Recently I added a mikrotik’s base netwatch script on a network to monitor WAN link , and if no ping received from the the WAN host (Example: 8.8.8.8), the down script changes the backup link route to take priority over primary link. But the issue is NETWATCH is kind of un reliable method to check internet connectivity, because it can check only single host at a time, also if your wan link is week or heavily used resulting in few ping timed out which is sometimes common (for example 3 out of 10 replies misses) Netwatch sometimes consider the target link DOWN. the Netwatch gives a “DOWN” status immediately upon a missed ping – irregardless of the Timeout setting.

So to prevent that we must use a method via which we can check at least two or more hosts on Internet like IPS Gateway IP and any other reliable host like 8.8.8.8 (or any other host in your particular region) , if it fails to receive at least 5 replies from each of host, then it will consider the link DOWN. If one host is working and second is down, it will also consider it as UP. kind of cross verification.If 2 out of 5 ping misses, it will still consider the link UP.

Multiple HOST check is recommended, Because if you are using single host check script or netwatch,then some times it can happen that 8.8.8.8 ping reply is not receiving dueto various reason (either its down or isp have blocked ), but rest of internet is working fine, but even then the script/netwatch will consider the LINK is down dueto its single host check. That’s why multi host check is recommended.

ROS SCRIPT CODE: (Script name= monitor)

# Following script is copied from the Mikrotik forum.
# Thanks to mainTAP and rextended for sharing
# http://forum.mikrotik.com/viewtopic.php?f=9&t=85505
# Modified few contents to suite local requirements and added descriptions
# Regard's / Syed Jahanzaib / http://aacable.wordpress.com

# Script Starts here...
# Internet Host to be checked You can modify them as per required, JZ
:local host1   "8.8.8.8"
:local host2   "208.67.222.123"

# Do not modify data below without proper understanding.
:local i 0;
:local F 0;
:local date;
:local time;
:global InternetStatus;
:global InternetLastChange;

# PING each host 5 times
:for i from=1 to=5 do={
if ([/ping $host1 count=1]=0) do={:set F ($F + 1)}
if ([/ping $host2 count=1]=0) do={:set F ($F + 1)}
:delay 1;
};

# If both links are down and all replies are timedout, then link is considered down
:if (($F=10)) do={
:if (($InternetStatus="UP")) do={
:log error "WARNING : The INTERNET link seems to be DOWN. Please Check";
:set InternetStatus "DOWN";

##      ADD YOUR RULES HERE, LIKE ROUTE CHANGE OR WHAT EVER IS REQUIRED, Example is below ...
##     /ip route set [find comment="Default Route"] distance=3
##     /ip firewall nat disable [find comment="Your Rules, Example"]

:set date [/system clock get date];
:set time [/system clock get time];
:set InternetLastChange ($time . " " . $date);
} else={:set InternetStatus "DOWN";}
} else={

##      If reply is received , then consider the Link is UP
:if (($InternetStatus="DOWN")) do={
:log warning "WARNING :The INTERNET link have been restored";
:set InternetStatus "UP";

##      ADD YOUR RULES HERE, LIKE ROUTE CHANGE OR WHAT EVER IS REQUIRED, Example is below ...
##     /ip route set [find comment="Default Route"] distance=1
##     /ip firewall nat enable  [find comment="Your Rules, Example"]

:set date [/system clock get date];
:set time [/system clock get time];
:set InternetLastChange ($time . " " . $date);
} else={:set InternetStatus "UP";}
}

# Script Ends Here.
# Thank you

.

Scheduler to run script auto

To add scheduler to run script after every 5 minutes (or as required), use following code

/system scheduler
add disabled=no interval=5m name="Monitor WAN connectivity Scheduler / JZ" on-event=monitor policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=jun/12/2014 start-time=\
00:00:00

Don’t forget to change the script name monitor in above scheduler to match the name you set for the script.
Example: on-event=monitor

.

Define Static Routes for Monitoring Host – for Route Changing

If  you are using this script to change internet route to backup link, then you must define static routes for the host you are monitoring. So that your monitored hosts should always (forcefully) go via Primary Link.

