Slow SSH connections

Recently I noticed that my ssh connections would stop for a few seconds before prompting for a password.  It turned out that the SSH command was checking the DNS servers for the Server host key. This would consume some time while the SSH daemon would try get the key from the DNS servers.

12:35PM zzz:~# ssh -v master@myswitch
OpenSSH_6.6.1p1, OpenSSL 1.0.1j-freebsd 15 Oct 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to myswitch [10.202.13.230] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: identity file /home/user/ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
debug1: Remote protocol version 1.99, remote software version Comware-5.20
debug1: no match: Comware-5.20
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: RSA 41:3b:42:fd:ea:38:c8:27:f2:d4:7a:17:18:16:14:13
DNS lookup error: general failure  --> SSH stall here and does DNS requests (see tcpdump below)
debug1: Host 'myswitch' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:473
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent

 

The tcpdump shows that the daemon is doing SSHFP lookups but not getting any responses.

12:38:07.892258 IP zzz.xx.com.55994 > mydns.com.domain: 3790+ [1au] SSHFP? myswitch. (41)
12:38:12.910363 IP zzz.xx.com.33318 > vmydns.com.domain: 3790+ [1au] SSHFP? myswitch. (41)
12:38:17.926115 IP zzz.xx.com.25719 > vmydns.com.domain: 3790+ [1au] SSHFP? myswitch. (41)
12:38:22.965491 IP zzz.xx.com.29942 > mydns.domain: 3790+ [1au] SSHFP? myswitch. (41)

This can be easily turned off by editing /etc/ssh/ssh_config and setting “VerifyHostKeyDNS no”.  After setting this option, SSH skips the DNS lookups and goes straight to the known_hosts file.

 

debug1: Server host key: RSA 41:3b:42:fd:ea:38:c8:27:f2:d4:7a:17:18:16:14:13
debug1: Host 'myswitch' is known and matches the RSA host key.
Advertisements

Error mounting Samba Shares in FreeBSD

Over a number of years I’ve had an issue “reliably” mounting some samba shares from my Windows 7 machine. The FreeBSD machine and Windows machine are on the same LAN Subnet and have no firewalls between them. Generally I’ve also disabled the firewall on the win7 machine but still I cannot mount the samba shares (where as they were working previously).

The error given by the mount command does not help with troubleshooting.

root@zzz:~ # mount /data3
mount_smbfs: unable to open connection: syserr = Connection refused
root@zzz:~ # mount /data3
mount_smbfs: unable to open connection: syserr = Connection reset by peer

The options in the nsmb.conf file are nicely described in this man page. The default connectivity (port445 option) is normal which means it will attempt to connect via port 445. If that is unsuccessful, try to connect via NetBIOS over TCP/IP (ie TCP port 139).

In my case a wireshark shows that the connection to port 139 was being immediately dropped.

10:12:50.195293 IP 10.202.70.220.47946 > 10.202.70.162.139: Flags [S], seq 3682484936, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 4148422 ecr 0], length 0
10:12:50.195393 IP 10.202.70.162.139 > 10.202.70.220.47946: Flags [R.], seq 0, ack 3682484937, win 0, length 0

On the Windows machine I used the ifconfig command to check if NetBIOS over TCP/IP was enabled.

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
   Physical Address. . . . . . . . . : A0-B3-CC-FC-34-A5
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::95e:16e8:af2f:2493%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.202.70.162(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.202.70.151
   DHCPv6 IAID . . . . . . . . . . . : 245412812
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-41-B0-3E-A0-B3-CC-FC-34-A5
   DNS Servers . . . . . . . . . . . : 10.48.2.160
                                       10.48.2.162
   NetBIOS over Tcpip. . . . . . . . : Enabled

However this isn’t enough. Microsoft, for some unknown reason, only allows netbios to bind to one ip address on my windows interface. So if you have two ip address: 10.202.70.162 and 10.10.10.5 then netbios will bind to the lowest ip address (ie 10.10.10.5). The best way to check this is to use netstat:

C:\Users\myuser>netstat -an | find /i "139"
  TCP    10.10.10.5:139         0.0.0.0:0              LISTENING
  TCP    169.254.178.132:139    0.0.0.0:0              LISTENING
  TCP    192.168.56.1:139       0.0.0.0:0              LISTENING
  TCP    192.168.195.1:139      0.0.0.0:0              LISTENING

This can be easily fixed by removing the secondary ip address and rebooting the machine. NetBios will now bind to the correct address:

C:\Users\agarg>netstat -an | find /i "139"
  TCP    10.202.70.162:139      0.0.0.0:0              LISTENING
  TCP    169.254.178.132:139    0.0.0.0:0              LISTENING
  TCP    192.168.56.1:139       0.0.0.0:0              LISTENING
  TCP    192.168.195.1:139      0.0.0.0:0              LISTENING

The netbios bind address changes only if the following events happen:

1) On reboot, netbios will bind to the lowest ip address

2) On restarting the netbios process it will bind to the lowest ip address (Control Panel->Network Connections -> Lan Adapter -> IPv4 -> Properties -> Advanced -> WINS -> Disable/Enable netbios)

3) Removing the lowest numbered ip address, netbios will bind to the next lowest ip address

If you just add a “lower” ip address to an exiting interface then it will not change till the next event defined above. This is where the problem is! I would add a temp address to test a config and then 4-6 weeks later reboot the windows machine (to apply patches or install software) and suddenly the SMB mounts are no long working because netbios isn’t listening on the primary address anymore.

 

 

 

 

Enable Hibernate mode in Yosemite

I was recently gifted a new iMac for my birthday and it came with Mavericks which I was able to upgrade to Yosemite quite easily. One thing I really missed from my days of using windows was the Hibernate feature. I would always hibernate my machine rather than shutdown. The main reason was that the boot up was comparatively faster and all my applications were already running.

OSx does not have a similar option and the sleep mode meant that it was “always” powered on albeit using minimal power. Here’s how I changed my OSX to hibernate right away. Start a terminal window and

su -
<type the root password>
pmset -a hibernatemode 25
pmset -a standbydelay 1

<reboot iMac>

This now means when I click the sleep in the Apple menu, it will sleep for 1 second and then proceed to dump the system ram to disk and power off. Here is a copy of the man page for these commands.

SAFE SLEEP ARGUMENTS
     hibernatemode takes a bitfield argument defining SafeSleep behavior.
     Passing 0 disables SafeSleep altogether, forcing the computer into a
     regular sleep.

     0000 0001 (bit 0) enables hibernation; causes OS X to write memory state
     to hibernation image at sleep time. On wake (without bit 1 set) OS X
     will resume from the hibernation image. Bit 0 set (without bit 1 set)
     causes OS X to write memory state and immediately hibernate at sleep
     time.

     0000 0010 (bit 1), in conjunction with bit 0, causes OS X to maintain
     system state in memory and leave system power on until battery level
     drops below a near empty threshold (This enables quicker wakeup from
     memory while battery power is available). Upon nearly emptying the bat-
     tery, OS X shuts off all system power and hibernates; on wake the system
     will resume from hibernation image, not from memory.

     0000 1000 (bit 3) encourages the dynamic pager to page out inactive
     pages prior to hibernation, for a smaller memory footprint.

     0001 0000 (bit 4) encourages the dynamic pager to page out more aggres-
     sively prior to hibernation, for a smaller memory footprint.

     We do not recommend modifying hibernation settings. Any changes you make
     are not supported. If you choose to do so anyway, we recommend using one
     of these three settings. For your sake and mine, please don't use any-
     thing other 0, 3, or 25.

     hibernatemode = 0 (binary 0000) by default on supported desktops. The
     system will not back memory up to persistent storage. The system must
     wake from the contents of memory; the system will lose context on power
     loss. This is, historically, plain old sleep.

     hibernatemode = 3 (binary 0011) by default on supported portables. The
     system will store a copy of memory to persistent storage (the disk), and
     will power memory during sleep. The system will wake from memory, unless
     a power loss forces it to restore from hibernate image.

     hibernatemode = 25 (binary 0001 1001) is only settable via pmset. The
     system will store a copy of memory to persistent storage (the disk), and
     will remove power to memory. The system will restore from disk image. If
     you want "hibernation" - slower sleeps, slower wakes, and better battery
     life, you should use this setting.

