to publish the new infographic "16 Blockchain Disruptions" with the help of my friends from bitfortune.net.  As we know, blockchain enables decentralized transactions across a P2P network. The infographic lists 16 different industries that benefits from using the blockchain technology. Enjoy reading.

 

1 2 3 4