Témata

16

O serveru Root.cz / Seriál Komiks Čeněk a Karel

« kdy: 16. 09. 2019, 14:26:31 »

Pamatujete na https://www.root.cz/serialy/komiks-cenek-a-karel/ ?
To byly stejne nejlepsi komiksy :-)

Co se v nich zkusit inspirovat pri tvorbe novych komiksu?

17

Sítě / Převedení rozsahu IPv6 adres na CIDR formát

« kdy: 26. 08. 2019, 20:29:48 »

Ahoj,
snazim se prevest rozsahy IPv4 a IPv6 adres na CIDR format - adresaSite/prefix(maska).

Ukazkovy vstup:

Kód: [Vybrat]

108.170.192.0-108.170.255.255
2620:E7:4000::-2620:E7:4000:FFFF:FFFF:FFFF:FFFF:FFFF

Pozadovany vystup:

Kód: [Vybrat]

108.170.192.0/18
2620:E7:4000::/48

a co mi to (ne)dela:

Kód: [Vybrat]

martin@martin:~$ ipcalc "108.170.192.0-108.170.255.255" | sed '2!d'
108.170.192.0/18
martin@martin:~$ ipcalc "2620:E7:4000::-2620:E7:4000:FFFF:FFFF:FFFF:FFFF:FFFF" | sed '2!d'   # na ubuntu 16.04
INVALID ADDRESS2: 2620:E7:4000:FFFF:FFFF:FFFF:FFFF:FFFF
martin@martin:~$
martin@martin:~$ ipcalc "2620:E7:4000::-2620:E7:4000:FFFF:FFFF:FFFF:FFFF:FFFF" | sed '2!d'   # na ubuntu 18.04
ipcalc: bad IPv6 address: 2620:E7:4000::-2620:E7:4000:FFFF:FFFF:FFFF:FFFF:FFFF

Jak se da v shellu rozsahu IPv6 adres prevest na tvar sit/prefix?
Me uz dosly napady :-(

18

Hardware / Jak levne sehnat ThinkPad? Lenovo US Outlet Store?

« kdy: 18. 08. 2019, 19:24:55 »

Ahoj,
planuji si koupit Lenovo ThinkPad X1 Carbon Gen 6 (nebo T480). Rad bych novy, i kdyz bych se nijak nebranil repasovanemu.
Chci verzi s 16GB RAM, to je podminka. SSD mi staci 256GB. Zrovna tak CPU - radeji bych Core i7-8550U, ale prezil bych i Core i5-8250U.
WQHD nepotrebuji, staci mi FullHD. Vetsinu casu stejne bude notebook v dokovaci stanici.

Prave resim, jak ho sehnat za rozumnou cenu :-)
Na czc/alza proste v cesku vychazi skoro na 63 000 Kc a to je moc. Sice ma LTE modem, ale ten nepotrebuji.

Podarilo se mi vsak najit Lenovo US Outlet Store a tam maji novy pod 30 000 Kc.
Moc rad bych to zkusil, proto by me zajimalo, jestli s tim ma nekdo zkusenosti.
Ze zaplatim 21% DPH mi je jasne. S tim se neda nic delat.

Treba tahle X1 Gen6 (FullHD, Core i7, 256GB SSD, 16GB RAM) vychazi na neuveritelnych $1203. To je cca 28 000 Kc a s 21% DPH 33 900 Kc. Temer polovina ceny, za kterou se skoro stejna (ceska verze ma LTE, US verze ne) prodava u nas.

Lenovo vsak ma na webu v podminkach:

Consumers Only: Lenovo.com sells and ships products to end-user customers only. Lenovo may cancel your order if we suspect you are purchasing products for resale.
Limits: Limit 5 per customer. Offers valid from Lenovo in the US only. Lenovo may increase or decrease these limits, from time to time, for certain offerings.

Proto me zajima, ma-li nekdo zkusenost s poslanim pres nejakeho preposilace do CR.
Kdysi jsem kupoval od Amazonu Kindle pres Shipitto a bylo to bez problemu.

Idealni by bylo sehnat repas ne ebay z nektereho statu EU. Jen ze EU verze maji pro mne nepouzitelnou klavesnici (spatny enter a levy shift).

Starsi verzi X1/T480 nechci, chci 8. generaci Intelu, ktera uz je 4 jadrova.

Nikoho, kdo by mi notebook z USA dovezl nemam. To by bylo nejlepsi reseni.

Takze bych potreboval poradit:
1) Jak levne sehnat X1, nouzove T480?
2) Mate nekdo zkusenost s Lenovo US Outlet Store?
3) Je mozne si dat fakturu z Lenovo US Outlet Store v cesku do nakladu, nebo je faktura vydadana na "preposilaci firmu"?

Diky za rady a zkusenosti.

19

Hardware / Jakou USB DVB-T2 kartu z číny?

« kdy: 17. 08. 2019, 10:53:52 »

Ahoj,
planuju vymenit USB DVB-T kartu v Raspberry Pi s Tvheadend za novou podporujici DVB-T2.
Idealne bych ji vzal zase z aliexpressu, jakou tu soucasnou na DVB-T1 :-)

Mate nekdo tip na levnou, v linuxu funkcni usb kartu, ktera funguje s ceskym dvb-t2?
Co jsem koukal, tak spousta z nich neumi H.265.