     Please note that hibernatefile may only point to a file located on the
     root volume.
STANDBY ARGUMENTS
     standby causes kernel power management to automatically hibernate a
     machine after it has slept for a specified time period. This saves power
     while asleep. This setting defaults to ON for supported hardware. The
     setting standby will be visible in pmset -g if the feature is supported
     on this machine.

     standby only works if hibernation is turned on to hibernatemode 3 or 25.

     standbydelay specifies the delay, in seconds, before writing the hiber-
     nation image to disk and powering off memory for Standby.

 

Update 04/11/15: If you ever need to restore this back to the original settings, open System Preferences > Energy Saver and click “Restore to Defaults”. If the option is greyed out then you are already back to the original settings.

Running the Netapp Ontap 7-Mode 8.2.1 Simulator

The below is copied from a set of notes taken a while ago. I’ll update these as I go.

For VMware Workstation

  • Grab the vsim_netapp-7m.tgz from the Netapp Support site, untar / unzip it
  • This will uncompress a bunch of vmdk files. Most of these files are “individual” disk which will appear on the storage controller
  • Load the VMX file in VMware Workstation

 For ESXi

  • Grab the vsim_esx-7m.tgz from the Netapp Support site, untar / unzip it
  • Enable ssh on the exsi server
  • Copy the tar to the datastore1
  • Uncompress the image (tar -xvzf)
  • Run vmkload_mod multiextent  (https://communities.netapp.com/thread/24329)

 

Common Instructions

  • Boot the vm
    Ctrl-c during boot

1

Select option 4 to start with a fresh config

Provide a hostname, don’t use IPv6 or interface groups
Then setup an IP address and default gateway on e0a, the remaining interfaces can be setup later

When requested don’t provide an admin host (otherwise you will be restricted to use this machine configure the netapp)

netapp_ip

Setup root password when requested
Log in as root
Change the network interfaces setting to connect the correct physical network (Usually e0a is mapped to network adaper 1)

netapp_settings

  • You should now be able to ping and ssh to the netapp using root / pwd
  • Now install OnCommand System Manager 3.1  (I tired to use 3.1.1 but it refused to authenticate correctly stick with the older version)
  • Add the netapp to OnCommand System Manager using the root username/password

If the command manager does not work (connection refused) then its probably because the httpd wasn’t enabled during initial config. Fix as follows:

1) ssh to netapp

netapp1> options httpd
httpd.access legacy
httpd.admin.access legacy
httpd.admin.enable off
httpd.admin.hostsequiv.enable off
httpd.admin.max_connections 512
httpd.admin.ssl.enable off
httpd.admin.top-page.authentication on
httpd.autoindex.enable off
httpd.bypass_traverse_checking off
httpd.enable off
httpd.ipv6.enable off
httpd.log.format common
httpd.method.trace.enable off
httpd.rootdir /vol/vol0/home/http
httpd.timeout 300
httpd.timewait.enable off
3) options httpd.admin.enable true (enable access)
4) options httpd.admin.ssl.enable true (enable secure access)
netapp1> options httpd
httpd.access legacy
httpd.admin.access legacy
httpd.admin.enable on
httpd.admin.hostsequiv.enable off
httpd.admin.max_connections 512
httpd.admin.ssl.enable on
httpd.admin.top-page.authentication on
httpd.autoindex.enable off
httpd.bypass_traverse_checking off
httpd.enable off
httpd.ipv6.enable off
httpd.log.format common
httpd.method.trace.enable off
httpd.rootdir /vol/vol0/home/http
httpd.timeout 300
httpd.timewait.enable off

Now install the licenses from the OnCommand System Manager.  Click Config -> System tools -> Licences -> Add then paste the codes. Note, the ESXi version has different codes to the Vmware Workstation version.

