Amazing A380 Traffic

While logging ADSB traffic around my area [ ~ 150 NM+ Coverage ] – I recorded 13 unique A380 registrations in less than 24 hours. Below is a log for reference.

REG Airline Date Squawk Type of Aircraft
9V-SKL Singapore Airlines 2014-12-05 17:14:34 7622 A388
9V-SKQ Singapore Airlines 2014-12-05 17:31:45 627 A388
9V-SKC Singapore Airlines 2014-12-05 18:33:29 3423 A388
HS-TUF Thai Airways International 2014-12-05 19:31:16 7612 A388
HS-TUB Thai Airways International 2014-12-05 19:39:49 2503 A388
D-AIMJ Lufthansa 2014-12-05 19:43:52 4626 A388
HS-TUE Thai Airways International 2014-12-05 21:17:46 6173 A388
HS-TUA Thai Airways International 2014-12-05 21:55:02 404 A388
9V-SKM Singapore Airlines 2014-12-05 22:10:25 2211 A388
9V-SKB Singapore Airlines 2014-12-05 23:12:07 2203 A388
D-AIMJ Lufthansa 2014-12-05 23:40:48 567 A388
D-AIME Lufthansa 2014-12-06 03:34:36 4614 A388
9V-SKR Singapore Airlines 2014-12-06 05:23:46 2046 A388

Howto :: LAMP Stack on Centos 7

Quick and Dirty install below!

Install HTTPD

sudo yum install httpd

Start and Enable Boot-Startup of httpd

sudo systemctl start httpd.service
sudo systemctl enable httpd.service

Install & Start / Boot-Start MariaDB ( A drop-in mysql replacement )

sudo yum install mariadb-server mariadb
sudo systemctl start mariadb
sudo systemctl enable mariadb.service

Secure Your MySQL Installation

sudo mysql_secure_installation

Add PHP & Mysql Support – Restart HTTPD

sudo yum install php php-mysql
sudo systemctl restart httpd.service

Optional Package Install – You can add PHP Extensions by using the ‘yum search’ command to find and ‘yum install’ to install.

yum search php-
sudo yum install pkg1 pkg2 etc.

Finally , Open up ports on FirewallD

sudo firewall-cmd --permanent --zone=public --add-service=http 
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

Optional – mcrypt and imagemagick support

yum install ImageMagick ImageMagick-devel
yum install php-mcrypt*

Service Management Cheat Sheet :: CentOS 6 & 7

Below is a conversion document for Centos 6 to 7 Service Management!

service systemctl Description
service name start
systemctl start name.service
Starts a service.
service name stop
systemctl stop name.service
Stops a service.
service name restart
systemctl restart name.service
Restarts a service.
service name condrestart
systemctl try-restart name.service
Restarts a service only if it is running.
service name reload
systemctl reload name.service
Reloads configuration.
service name status
systemctl status name.service
systemctl is-active name.service
Checks if a service is running.
service --status-all
systemctl list-units --type service --all
Displays the status of all services.

Here’s a conversion for chkconfig

chkconfig systemctl Description
chkconfig name on
systemctl enable name.service
Enables a service.
chkconfig name off
systemctl disable name.service
Disables a service.
chkconfig --list name
systemctl status name.service
systemctl is-enabled name.service
Checks if a service is enabled.
chkconfig --list
systemctl list-unit-files --type service
Lists all services and checks if they are enabled.

Asterisk Config for PTCL SmartLink App

PTCL has recently launched an app called “SmartLink” , Which provides you access to your phone line over SIP , essentially providing landline access from anywhere.

Since the land-line I have is only used for DSL and SmartTV, I wanted to set it up on SIP , so I can access it from any device.

PTCL uses Huawei SoftX 3000 Soft Switches for this service , I have had experience on these switches from my previous jobs and I know that it requires PRACK support to start off , In addition , while configuring , I noticed that the user_agent also needs to be set to a certain value for the registration to be successful.

I used chan_pjsip and asterisk 13 for this setup. Below is the configuration that works!

[ptcl]

type=registration 
transport=simpletrans 
outboundauth=ptcl 
serveruri=sip:SIPSERVER 
clienturi=sip:USERNAME@SIPSERVER 
expiration=900 
contactuser=USERNAME 
supportpath=yes

[ptcl]

type=auth 
auth_type=userpass 
password=PASSWORD 
username=USERNAME

[ptcl]

type=aor 
contact=sip:SIPSERVER:5060

[ptcl]

type=endpoint 
transport=simpletrans 
context=from-ptcl 
disallow=all 
allow=ulaw 
outboundauth=ptcl 
fromdomain = SIPSERVER 
fromuser = USERNAME 
dtmfmode = rfc4733 
force_rport = yes 
aors=ptcl 
timers_sess_expires=900 
100rel=yes

[ptcl] type=identify 
endpoint=ptcl 
match=SIPSERVER

Enable FaceTime on Your Middle-eastern iPhone/iPad

I was stuck with an iPhone purchased in the middle-east where Apple blocks FaceTime – Turns out that its just a matter of Carrier Bundles – Apple , from iOS 7 , started signing the carrier bundles , so they couldn’t be modified by end-customers , any modification would result in change of the signature with the modification over-written on reboot with a standard bundle. A developer team from china enabled modifications by releasing a com-center patch that allows an over-ride for the signature check.

You need to have a jail broken phone with Cydia installed.