Uvazoval jsem o Raspberry Pi TV HAT, ale nakonec jsem se zase rozhodl pro USB - at nejsem do budoucna omezeny pouze na RPi.

Diky.

20

O serveru Root.cz / Proč nejde už hodnotit záporně?

« kdy: 01. 07. 2019, 13:59:40 »

Jeste nedavno slo davat zaporne hodnoceni - palec dolu.

Uz par dni/tydnu vsak tuto moznost nevidim.

Je to chyba, nebo vlastnost? Osobne doufam v chybu...

21

O serveru Root.cz / Diskuze u komiksu

« kdy: 08. 06. 2019, 12:42:31 »

Koukám špatně, nebo opravdu není u komiksu diskuze? :-O

22

Hardware / Thunderbolt dokovací stanice Dell K15, nebo K16?

« kdy: 01. 05. 2019, 22:03:49 »

Ahoj,
planuju co nejdriv koupit notebook Lenovo Thinkpad X280, nebo X1 Carbon (6th Gen).
Momentalne resim, jakou k nemu sehnat dokovaci stanici. Resil jsem to pred par mesici i tady na foru.

Laka me zkusit Thunderbolt Dell K15/16. Mam moznost ji vyzkouset u kolegy na jeho X1 Carbon s linuxem.
Internet je plny dotazu, jak je s nimi problem v linuxu. Ale vetsina dotazu je zaroven nejmene rok stara. Doufam, ze s nejnovejsim jadrem bych mohl mit stesti.
Navic ty dokovaci stanice jsou na eBay kolem 1500Kc i se zdrojem a to se proste vyplati vyzkouset.
Kdyz nepujde, prenecham ji nekomu s Windows.

Takze moje otazka zni:
Koupit Dell K15, nebo novejsi Dell K16 ? Se kterou bude pravdepodobne v linuxu mene problemu?

Na eBay se jmenuji skoro vsechny "K16A". vychazim z oznaceni 0J5C6= K16, J00G9 = K15.

23

Software / Nahrávání VNC do video souboru

« kdy: 27. 03. 2019, 17:27:26 »

Ahoj, potrebuju nahrat VNC do video souboru.

VNC bude pouze pro zobrazeni, bez ovladani. Nasel jsem par starych programu, napr. vncrec z roku 2006, ale je to vse moc stare a nefunguje mi to.

Naposledny jsem zkousel vnc2flv, ale ten se zase nepripoji k VNC.
VNC server je nejaky divny stroj, ktery tak zobrazuje ovladaci panel. V linuxu jsem zkousel asi 5 vnc klientu (mezi nima i novy realvnc) a pripoji se jen xtightvncviewer.
Ale to zkusim nejak vyresit.

Dulezite pro me je sehnat neco, co bude umet nahravat vnc nejlepe do mp4 videa. Idealne by to cele melo bezet bez X.

Mate na neco funkcniho tip?

24

Software / Raspberry Pi: nahrání screencastu nefunguje pro OMXPlayer

« kdy: 27. 03. 2019, 14:06:36 »

Ahoj,

snazim se na Raspberry Pi s GUI Raspbianem nahrat video, na kterem bude videt obsah na monitoru.
Problem je, ze mi u toho hraje omxplayer a ten na vystupnim videu videt neni, jen prazdna pracovni plocha.
Zkousel jsem:

Kód: [Vybrat]

ffmpeg -y -f x11grab -i :0.0 -r 25 -s 1920x1080 -c:v h264_omx -b:v 4096k -bufsize 4096k /tmp/out.mp4
#Input #0, x11grab, from ':0.0':
# Duration: N/A, start: 1553691698.567273, bitrate: N/A
#    Stream #0:0: Video: rawvideo (BGR[0] / 0x524742), bgr0, 640x480, 29.97 fps, 29.97 tbr, 1000k tbn, 1000k tbc
#[h264_omx @ 0xd4a1d0] Using OMX.broadcom.video_encode


ffmpeg -y -f x11grab -i :0.0 -r 25 -s 1920x1080 -c:v h264_omx -b:v 4096k -bufsize 4096k /tmp/out.mp4
#Input #0, fbdev, from '/dev/fb0':
#  Duration: N/A, start: 1553691734.348188, bitrate: 1435852 kb/s
#    Stream #0:0: Video: rawvideo (BGRA / 0x41524742), bgra, 1824x984, 1435852 kb/s, 25 fps, 1000k tbr, 1000k tbn, #1000k tbc
#[h264_omx @ 0x2140600] Using OMX.broadcom.video_encode

V prvnim pripade bych to pochopil - zde se nahrava X display :0.0 a  omxplayer vyresluje primo na framebuffer.
Je videt pouze 640x480 - proc?

Ovsem druhy pripad nechapu. Zde se nahrava primo famebuffer /dev/fb0 a mam i specifikovane rozliseni. Prehravac videt neni, jenom plocha.

Jinak vystupni video je vzdy 1920x1090, ale je do nej roztazen stream - jednou 640x480 a podruhe 1824x984.
Co delam spatne? A jak mohu nahrat screencast video raspberry pi se spustenym omxplayerem?

