Admins eHow SysAdmin Tips & Tricks

April 8, 2021

Resolving openconnect connection issues

Filed under: linux — Tags: , , , , — admin @ 4:43 am

Recently I have switched from OpenVPN to OpenConnect as my main VPN solution as somehow my ISP has blocked access to OpenVPN.
The first issue which I encountered was very familiar, connection hangs and a debug message like this “Failed to read from SSL socket: The transmitted packet is too large (EMSGSIZE)”, It was obvious to me that it has something to do with MTU settings so after some digging into docs I simply added the “–base-mtu 1450” argument to OpenConnect client and it resolved the first issue.
But the second issue was something much more baffling, some websites would work perfectly and some would hang in middle of loading or simply refuse to connect at all, after some more digging into forums, I found out the solution.

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

More info :
https://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.cookbook.mtu-mss.html
https://www.linuxtopia.org/Linux_Firewall_iptables/x4700.html

March 8, 2021

How to resolve openconnect “Failed to read from SSL socket: The transmitted packet is too large (EMSGSIZE)” error

Filed under: General — admin @ 11:37 am

This issue can occur when you are running the openconnect in dtls mode which is by default and it can halt the connection completely. It is related to MTU size of the connection and size of the packets. in order to fix it, you should decrease the MTU of the connection until this error goes away. Just add the following option to openconnect config file or command line (of course the config file doesnt need two dashes) :

--base-mtu=1450

if you still get the error message, keep decreasing the 1450 value by 50 points until this error goes away.

November 8, 2019

How to block a cPanel user from sending spam/email

Filed under: cPanel — Tags: , , , , , — admin @ 10:43 am

Run the following commands as root on cPanel server.

Block :

whmapi1 suspend_outgoing_email user=USERNAME

Unblock :

whmapi1 unsuspend_outgoing_email user=USERNAME

October 23, 2019

How to limit the number of incoming connections to a specific port

Filed under: linux,Security — Tags: , , , , — admin @ 11:47 pm

Replace [PORT] & [CON_NUM] with respected values.

iptables -I INPUT -p tcp --syn --dport [PORT] -m connlimit --connlimit-above [CON_NUM] --connlimit-mask 0 -j REJECT --reject-with tcp-reset

October 22, 2019

How to add rc.local in Debian 9 & 10

Filed under: Debian,linux — Tags: , , — admin @ 10:59 am

Debian has removed rc.local from its recent releases.
I have created a simple script which adds rc.local back to the system.
You need to run the following command as root:

bash <(curl -s https://www.adminsehow.com/wp-content/uploads/2019/10/rc-local.txt)

or if you are skeptical to run a script from internet, you can create rc-local.txt yourself and run it.
rc-local.txt :

#!/bin/bash

echo '[Unit]
Description=/etc/rc.local
ConditionPathExists=/etc/rc.local

[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99

[Install]
WantedBy=multi-user.target' > /etc/systemd/system/rc-local.service


echo '#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

exit 0' > /etc/rc.local

chmod +x /etc/rc.local
systemctl enable rc-local

April 6, 2019

Generate new openvpn client from an existing CA

Filed under: General — admin @ 5:41 pm
openssl genrsa -out client.key 4096
openssl req -sha256 -out client.csr -key client.key -new -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=client"
openssl x509 -sha256 -req -days 365 -CA ca.crt -CAkey ca.key -in client.csr -set_serial 01 -out client.crt

September 10, 2017

Countries IP address/range/blocks list

Filed under: Networking — Tags: , , , , — admin @ 2:11 pm

http://ipdeny.com/ipblocks/

August 20, 2017

E2Streamer – Easily Stream from any Enigma2 based STB to your PC

Filed under: Windows — Tags: , , , , — admin @ 1:47 am

I have written a small C# program which makes it very easy to stream from any enigma2 based STB to your PC.
It retrieves the STB bouquets using the STB IP address and then you can stream the channels by double clicking on the channel names.
It uses VLC to stream the channels and VLC should be installed in the default location “C:\Program Files\VideoLAN\VLC\vlc.exe”.