The Netapp is now ready to configure and use.

Read my Netapp Storage Concepts (for network engineers) for more information on how to use the netapp.

 

Disk Structure in the Simulator

The 8.2.1 simulator starts off with:

  • 28 disks (2 shelves with 14 disks each)
netapp01*> storage  show disk
DISK                  SHELF BAY SERIAL           VENDOR   MODEL      REV
--------------------- --------- ---------------- -------- ---------- ----
v4.16                   ?    ?  08561200         NETAPP   VD-1000MB- 0042
v4.17                   ?    ?  08561201         NETAPP   VD-1000MB- 0042
v4.18                   ?    ?  08561202         NETAPP   VD-1000MB- 0042
v4.19                   ?    ?  08561203         NETAPP   VD-1000MB- 0042
v4.20                   ?    ?  08561204         NETAPP   VD-1000MB- 0042
v4.21                   ?    ?  08561205         NETAPP   VD-1000MB- 0042
v4.22                   ?    ?  08561206         NETAPP   VD-1000MB- 0042
  • pool 0 with 14 assigned disks (leaving 14 unowned disks)
  • aggr0, containing plex0, and rg0 (RAID group) with 3 disks in a RAID-DP configuration (1 data disk)
netapp01*> aggr status -v
           Aggr State           Status                Options
          aggr0 online          raid_dp, aggr         root, diskroot, nosnap=off, raidtype=raid_dp,
                                64-bit                raidsize=16, ignore_inconsistent=off,
                                                      snapmirrored=off, resyncsnaptime=60,
                                                      fs_size_fixed=off, lost_write_protect=on,
                                                      ha_policy=cfo, hybrid_enabled=off,
                                                      percent_snapshot_space=0%,
                                                      free_space_realloc=off

                Volumes: vol0

                Plex /aggr0/plex0: online, normal, active
                    RAID group /aggr0/plex0/rg0: normal, block checksums
  • vol0 in aggr0 – thick provisioned 871.916MB in size
netapp01*> vol size vol0
vol size: Flexible volume 'vol0' has size 871916k.


In onCommand click Storage -> Disks

netapp_disk

 

 

Enable access to the OS

Enter advanced mode and unlock the diagnostic user. This will allow you to look at the operating system files/logs

 ssh as root users, Enter a password and confirm.
 priv set advanced
 useradmin diaguser unlock
 useradmin diaguser password

Then launch the systemshell and login as diag and enter the password you have just set:

systemshell

netapp_diag

 

 

References

Netapp Cheat Sheet – Lists most basic cli commands

ESXi Install guide

Add Shelves to the simulator

SSH Key Exchange fails to Cisco devices

I upgraded my VM to use FreeBSD 10.1 and included with this was an upgrade to OpenSSH (OpenSSH_6.6.1p1). When you ssh to some Cisco devices using this version you cannot connect.

Debugging on the client side does not show much other than the connection is dropped.

OpenSSH_6.6.1p1, OpenSSL 1.0.1j-freebsd 15 Oct 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: ciphers ok: [aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc]
debug3: macs ok: [hmac-md5,hmac-sha1,hmac-ripemd160]
debug2: ssh_connect: needpriv 0
debug1: Connecting to rtr01.lpr [10.202.70.151] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/xx/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/xx/.ssh/id_rsa type 1
debug1: identity file /home/xx/.ssh/id_rsa-cert type -1
debug1: identity file /home/xx/.ssh/id_dsa type -1
debug1: identity file /home/xx/.ssh/id_dsa-cert type -1
debug1: identity file /home/xx/.ssh/id_ecdsa type -1
debug1: identity file /home/xx/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/xx/.ssh/id_ed25519 type -1
debug1: identity file /home/xx/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug2: fd 3 setting O_NONBLOCK
debug3: ssh_load_hostkeys: loading entries for host "rtr01.lpr" from file "/home/xx/.ssh/known_hosts"
debug3: ssh_load_hostkeys: found key type RSA in file /home/xx/.ssh/known_hosts:11
debug3: ssh_load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: kex_parse_kexinit: aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
debug2: kex_parse_kexinit: aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-md5
debug1: kex: server->client aes256-cbc hmac-md5 none
debug2: mac_setup: setup hmac-md5
debug1: kex: client->server aes256-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<8192<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Connection closed by 10.202.70.151