25

Software / Ukládání split-screen čtyř RTSP H.264 streamů do jednoho souboru

« kdy: 11. 02. 2019, 10:28:31 »

Ahoj,
mam ctyri Raspberry Pi, ktere maji pripojenou kamerou a pres RTSP streamuji video:

Kód: [Vybrat]

raspivid -o - -t 0 -hf -w 960 -h 540 -fps 25 --rotation 180 -a 1028 -a "Stroj 1 (%Y-%m-%d %X)" | cvlc -vvv stream:///dev/stdin --sout '#rtp{sdp=rtsp://:8554}' :demux=h264

Pak mam 5. Raspberry Pi, ktere zobrazuje na monitoru videa ze 4 predchozich RPi (+ tam mam dodelanou detekci, kdyz to spadne, aby se zacalo po 15s znova prehravat):

Kód: [Vybrat]

screen -dmS stroj1 sh -c  \"omxplayer --live --timeout 60 --win '0 0 960 540'       'rtsp://10.20.30.1:8554/' \"";
screen -dmS stroj2 sh -c  \"omxplayer --live --timeout 60 --win '960 0 1920 540'    'rtsp://10.20.30.2:8554/' \"";
screen -dmS stroj3 sh -c  \"omxplayer --live --timeout 60 --win '0 540 960 1080'    'rtsp://10.20.30.3:8554/' \"";
screen -dmS stroj3 sh -c  \"omxplayer --live --timeout 60 --win '960 540 1920 1080' 'rtsp://10.20.30.4:8554/' \"";

Vse funguje skvele.
Mam to napocitane na FullHD/4, takze kazda kamera ma rozliseni pres 1/4 FullHD (960x540).

Nyni bych ale krome zobrazovani potreboval split-screen 4 videii nahravat.
Napada me poskladat videa pres FFmpeg, ale pak bych musel enkodovat vse do h264 a na to by bylo potreba hodne vykonu.
Mam k dispozici jen 5 kusu Raspberry Pi 3B a jeden Intel NUC s Celeron J3455, ve kterem je take velky disk, na ktery chci videa ukladat.

Pri nejhorsim budu ukladat 4 samostatne streamy do samostatnych souboru, ale moc rad bych jen jedno video.

Napada nekoho, jak to ukladat bez nutnosti prekodovani?
Vlastne chci funkci, kterou meli stare analogove bezpecnostni kamerove systemy :-)

26

Hardware / Dokovací stanice na dva monitory. USB-C, nebo Thunderbolt3?

« kdy: 02. 02. 2019, 11:46:57 »

Ahoj,


Tl;DR:

• Da se pres USB-C pripojit dva digitalni FullHD monitory, nebo potrebuji Thunderbolt3?
• Jaka nejlevnejsi dokovaci stanice (klidne z ciny), ma 2x digitalni FullHD vystup a 1x Gb ethernet a par USB?

poohlizim se po novem notebooku, kterym bych nahradil stary Lenovo ThinkPad X220.
K X220 mam tri dokovaci stanice a u kazde dva 24" (na jednom miste 2x 27") FullHD monitory. Nemuzu si to vynachvalit. Desktop nechci, abych nemusel resit synchronizaci dat. Ale Sandy Bridge uz je proste stary...

Idelane co nejmensi a nejlehci notebook. Vzhled a rozliseni me netrapi, 95% casu je notebook v dokovacich stanicich.

Vaham nejvic mezi:

• Lenovo ThinkPad L480
• Dell XPS 13

ale potreboval bych poradit s dokovaci stanici, bez ktere nechci/nedokazu fungovat.

Urcite chci USB-C Power Delivery, abych do notebooku pripojoval pouze jeden kabel i s napajenim.

Oba notebooky, o kterych uvazuji maji Thunderbolt 3, ale stale nevim, jestli je to pro me nutnost.

Za 250 Kc se da koupit adapter z USB-C na 1x USB3, 1X HDMI a 1x USB-C.
To je neskutecne levna cena.
Predpokladam, ze jen staci, aby notebook umel USB-C DisplayPort Alt Mode.
Casto se chlubi 4k, ale to je mi na nic. Ja potrebuju 2x digitalne 1920x1080.
Nebo sa daji dat dva tyto levne adaptery do serie? Pochybuji, tekzo by to slo.

Na USB-C se mi nepodarilo najit adpater na 2 digitalni monitory. Nektere drazsi maji HDMI, DVI-D a VGA. Ovsem vetsinou jde soucasne VGA a jeden digitalni. Nikdy vsak oba digitalni.

Takze chapu spravne, ze potrebuji Thunderbolt3 dokovaci stanici pro dva digitalni video vystupy?
Zadne moje monitory DipslayPort daisy-chain neumi.

Sice jsem nasel levne Thunderbolt3 dokovaci stanice, ale opet maji jen jeden (sice 4k, ale na co?) digitalni vystup na monitor.

stanice s podporou 2 digitalnich monitoru vyjde na 4 400 Kc. Coz je dost, kdyz chci tri dokovaci stanice...

• Da se pres USB-C pripojit dva digitalni FullHD monitory, nebo potrebuji Thunderbolt3?
• Jaka nejlevnejsi dokovaci stanice (klidne z ciny), ma 2x digitalni FullHD vystup a 1x Gb ethernet a par USB?

Dekuji za rady.

27

Server / HP LaserJet - vyčítání počtu vytištěních stránek přes SNMP

« kdy: 29. 10. 2018, 12:58:08 »

Ahoj,
mam tu dve tiskarny:

• HP Color LaserJet Pro MFP M176n
• HP Color LaserJet MFP M280nw

a potrebuju u nich hlidat zabbixem pocet vytisknutych stranek. Jde mi hlavne o sledovani zmeny v case.