20/08/2017 :
– Initial Release

05/09/2017 :
– Version bumped to 1.1
– Added “Zap to Channel” Checkbox
– Added “Minimize to Tray” Checkbox
– Added “UnZap !” Button
– Added Copyright info

06/09/2017 :
– Version bumped to 1.2
– Added OnScreen Icon
– Added Quit button
– Bug fixes

07/09/2017 :
– Version bumped to 1.3
– Added “Select Player” button
– Bug fixes

23/02/2018 :
– Version bumped to 1.4
– Bug fixes

26/09/2018 :
– Version bumped to 1.5
– Running the app twice, restores the app
– Bug fixes

Download links:
E2Streamer 1.5
E2Streamer 1.4
E2Streamer 1.3
E2Streamer 1.2
E2Streamer 1.1
E2Streamer 1.0

August 14, 2017

Download YouTube videos on raspberry pi on a certain time of the day using aria2

Filed under: General — admin @ 11:40 pm

In this post I am going to show you how to setup a system to download YouTube videos on a raspberry pi on a certain time of the day !
I know this is a weird case of usage, but if your internet speed is low and cant watch YouTube videos directly or your daily internet traffic is limited, it may be useful. it can download your favorite YouTube videos for you when you are sleep !
This is actually not a simple system and I am not going through all of the details because the post will become very long and I am lazy :p. I will provide the information which you can not find anywhere else, other steps can be found on other websites.
So here is our design :

Youtube -> Chrome extension -> API (PHP file) on raspberry pi -> a file (/etc/youtube) containing YouTube links
Cronjob 1 -> Process /etc/youtube -> Get download links -> Aria2 (paused mode)
Cronjob 2 -> Start Aria2

Lets start with chrome extension, it is a very simple extension and consists of 2 files.
You can download the extension source by this link : youtube-chrome-ext download
Unzip this file and open sample.js
On line 15 you will see this :

client.get("http://192.168.101.1/ydl.php?url=" + info.linkUrl, function(response) {});

Change 192.168.101.1 to your own raspberry pi IP address.
Now open chrome extensions page chrome://extensions/ and enable developer mode. “Load unpacked extension” button will appear, click on it and browse to extension folder and select it. it will install the extension inside chrome.
Now if you click on any link inside chrome, you would see a new option called “YouTube Downloader”, clicking on it will send the link to our raspberry pi API which we will implement in next step.

Now lets create our PHP API file, needless to say you need to have a web server and PHP installed on your raspberry pi.
Create a file named ydl.php in /var/www/html folder with the following source :

<?php
header('Access-Control-Allow-Origin: *');
$url=$_GET["url"]."\n";
$file = '/etc/youtube';
$current = file_get_contents($file);
$current .= $url;
file_put_contents($file, $current);
?>

As you can see this is a very simple API. it appends the YouTube links which are sent by our chrome extension to a file named /etc/youtube.
As this file does not exist at the first time, lets create it and give it proper permissions. run following commands on raspberry pi :

touch /etc/youtube
chmod 666 /etc/youtube

Now it is time to test our API, open YouTube website, right click on several videos and choose “YouTube Downloader” then check the contents of /etc/youtube on raspberry pi, the links should be there.

Next step is to create the scripts which process /etc/youtube file and send the download links to Aria2.
Create the following files with their respective sources :
/usr/bin/process_youtube :

#!/bin/bash
while IFS='' read -r line || [[ -n "$line" ]]; do
        /usr/bin/a2youtube.py $line
done < /etc/youtube

rm /etc/youtube.old
mv /etc/youtube /etc/youtube.old
touch /etc/youtube
chmod 666 /etc/youtube

/usr/bin/a2youtube.py :

#!/usr/bin/python
import xmlrpclib,sys,commands
out=commands.getoutput("/usr/local/bin/youtube-dl -f 'best' -g -e --get-id "+sys.argv[1])
s = xmlrpclib.ServerProxy('http://localhost:6800/rpc')
if (len(out.splitlines()[0].strip())<10):
        fn=out.splitlines()[1]
else:
        fn=out.splitlines()[0].strip()

s.aria2.addUri("token:XXXX",[out.splitlines()[2]],dict(out=fn+".mp4",pause="true"))

set proper permissions for both files :

chmod 755 /usr/bin/process_youtube
chmod 755 /usr/bin/a2youtube.py

As you can see we will be using python for second script. so you need to have python installed as well.
There is also another program which is responsible to get the download link for us named youtube-dl.
You should install the latest version from this link : https://rg3.github.io/youtube-dl/

The reason that I chose to use Aria2 is that it is a VERY good and flexible download manager, better than anything else that you can find on Windows or Mac hands down so I highly recommend it. You need to install Aria2 as well : https://aria2.github.io/
here is my aria2 config file :

dir=/media
file-allocation=falloc
continue=true
log-level=notice
check-certificate=false
max-connection-per-server=16
split=16
summary-interval=120
daemon=true
enable-rpc=true
enable-dht=true
max-concurrent-downloads=2
http-auth-challenge=true
log=/var/log/aria2/aria2.log
disable-ipv6=true
disk-cache=25M
timeout=600
retry-wait=30
max-tries=50
save-session=/home/pi/session.gz
input-file=/home/pi/session.gz
seed-time=0
min-split-size=1M
rpc-secret=XXXX
rpc-listen-port=6800
rpc-listen-all=true

Pay attention to last 3 lines of config specially rpc-secret. it is a token that other programs will use to communicate with aria2 daemon. so change XXXX to a password of your choosing. also notice the “token:XXXX” in the /usr/bin/a2youtube.py file. change XXXX to the password that you set in aria2 config file.
You can (should) also install a web user interface for Aria2 from this link : https://github.com/ziahamza/webui-aria2
The webui will act as GUI for aria2 in your web browser so you can see what it is doing and control it as u wish.

