Monday, November 21, 2016

How to Enable IPv6 on pfSense with Time Warner Cable internet

Here are some quick instructions on how to enable IPv6 on pfSense when using Time Warner Cable (residential or business class DHCP provided) internet access.


  1. Under interfaces click on WAN. Select DHCP6 from drop down menu on IPv6 configuration type. Make sure DHCPv6 Prefix Delegation size is set to 64. Uncheck Block bogon networks. Click Save.
  2. Under interfaces click on LAN. Select Track interface from drop down menu on IPv6 configuration type. Make sure Track interface is set to WAN under Track IPv6 Interface. Click Save.
That's it. You should see on your pfSense dashboard that the WAN and LAN interfaces each have an IPv6 Time Warner IP address. Release/renew DHCP IP addresses on your LAN devices and they should now pick up IPv6 Time Warner IP addresses.

Tuesday, August 30, 2016

How to download a file using Powershell

Here is how to download a file using Powershell without needing any additional tools. Great for Hyper-V Core systems or remote access.

powershell.exe "Import-Module BitsTransfer; Start-BitsTransfer -Source http://domain.tld/somefilename.exe -Destination c:\PathToAFolder"

Friday, November 28, 2014

Site-to-Site IPSEC VPN using Mikrotik Routerboards

A good video on how to setup the VPN is here:
http://gregsowell.com/?p=1290
Example:  Site A has static IP address and Site B has dynamic IP address. On Site B Mikrotik router, you will need to add the following script to update the VPN policy. To do this using Winbox, go to System -> Scripts. Click + sign. Give the script a name. Then paste the following code into the box below:
:local WANip [/ip address get [find interface="ether5"] address]
 
:log info "Interface IP is $WANip"
 
:local WANip [:pick "$WANip" 0 ([:len $WANip] - 3)]
 
:log info "IP sans the slash notation is $WANip"
 
/ip ipsec policy set 0 sa-src-address=$WANip
Click Okay to save the script. 

To schedule the script to run every 5 minutes (in case the WAN IP address changes), in Winbox go to System -> Scheduler. Give the task a name. Start date can be ignored. Set Start time to 1 second (00:00:01). Set Interval to 5 minutes (00:05:00). Where it says On Event, type in the name of the script you entered above. Click okay.

Note:  Here is a list of ports that will need to be opened on both Mikrotik routers in order for the VPN traffic to pass successfully:
Chain: Input, Protocol: 50 (ipsec-esp), Action: Accept
Chain: Input, Protocol: 51 (ipsec-ah), Action: Accept
Chain: Input, Protocol: 17 (udp), Any Port: 500, Action: Accept
Note: In version  Mikrotik OS version 6.39.1, you may experience the following error with IPSEC tunnels:
Expecting IP address type in main mode when using preshared key for authorization (see RFC 2409 section 5.4).
If you see this error, open Winbox, go to IP -> IPSEC. Then go to Peers tab. Double click on the Peer IP address. Then where it says My ID Type, change it to auto. Click Okay. Repeat the same procedure for the other router. This should re-establish the IPSEC tunnel.

Friday, October 3, 2014

How to Add Exchange Autodiscover SRV Record at Godaddy

Here are the instructions on how to add an Exchange Autodiscover record over at Godaddy.
  1. Log into your Godaddy account.
  2. Click on Domains, then click on the Launch button next to domain you wish to edit.
  3. Click on DNS Zone File tab.
  4. Towards bottom of page, find SRV Records heading and click Add Record.
  5. Where it says Name, type in @.
    Where it says Target, type in the FQDN of your Exchange server. Ex. servername.business.tld
    Where it says Protocol, type in _tcp
    Where it says Service, type in _autodiscover
    Where it says Priority, type in 10
    Where it says Weight, type in 10
    Where it says Port, type in 443 (unless you've changed the port that Exchange Web Services listens on)
    Where it says TTL, leave at default 1 Hour or change to 1/2 Hour. 
  6. Click Finish.
  7. Be sure to click Save Changes to ensure the zone file changes are applied.

Wednesday, September 24, 2014

Lock down Exchange to receive only from GFIMaxMail servers

After adding a client to the GFIMAXMail email filtering service, you should lock down Exchange to only receive e-mail from GFIMAXMail servers to prevent spammers from bypassing the filtering.

  1. Open Microsoft Exchange Management Console.
  2. Open Server Configuration then Hub Transport.
  3. If using Microsoft Windows SBS2008 or SBS2011, find the default connector named Windows SBS Internet Receive SERVERHOSTNAME where SERVERHOSTNAME is the name of the server you are working on. Double left click on it to bring up the Properties window.
  4. Click on the Network tab.
  5. Under Receive mail from remote servers that have these IP addresses, remove all of the entries.
  6. Add the IP netblock for your LAN (ex. server IP address 192.168.16.3, so add 192.168.16.0/24).
  7. Add the following IP netblocks that correspond to GFIMAXMail's server clusters:
    • 174.36.154.0/24
    • 192.69.16.0/24
    • 192.69.17.0/24
    • 192.69.18.0/24
    • 192.69.19.0/24
    • 208.43.37.0/24
    • 208.70.88.0/24
    • 208.70.89.0/24
    • 208.70.90.0/24
    • 208.70.91.0/24
    • 5.10.67.0/24
    • 92.51.176.0/24
    • 94.186.192.0/24
  8. When finished adding IP address ranges to the Network tab, click Okay.
A better option would be to add an ACL on your firewall for all incoming Port 25 traffic and add the IP address ranges above, but not all firewall support that type of granular control.

Wednesday, June 25, 2014

Updating Microsoft Windows Small Business Server 2011 (SBS2011)

There are several important updates that need to be manually installed on Microsoft Windows Small Business Server 2011. Download the files below. Before installing them, perform a full server backup. Then install the updates in this order:

  1. Microsoft Windows Server 2008 R2 Service Pack 1
    (download the X64 file only as SBS2011 never came in X86/32-bit version).
  2. Microsoft Windows Small Business Server 2011, Update Rollup 4
    (optional but highly recommended)
  3. Microsoft Exchange Server 2010 Service Pack 3
  4. Microsoft Exchange Server 2010 Service Pack 3, Update Rollup 6
    (optional but highly recommended)
  5. Microsoft Sharepoint Foundation 2010 Service Pack 2
Recommended: reboot between each step and take a backup between each step.

You'll need a couple of hours for the average server to install all of the updates. 

Thursday, June 19, 2014

SBS2011 error messages after installing Sharepoint 2010 updates

You may get various error messages after installing Sharepoint 2010 updates (such as SP1). This is due to the requirement of upgrading the Sharepoint database after installing updates.

To check this issue, open an elevated Sharepoint 2010 Management Shell and run the following:
(get-spserver $env:computername).NeedsUpgrade
If the the output says True, then you need to upgrade the Sharepoint database. To do that, open an elevated Command Prompt and run the following:
cd \"Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN"
PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures
It should take about 5-10 minutes depending on hardware and the size of the database. It should say successfully upgraded database. I recommend rebooting the server afterwards just to be sure.

For more info: http://blogs.technet.com/b/sbs/archive/2011/07/06/potential-issues-after-installing-sharepoint-foundation-2010-sp1.aspx