Zde jsou kompletni vystupy snmpwalk: https://gist.github.com/tuxmartin/494770920a3ae9ca6e5ef328c308c593

Kdyz se ptam na iso.3.6.1.2.1.43.10.2, tak mi neco vrati jen novejsi tiskarna M280. Stara M176 nevraci vubec nic.

Kód: [Vybrat]

martin@martin:~$ snmpwalk -v 1 -mALL -c public 10.67.1.7 iso.3.6.1.2.1.43.10.2 # HP_M176n
martin@martin:~$

martin@martin:~$ snmpwalk -v 1 -mALL -c public 10.67.1.16 iso.3.6.1.2.1.43.10.2 # HP_M280nw
Printer-MIB::prtMarkerMarkTech.1.1 = INTEGER: electrophotographicLaser(4)
Printer-MIB::prtMarkerCounterUnit.1.1 = INTEGER: impressions(7)
Printer-MIB::prtMarkerLifeCount.1.1 = Counter32: 6
Printer-MIB::prtMarkerPowerOnCount.1.1 = Counter32: 1
Printer-MIB::prtMarkerProcessColorants.1.1 = INTEGER: 1
Printer-MIB::prtMarkerSpotColorants.1.1 = INTEGER: 0
Printer-MIB::prtMarkerAddressabilityUnit.1.1 = INTEGER: tenThousandthsOfInches(3)
Printer-MIB::prtMarkerAddressabilityFeedDir.1.1 = INTEGER: 600
Printer-MIB::prtMarkerAddressabilityXFeedDir.1.1 = INTEGER: 600
Printer-MIB::prtMarkerNorthMargin.1.1 = INTEGER: 1667
Printer-MIB::prtMarkerSouthMargin.1.1 = INTEGER: 1667
Printer-MIB::prtMarkerWestMargin.1.1 = INTEGER: 1667
Printer-MIB::prtMarkerEastMargin.1.1 = INTEGER: 1667
Printer-MIB::prtMarkerStatus.1.1 = INTEGER: 0
martin@martin:~$

Pritom obe tiskarny mi ve webove adminsitrace na http://IP.AD.RE.SA/info_configuration.html zobrazuji pocty stran (obrazek v priloze).

Existuje nejaka moznost, jak nastavit tiskarnu, aby pres SNMP tyto informace poskytovala?
Nebo mam smulu a musim zkusit reseni typu curl+grep?

28

Sítě / IPsec server na Linuxu pro MikroTik klienty

« kdy: 19. 10. 2018, 22:20:03 »

Ahoj,
snazim se uz druhym dnem rozjet na Linuxu IPsec server. Do te doby jsem s IPsec nikdy nedelal.

Pouzil jsem strongSwan, ktery ma balicky v Debianu a Ubuntu.
Mam Ubuntu 18.04 a strongSwan 5.6.2.

Dalo mi dost prace rozchodit IKEv2 s databazi uzivatelu a IP poolem ve FreeRADIUSu, ale nakonec se podarilo (funkcni je sekce "conn ikev2-vpn").
Pro strongSwan pouzivam Let's Encrypt certifikat.
Bohuzel jak jsem zjistil, oficialni strongSwan app na Androidu funguje, ale MikroTik se k tomutu typu IPsec pripojit neumi (integrovany Android VPN klient ake ne).

Takze se snazim rozchodit strongSwan, aby byl IPsec serverem pro MikroTik (hAp lite) klienty.
Idealne bych se rad vyhnul klientskym certifikatum a pouzil jenom jmeno+heslo. Bylo by to mnohem snazsi na nastavovani MikroTiku.

Me snazeni je v sekci "conn xauth-ikev1-mikrotik". Jenze MikroTik se nedokaze pripojit, stale do logu sype tyto chyby:

Kód: [Vybrat]

