A word of warning about Kimsufi and ESXi

Kimsufi are well known for offering cheap dedicated servers and over the years I’ve had no problems until recently.

I purchased a KS-5 for running VMware ESXi on, it was a fairly good spec Xeon with 16GB of ram and 2TB disk space for about £30 a month plus a one time setup fee. It was quickly provisioned which was great, but after logging into my account I found a problem – There was no obvious place to order additional IPv4 addresses which rendered the server completely useless to me. I was prompted to select an operating system, so I did thinking this would make ordering IP addresses possible, but still nothing.

I contacted support immediately and asked if ordering additional IP addresses was possible, and if not to cancel and refund my account. They responded in a nut shell saying its not possible, and that because I’d installed the VMware template that they provided they wouldn’t refund me which was annoying, they also implied that because the service was so cheap I should be grateful and suggested using their sister brand SoYouStart, amusing.

Luckily I paid with PayPal so I opened a dispute and got my money back. It’s not about the money though, its about Kimsufi not making the facts clear and then fobbing you off. I’d usually recommend them, but not anymore.

I’ve since found a better provider, Online.net offering similar spec servers capable of running ESXi with, wait for it, the option to order additional IP addresses! Amazing.

A Sticky Problem with Glue Records and 1&1 Internet

Recently I had a tidy up with my hosting infrastructure which involved moving a slave DNS server from one IP address to another. The easy part was setting up the server and changing the existing DNS A record to point to the new IP address, the fun started when it came to updating the Glue record held with 1&1.

If you weren’t already aware a Glue record is something set by the domain registrar (1&1 in this case) that points directly to the server where the domains DNS records are kept. This makes it possible  to have domain names with nameservers that are a subdomain of itself, for example nerdkey.co.uk could point to ns1.nerdkey.co.uk and ns2.nerdkey.co.uk.

The last time I’d update Glue records with 1&1 was a good few years ago, but it was a simple case of logging into the control panel, searching for the domain and then heading to the record for subdomain, hitting an edit button and then changing the existing A record IP address for a new one but it wasn’t that easy this time round.

After a little trial and error and a lot of head scratching it seems that since they rolled out their new control panel it just isn’t possible anymore to set or update Glue records – you could see the records don’t get me wrong, just not update them. Not to worry though, their technical support team will be able to update the records, right? WRONG! I emailed them several times, making things as clear as possible whilst at the same time thinking that their support advisers would be savvy enough to understand terms used within the industry they work in, didn’t go too well.

In a nutshell, here is the correspondence between us:

  • [Me] – Outlined the domain, that I wanted Glue records updating and the exact subdomains and IP addresses
  • [Them] – Asked me to confirm if these changes has already been made as my website was working fine (not what I asked?)
  • [Me] – Sent a slightly reworded version of the first, again outlining the essential details and that it hadn’t been updated
  • [Them] – Confirmed that website was working fine again, asked me to clear my cache and reply with any error messages (did they even read the email?)
  • [Me] – Sent a similar email along the lings of the first and second stating that they are the domain registrar and this is something they need to do, again included essential details
  • [Me] – Emailed them to see if any updates available
  • [Them] – Replied asking me to confirm that I wanted the NS2 record updated as well (because the last emails didn’t state that?)
  • [Them] – Responded saying the nameservers may possibly need to be reverted back to them for this to work, but they used a special “tool” instead and said to wait up to 48 hours
  • [Them] – Replied this morning (after the domain was transferred and Glue set correctly with a different provider) saying that everything is now set correctly

Enough was enough, it got to a point where I’d given them over a weeks worth of my time and they’d done little more then send me a few standard responses and ask for confirmation which was already given. My last attempt to gain faith in them involved changing the nameservers back to them to see if it would work and allow me to set the records, it partly did – I managed to set the NS1-4 subdomains to the correct A records then updated the domains nameservers to another provider temporarily straight after to avoid any downtime and left it a few hours. I came back a few hours later and tried to set the nameservers back to ns1-4.koserver.co.uk but got an error message saying the nameservers weren’t registered and found out that the update to the temporary nameservers hadn’t taken affect, slowly grinding my entire hosting network to a halt – great!