/ip route
add comment="Force this HOST via Primary Link" disabled=no distance=1 dst-address=8.8.8.8/32 gateway=192.168.1.1 scope=30 target-scope=10
add comment="Force this HOST via Primary Link" disabled=no distance=1 dst-address=208.67.222.123/32 gateway=192.168.1.1 scope=30 target-scope=10

Note: Make sure to change gateway 192.168.1.1 to primary internet link gateway.

.

.

Regard’s
Syed Jahanzaib

Just for reference purpose:

Recently I was testing some disaster recovery scenario of restoring Server A to Server B with identical hardware using Symantec Backup EXEC 2014 Simplified Disaster Recovery [SDR]CD. The hardware specs were as follows …

IBM Xseries 3650 M4, with RAID1
Dual Q.Logic Fiber Channel cards Mode: QLE2560 connected with two FC switches for multi path and failover
32 GB RAM,
IBM v3700 storewize SAN Storage

The restore went fine , system boot fine for the first time with everything intact, but when I rebooted it again , it failed to boot and shows only cursor blinking,  As showed in the image below …

I tried to boot it several times but with no results. I then removed the FC cables from the server’s Qlogic FC cards, and this time windows booted fine.

Solution:

I started the server without FC cables attached, then I removed the Windows MPIO features from ADD REMOVE FEATURES, and rebooted again with FC cables attached, and this time it works fine but showed duplicate SAN partitions. Then I applied IBM’s SSDM MPIO driver (MPIO_Win2008_x64_SDDDSM_64_2434-4_130816 for v3700 storewize)  and everything went fine :)

You may also want to read the IBM’s article.

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5081613

.

Regard’s
Syed Jahanzaib

Following is an automated script to install LUSCA r14942 for UBUNTU with aggressive content caching support including some video web sites like YOUTUBE and few others as described in my other article @
http://aacable.wordpress.com/2014/04/21/howto-cache-youtube-with-squid-lusca-and-bypass-cached-videos-from-mikrotik-queue/

I will add more n more functions as soon as I get some free time, like configurable options via choice menu like cache size, mem, and other variables.

SCRIPT FUNCTIONS . . . 

This script will do the following

• Update Ubuntu
• Install some components required for Compilation of Lusca/Squid package
• Backup squid.conf if already in /etc/squid.conf with squid.conf.old, stop any running squid instance
• Download LUSCA r14942 source package to /temp folder and compile it
• Download squid.conf and storeurl.pl from the internet and place them in /etc/squid.conf
• Create cache directory like in /cache-1 and default cache size is 5 GB
• add squid in /etc/rc.local so it may start auto upon system reboot

Note: You should modify all options in /etc/squid.conf after installation , like cache_dir, cache_mem and others as per your network and hardware specifications.

REQUIREMENTS . . .

1- Fresh Installation of UBUNTU OS and Configure Internet Access
2- root access to execute script
3- REMOVE ANY KIND OF PREVIOUSLY INSTALLED SQUID INSTALLATION IF ANY
4- Upload or create script in any folder of Ubuntu box,

or create new script with following commands

mkdir /temp
cd /temp
touch lusca_install.sh
chmod +x lusca_install.sh
nano lusca_install.sh

and paste the following code . . .

#!/bin/bash
# Version 1.0 / 2nd July, 2014
# LUSCA r14942 Automated Installation Script for Ubuntu flavor / jz
# Syed Jahanzaib / aacable @ hotmail.com  / http://aacable.wordpress.com

# Setting Variables . . . [JZ]
#URL=http://aacable.rdo.pt/files/linux_related/
URL=http://wifismartzone.com/files/linux_related/lusca
SQUID_DIR="/etc/squid"
CACHE_DIR="/cache-1"
pid=`pidof squid`
osver=`cat /etc/issue |awk '{print $1}'`
squidlabel="LUSCA_HEAD-r14942"

# Colors Config  . . . [[ JZ . . . ]]
ESC_SEQ="\x1b["
COL_RESET=$ESC_SEQ"39;49;00m"
COL_RED=$ESC_SEQ"31;01m"
COL_GREEN=$ESC_SEQ"32;01m"

