2025/09/15

Проблемы с обращением удалённую сеть с доменом .local на Windows 10

Домен .local зарезервирован для использования в mDNS (RFC 6762 - Multicast DNS). В случае, если удалённая сеть, в которую вы заходите через OpenVPN, работает в этом домене, скорее всего из-под Windows 10 или 11 у вас не получится обратиться к одному из этих хостов посредством DNS из-за mDNS в Windows (несмотря на то, что сервер передаёт пушем свои DNS-сервера). Решение добавить в .ovpn конфиг клиента:
disable-dco
block-outside-dns
DCO отключил из-за предупреждений:
Some --dhcp-option or --dns options require DHCP server, which is not supported by the selected ovpn-dco driver. They will be ignored.
Из документации:
--block-outside-dns Block DNS servers on other network adapters to prevent DNS leaks. This option prevents any application from accessing TCP or UDP port 53 except one inside the tunnel. It uses Windows Filtering Platform (WFP) and works on Windows Vista or later.

This option is considered unknown on non-Windows platforms and unsupported on Windows XP, resulting in fatal error. You may want to use --setenv opt or --ignore-unknown-option (not suitable for Windows XP) to ignore said error. Note that pushing unknown options from server does not trigger fatal errors.

--disable-dco Disables the opportunistic use of data channel offloading if available. Without this option, OpenVPN will opportunistically use DCO mode if the config options and the running kernel supports using DCO.

Data channel offload currently requires data-ciphers to only contain AEAD ciphers (AES-GCM and Chacha20-Poly1305) and Linux with the ovpn-dco module.

Note that some options have no effect or cannot be used when DCO mode is enabled.

On platforms that do not support DCO disable-dco has no effect.

Links:
OpenVPN: Using ovpn-dco

2024/12/26

Nvidia 360 on Ubuntu 24.04

sudo add-apt-repository --remove ppa:graphics-drivers/ubuntu/
sudo add-apt-repository --remove ppa:kelebek333/nvidia-legacy
sudo add-apt-repository ppa:kelebek333/build

sudo apt --purge '*nvidia*'
sudo apt update
sudo apt install nvidia-legacy-390xx-driver

sudo printf "\nGSK_RENDERER=cairo\n">>/etc/environment
reboot

Link: https://ubuntuforums.org/showthread.php?t=2500985

2023/03/28

Анализ производительности

uptime
dmesg -T | tail
vmstat -SM 1
mpstat -P ALL 1
pidstat 1
iostat -sxz 1
free -m
sar -n DEV 1
sar -n TCP,ETCP
top

2022/12/16

SNMP error: (noSuchName) There is no such variable name in this MIB.

Иногда, в Zabbix можно увидеть ошибку "SNMP error: (noSuchName) There is no such variable name in this MIB.", обычно на discovery правилах. Проблема связана с тем, что по-умолчанию Zabbix использует bulk-зарпосы, которые не всегда работают для некоторых устройств. Чтобы избежать этой ошибки, достаточно в настройках интерфейса SNMP в Zabbix у хоста снять галочку с ``Use bulk requests'.

2021/09/15

Verifying that a Private Key Matches a Certificate

Сверка модуля ключа сертификата с модулем приватного ключа:
# openssl x509 -noout -modulus -in fullchain.pem | openssl md5
# openssl rsa -noout -modulus -in privkey.pem | openssl md5
Они должны совпадать.

Ярлыки

perl (30) infosec (26) links (21) freebsd (16) url (16) zabbix (14) ipv6 (13) linux (12) asterisk (10) mojo (10) monitoring (10) snmp (10) fun (8) openssl (7) security (7) bgbilling (6) cisco (6) mysql (6) ubuntu (6) blogs (5) dlink (5) kannel (5) crypto (4) exploits (4) ipv4 (4) java (4) js (4) law (4) microsoft (4) mikrotik (4) mojolicious (4) oracle (4) performance (4) postfix (4) radio (4) ssl (4) tools (4) utf-8 (4) vmware (4) windows (4) android (3) apache (3) books (3) debug (3) dns (3) google (3) hp (3) json (3) latex (3) openbsd (3) python (3) quotes (3) rhel (3) ripe ncc (3) syslog (3) ubnt (3) vim (3) vm (3) agi (2) ansible (2) atlassian (2) backup (2) bgp (2) bind (2) centos (2) console (2) cpan (2) cpanmin (2) css (2) ctf (2) docker (2) dwpd (2) edge-core (2) editors (2) elasticsearch (2) endurance (2) git (2) gns3 (2) graphite (2) hack (2) hdd (2) hyper-v (2) isp (2) mac (2) management (2) mibs (2) movie (2) msa (2) ntp (2) openvpn (2) pentest (2) puppet (2) qa tests (2) reverse engeenering (2) shell (2) smpp (2) social engineering (2) spf (2) ssd (2) statistic (2) storage (2) switches (2) tbw (2) tcp/ip (2) tex (2) usb (2) websec (2) wsl (2) xsrf (2) yandex (2) ПДн (2) электронное правительство (2) #snmp #cisco (1) ESNI (1) Xorg (1) amavis (1) amazon s3 (1) analyze (1) anonymous (1) applications (1) as (1) ascii (1) autofs (1) balancer (1) bandwidth (1) bem (1) bl (1) brendan gregg (1) cache (1) certificate (1) chef (1) chief (1) cluster (1) cnupm (1) cnupmsave (1) confluence (1) cpu (1) cvs (1) dbi (1) ddos (1) deploy (1) devices (1) dhcp (1) dht (1) diet (1) disk (1) diskarray (1) dummynet (1) dynax60 (1) epub (1) equipment (1) esx (1) esxi (1) fax (1) firefox (1) firmware (1) fitness (1) form (1) fs (1) fsb (1) ftp (1) go (1) golf (1) gprs (1) graphics (1) gsm (1) honeypot (1) hpe (1) hpe ilo manager (1) html (1) img (1) iops (1) ios (1) ipn (1) ipsec (1) iptv (1) iso (1) itil (1) itsm (1) jabber (1) jira (1) joke (1) jsonp (1) kafka (1) kubernetes (1) law. simcards (1) lens (1) logstash (1) mem (1) memory (1) metasploit (1) microscope (1) mindmap (1) mobile (1) modem (1) mp3 (1) music (1) nano (1) nas (1) netbox (1) netdev (1) netmiko (1) noc (1) nvme (1) ocfs2 (1) ocs2 (1) openfire (1) oscm (1) ospf (1) otrs (1) packet filter (1) packet tracer (1) parsing (1) pass-the-hash (1) pf (1) pgu.mos.ru (1) phd (1) php (1) poe (1) ports (1) postfixadmin (1) ppp (1) presentation (1) profiler (1) protobuf (1) quickspecs (1) rabbitmq (1) radmin (1) raid (1) repo (1) rest (1) riemann (1) rkn (1) rrd (1) rs-232 (1) rss (1) rtp (1) ruby (1) runet (1) scanners (1) serialization (1) sip (1) skype (1) sms (1) snmptranslate (1) soap (1) spam (1) spamcop (1) specs (1) sql (1) ssrf (1) standarts (1) strategy (1) sudoers (1) svn (1) syslog-ng (1) tde200 (1) tftp (1) tls (1) tomcat (1) tuning (1) uce (1) underground (1) ups (1) video (1) voip (1) vpn (1) wds (1) web (1) websockets (1) wifi (1) wireless (1) x-plane (1) xml (1) xss (1) zabbix snmp (1) верстка (1) гибдд (1) гипервизоры (1) здоровье (1) панчеры (1)