       #  tail -F /var/log/syslog | grep "ipsec\|charon"
Oct 19 18:13:51 vpn charon: 02[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500]
Oct 19 18:13:51 vpn charon: 02[NET] waiting for data on sockets
Oct 19 18:13:51 vpn charon: 08[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500] (440 bytes)
Oct 19 18:13:51 vpn charon: 08[ENC] parsed IKE_SA_INIT request 0 [ N(NATD_D_IP) N(NATD_S_IP) No KE SA ]
Oct 19 18:13:51 vpn charon: 08[CFG] looking for an ike config for 6.7.8.9...1.2.3.4
Oct 19 18:13:51 vpn charon: 08[IKE] no IKE config found for 6.7.8.9...1.2.3.4, sending NO_PROPOSAL_CHOSEN
Oct 19 18:13:51 vpn charon: 08[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Oct 19 18:13:51 vpn charon: 08[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500] (36 bytes)
Oct 19 18:13:51 vpn charon: 08[IKE] IKE_SA (unnamed)[1] state change: CREATED => DESTROYING
Oct 19 18:13:51 vpn charon: 03[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500]
Oct 19 18:14:02 vpn charon: 02[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500]
Oct 19 18:14:02 vpn charon: 02[NET] waiting for data on sockets
Oct 19 18:14:02 vpn charon: 06[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500] (440 bytes)
Oct 19 18:14:02 vpn charon: 06[ENC] parsed IKE_SA_INIT request 0 [ N(NATD_D_IP) N(NATD_S_IP) No KE SA ]
Oct 19 18:14:02 vpn charon: 06[CFG] looking for an ike config for 6.7.8.9...1.2.3.4
Oct 19 18:14:02 vpn charon: 06[IKE] no IKE config found for 6.7.8.9...1.2.3.4, sending NO_PROPOSAL_CHOSEN
Oct 19 18:14:02 vpn charon: 06[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Oct 19 18:14:02 vpn charon: 06[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500] (36 bytes)
Oct 19 18:14:02 vpn charon: 06[IKE] IKE_SA (unnamed)[2] state change: CREATED => DESTROYING
Oct 19 18:14:02 vpn charon: 03[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500]
Oct 19 18:14:12 vpn charon: 02[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500]
Oct 19 18:14:12 vpn charon: 02[NET] waiting for data on sockets
Oct 19 18:14:12 vpn charon: 13[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500] (440 bytes)
Oct 19 18:14:12 vpn charon: 13[ENC] parsed IKE_SA_INIT request 0 [ N(NATD_D_IP) N(NATD_S_IP) No KE SA ]
Oct 19 18:14:12 vpn charon: 13[CFG] looking for an ike config for 6.7.8.9...1.2.3.4
Oct 19 18:14:12 vpn charon: 13[IKE] no IKE config found for 6.7.8.9...1.2.3.4, sending NO_PROPOSAL_CHOSEN
Oct 19 18:14:12 vpn charon: 13[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Oct 19 18:14:12 vpn charon: 13[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500] (36 bytes)
Oct 19 18:14:12 vpn charon: 13[IKE] IKE_SA (unnamed)[3] state change: CREATED => DESTROYING
Oct 19 18:14:12 vpn charon: 03[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500]
Oct 19 18:14:23 vpn charon: 02[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500]
Oct 19 18:14:23 vpn charon: 02[NET] waiting for data on sockets
Oct 19 18:14:23 vpn charon: 04[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500] (440 bytes)
Oct 19 18:14:23 vpn charon: 04[ENC] parsed IKE_SA_INIT request 0 [ N(NATD_D_IP) N(NATD_S_IP) No KE SA ]
Oct 19 18:14:23 vpn charon: 04[CFG] looking for an ike config for 6.7.8.9...1.2.3.4
Oct 19 18:14:23 vpn charon: 04[IKE] no IKE config found for 6.7.8.9...1.2.3.4, sending NO_PROPOSAL_CHOSEN
Oct 19 18:14:23 vpn charon: 04[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Oct 19 18:14:23 vpn charon: 04[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500] (36 bytes)
Oct 19 18:14:23 vpn charon: 04[IKE] IKE_SA (unnamed)[4] state change: CREATED => DESTROYING
Oct 19 18:14:23 vpn charon: 03[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500]
Oct 19 18:14:34 vpn charon: 02[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500]
Oct 19 18:14:34 vpn charon: 02[NET] waiting for data on sockets
Oct 19 18:14:44 vpn charon: 02[NET] waiting for data on sockets
Oct 19 18:14:44 vpn ipsec[30143]: 04[CFG]   sha256_96=no
Oct 19 18:14:44 vpn ipsec[30143]: 04[CFG]   mediation=no
Oct 19 18:14:44 vpn ipsec[30143]: 04[CFG]   keyexchange=ikev2
Oct 19 18:14:44 vpn ipsec[30143]: 04[CFG] algorithm 'saha256' not recognized
Oct 19 18:14:44 vpn ipsec[30143]: 04[CFG] skipped invalid proposal string: aes128-saha256-ecp256
Oct 19 18:14:44 vpn ipsec[30143]: 02[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500]
Oct 19 18:14:44 vpn ipsec[30143]: 02[NET] waiting for data on sockets
Oct 19 18:14:44 vpn ipsec[30143]: 08[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500] (440 bytes)
Oct 19 18:14:44 vpn ipsec[30143]: 08[ENC] parsed IKE_SA_INIT request 0 [ N(NATD_D_IP) N(NATD_S_IP) No KE SA ]
Oct 19 18:14:44 vpn ipsec[30143]: 08[CFG] looking for an ike config for 6.7.8.9...1.2.3.4
Oct 19 18:14:44 vpn ipsec[30143]: 08[IKE] no IKE config found for 6.7.8.9...1.2.3.4, sending NO_PROPOSAL_CHOSEN
Oct 19 18:14:44 vpn ipsec[30143]: 08[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Oct 19 18:14:44 vpn ipsec[30143]: 08[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500] (36 bytes)
Oct 19 18:14:44 vpn ipsec[30143]: 08[IKE] IKE_SA (unnamed)[1] state change: CREATED => DESTROYING
Oct 19 18:14:44 vpn ipsec[30143]: 03[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500]
Oct 19 18:14:44 vpn ipsec[30143]: 02[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500]
Oct 19 18:14:44 vpn ipsec[30143]: 02[NET] waiting for data on sockets
Oct 19 18:14:44 vpn ipsec[30143]: 06[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500] (440 bytes)
Oct 19 18:14:44 vpn ipsec[30143]: 06[ENC] parsed IKE_SA_INIT request 0 [ N(NATD_D_IP) N(NATD_S_IP) No KE SA ]
Oct 19 18:14:44 vpn ipsec[30143]: 06[CFG] looking for an ike config for 6.7.8.9...1.2.3.4
Oct 19 18:14:44 vpn ipsec[30143]: 06[IKE] no IKE config found for 6.7.8.9...1.2.3.4, sending NO_PROPOSAL_CHOSEN
Oct 19 18:14:44 vpn ipsec[30143]: 06[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Oct 19 18:14:44 vpn ipsec[30143]: 06[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500] (36 bytes)
Oct 19 18:14:44 vpn ipsec[30143]: 06[IKE] IKE_SA (unnamed)[2] state change: CREATED => DESTROYING