# OS checkup for UBUNTU
echo -e "$COL_GREEN Lusca r14942 Automated Installation Script ver 1.0 for Ubuntu . . .$COL_RESET"
echo -e "$COL_GREEN Checking OS version, as it must be Ubuntu in order to Continue . . .$COL_RESET"
if [[ $osver == Ubuntu ]]; then
echo
echo -e "$COL_GREEN Ubuntu is installed with following information fetched. $COL_RESET"
lsb_release -a
sleep 3
else
echo -e "$COL_RED Sorry, it seems your Linux Distribution is not UBUNTU . Exiting ...$COL_RESET"
exit 1
fi

# Make sure only root can run our script / Checking if user is root, otherwise exit with error [[Jz]]
echo
echo -e "$COL_GREEN Verifying if you are logged in with root privileges  . . .$COL_RESET" 1>&2
FILE="/tmp/out.$$"
GREP="/bin/grep"
if [ "$(id -u)" != "0" ]; then
echo
echo -e "$COL_RED This script must be run as root, switch to root now . . .$COL_RESET" 1>&2
exit 1
fi

# Clearing previous download if any in /tmp folder
echo
echo -e "$COL_GREEN Clearing previous downloads if any in /tmp folder to avoid duplication$COL_RESET"
sleep 3

rm -fr /tmp/squid.conf
rm -fr /tmp/storeurl.txt
rm -fr /tmp/storeurl.pl
rm -fr /tmp/LUSCA_HEAD-r14942*

# Checking IF $URL is accessible m if YES then continue further , otherwise EXIT the script with ERROR ! [[ JZ .. . .]]
echo
echo -e "$COL_GREEN Checking if $URL is accessible in order to proceed further. . .!! $COL_RESET"
cd /tmp
wget -q $URL/squid.conf
{
if [ ! -f /tmp/squid.conf ]; then
echo
echo -e "$COL_RED ERROR: Unable to contact $URL, or possibly internet is not working or your IP is in black list at destination server  !! $COL_RESET"
echo -e "$COL_RED ERROR: Please check manual if $URL is accessible or not or if it have required files, JZ  !! $COL_RESET"
exit 0
fi
}
rm -fr /tmp/squid.conf
sleep 6
# Moving further . . .

clear
echo -e "$COL_GREEN You are logged in with root ID, Ok to proceed further . . .!! $COL_RESET"
echo

################################################################## [zaib]
echo
echo -e "$COL_GREEN Updating Ubuntu first . . . !! $COL_RESET"
apt-get update
echo
echo
echo -e "$COL_GREEN Installing required components . . . !! $COL_RESET"
sleep 3
apt-get install  -y gcc  build-essential   libstdc++6   unzip    bzip2   sharutils  ccze  libzip-dev  automake1.9  libfile-readbackwards-perl  dnsmasq

# Clearing OLD data files . . .
{
if [ -f $SQUID_DIR/squid.conf ]; then
echo
echo
echo -e "$COL_RED Previous SQUID configuration file found in $SQUID_DIR ! renaming it for backup purpose . . . $COL_RESET"
mv $SQUID_DIR/squid.conf $SQUID_DIR/squid.conf.old
else
echo
echo
echo -e "$COL_GREEN No Previous Squid configuration have been found in $SQUID_DIR. Proceeding further $COL_RESET"
fi
}

# Checking SQUID status if its already running - check by PID
if [ "$pid" == "" ]; then
echo
echo
echo -e "$COL_GREEN No SQUID instance found in memory , so it seems we are good to GO !!! $COL_RESET"
else
echo
echo -e "$COL_RED SQUID is already running, probably you have some previous copy of SQUID installation, Better to stop and remove all previous squid installation !! $COL_RESET"
echo
echo -e "$COL_RED KILLING PREVIOUS SQUID INSTANCE by killall -9 squid command  !! $COL_RESET"
killall -9 squid
sleep 3
fi

# Downloading Squid source package [zaib]
echo
echo
echo -e "$COL_GREEN Downloading SQUID source package in /tmp folder. . . !! $COL_RESET"
sleep 3

# Checking if /tmp folder is previously present or not . . .
{
if [ ! -d "/tmp" ]; then
echo
echo
echo -e "$COL_RED /tmp folder not found, Creating it so all downloads will be placed here  . . . $COL_RESET"
mkdir /tmp
else
echo
echo -e "$COL_GREEN /tmp folder is already present , so no need to create it, Proceeding further . . . $COL_RESET"
fi
}

cd /tmp

# Checking IF LUSCA_HEAD-r14942.tar.gz  installation file have been ALREADY downloaded in /tmp to avoid duplication! [[ JZ .. . .]]
{
if [ -f /tmp/LUSCA_HEAD-r14942.tar.gz ]; then
rm -fr /tmp/LUSCA_HEAD-r14942.tar.gz
fi
}

wget -c http://wifismartzone.com/files/linux_related/lusca/LUSCA_HEAD-r14942.tar.gz