I know I hadn’t waited the standard propagation times, but given the past experience and useless support and the fact that everything was slowly grinding to a halt, it was time to transfer. After research I’d narrowed things down to two providers – I wanted to give Name.com a try, but as their system for transferring in .UK’s wasn’t automated I abandoned that plan and went for NameCheap. Within an hour the domain was with them and Glue records were set through the control panel and things are slowly coming back online.

In all my years of website hosting I have never had such a catastrophic outage, aside from looking into a second domain to host nameservers all my domains with 1&1 will be transferred elsewhere.

So in summary, if you know what you’re doing don’t go with 1&1. You’ll be treated like an idiot and just wasting your time throwing emails back and forth with them. They don’t really read your emails and the fact they removed such a critical feature without telling anyone speaks volumes in my opinion, I mean they still have an old support article on how to set Glue records, obviously doesn’t work though. It is a shame, but that’s life.

Connect Directly to SunLuxy Camera Streams

For a while now I’ve used a cheap SunLuxy H.264 DVR as the heart of the CoopCam project and initially couldn’t get a direct link to the camera stream so had to screen captured the bog standard web interface using VLC and break the feed down into separate streams but recently after a fair bit of trial and error I discovered a much easier solution!

I had researched on and off for months, went through masses of trial and error with various software and ultimately found no solution but after being inspired again I headed to the DVR’s web interface to start from scratch. I stumbled across source code in a file called /js/view2.js that constructs an RTMP:// address to show live camera feeds through the web interfaces flash player – See snippet of code below:

dvr_viewer.ConnectRTMP(index, "rtmp://" + location.host, "ch" + index + "_" + (dvr_type=="main"?"0":"1") + ".264");

After removing the jargon the link came out as rtmp://dvraddress:port/ch#_#.264 with the first number being the channel you want to connect to (starting at 0) and the second being the stream (substream being 1 and main being 0)

I headed to VLC player, selected Open Network Stream and entered the following:

rtmp://192.168.0.100:81/ch0_0.264

Broken down you can see my DVR is on the local network as 192.168.0.100 at port 81  and that I wanted to view channel 1’s main stream, low and behold after a few seconds the camera started to play!

Notes

  • To convert the stream to something more useful you could use rtmpdump and ffmpeg on Linux systems
  • If you do something wrong and overload the DVR then you’ll hear a beep as the box reboots
  • If this works for you please comment your DVR make and model

Encrypted AES VPN tunnel between pfSense 2.3 and Draytek 2830

For a long time now I’ve managed several VMware ESXi servers and for easy management I’ve created a local area network on each making backups, monitoring and the usual sysad tasks a breeze.

The icing on the cake is that I recently swapped from m0n0walll to pfSense and went about setting up a lan to lan VPN tunnel to my home network, so now I can access everything locally as if I was on the same network.

Home Network

My home network uses a Draytek 2830 connected to a Virgin Media Superhub. Unfortunatley the Draytek is getting on a little bit now and doesn’t have the processing power to deal with my 100mbit connection speed, so I’ve had to double NAT the network using the Superhub in router mode and then DMZ everything towards the Draytek.

This isn’t a bad thing though as all the “dumb” wireless devices (mobile phones, Roku’s, Nest thermostat, etc) connect direct to the Superhub whilst my home server and everything crucial connect via the Draytek. All in all I get 70mbit through the Draytek on average and there’s plenty of bandwidth left for the devices connected to the Superhub.

In the example below the home network subnet will be 192.168.100.x

Remote Network

The remote network is pretty simple, they are all setup the same apart from x is a different number based on the virtual host name – a pfSense machine sits at x.1 and deals with traffic to the local network.

In the example below the remote subnet will be 192.168.150.x

Important

  • Each local area network must be on a seperate subnet, otherwise things can quickly get messy and conflict!
  • Make sure you use a secure pre-shared key, anything above 32 characters will do nicely
  • The example details below are fake, replace them with your own details if you want this to work

Configuring pfSense

The guide below lists only the parts you need to change, if the option isn’t listed then leave it as is

Fairly straight forward, go to VPN > IPSec > Click Add P1

  • Enter the Remote Gateway as the WAN IP address of the Draytek (or the Superhub in my case)
  • Enter a brieft description in the Description box
  • If you are double NAT’d like me select Peer identifer as KeyID tag then enter the WAN2 address of Draytek else leave as Peer IP address
  • Enter your pre-shared key in the Pre-Shared Key box
  • Press Save

That’s your Phase 1 entry configured, now for Phase 2:

Go to VPN > IPSec > Click on Show Phase 2 Entries for Home

  • Enter Remote Network as the home network subnet – 192.168.100.0/24
  • Put a brief description in the Description box
  • Set PSF Key Group to 2
  • Press Save and then hit Apply Changes

Finally, we need to create a firewall rule to allow traffic to pass over the VPN:

  • Go to Firewall > Rules > IPSec and click Add
  • Change Protocol to any
  • Enter a brief description in the Description box
  • Press Save any hit Apply Changes

Configuring the Draytek

Now it is time to configure the Draytek – Go to VPN and Remote Access > LAN to LAN

For Common Settings:

  • Enter a Profile Name
  • Tick Enable this profile
  • Make sure Call Direction is set to Both

For Dial-Out Settings:

  • Set type of server to IPSec Tunnel
  • Enter the Remote WAN IP in the Server IP/Hostname for VPN box
  • Enter the pre-shared key set previously in the Pre-Shared Key box
  • For IPSec Security Method set it to High (ESP)AES with Authentication
  • Under Advanced set IKE phase 1 propsal to AES256_SHa1-G14 and IKE phase 2 proposal to AES256_SHA1 then press OK

For Dial-In Settings:

  • Set the Allowed Dial-In Type to IPSec Tunnel
  • Tick the box to Specify Remote VPN Gateway and enter the remote network WAN IP
  • Enter the pre-shared key set previously in the Pre-Shared Key box
  • For IPSec Security Method untick all apart from High (ESP) – AES

Under TCP/IP Netowrk Settings:

  • Set Remote Network IP as the remote network subnet – 192.168.150.0

Hit OK at the very bottom to save the profile, leave it a few seconds and it should connect. If it doesn’t connect automatically, head to the IPSec Status page in pfSense and hit Connect manually

Bypass Queue-it.com’s Online Queuing Service

For Black Friday 2014 Currys enlisted the Queue-it.com online queuing service to presumably create some form of buzz and make impatient paying customers even more eager to see what amazing deals they had – there really weren’t that many.

A few people at work were trying to get onto their website but found themselves not getting very far being constantly pushed to the back of the queue. As a joke I was asked to get around the queue and within two minutes I was on the Currys website.

I tried reverse proxying and modifying my browser user agent string but still found I was being redirected, meaning something in the websites source code was redirecting me. After a quick look through the source I notice some Javascript coming from the Queue-it.com domain. I disabled Javascript and was browsing instantly!

So, disable Javascript and skip that queue!

Notes

  • If you are regularly faced with Queue-it.com’s incredibly useful service consider installing browser plugin such as AdBlock or NoScript to block the entire queue-it.com domain and resume happy browsing

Upgrade Windows Phone 8.0 to 8.1 Before Main Release Using Developer Preview

Recently I lost my smartphone and after lots of searching decided to give up and buy a new phone. As I only really use my phone for checking emails, a little remote desktop access and the odd bit of mobile banking I didn’t need anything overkill and I fancied a change from Android so I went for a Windows based Nokia Lumia 520.

The Lumia 520 can be picked up for £69.00 on O2 pay as you go (as of 01/07/2014, see here) but I paid a little extra and got mine the same day. I was initially blown away by the Windows Phone operating system as it was better than expected and I couldn’t find any flaws. I’d setup my email, installed the mobile banking app and so on which lead me to my final task which was to install the Remote Desktop app. You’d think this would be a straight forward task installing a Microsoft product on something Microsoft powered but no, when heading to the Microsoft Store on the phone the Remote Desktop app wasn’t showing so I searched the Microsoft Store online and it came up saying that it wasn’t compatible with the Windows Phone 8.0 operating system that was currently on the phone.

I had three options, to cry in the corner, wait for the update to be released or to try upgrade the phone manually. After a little research the update was said to be released within the “…first two weeks of July…” but there was no exact date and I just couldn’t wait.

After more research it turns out that you can use a free app called Preview for Developers which allows you to basically get the update there and then instead of having to wait.

Upgrading Windows Phone 8.0 to 8.1

Below you’ll find a guide on how to upgrade the Windows Phone operating system. Please note that any changes you do here are irreversible and this will no doubt void your warranty.