Oct 19 18:14:44 vpn ipsec[30143]: 03[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500]
Oct 19 18:14:44 vpn ipsec[30143]: 02[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500]
Oct 19 18:14:44 vpn ipsec[30143]: 02[NET] waiting for data on sockets
Oct 19 18:14:44 vpn ipsec[30143]: 13[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500] (440 bytes)
Oct 19 18:14:44 vpn ipsec[30143]: 13[ENC] parsed IKE_SA_INIT request 0 [ N(NATD_D_IP) N(NATD_S_IP) No KE SA ]
Oct 19 18:14:44 vpn ipsec[30143]: 13[CFG] looking for an ike config for 6.7.8.9...1.2.3.4
Oct 19 18:14:44 vpn ipsec[30143]: 13[IKE] no IKE config found for 6.7.8.9...1.2.3.4, sending NO_PROPOSAL_CHOSEN
Oct 19 18:14:44 vpn charon: 14[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500] (440 bytes)
Oct 19 18:14:44 vpn ipsec[30143]: 13[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Oct 19 18:14:44 vpn ipsec[30143]: 13[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500] (36 bytes)
Oct 19 18:14:44 vpn ipsec[30143]: 13[IKE] IKE_SA (unnamed)[3] state change: CREATED => DESTROYING
Oct 19 18:14:44 vpn ipsec[30143]: 03[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500]
Oct 19 18:14:44 vpn ipsec[30143]: 02[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500]
Oct 19 18:14:44 vpn ipsec[30143]: 02[NET] waiting for data on sockets
Oct 19 18:14:44 vpn ipsec[30143]: 04[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500] (440 bytes)
Oct 19 18:14:44 vpn ipsec[30143]: 04[ENC] parsed IKE_SA_INIT request 0 [ N(NATD_D_IP) N(NATD_S_IP) No KE SA ]
Oct 19 18:14:44 vpn ipsec[30143]: 04[CFG] looking for an ike config for 6.7.8.9...1.2.3.4
Oct 19 18:14:44 vpn ipsec[30143]: 04[IKE] no IKE config found for 6.7.8.9...1.2.3.4, sending NO_PROPOSAL_CHOSEN
Oct 19 18:14:44 vpn ipsec[30143]: 04[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Oct 19 18:14:44 vpn ipsec[30143]: 04[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500] (36 bytes)
Oct 19 18:14:44 vpn ipsec[30143]: 04[IKE] IKE_SA (unnamed)[4] state change: CREATED => DESTROYING
Oct 19 18:14:44 vpn ipsec[30143]: 03[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500]
Oct 19 18:14:44 vpn ipsec[30143]: 02[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500]
Oct 19 18:14:44 vpn ipsec[30143]: 02[NET] waiting for data on sockets
Oct 19 18:14:44 vpn ipsec[30143]: 04[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500] (440 bytes)
Oct 19 18:14:44 vpn ipsec[30143]: 04[ENC] parsed IKE_SA_INIT request 0 [ N(NATD_D_IP) N(NATD_S_IP) No KE SA ]
Oct 19 18:14:44 vpn ipsec[30143]: 04[CFG] looking for an ike config for 6.7.8.9...1.2.3.4
Oct 19 18:14:44 vpn ipsec[30143]: 04[IKE] no IKE config found for 6.7.8.9...1.2.3.4, sending NO_PROPOSAL_CHOSEN
Oct 19 18:14:44 vpn ipsec[30143]: 04[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Oct 19 18:14:44 vpn ipsec[30143]: 04[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500] (36 bytes)
Oct 19 18:14:44 vpn ipsec[30143]: 04[IKE] IKE_SA (unnamed)[5] state change: CREATED => DESTROYING
Oct 19 18:14:44 vpn ipsec[30143]: 03[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500]
Oct 19 18:14:44 vpn ipsec[30143]: 02[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500]
Oct 19 18:14:44 vpn ipsec[30143]: 02[NET] waiting for data on sockets
Oct 19 18:14:44 vpn ipsec[30143]: 14[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500] (440 bytes)
Oct 19 18:14:44 vpn ipsec[30143]: 14[ENC] parsed IKE_SA_INIT request 0 [ N(NATD_D_IP) N(NATD_S_IP) No KE SA ]
Oct 19 18:14:44 vpn ipsec[30143]: 14[CFG] looking for an ike config for 6.7.8.9...1.2.3.4
Oct 19 18:14:44 vpn charon: 14[ENC] parsed IKE_SA_INIT request 0 [ N(NATD_D_IP) N(NATD_S_IP) No KE SA ]
Oct 19 18:14:44 vpn ipsec[30143]: 14[IKE] no IKE config found for 6.7.8.9...1.2.3.4, sending NO_PROPOSAL_CHOSEN
Oct 19 18:14:44 vpn charon: 14[CFG] looking for an ike config for 6.7.8.9...1.2.3.4
Oct 19 18:14:44 vpn charon: 14[IKE] no IKE config found for 6.7.8.9...1.2.3.4, sending NO_PROPOSAL_CHOSEN
Oct 19 18:14:44 vpn charon: 14[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Oct 19 18:14:44 vpn charon: 14[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500] (36 bytes)
Oct 19 18:14:44 vpn charon: 14[IKE] IKE_SA (unnamed)[6] state change: CREATED => DESTROYING
Oct 19 18:14:44 vpn charon: 03[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500]
Oct 19 18:14:55 vpn charon: 02[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500]
Oct 19 18:14:55 vpn charon: 02[NET] waiting for data on sockets
Oct 19 18:14:55 vpn charon: 05[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500] (440 bytes)
Oct 19 18:14:55 vpn charon: 05[ENC] parsed IKE_SA_INIT request 0 [ N(NATD_D_IP) N(NATD_S_IP) No KE SA ]
Oct 19 18:14:55 vpn charon: 05[CFG] looking for an ike config for 6.7.8.9...1.2.3.4
Oct 19 18:14:55 vpn charon: 05[IKE] no IKE config found for 6.7.8.9...1.2.3.4, sending NO_PROPOSAL_CHOSEN
Oct 19 18:14:55 vpn charon: 05[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Oct 19 18:14:55 vpn charon: 05[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500] (36 bytes)
Oct 19 18:14:55 vpn charon: 05[IKE] IKE_SA (unnamed)[7] state change: CREATED => DESTROYING
Oct 19 18:14:55 vpn charon: 03[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500]
Oct 19 18:15:05 vpn charon: 02[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500]
Oct 19 18:15:05 vpn charon: 02[NET] waiting for data on sockets
Oct 19 18:15:05 vpn charon: 12[NET] received packet: from 1.2.3.4[4500] to 6.7.8.9[4500] (440 bytes)
Oct 19 18:15:05 vpn charon: 12[ENC] parsed IKE_SA_INIT request 0 [ N(NATD_D_IP) N(NATD_S_IP) No KE SA ]
Oct 19 18:15:05 vpn charon: 12[CFG] looking for an ike config for 6.7.8.9...1.2.3.4
Oct 19 18:15:05 vpn charon: 12[IKE] no IKE config found for 6.7.8.9...1.2.3.4, sending NO_PROPOSAL_CHOSEN
Oct 19 18:15:05 vpn charon: 12[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Oct 19 18:15:05 vpn charon: 12[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500] (36 bytes)
Oct 19 18:15:05 vpn charon: 12[IKE] IKE_SA (unnamed)[8] state change: CREATED => DESTROYING
Oct 19 18:15:05 vpn charon: 03[NET] sending packet: from 6.7.8.9[4500] to 1.2.3.4[4500]

