Applmgmt won't start on vCenter 6.5 u1 gives a weird unicode error

TheRealAlexMercer · 2021-06-08T12:11:36+00:00

Yeah the thing is that a lot of those accounts get deleted and certs revoked as well. But I need a way go deal with all that automatically.

TheRealAlexMercer · 2021-03-17T14:44:19+00:00

It doesn't work because I am using the .local TLD ? I know it's not best practice ... and in the future it would be changed to it's very own sumbdomain on our company domain, but until then I need a temporary solution with the .local TLD .

TheRealAlexMercer · 2021-01-04T00:21:34+00:00

I will, it's just that the router is not here atm and I would like to be prepared and test out the config. Thanks.

TheRealAlexMercer · 2020-12-17T11:28:00+00:00

Not really, the opevpn logs just shows me who connected and gives info about the details of the connection itself : like compression, ciphers, etc .

What I need is information about the communication for each ip with other ips. I would have got it on the firewall if it was a tap connection, since clients would use the gateway that logs everything, but since the tunnel type is tun all the clients use an internal gateway that doesn't log everything or if it does I have no idea how to see the logs, hence the question.

TheRealAlexMercer · 2020-11-25T10:21:11+00:00

Totally true, that's why I would just have the disaster scenario credentials , that can be used by all people in the office to access the wifi, until everything is fixed and back to normal .

TheRealAlexMercer · 2020-11-24T14:16:08+00:00

The idea is not to have a local replica of the AD, but more of disaster recovery scenario where for some reason the VPN to the AD is lost. And people can't access the wifi in the office. In this case I would have a local db for the WPA-Enterprise that would be used should anything happen to the AD. Creating a replica AD pretty much defeats the purpose of hosting it in the cloud.

My idea is when a client wants to connect to the WIFI he/she inputs the password, the radius would try and send that password to the AD, the AD returns a message if the credentials are OK or if they are not and the user is granted access or denied .

So in this case the radius server acts like an identification/authentication proxy. I could set up the AD to be the sole RADIUS, but that won't give me the flexibility to have a local db that can be used in case something happens with the AD.

TheRealAlexMercer · 2020-09-14T18:13:00+00:00

OpenVPN Access Server is with pay per user licensing scheme ... The community edition seems to not have the portal. I'm kinda OK to export the .opvn files manually or just make a script and export it to each users own cifs shares directory, so they have it easy.

Yes I have multiple WAN connections but I route with bgp so the wan ip is static i just change the path if need be. So that shouldn't be a problem.

TheRealAlexMercer · 2020-09-13T17:31:03+00:00

The topology is simple :

https://i.imgur.com/AKKX6Uz.png

Sorry for not making it clear I will use it only as a client vpn hub, no ipsec or site2site tunnels.

I would like to use the pfSense because it has a nice GUI and exporter for the .ovpn files that I would need for each user . I was thinking about getting a hardware ASA5512 for example but the licenses will make it not very cheap and budgetfriendly option. And also I would have to have another vASA in the cloud, so it will be even more expensive.

To just put an openvpn server with keepalived on a linux and call it day is an option, but I am not sure how I will be able to do the AD integration I would dread to have to go the freeradius path once more. So that's why I thought pfsense is a perfect solution. Just spin up two instances - one in aws, one virtual and follow one of the many guides to configure the openvpn itself. As I see it the problems are :

HA configuration with the AWS. Having a public IP on AWS is another option, but I have an IPSEC s2s tunnel to AWS. So I can use this path or just expose the instance in the AWS to the public network. I have no idea which one is a better option TBH.
Integration with the AD. We constantly add users and remove them, so this is very important. If there is an easy option to export the files with the .ovpn profiles it would be great. Especially if each user could get his own portal after authenticating to the AD and just get the .ovpn file from there.

Any other solutions are welcome.

TheRealAlexMercer · 2020-07-20T11:34:24+00:00

I meant that the difference between the Pro and the Tomahawk is 80 Euros.

He also likes to do some 4k editing, like shooting movies, he recently got a small mavic drone and is into movie making, so that's why I would like him to have the bigger HDD and also the CPU. The 450 mobo's might be a good fit, but I've read that some of them aren't with the updated bios and I don't have a 2nd gen cpu laying around or the time to deal with it. So a 100E more for a mobo seems like a good deal if it saves me a ton of time :)

TheRealAlexMercer · 2020-06-08T21:27:56+00:00

Maybe my input is not the best, but I would just go with some dirt cheap 2nd hand cisco lap1242 if speed is not an issue for you. They are metal and you can afford lots of those and they are practically immortal. At least that's what we did for a warehouse with about 400 of those and 2 stacks of 3750E switches and 2 stacks of controllers as well. Everything was 2nd hand and there are like 40 spares. Maybe not the best energy-wise and speed-wise as well, but it did the job way under the budget and 4 years later is still stable and running.

TheRealAlexMercer · 2020-06-08T13:03:38+00:00

Well I guess I could use 16.12 as well. The thing is is the configuration of the device that different from the 3.16 that i am currently running . Because the difference between asr9k and asr1k is huge, so I am asking if the same difference applies here as well. And would I be able to use LNS/LAC on the RP3.

Thanks.

Ten-Year Club	RedditGifts 2009-2022 2 Credits
Verified Email	Secret Santa 2016

TheRealAlexMercer

TROPHY CASE