Fortinet's FortiExtender cellular gateways support multiple LTE or 5G connections. The FortiExtender can be placed in the best physical location to get a mobile signal, and then tied back into an SD-WAN appliance to provide an active link or failover option in an SD-WAN deployment.
The post Make The Most Of 5G/LTE SD-WAN Links With Fortinet Wireless WAN Gateways appeared first on Packet Pushers.
In this post, we look at why BSR and Auto-RP do not work with a SD-Access fabric.
In this post, we look at how a typical user gets authenticated and authorized in a SD-Access fabric.
In this post, we look at how an ARP packet flows within a SD-Access fabric.
In this post, we take a detailed look at the L2 handoff feature in Cisco’s SD-Access.
In this post, we look at why SD-Access borders have the anycast IP addresses configured as loopback addresses.
In this post, we look at various DHCP challenges in Cisco’s SD-Access fabric and how it is solved.
In this post, we look at multi-instance LISP, which is another core construct for Cisco’s SD-Access.
In this post, we look at an actual LISP host mobility event and what happens behind the scenes to make this work.
In this post, we look at SMRs and how these are essential for a host mobility event, within the LISP architecture.
In this post, we look at LISP dynamic EID - a core construct of LISP host mobility.
i3lock is a popular X11 screen lock utility. As far as customization goes, it only allows one to set a background from a PNG file. This limitation is part of the design of i3lock: its primary goal is to keep the screen locked, something difficult enough with X11. Each additional feature would increase the attack surface and move away from this goal.1 Many are frustrated with these limitations and extend i3lock through simple wrapper scripts or by forking it.2 The first solution is usually safe, but the second goes against the spirit of i3lock.
XSecureLock is a less-known alternative to i3lock. One of the most attractive features of this locker is to delegate the screen saver feature to another process. This process can be anything as long it can attach to an existing window provided by XSecureLock, which won’t pass any input to it. It will also put a black window below it to ensure the screen stays locked in case of a crash.
XSecureLock is shipped with a few screen savers, notably one using mpv to display photos or videos, like the Apple TV aerial videos. I have written my own saver using Python and Continue reading
In this post, we look at how a LISP site talks to non-LISP sites.
In this post, we introduce basic LISP configuration and operation using packet captures and packet walks.
This is a new series that will cover Cisco’s Software Defined Access architecture/solution over time. There are several moving pieces to this - in this post, we’re going to start with a key component, which is LISP.
This is another post about the mess that is Linux audio. To follow along you may want to read the previous one first.
This time I want to create a virtual audio cable. That is, I want one application to be able to select a “speaker”, which then another application can use as a “microphone”.
The reason for this is that I want to use GNURadio to decode multiple channels at the same time, and route the audio from the channels differently. Specifically my goal is to usy my ICom 7300 in IF mode (which gives me 12kHz of audio bandwidth) tuned to both the FT8 and JS8 HF frequencies, and then let wsjtx listen on a virtual sound card carrying FT8, and JS8Call listen to a virtual sound card carrying JS8.
We could use modprobe snd_aloop to create loopback ALSA devices in
the kernel. But I’ve found that to be counter intuitive, buggy, and
incompatible (not everything application supports the idea of
subdevices). It also requires root, obviously. So this is best solved
in user space, since it turns out it’s actually possible to do so.
Another way to say this is Continue reading
If your workstation is using full-disk encryption, you may want to jump directly to your desktop environment after entering the passphrase to decrypt the disk. Many display managers like GDM and LightDM have an autologin feature. However, only GDM can run Xorg with standard user privileges.
Here is an alternative using startx and a systemd service:
[Unit] Description=X11 session for bernat After=graphical.target systemd-user-sessions.service [Service] User=bernat WorkingDirectory=~ PAMName=login Environment=XDG_SESSION_TYPE=x11 TTYPath=/dev/tty8 StandardInput=tty UnsetEnvironment=TERM UtmpIdentifier=tty8 UtmpMode=user StandardOutput=journal ExecStartPre=/usr/bin/chvt 8 ExecStart=/usr/bin/startx -- vt8 -keeptty -verbose 3 -logfile /dev/null Restart=no [Install] WantedBy=graphical.target
Let me explain each block:
The unit starts after systemd-user-sessions.service, which enables
user logins after boot by removing the /run/nologin file.
With User=bernat, the unit is started with the identity of the
specified user. This implies that Xorg does not run with elevated
privileges.
With PAMName=login, the executed process is registered as a PAM
session for the login service, which includes pam_systemd.
This module registers the session to the systemd login manager.
To Continue reading