StrongSwan mam vcetne vsech radius pluginu:

Kód: [Vybrat]

apt-get install strongswan libstrongswan-standard-plugins libstrongswan-extra-plugins

Zde jsou me configy:

Kód: [Vybrat]

           # cat /etc/ipsec.conf

config setup
    charondebug="cfg 2, dmn 2, ike 2, net 2" 

    uniqueids=no
    # allow multiple connections from a given user

conn xauth-ikev1-mikrotik
    auto=add
    compress=no
    type=tunnel
    keyexchange=ikev1

    rekey=no
    left=%any
    leftid=muj.vpn.server.cz
    leftauth=psk

    leftcert=/etc/strongswan_certs/cert.pem
    leftsendcert=always
    leftsubnet=0.0.0.0/0
    right=%any
    rightid=%any
 
    rightauth=psk
    rightauth2=xauth-radius
    xauth=server
    authby=xauthpsk

    rightsourceip=%radius
    rightdns=8.8.8.8,8.8.4.4
    rightsendcert=never

    eap_identity=%identity


    ike=aes128-saha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024!
    esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1!


conn ikev2-vpn
    auto=add
    # On strongSwan startup, load this connection and then wait for clients to connect to it (auto=add)

    compress=no
    type=tunnel
    keyexchange=ikev2
    fragmentation=yes
    forceencaps=yes

    dpdaction=clear
    dpddelay=300s
    dpdtimeout=1800s
    # Enable Dead Peer Detection (DPD), which periodically checks that the
    # client is still responding and if it's not then the IKEv2 session and the IPsec tunnel are cleared.

    ike=aes256-aes192-aes128-sha384-sha256-sha1-modp3072-modp2048-modp1536-modp1024!
    # List our acceptable encryption and message-integrity algorithms, for the authentication and key exchange process.

    rekey=no
    left=%any
    leftid=muj.vpn.server.cz
    leftauth=pubkey

    leftcert=/etc/strongswan_certs/cert.pem
    # Must only contain our public key, not the complete certificate chain!

    leftsendcert=always
    leftsubnet=0.0.0.0/0
    right=%any
    rightid=%any
    rightauth=eap-radius
    rightsourceip=%radius
    
    #rightsourceip=10.10.10.1-10.10.10.150    
    # rightsourceip=192.0.2.0/25,2001:db8::/96
    # Assign each client dynamic addresses from an IPv4 and an IPv6 pool.
    # The first and last addresses in each subnet will not be use
    rightdns=8.8.8.8,8.8.4.4
    rightsendcert=never

    eap_identity=%identity
    # Allow any defined user to connect (provided they're present in ipsec.secrets).