1. First add the repo for chinasnow in cydia. The repo url is http://apt.chinasnow.net

2. Install com-center-for-ios-8 patch from the repo.

3. Reboot / Respring your phone

4. Open up iFile ( Can be installed from Cydia )

5. Edit /var/mobile/Library/CarrierBundle.bundle/carrier.plist ,  ( Use text viewer mode and click the Edit button to edit the file )

6. Add the following on the 5th line in the file,

<key>AllowsVoIP</key>
<true/>

7. Close the file and reboot your device.

You’ll have FaceTime available in the options and the FaceTime app icon will pop-up as well. If it doesn’t work , reboot again.

Cheers!

Ham Radio & Hamsphere

Since I have some time on my hands these days and I am playing mostly with SDR ( Software Defined Radio ) – I decided to read up on Ham Radio as well – Picked up the For Dummies guide and can’t put it down!

I searched around for something to start off, to practice while I am studying for my license and found Hamsphere (http://hamsphere.net) – It’s a wonderful piece of software which emulates the radio waves virtually and I have fallen in love with it – My call sign is 48HS1452 ! Here are a few of the wonderful QSLs I have received today.

3c4b1d807221923b3d8e9957c9d84de3

6abb0cb009d0f9c98553141ecc03e249

7f86a823cc47b71887dd4d151f5a2f8e

18f3979780ff23b479178dc0f499b182

64e36551df7fc43d11c966d03975ab37

0071ba2d37510ca993d8bb896eb6475a

204fbef3a20dbde63bee6f12da01aad0

639d47f781efbae6b39ba779c5756ba3

0790dc0db948f803f0f00ae28c57e110

9578a183f39367ff1493527efb6a0eba

22651f29087bbe502b47768209546371

a7010f36ef78c4707563333cf6d8f424

aca233e72c16751f145840d82d839441

aeeb206e1d0123b3344ee58578f5504b

d3a0e9df75f39eab606d062986384f62

dcb376c4b02bea9e85145e471df65796

f31447a811036f5fd086bc567cedace2

Open VPN Installation on Centos 6.5

In a rush , so will jot down the steps only. You’ll need epel repo

On CentOS 6 , that will be

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
sudo rpm -Uvh epel-release-6*.rpm

Once that is done ,

1. yum install openvpn easy-rsa
2. mkdir -p /etc/openvpn/easy-rsa/keys
3. cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
4. vi /etc/openvpn/easy-rsa/vars

Modify these parameters to suit your need

[...]
# Don't leave any of these fields blank.
export KEY_COUNTRY="PK"
export KEY_PROVINCE="Punjab"
export KEY_CITY="Multan"
export KEY_ORG="LinuxPakistan"
export KEY_EMAIL="vpn@linux.net.pk"
export KEY_OU="server"
[...]

5. cd /etc/openvpn/easy-rsa/
6. cp openssl-1.0.0.cnf openssl.cnf
7. source ./vars
8. ./clean-all
9. ./build-ca

Generating a 2048 bit RSA private key
......................................................+++
............................................................+++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [PK]: ----> Press Enter
State or Province Name (full name) [Punjab]: ----> Press Enter
Locality Name (eg, city) [Multan]: ----> Press Enter
Organization Name (eg, company) [LinuxPakistan]: ----> Press Enter
Organizational Unit Name (eg, section) [server]: ----> Press Enter
Common Name (eg, your name or your server's hostname) [server]: ----> Press Enter
Name [EasyRSA]: ----> Press Enter
Email Address [vpn@linux.net.pk]: ----> Press Enter

10. ./build-key-server server
11. ./build-key client ( if you want to use RSA Keys for Connectivity )

12. ./build-dh
13. cd /etc/openvpn/easy-rsa/keys/
14. cp dh2048.pem ca.crt server.crt server.key /etc/openvpn/
15. vi /etc/openvpn/server.conf

Use my configuration file from this post

And that should do it


IP Routing

vi /etc/sysctl.conf

Set the value of the parameter below to 1 to allow IP Packet Forwarding from VPN clients

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

Reload sysctl

sysctl -p

Finally some iptables magic to do the masquerading

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Save and Restart the Firewall

service iptables save
service iptables restart

Mikrotik :: Winbox for OS X

One word – Mikrotik’s Amazing!

The only problem is that they don’t have administration utility for OS X – Which causes nuisance when you only have a MAC at hand for setting up the router / switch.

I built a Winbox app using Wine Bottler for OS X which doesn’t use the dedicated graphic card and saves batter life. If anyone needs a copy – ping me and I’ll upload it!

 

OpenVPN Configuration

Below is the configuration i use for OpenVPN server , It supports user / password authentication,TCP mode and disables TLS which is not supported by Mikrotik ( atleast for now )

local IPADDRESS
port 1194
proto tcp
dev tun
tun-mtu 1420
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
#comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 5

Mikrotik OpenVPN Client Config

Following up on my previous post , Below is the configuration for setting up an OPENVPN Client on Mikrotik Router

 /interface openvpn-client add name="ovpn-out1" mac-address= max-mtu=1350 
      connect-to=SERVER_IP port=1194 mode=ip user="USERNAME" 
      password="PASSWORD" profile=default certificate=none auth=sha1 
      cipher=blowfish128 add-default-route=no 

After this goto IP > Firewall > NAT and add a SRC nat rule to masqurade all traffic going towards the VPN

/ip firewall nat add chain=srcnat action=masquerade out-interface=ovpn-out1 log=no log-prefix=""

oh and make sure you have a static route added for your VPN server IP address towards your primary gateway.

and that should be it!