# Checking IF LUSCA_HEAD-r14942 installation file have been downloaded properly. if YEs continue further , otherwise EXIT the script with ERROR ! [[ JZ .. . .]]
{
if [ ! -f /tmp/LUSCA_HEAD-r14942.tar.gz ]; then
echo
echo

echo -e "$COL_RED ERROR: SQUID source code package File could not be download or not found in /tmp/ !! $COL_RESET"
exit 0
fi
}
echo
echo

echo -e "$COL_GREEN Extracting Squid from tar archive. . . !! $COL_RESET"
sleep 3
tar zxvf LUSCA_HEAD-r14942.tar.gz
cd LUSCA_HEAD-r14942/
mkdir /etc/squid

echo -e "$COL_GREEN Executing $squidlabel Compiler [jz] . . . !! $COL_RESET"
echo
cd /tmp/LUSCA_HEAD-r14942
./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid --localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-async-io=24 --with-aufs-threads=24 --with-pthreads --enable-storeio=aufs --enable-linux-netfilter --enable-arp-acl --enable-epoll --enable-removal-policies=heap --with-aio --with-dl --enable-snmp --enable-delay-pools --enable-htcp --enable-cache-digests --disable-unlinkd --enable-large-cache-files --with-large-files --enable-err-languages=English --enable-default-err-language=English --enable-referer-log --with-maxfd=65536
echo
echo -e "$COL_GREEN Executing MAKE and MAKE INSTALL commands . . . !! $COL_RESET"
sleep 3
make
make install
echo
echo
echo -e "$COL_GREEN Creating SQUID LOGS folder and assiging permissions . . . !! $COL_RESET"
sleep 3

# Checking if log folder is previously present or not . . .
{
if [ -d "/var/log/squid" ]; then
echo
echo
echo -e "$COL_GREEN LOGS folder found. No need to create, proceeding Further . . . $COL_RESET"
else
echo
echo
echo -e "$COL_GREEN Creating LOG Folder in /var/log/squid and setting permissions accordingly (to user proxy) $COL_RESET"
mkdir /var/log/squid
fi
}
chown proxy:proxy /var/log/squid
## ** DOWNLOAD SQUID.CONF
echo
echo
echo -e "$COL_GREEN Downloading SQUID.CONF file from $URL and copy it to $SQUID_DIR. . . !! $COL_RESET"
sleep 3

# Checking IF SQUID.CONF File have been ALREADY downloaded in /tmp to avoid duplication! [[ JZ .. . .]]
{
if [ -f /tmp/squid.conf ]; then
rm -fr /tmp/squid.conf
fi
}

cd /tmp
wget $URL/squid.conf

# Checking IF SQUID.CONF file have been downloaded. if YEs continue further , otherwise EXIT the script with ERROR ! [[ JZ .. . .]]
{
if [ ! -f /tmp/squid.conf ]; then
echo
echo
echo -e "$COL_RED ERROR: SQUID.CONF File could not be download or not found in /tmp/ !! $COL_RESET"
exit 0
fi
}
cp -fr squid.conf $SQUID_DIR

## ** DOWNLOAD SQUID.CONF
echo
echo
echo -e "$COL_GREEN Downloading STOREURL.PL file from $URL and copy it to $SQUID_DIR. . . !! $COL_RESET"
sleep 3
cd /tmp

{
if [ -f /tmp/storeurl.txt ]; then
rm -fr /tmp/storeurl.txt
fi
}

wget $URL/storeurl.txt

{
if [ -f /tmp/storeurl.pl ]; then
rm -fr /tmp/storeurl.pl
fi
}

mv storeurl.txt storeurl.pl

# Checking IF STOREURL.PL file have been downloaded. if YEs continue further , otherwise EXIT the script with ERROR ! [[ JZ .. . .]]
{
if [ ! -f /tmp/storeurl.pl ]; then
echo
echo
echo -e "$COL_RED ERROR: STOREURL.PL File could not be download or not found in /tmp/ !! $COL_RESET"
exit 0
fi
}
cp -fr storeurl.pl $SQUID_DIR

echo
echo
echo -e "$COL_GREEN Setting EXECUTE permission for storeurl.pl . . . !! $COL_RESET"
chmod +x $SQUID_DIR/storeurl.pl