# static IPs are not excluded from the pool you configured in ikev2-vpn !!!!!!!!
#
#  And if this static config selection works will also depend on the client.
#  If the IKE identity is not the same as the EAP-Identity a match on rightid won't
#  be possible (our Android app sets both to the same value, but e.g. the Windows 
#  IKEv2 client does not)
conn static_ip___staticuserX
    also=ikev2-vpn
    #the parameters of that section are inherited by the current section
    rightid=staticuserX
    rightsourceip=10.10.10.200/32
    auto=add

Kód: [Vybrat]

                  # cat /etc/ipsec.secrets 
: RSA "/etc/strongswan_certs/key.pem"
: PSK : "secret123"

Kód: [Vybrat]

        # cat /etc/strongswan.d/charon.conf 
charon {
  plugins {
    eap-radius {
      servers {
        primary {
          address = 127.0.0.1
          secret = testing123
          nas_identifer = ipsec-gateway
          sockets = 20
          preference = 99
        }
      }
    }
    xauth-eap {
      backend = radius
    }
  }
}

Kód: [Vybrat]

            # cat /etc/freeradius/3.0/users 
DEFAULT		Pool-Name		:=	main_pool
		Fall-Through		=	Yes

"testuser"	Cleartext-Password	:=	"123456789"

"teststatic"	Cleartext-Password	:=	"123456789"
		Framed-IP-Address	:=	10.10.10.199,
		Framed-IP-Netmask	:=	255.255.255.0

V MikroTiku jsem se snazil nastavit VPN pomoci:

Kód: [Vybrat]

/ip ipsec peer> add address=6.7.8.9/32 auth-method=pre-shared-key-xauth secret=secret123 xauth-login=testuser xauth-password=123456789

Dokazal by mi nekdo poradit, jak nastavit StrongSwan, aby fungoval, jako IPsec VPN server pro MikroTik klienty?
Rad bych se vyhnul certifikatum, ale jenom spolecne PSK heslo pro vsechny se mi nelibi.

Neni nejaky kompromis, jako PSK + jmeno a heslo k tomu? V MikroTiku mozna secret + xauth-login + xauth-password?
Neco podobneho jsem videl v Android VPN klientovi "IPsec Xauth PSK" - mimochodem take se nepripoji.

Staci mi L3 VPN, proto se mi zda zbytecne pouzivat L2TP/IPsec.
VPN bude slouzit primarne pro VoIP (SIP), takze kazda vrstva, ktera nebude je dobra. VoIP bude mit dalsi zabezpeceni, proto bych se uplne nebal ani Xauth IKEv1, od ktereho jsem byl tak zrazovan .
A VPN musi byt kvuli VoIP UDP - jinak bych pouzil OpenVPN, se kterou mam vyborne zkusenosti - ale MikroTik ji umi jen v TCP rezimu :-(

29

Hardware / Jaký hardware na současné přehrávání čtyř H.264 (Full)HD streamů?

« kdy: 27. 09. 2018, 20:31:17 »

Ahoj,
potrebuji prehravat soucasne 4x H.264 video streamy a to FullHD, pripadne kdyby to neslo, tak staci i HD.
Video se bude zobrazovat pres pripojeny HDMI monitor.

Je realne, ze by to dokazal prehravat Intel NUC s Celeron N3060, nebo Celeron J4005?
https://www.czc.cz/intel-nuc-kit-7cjyh/237517/produkt
https://www.czc.cz/intel-nuc-5cpyh/175170/produkt

Mam trochu obavu o integrovanou grafiku. Sice umi hardwarove dekodovat H.264, ale nevim, jestli to neplati jen pro jeden stream.

Jak to resi treba cinske prehravace bezpecnostnich kamer? Maji na to specialni hardware?
Ale nic takoveho stejne pouzit nemuzu.

Takze je realne, ze bude stacit obycejny Intel NUC kolem 3 000 Kc? Pripadne jaky rozumne levny PC to zvladne?

Diky.

30

Software / Poraďte e-mail ticket systém

« kdy: 30. 07. 2018, 15:28:30 »

Ahoj,
shanim aplikace na spravu vetsiho mnozstvi emailu. Budou mi tam z 99% chodit generovane maily ze serveru a ruznych sluzeb. Odpovidat na maily budu minimalne.

Libilo by se mi neco jako:
- TeamWork Desk (https://www.teamwork.com/desk)
- HelpScout (https://www.helpscout.net/)

Melo by to umet vice uzivatelu a prirazovani mailu mezi nimi, dale nejake API.

Idealne abych to mohl provozovat na svem serveru. Dulezita je pro me cena. Nechce se mi platit mesicni poplatky za pocet uzivatelu.
Hlavne musi jit napojit vetsi mnozstvi mailovych schranek a snadno mezi nimi rozlisovat - ne mit vsechny maily pohromade.
Nejlepe webove rozhranni. Desktop aplikaci nechci.

Zatim jsem zkousel osTicket (http://osticket.com/) a ve srovnani s TeamWork Desk a HelpScout je to nepouzitelne.
Prave se chystam zkouset OTRS (https://otrs.com/).

Znate nejaky dobry program, ktery by splnoval me pozadavky?