Ubuntu 16.04 on HP Spectre 13-v000nd

spectre-v000nd

As the HP Spectre 13-v000nd laptop is still fairly new I was surprised that Ubuntu Linux installed without any mayor issues, all hardware seems to work just fine straight from a clean install without any custom modifications to settings, drivers or modules.

The track-pad is fairly sketchy with random movements when you try to click on something, but it has the same behavior on windows (although it is a bit less than under Ubuntu) and has been mentioned in a number of reviews of the HP Spectre as an common issue. If you however only use a ‘touch’ press instead of a full click the issue seems to be gone, so this might be an issue that will be fixed by HP in a firmware upgrade sometime soon.

After a few hours I already got used to ‘touch pressing’ and as I mainly use an Bluetooth mouse the track-pad issue won’t bother me that much.

The following items all work just fine straight after install:

  • Sound
  • Wireless
  • Bluetooth
  • USB-C Gbit Ethernet (Adapter from StarTech)
  • Brightness Control
  • Function Keys
  • Standby/sleep
  • Keyboard Backlight


The following items work but have some issues:

  • Trackpad (random movements at mouse clicks, same behavior in windows)

Battery live is about 5,5 hours while actively using the machine and with screen brightness at about 90%, which is not to bad as my first test on windows was about 6 hours.

Installation Notes:

To install there are just a few steps to follow:
1) Create a Ubuntu 16.04 USB stick.
2) Disable secure boot in the BIOS. (Press F10 while booting)
3) Enable legacy support mode in the BIOS (system -> boot options).
4) Plug the USB stick in the most right USB-C port (The single one with USB icon, other ports won’t work)
5) Boot from the USB stick (Press F9 while booting)
6) Install..
7) Install tlp (apt-get install tlp)
8) Enjoy..

Monitoring Cisco ASA Cluster status

ASA-Cluster

 
 

There are multiple way’s of configuring High Availablity on a set of Cisco ASA firewalls.
One of them is clustering (Note that Active/Standby or Active/Active is not the same as a ASA Cluster)

As of now there is no way to monitor the cluster status using SNMP, the only way to check if your ASA cluster is up and running is by monitoring your interface status.
If the data interfaces of a single ASA change to a disconnected state you know something has gone wrong in your cluster.

However I wanted more, after contacting TAC they confirmed that there still is no way of monitoring the ASA cluster with SNMP so I had to find a different way.
Most I wanted is shown when you run the ‘show cluster info’ command from the system context (if you use contexts), so to monitor the ASA cluster status with Nagios all I needed was a output from this command.

For this I created two simple scripts (one in batch, the other in expect) to login with SSH and run the show cluster info command.
Now this is absolutely not the best way of monitoring, and as you need to provide the password somewhere in Nagios it is not the most secure way but it works and especially in a development environment it is a good way of knowing when something has gone wrong in the ASA cluster.

For this you need the two scripts and some modifications to your nagios setup (nagios core in my case), so download the following files:

1) Download both files and put then in your nagios libexec folder (/usr/local/nagios/libexec in my setup):

1
2
3
cd /usr/local/nagios/libexec/
wget https://raw.githubusercontent.com/darky83/Scripts/master/Nagios/ASA-Cluster-Status/check_asa_cluster.bash
wget https://raw.githubusercontent.com/darky83/Scripts/master/Nagios/ASA-Cluster-Status/check_asa_cluster.exp

2) Make the files executable:

1
chmod 755 check_asa_cluster.*

3) Edit nagios templates.cfg and add a new service, in my case I check only every 6 hours, no need to bash the ASA with ssh logins as long as we get a notification if something goes wrong once a day, so edit your templates.cfg and add the following section at the bottom.

1
2
3
4
5
6
7
	define service{
        	name                            asa-cluster-service
	        use                             generic-service
	        normal_check_interval           360
	        retry_check_interval            10
	        register                        0
        }

4) Add a new asa cluster test command in your commands.cfg file:

1
2
3
4
5
	# ASA Cluster test
	define command{
        	command_name    check_asa_cluster
	        command_line    $USER1$/check_asa_cluster.bash -H $HOSTADDRESS$ -U $ARG1$ -P $ARG2$ -M $ARG3$
	}

5) Add a new check somewhere in your host definition, note to change the hostname, ssh username, password and mode:

1
2
3
4
5
6
7
        # Cisco ASA Cluster status
	define service{
	        use                     asa-cluster-service
	        host_name               HOSTNAME_CHANGEME
	        service_description     Cisco ASA Cluster Status
	        check_command           check_asa_cluster!USERNAME_CHANGEME!PASSWORD_CHANGEME!MODE_CHANGEME
        }

The mode is a 0 if the monitored unit should be the cluster Master and a 1 if the unit should be a cluster slave, this way you can check if your cluster master status changes to another unit.

Hopefully Cisco will add support for ASA Clustering status monitoring in SNMP sometime soon so we won’t need workarounds anymore.

Status OK and the configured unit should be the master:
ASA-Cluster-master-ok

Status OK and the configured unit should be a slave:
ASA-Cluster-slave-ok

Status Critical when clustering is not enabled:ASA-Cluster-Critical

Category: linux | LEAVE A COMMENT

OpenVPN bridge and VMware ESXi


When you configure a bridged OpenVPN setup on a VMware ESXi (vSphere Hypervisor) you will notice that you can’t reach anything over the VPN except the OpenVPN host.

This is because VMware by default prevents the NIC to go into promiscuous mode so the bridge won’t work.
To fix this you need to change the VMware security policy to accept promiscuous mode.

  1. Go to ‘Configuration’ in the vSphere client.
  2. Select ‘Networking’ on the left.
  3. Click ‘Properties’
  4. Select ‘VM Network’ on the ‘Ports’ tab.
  5. Click ‘Edit’
  6. Go to the ‘Security’ tab.
  7. Select the check box for ‘Promiscuous Mode’ and select ‘Accept’.