Debugging on the server site (ie on the cisco device) shows

Nov 24 05:46:22.944: SSH1: starting SSH control process
Nov 24 05:46:22.948: SSH1: sent protocol version id SSH-2.0-Cisco-1.25
Nov 24 05:46:22.952: SSH1: protocol version id is - SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
Nov 24 05:46:22.960: SSH2 1: SSH2_MSG_KEXINIT sent
Nov 24 05:46:22.960: SSH2 1: SSH2_MSG_KEXINIT received
Nov 24 05:46:22.968: SSH2:kex: client->server enc:aes256-cbc mac:hmac-md5
Nov 24 05:46:22.972: SSH2:kex: server->client enc:aes256-cbc mac:hmac-md5
Nov 24 05:46:22.980: SSH2 1: SSH2_MSG_KEX_DH_GEX_REQUEST received
Nov 24 05:46:22.980: SSH2 1: Range sent by client is - 1024 < 8192 < 8192
Nov 24 05:46:22.980: SSH2 1:  Client DH key range mismatch with max built-in DH key on server!
Nov 24 05:46:23.084: SSH1: Session disconnected - error 0x00

The Cisco device supports a maximum key length of 2048 where as the client is requesting a keylength of 8192. A debug from an older client shows that is request a smaller key:

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 145/256
debug2: bits set: 505/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

This change seems to have been introduced in OpenSSH v6.6 and I can’t find a way to turn this off. Cisco has registered a bug CSCuo76464 for this.

The simplest workaround seems to be to reorganize the KexAlgorithms in /etc/ssh/ssh_config by adding the following line:

KexAlgorithms diffie-hellman-group14-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

 

 

 

 

 

 

 

 

Installing FreeBSD 10.1 in VMWare

Install FreeBSD 10.1

Create a new VM machine with

  • OS Type Other, then select FreeBSD 64bit
  • 1 CPU
  • 512M DRAM
  • 50 G Disk with can be allocate as we go along

Download the a FreeBSD 10.1 AMD64 Boot ISO and boot off this image. Then select the following

  • Standard Install (others don’t fully install unless you pick all the options manually)
  • All distributions
  • Yes to the mouse
  • No packages (will build them from the ports)
  • Use the full disk for FreeBSD
  • Accept all the default mount sizes and options
  • Set the root password
  • Add your first user and invite them to the “wheel” group

Let the VM complete install and reboot. Now do the initial tasks

  • Update the ports & source tree using the process described here, make sure to use the correct RELENG tag
  • Add a cronjob to the root user to get this happening weekly. The crontab below does the following
    • Update the time
    • Update the ports tree
    • Update the docs
    • Update src tree
    • Update the locate database (which the locate command uses)
# Update time at 1am
0 1 * * * /usr/sbin/ntpdate au.pool.ntp.org > /dev/null 2>&1

# Update ports tree at 2am
0 2 * * * portsnap fetch update > /dev/null 2>&1

# Update docs tree at 3am
0 3 * * * svn update /usr/doc > /dev/null 2>&1

# Update src tree at 4am
0 4 * * * svn update /usr/src > /dev/null 2>&1

# Update locate db at 5am
0 4 * * * /usr/libexec/locate.updatedb > /dev/null 2>&1
  • Build a specific kernel if you like as shown here
  • Update your ip addressing and resolve.conf as required
  • Update your fstab & SMB mounts

I then I like to install the following packages:

  • Install zsh (/usr/ports/shells/zsh)
  • Install vim without X11 support (/usr/ports/editors/vim-lite)
    • The editors/vim includes gvim, the gtk version of vim.  If you just want the command-line vim, install editors/vim-lite
  • Install net-snmp (/usr/ports/net-mgmt/net-snmp/)
  • Install nmap (/usr/ports/security/nmap/)
  • Install calc (/usr/ports/math/calc)
  • Install whatmask (/usr/ports/net-mgmt/whatmask)
  • Install expect (/usr/ports/lang/expect)
  • Install wget (/usr/ports/ftp/wget)
  • Install quagga (/usr/ports/net/quagga)
  • Install SOAP:Lite (/usr/ports/net/p5-SOAP-Lite)
  • Install Dumper (/usr/ports/devel/p5-Data-Dumper)
  • Install XML:Xpath (/usr/ports/textproc/p5-XML-XPath)
  • Install Expect for perl (/usr/ports/lang/p5-Expect)
  • Install Net::SNMP (/usr/ports/net-mgmt/p5-Net-SNMP)
  • Install Socket (/usr/ports/net/p5-Socket)
  • Move the users crontabs

Converting OLM to PST

If you happen to be reading this post you probably already know what the title means. If you are still in the dark then let me explain:

Microsoft Outlook 2011 for Mac exports/imports all email to a file called OLM. Additionally it can only import email from PST files (ie files exported by Windows versions of Outlook). This basically means you can take your windows emails and move over to a Mac OSX machine quite easily. If how ever if you are disenchanted by the OSX version of Outlook then moving back is not so easy. If you Google there are a number of “paid” tools around which can convert the OLM to PST for you. I have a problem with the word “paid”, I believe it should be free. Why should I be locked into a platform, I should be able to take my data anywhere with me.

If you look for free solutions the best suggest you

1) create a new gmail account
2) connect to it using IMAP
3) copy all you email over to gmail
4) connect a Windows Outlook to the same Gmail account
5) pull the email back into your favorite version of Outlook

There are two issues I have with this

a) What if you are have huge number emails and they have big attachments. You are going to be waiting for a while for all this to be sent to the “cloud” and then back to your windows machine
b) Security. I’m totally against sharing my email with another party who probably will keep the email indefinitely. Think photos / confidential documents that were sent to you in emails.

The IMAP method however has merit. It not only allows conversion between OLM and PST but in reality it could be used to move from any email/operating system to another without issue. You are basically doing Source -> imap -> Destination and this a really novel technique.

To avoid my issues I am proposing to run a IMAP server locally. This way my data never leaves my local LAN. Here’s how to start

  • On your windows machine download hmailserver (free). It may ask to you install .NET2 if its not already install, let it do its thing.
  • During the install it will ask you for a admin password. Type one in and note it down
  • Once installed (no reboot required), start up “hmailserver Administrator” and select connect. Then type in the admin password you set during the install

Screen Shot 2014-11-17 at 10.32.27 pm

Screen Shot 2014-11-17 at 10.36.24 pm

  • Click Add domain and type in a random domain (can be anything). I chose to use convert.com, then click save

Screen Shot 2014-11-17 at 10.39.06 pm

  • When you click Save, the domain is added to the “Domain” tree. Expand the convert.com item and click Accounts -> Add
  • Provide a username and password (eg test) and then click Save

Screen Shot 2014-11-17 at 10.42.32 pm

  • Change the STMP message size from 20480k to 200480k, this will allow large attachments to be copied over
  • In Settings -> Protocols -> IMAP -> Advanced, change the Hierarchy delimiter to “/” from the default of “.” This is incase you have used “.” in your folder names

Now you can configure up Mac Outlook 2011 to connect to the server. Note the Incoming / Outgoing server should the ip address of the windows machine.

Screen Shot 2014-11-17 at 10.44.30 pm

  • You should now be able to drag all your folder from Mac Outlook over this imap account
  • Then use the same IMAP settings in the destination email program and pull the email over. Note that Oulook 2013 by default only syncs the last three months of emails. Change this slider to all the way to the right ie “All”