pfSense on SonicWALL SRA 4200

By now if you haven’t already guessed, I like to tinker! Couple that with the fact I have a few saved sellers on eBay that keep me surround with EoL hardware and it quickly becomes a dangerous situation for my wallet.

My latest find is a pair of SonicWALL SRA 4200’s, my ultimate goal is to get pfSense installed and revive these beasts. As it stands the units both work as “Secure Remote Access” servers, they don’t include any licenses for the included OS, so are kinda useless, but normally they’d be dedicated VPN servers for massive companies with millions of employees that need to connect in and from remote locations.

I’ve only been playing with them for a couple of hours so far but I’ve managed to get pfSense installed. There are two issues at the moment which I’ve yet to resolve:

  1. There’s a driver issue with the network cards, so the setup wizard can’t detect any NIC’s and can’t continue
  2. By default it wants to boot off the internal CF card, so I have to manually keep changing it to boot of my USB flash drive – If you remove the CF card completely the unit doesn’t even attempt to boot, it beeps twice then powers off so there’s some sort of security mechanism in place

So how did I get this far?

Well it was fun! I started by trying to get console output to my ancient Dell laptop (which has an ACTUAL serial port,  woah!).

I bought a run of the mill RJ45 to DB9 cable but that didn’t work, so I had to get my soldering iron out and knock something up – See original diagram here or pictures below:

As you can see from above, whilst I did get output it was AFTER P.O.S.T. so in other words, it was output from the SonicWALL operating system and of no use to me.

Next I went to extremes and tried changing on the AMIBIOS chip for a spare I had floating around from the WatchGuards, not a lot happened so it was back to square one.

After that I went on a pin hunt and noticed “VGA” markings and then a set of 15 pins, I didn’t expect it to work but I hooked up a monitor and had output!

 

I couldn’t get into a “classic” BIOS screen, although here’s what I found through trial and error:

  • Mashing F5/F8 takes you to slightly different FreeDOS screens
  • Mashing F11 takes you to a familiar looking boot device menu screen

The unit is running Wind River’s VxWorks operating system, which looks pretty cool, although I had never heard of it until now.

I installed pfSense 2.3.5 (x86) by connecting a CD drive to one of the internal SATA headers, connected a 16GB Sandisk Flash Drive to one of the USB ports and then mashed F11 and selected the disk drive.

What followed was the familiar installation screens of pfSense – Notice how the colours keep changing, it was loose cables or artistic flare, I’ll let you decide!

What’s next?

Well, this was just a bit of fun but when I get chance I’ll look at sorting the network card drivers out and see if I can re-purpose the CF card, worst case I’ll move the USB drive inside the chassis and make the CF card the second boot device.

Install EPEL Repository on CentOS 7 (x64)

The simple one line command below will enable the EPEL repository on CentOS 7

rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm

Once ran you will see confirmation that it has been installed successfully, that’s it!

Notes

  • You can find out more about the EPEL repository here
  • If you don’t already have a server, I’d strongly recommend starting with DigitalOcean

TRENDnet TV-IP310pi Night Vision Fix

Let’s face it, it’s not fun when things don’t work properly which is why I was a little annoyed recently – very big understatment! – when I discovered my TRENDnet TV-IP310pi cameras had a slight flaw, a flaw which is scarcely documented but fairly fundemental to the overall use of the camera… oh and did I forget to mention I own 5 of these cameras, all installed around my house, all which had the same problem? Yup!

So what is the actual problem?

Well the cameras work perfectly in the day delivering 25 frames per second of crisp 1080p footage which is great BUT when the night time comes – as it does – performance takes a dramatic hit and you are lucky to get a maximum of 4 frames per second… which is pretty rubbish! For months I’ve been thinking it  was a problem with my home server – an Intel I7 920 quad core 2.4GHz  running VMware – and I came to the conclusion that I needed a new rig as it just couldn’t cope with the amount of data passing thrdropough but oh was I wrong!

Anyway, long story short after pestering my friend Chris at work – who also runs his own CCTV system, only with the identical Hikvision DS-2CD2032F-I cameras – some extensive testing was done – I’ll spare you the details – but we came to the conclusion that the hardware was good, the network was good and were stumped until we found an Amazon review which also mentioned the same problem!