# Creating CACHE folders
echo
echo
echo -e "$COL_GREEN Creating CACHE directory in $CACHE_DIR , in this example,I used 5GB for cache for test ,Adjust it accordingly  . . . !! $COL_RESET"
sleep 3

# Checking if /cache-1 folder exist  . . .
{
if [ ! -d "$CACHE_DIR" ]; then
echo
echo
echo -e "$COL_GREEN Creating cache folder in $CACHE_DIR , Default size is 5GB, you should set it accordingly to your requirements  . . . $COL_RESET"
mkdir $CACHE_DIR
chown proxy:proxy $CACHE_DIR
chmod 777 -R $CACHE_DIR
squid -z
else
echo
echo -e "$COL_RED $CACHE_DIR folder already exists , Clearing it before proceeding. . . $COL_RESET"
rm -fr $CACHE_DIR/*
chown proxy:proxy $CACHE_DIR
echo -e "$COL_GREEN $CACHE_DIR Initializing Cache Directories as per the config  . . . $COL_RESET"
echo
squid -z
chmod 777 -R $CACHE_DIR
fi
}

echo
echo
echo -e "$COL_GREEN Adding squid in /etc/rc.local for auto startup . . . !! $COL_RESET"
sed -i '/exit/d' /etc/rc.local
sed -i '/[/usr\/sbin\/squid]/d' /etc/rc.local
echo /usr/sbin/squid >> /etc/rc.local
echo exit 0 >> /etc/rc.local
echo
echo -e "$COL_GREEN Starting SQUID (and adding 10 seconds Pause for proper initialization). . . !! $COL_RESET"
squid
sleep 5

# Checking SQUID status via PID [zaib]
#if [ "$pid" == "" ]; then
#echo
#echo -e "$COL_RED ERROR: UNABLE to start SQUID, try to run with -d1N syntax and see where its showing error !! $COL_RESET"
#else
ps aux |grep squid
echo
echo -e "$COL_GREEN $squidlabel is Running OK with PID number "$pid", no further action required, EXITING  . . .$COL_RESET"
echo
echo To view squid web access activity log, use command
echo -e "$COL_GREEN tail -f /var/log/squid/access.log $COL_RESET"
echo OR
echo -e "$COL_GREEN tail -f /var/log/squid/access.log |ccze $COL_RESET"
echo
echo -e "$COL_GREEN Regard's / Syed Jahanzaib . . . !! $COL_RESET"
echo

ALL DONE.

now execute the script by running

/temp/lusca_install.sh

It will start installation and will show you the progress with all the action its doing [in colored rows, RED color shows error, Green Color shows Ok/INFO].

TIP:

To start SQUID Server in Debug mode, to check any errors, use following

squid -d1n

if squid is successfully started , you can see its process via PS command

ps aux |grep squid

as showed in the image below …

Recently at a network, I migrated the mikrotik base RB configuration to esxi base VM guest. Everything went fine, this Mikrotik have snmp configured, and it is monitored via linux base MRTG for various probes. after migration, mrtg graph for itnerfaces stopped with following (when i re run the cfgmaker)

### The following interface is commented out because:
### * has no ifSpeed property

After playing with the itnerfaces & mrtg values, I found two solutions

Solution # 1

Network adapter need to be “E1000″ rather then  “flexible”.  Then SNMP will see the ifspeed correctly.
To make changes, its recommended to turn off the guest.

Solution # 2

Assign this speed in bits-per-second to all interfaces which return 0 for ifSpeed and ifHighSpeed

Create the cfg file with following syntax “–zero-speed=100000000 “

 cfgmaker -zero-speed=100000000 snmp_community@192.168.1.1 > mikrotik.cfg

[192.168.1.1 is mikrotik ip]

Recently I was troubleshooting a network where concerned Admin complained that they frequently lost connectivity with the Internet. Sometimes pings replies works okay but latency gets high or timeout / breaks occurs. So I decided to setup mrtg base ping graph to monitor ping latency. The custom made mrtg ping probe worked fine and can provide an overview on target ping / rtt and Downtime in a nice manner,

BUT . . . . . . . . . . . . . . . . . . .