  • First things first we need to create a free account with Microsoft’s App Studio using the link found here as this will give you access to the developer previews service and give you the magical updates – I used my main Microsoft account that’s linked to the phone to keep things simple
  • Once you’ve created the account go to Microsoft Store on the phone, search Preview for Developers and install the app
  • Once the app has installed launch it and you will be asked to accept the terms and conditions and login using the account details created previously
  • Next you’ll see information about what the app does and so on, all we need to do here is tick the box next to Enable Preview for Developers and press done
  • Now that’s enabled head to Settings > phone update and press check now and then follow the on screen instructions – You may need to repeat this process several times as it took me two updates to prepare the phone before the update to Windows 8.1 was offered
  • After a little while you will now be running Windows 8.1! – You can check this by viewing Settings > about > more information under the OS version heading

Notes

  • Make sure your phone is fully charged before attempting any updates as things could seriously go wrong otherwise!
  • As with anything in development stages things may be a little buggy so be aware that you may stumble across the odd glitch every now and again
  • Although not tested I assume the same steps will work for phones other than the Nokia Lumia 520, if you can confirm this I’d be grateful

Run any Windows program as a different user

Sometimes you might need to run a program as a different user to the one you are logged in as and thankfully Windows has a command line tool for that!

Known as “Runas”, this little gem has been around since Windows Vista and will allow you to launch any program with the permissions of another user on your computer.

runas /user:administrator "C:\path\to\file.exe"

Virtualmin GPL on CentOS 5.8

Update: 08/03/2017: The following guide was originally written many moons ago for installing the Virtualmin GPL (free) control panel on CentOS 5.8 x86, however it will work exactly the same on the current version of CentOS (7.0).

The following guide will assume you are logged into your CentOS machine via command line, ready to enter the following commands.

First you will want select a temporary directory to Virtualmin installation file to. We will only use the downloaded file once so it’s pointless keeping it, so to free up space and put it in /tmp!

cd /tmp

Download the Virtualmin GPL installer:

wget http://software.virtualmin.com/gpl/scripts/install.sh

Run the installer:

sh install.sh

The installer will then launch and prompt you to approve if you’d like to proceed. Simply type “y” and press enter and the installation process will begin.

After a short while you will see a message saying the installation has been completed. You will then be able to login to installation of Virtualmin by heading to https://hostname-or-ipaddress:10000 using the root username and password.

Once logged in you will then be guided through a final configuration process, once completed the installation will be complete and ready for use. Another guide will be written soon to explain how to configure Virtualmin.

Notes

  • Depending on your CentOS installation you may get an error message about the Perl package being missing. To resolve this run the following command in terminal and then relaunch the installer:
    • yum install perl -y

Sunluxy H.624 DVR Factory Reset

I had previously purchased two Sunluxy DVR’s for various projects and was impressed with how easy they were get up and running, it was literally a straight forward task of fitting a hard drive and then setting and forgetting… literally… setting the admin password and then forgetting it.

Not to worry though, the user manual will have some helpful tips on what to do? Wrong! Poor translation meant the manual ended up in the bin, never mind the Internet will be able to help surely… maybe not. After much research I thought my box was going to end up living with the user manual in the bin but then I turned to good old fashioned trial and error as a last resort.

Factory Resetting the DVR

So lets get to the juicy bit! For the steps below you will need to be near your Sunluxy DVR but before you continue please be aware that this process will not only reset the admin password, it will also remove any settings entered previously such as network configuration, recording preferences and so on. The hard drive and all existing data will be left untouched.

  • First things first switch off your DVR. In my case there was a power switch on the back that I flicked, so far so good!
  • The next step is to hold the Back button (the one that lets you flick back to the previous menus – labelled with a back arrow, sometimes also labelled ESC) whilst switching the DVR back on, the button can be seen circled in the image below:
  • After a short delay you will see that all lights apart from the power light go out and hear a beep, this means the DVR has reset itself  and will automatically restart so release the Back button and you will see the DVR begin to boot as normal
  • Once everything has loaded you will then be able to login to your DVR using the default username of admin and leaving the password field blank

Notes

  • In this example we used a Sunluxy branded DVR, however this process (or something very similar) should work with most generic H.624 DVR’s as well
  • The steps above assume your monitor is connected via the VGA connection, as Chris suggested in the comments below, try using the BNC connection if you have trouble with menus not showing
  • Finally, if you could let me know if you run into any problems or if the process works on other brands or models I’d be grateful