This unfortunatley opened up a can of worms and what followed was a very stressful 3 days which involved not sleeping much, scouring forums, downloading all sorts of firmware and almost losing ALL hope and contacting support! However, I’m very pleased to report that all of my cameras are now running the latest TRENDnet firmware – v5.3.4 – and are delivering 25 FPS 1080p footage at night time – Wow!

So how easy is it to fix?

The fix is easier than you might think, but you do need to be brave as we are essentially going to ‘brick’ the camera and make it an expensive paper weight by installing the Hikvision firmware, then we will reload the TRENDnet firmware fresh and enjoy ALL the frames per second! You might think this is a mad idea, but the TRENDnet TV-IP310pi is actually a rebranded version of the Hikvision DS-2CD2032F-I, so deep down the hardware is the same it just has a different sticker on the side.

I used the following files found below, combined with an XP laptop that was connected by cable directly to the PoE switch, this was connected to the camera directly and ideally  you’ll want to unplug all other devices so you only have the camera and the laptop plugged in but I might have got a bit lazy towards the end… Also, my Windows 7 laptop struggled to transfer the firmware as the TFTP file transfer kept looping and wouldn’t complete, hence using an old XP machine.

I’m up for the challenge!

Great! Before you continue please be aware that I won’t be liable if this goes wrong and it will reset your camera back to the factory default settings! I’ve done this process 5 times flawlessly so far but still – proceed at your own risk!

Whenever the camera boots it scans a predefined IP for a TFTP server, if it finds this server it looks for a specific file and because of this we can do the recovery without having to open the camera up or get ‘hands on’! I reflashed all my cameras with them still fixed in position on the house, minimal effort required!

Update 24/03/2017 –

I can confirm the same process below works on Windows 10 Pro, the firewall had to be switched off but that was all – 79 seconds from start to finish!

  1. Download the files found here, extract them somewhere safe and keep reading
  2. Change your computers network settings so the IP address is 192.0.0.128, see picture below:
    trendnet_tv-ip310pi_recovery-network-config
  3. Connect your computer to the switch along with the camera, disable any other connections network – FLASH VIA ETHERNET CABLE ONLY!
  4. Copy the Hikvision_5-1-6–digicap.dav file into the TFTP Server folder and rename it digicap.dav
  5. Run tftpserv.exe and then restart your camera, after a few seconds you should see the following:
    trendnet_tv-ip310pi_recovery-tftp1
  6. Now you won’t get any confirmation here, so leave it 2 or 3 minutes then unplug your camera, close the tftpserv.exe and repeat step 3 but this time use the Trendnet_5-3-4–digicap.dav file
  7. Now start tftpserv.exe again and connect your IP camera, this time after a few minutes you’ll see a system update complete message like below:
    trendnet_tv-ip310pi_recovery-tftp2
  8. Close of tftpserv.exe and reboot the camera, after a few minutes check your router and you’ll have a fresh IP camera sat on DHCP waiting be configured! If you can’t find your camera straight away, don’t panic! Install the auto discovery program (SADPTool_V3.0.0.100.exe) and find the camera that way

Conclusion

I did try updating to the latest TRENDnet firmware via the web interface before going down the TFTP route but it still gave me low frames per second at night using the identical 5.3.4 file… I’m guessing installing the Hikvision firmware first completely screwed things up, after that the camera is left fresh, ready for the TRENDnet firmware? Either way it worked and I’m a happy nerd!

Notes

  • Again, I can’t be liable if this goes wrong for you!
  • The files in the link above were all found on the Internet, I take no credit, all  credit belongs to the respective authors (presuming that is Hikvision? Thanks!)
  • If you get really stuck I can reflash your cameras, after all not everyone has an old XP relic lying around! Drop me an email, pay for postage and send your camera in a box along with a little gift!
  • I found an easy way to tell the camera state during the reflashing process which is to do a constant ping to the IP addresses below – Note that in order to use this method you’ll need to assign your network card two IP addresses (192.0.0.128 and 192.168.1.128):
    • 192.0.0.64 – Camera is in rescue mode
    • 192.168.1.64 – Camera firmware has updated but not yet rebooted
    • No response from either – Somethings not right!
  • You can find the latest TRENDnet firmware direct from their website here
  • From various forum posts I read some people were saying you can flash using any TFTP server software, however this isn’t the case as you must use the Hikvision TFTP server as there is a special initiation process which waits for certain key to be sent back and forward before the firmware updating process begins
  • Make sure you clear your browser cache before logging in again otherwise things might not work properly
  • The default user/password combination is admin/admin

Unstick a LinkStation Disk Backup

Imagine this… you have two decent network attach storage boxes which regularly backup one to the other using a built in Disk Backup tool –  Brilliant huh, sounds almost like a nerdy dream! Now imagine part way through a backup you get a power cut or you just trip over the power cable ripping the plug out the wall… not to worry, things will pick up where they left off… unless those decent boxes are Buffalo LinkStations!