If you pay attention to the python code you would see that it adds the links in paused mode :

s.aria2.addUri("token:XXXX",[out.splitlines()[2]],dict(out=fn+".mp4",pause="true"))

The reason is that if we start to download immediately, youtube-dl may fail to get other links from YouTube website because your download bandwidth is full (thats the point).
so we need 2 more scripts to start/stop Aria2 :
/usr/bin/a2stop.py :

#!/usr/bin/python

import xmlrpclib
s = xmlrpclib.ServerProxy('http://localhost:6800/rpc')
s.aria2.pauseAll("token:XXXX")

/usr/bin/a2start.py :

#!/usr/bin/python

import xmlrpclib
s = xmlrpclib.ServerProxy('http://localhost:6800/rpc')
s.aria2.unpauseAll("token:XXXX")

dont forget to set proper permissions :

chmod 755 /usr/bin/a2start.py
chmod 755 /usr/bin/a2stop.py

and change XXXX to the secret that you set in aria2 config file.
now you can create the cronjobs :

2 3 * * * /usr/bin/process_youtube
5 3 * * * /usr/bin/a2start.py
55 8 * * * /usr/bin/a2stop.py

It will add YouTube links to aria2 @ 3:02 AM
Starts all downloads in aria2 @ 3:05 AM
Pauses all downloads in aria2 @ 8:55 AM

Good luck on implementing this system, it is not easy. But you will learn a lot if you try and you are persistent.

April 26, 2017

Email to Telegram gateway

Filed under: PHP — Tags: , , , — admin @ 7:21 am

1.Create your own Telegram bot based on this tutorial :
https://www.domoticz.com/wiki/Telegram_Bot
or this one :
https://www.forsomedefinition.com/automation/creating-telegram-bot-notifications/
2.Create an email forwarder in cPanel and pipe it into a PHP script. make sure the script is executable (755 permission).
3.Here is the php script that will forward the email to your telegram bot :
Dont forget to adjust $url variable in telegram function based on first step.

#!/usr/local/bin/php -q
<?php
function mailRead($iKlimit = "")
{
	if ($iKlimit == "") {
		$iKlimit = 1024;
	}
	$sErrorSTDINFail = "Error - failed to read mail from STDIN!";
	$fp = fopen("php://stdin", "r");
	if (!$fp) {
		echo $sErrorSTDINFail;
		exit();
	}
	$sEmail = "";
	if ($iKlimit == - 1) {
		while (!feof($fp)) {
			$sEmail .= fread($fp, 1024);
		}
	}
	else {
		while (!feof($fp) && $i_limit < $iKlimit) {
			$sEmail .= fread($fp, 1024);
			$i_limit++;
		}
	}
	fclose($fp);
	return $sEmail;
}

function telegram($m)
{
	$url = 'https://api.telegram.org/botxxxxxxx:xxxxxxxxx/sendMessage?chat_id=xxxxx&text=';
	$url .= urlencode($m);
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, $url);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
	$response = curl_exec($ch);
	curl_close($ch);
}

$mail = mailRead(4096);
$lines = explode("\n", $mail);

$from = "";
$subject = "";
$headers = "";
$message = "";
$splittingheaders = true;

for ($i = 0; $i < count($lines); $i++) {
	if ($splittingheaders) {
		$headers .= $lines[$i] . "\n";
		if (preg_match("/^Subject: (.*)/", $lines[$i], $matches)) {
			$subject = $matches[1];
		}
		if (preg_match("/^From: (.*)/", $lines[$i], $matches)) {
			$from = $matches[1];
		}
		if (preg_match("/^To: (.*)/", $lines[$i], $matches)) {
			$to = $matches[1];
		}
	}
	else {
		$message .= $lines[$i] . "\n";
	}
	if (trim($lines[$i]) == "") {
		$splittingheaders = false;
	}
}

telegram("From: $from\nSubject: $subject\nMessage: $message");
?>
Older Posts »

Powered by WordPress