I first discovered this flaw a few weeks back when one of my nightly backups seemed to be taking longer than usual. I gave the box about a day or so to try and fix itself but it still kept saying that the disk backup was in progress and in the admin interface and I was unable to cancel or remove the backup, so it was pretty much stuck as you can see below:

stuck-backup

I headed to the official Buffalo support website which seemed to have a fix for this common problem – See for yourself below:

buffalo-stuck-disk-backup
Okay so you have to restore the box to factory defaults… no thanks! I can only assume that because the HS-DHGL is one of their older discontinued products they just can’t be bothered to make a firmware update as it’s not worth their time or effort, but the other option is to use SSH to edit a file which will force the backup to complete.

Getting Unstuck

The following guide will assume you have already enabled SSH and are logged in ready to go, if you haven’t yet enabled SSH see this post here.

  • First of all we need to locate the backup configuration file and this depends on the job number specified on the admin interface, in my case it was number 1 so we need to type in the following command to open the file in a text editor:
    • "vi /etc/melco/backup1"
  • You will now see the configuration file open, hit I (for indigo) on your keyboard to allow inserting of new text and change the line status=running to status=done
  • Hit the Escape key and then type :wq to save your changes and quit
  • Head back to the admin interface to the Disk Backup section and you’ll now see the backup showing as complete as seen below:
    job-complete
  • That’s it – The backup is unstuck, and we haven’t had to restore anything to factory defaults!

Notes

  • This has been tried and tested on the following models/firmware: HS-DHGL/v2.1
  • Finally, if you could let me know if you encounter any problems or can confirm if this works for other models I’d be grateful

Fix TRENDnet TV-IP310pi Corroded PoE Connector

Following Storm Doris back in February 2017, one of my cameras at the back of my house stopped working. Part of the roof had been blown off (only a plastic cover, thankfully nothing more serious) which exposed the cable and allowed things to get a little damp.

On closer inspection the 3 far pins in the connector had corroded as seen below, click any picture below to see a bigger version:

I’m presuming the corrosion had been going on some time and the storm was the icing on the cake. I tried a mixture of WD40 contact cleaner followed by a strong acid based electrical cleaner and the pins had cleaned up nicely but it still wasn’t working.

I was really trying to avoid was chopping the connector off completely as after all it is over £100 worth of camera, but that happened…

As you can see from above I opted for jelly crimps (scotch locks) as these are waterproof, the alternative was either a  surface mounted punch-down box or RJ45 coupler both which would have corroded over time and eventually left me with a broken camera again.

After making sure everything was working I wrapped the jellys in a fair amount of electric tape followed by a healthy dose of vaseline.

I would have exposed more of the camera cable which would have made things look neater and given me more room to position each jelly connector but ultimately I wanted to cut as little as possible, and the fact it was now working again was a good enough excuse to leave it alone!

Colour Combinations

It came as no suprise that the camera didn’t use standard 568B colours but here is the combination I used:

Key: 568B Standard Cable / TRENDnet Cable

  • Orange WhiteOrange
  • OrangeYellow
  • Green WhiteGreen
  • BlueGrey
  • Blue WhitePurple
  • GreenBlue
  • Brown WhiteBrown
  • BrownWhite

I found the colours by refering to this guide here. I did manage to get the green and green white cables mixed up, however this hasn’t affected the camera in any way that I can tell. If it does ever cause a problem I will swap the cables around at the patch panel to avoid having to tamper any further.

Setup your own live pet webcam for free using Yawcam

I’ve been experimenting for a while with different ways to stream live to the Internet from webcams, IP cameras and capture cards for the Coop Cam project, here is a basic guide on how to setup a simple live stream using a basic webcam.

What is required?

You will need a couple of things, including:

  • A computer with a webcam
  • An Internet connection with decent upload speed
  • Router access to port forward

Software

To create the stream we will use a free piece of opensource software called Yawcam, you can download it directly from here or learn more about the software here.

Installation is pretty simple, download and launch the installer then follow the on screen instructions.

Configuration

After the installation has finished open your newly installed software, you will see a screen like below:

1

The first thing we need to do is set the stream type, to do this go to Settings > Edit Settings…

2

Under Output select Stream and change the Stream type to MJPEG and hit OK

3

Next we need to select your webcam, head to Settings > Device > Change to and select your webcam from the list

4

Finally, back on the main screen hit enable on the Stream option – we are ready to go!

5

Previewing your stream

Here is the exciting part, previewing your live stream! On the same computer open up your browser and head to http://127.0.0.1:8081/video.mjpg

If everything is configured correctly you should see your webcam displayed live.

Here is my example of Spirit our pet quail:



What next?

The next thing you need to do is configure port forwarding in your router to allow people to connect in and view  your stream. I can’t really go into specific detail as there are many different types of router with different configuration options but basically what you want to do is forward port 8081 to your computer so anyone that connects to your-public-ip:8081/video.mjpg can see your stream.

You will also want to make sure that your computer has a static IP address or DHCP reservation to make sure the local IP address doesn’t change.

If you need help with that part let me know and I’ll give you a hand.

Will my Internet connection be able to cope?

This depends entirely on your upload speed, by default Yawcam only allows 10 concurrent connections.

For added security and to take the strain off your Internet connection I can relay your stream via Coop Cam’s powerful relay servers. They are able to take the single stream from your camera and amplify it allowing hundreds of users to connect at once.

The upside to this is that you will only have one connection being uploaded to the relay server, the server then handles everything else and even hides your public IP address – If you would like to know more please get in touch.

Notes

  • If you want Yawcam to start streaming automatically when you login to your computer then head to Settings > Edit Settings… > Startup and tick Start Stream output
  • You can check that port forwarding has been setup correctly by using the NerdTools Port Scanner, if it isn’t working double check your firewall settings
  • If your Internet connection has a dynamic IP address you’ll want to look into a Dynamic DNS service

Find Out Who Registered A Domain Name

The Internet is an amazing place where we can expand our knowledge – or – just look pictures of animals with funny captions, but have you ever wondered to yourself who owns that domain, who took the time to build that amazing website, see if a business is legit or maybe you just want to learn a new nerdy skill?

A domain name can be registered by anyone so long as its available and not registered to anyone else, and can be bought at anytime through hundreds, thousands or maybe millions of companies known as domain registrars. The job of a domain registrar is to take money and convert it into domain registrations as they are essentially the middle men between the domain registries (the top dogs of the domain world, the owners of the bit after the dot) and ourselves.

When a domain is registered, regardless of the registrar used, contact details will always need to be provided. These details form what’s known as the legal registrant and can be either a company or an individual who will legally own the name for however long it has been registered for.

That’s great but what next? Well here comes the juicy bit! All that information is kept in a global database known as the WHOIS database (pronounced “who is”) which is free to browse and will give an insight into any domain registration.

Querying WHOIS

The following guide will show you step by step how to query the WHOIS database for free with no special software required. To keep things simple I will be using a website that I created which has a built in WHOIS tool.

  • First things first we need to head to the WHOIS tool, click onto the following link or type it into your address bar directly: http://www.nerdtools.co.uk/whois/
  • Once the website loads you’ll see a box where it asks you to enter a domain name, enter the domain which you would like to query and press Enter or the “Let’s do this! >” button
    whois-query-1
  • After a few seconds you’ll be redirected to a new page that shows the domain details in a similar format to one shown below:
    whois-query-2
  • As  you can see from the screenshot above a lot of information is returned, so much that it doesn’t all fit on screen without scrolling but once you read through you will easily see who owns the domain, when it was registered, when it expires and other useful information

Notes

  • In the example above you can see no “Registrant’s address” is returned, this is because its a .UK domain and Nominet (the registry behind all .UK domains) allow the address to be hidden for any non-trading individuals, but with domains such as .COM, .NET, .ORG the information will always be available
  • Depending on the domain name things may look a little different to the one in the example
  • Any changes to a domains details can take up to 24 hours to show so things may not always be accurate
  • There are strict terms that need to be followed when it comes to using the information returned from a lookup and these can be found usually be found at the bottom – It’s not shown in the screenshot as it was so big, to see them click here and scroll down
  • Sometimes registrars offer a privacy package that will hide the registrants contact information and replace it with the registrars instead, if you see a domain like this that’s trading as a business stay well away as it could be up to no good!