I was thinking far ahead , I was thinking for much more advanced latency and pin point graphs which can show ping latency / rtt / loss in much more detailed way. I recalled my memory from old days when I used to monitor my old network with variety of tools and scripts and suddenly a name popped in my mind ” SMOKEPING ” , yes this was the tool I was looking for.

SmokePing generates graphs that can reveal the quality (packet loss and latency variability) & reach-ability of your IP address from several distributed locations. SmokePing is a network latency monitor. It measures network latency to a configurable set of destinations on the network, and displays its findings in easy-to-read Web pages. It uses RRDtool as its logging and graphing back-end, making the system very efficient. The presentation of the data on the Web is done through a CGI with some AJAX capabilities for interactive graph exploration.

• In this article I will show you howto install smokeping on UBUNTU 10/12

First install required components along with smokeping and apache2 (you can remove Apache or any other component if its not required or already installed)

aptitude install smokeping curl libauthen-radius-perl libnet-ldap-perl libnet-dns-perl libio-socket-ssl-perl libnet-telnet-perl libsocket6-perl libio-socket-inet6-perl apache2

Once all is installed, we have to modify few configuration files.

Open following following …

nano /etc/smokeping/config.d/pathnames

now remove sendmail entry by adding # sign to to comment the sendmail line, usually the first line.
Save and exit.

Now open following file

nano /etc/smokeping/config.d/Targets

Now REMOVE all previous lines , and copy paste following

*** Targets ***
probe = FPing

menu = Top
title = Network Latency Grapher
remark = Welcome to the SmokePing website of <b>ZAIB (Pvt) Ltd.</b> <br> Here you will learn all about the latency of our network.<br><br><br><br><br> This page is maintained by ZAIB. (Pvt) ltd . <br><br>Support Email: aacable@hotmail.com<br>Web: http://aacable.wordpress.com

### YOU CAN CHANGE THE FOLLOWING ACCORDING TO YOUR NETWORK ###

+ Ping

menu = WAN Connectivity
title = WAS Side Network

++ yahoo

menu = yahoo
title = yahoo ping report
host = yahoo.com

++ google

menu = google
title = Google ping report
host = google.com

### YOU CAN CHANGE FOLLOWING ACCORDING TO YOUR NETWORK ###
+ Ping2

menu = LAN Connectivity
title = LAN Side Network

++ Mikrotik

menu = Mikrotik
title = Mikrotik PPP ping report
host = 10.10.0.1

++ Billing

menu = Billing
title = Radius billing Server ping report
host = 10.0.0.2

save and exit.

now restart smokeping service by

service smokeping restart

and access it via browser.

http://yourip/smokeping/smokeping.cgi

Results should be something like below image…

More info on previous smokeping article based on FEDORA 10 , (Old version) Just for idea

http://aacable.wordpress.com/tag/aacable-smokeping/

MS DOS BATCH FILE VIA 2008 R2 Scheduled Task / zaib

Recently I upgraded one of our old File server previously running Windows 2003 with Windows 2008 R2 64bit. this server was a member of AD and was logging with domain admin account.  Everything went smooth, but after few days I faced an strange issue that few scheduled BATCH files were not running properly at given time. If I try to execute batch file manual, they give proper result, but from schedule they dont, even by right click on the task and selecting RUN dont actually execute the batch file. To resolve this issue I added the admin account in Domain Group Policy and every thign now running fine as expected.

• Edit Group Policy at Domain Controller
• Goto “Computer Configuration” Policies > Windows Settings > Security Settings > Local Policies > Users Rights Assignment
• Now on Right side menu, Double click on  “Log on as a batch job” to take its properties,
• then click button “Add user or Group“
• then click button “Browse”
• then click button “Advanced”
• then button “Find now“
• Add your required user ID / Account here like “administrator” or likewise
• and then “OK“
• Force by gpupdate /force at DC and Client as well.
• (Or if pc is stand alone, then goto “Start” > Administrative tools > local security policy”)

.

This solved my problem of BATCH files not running via Scheduled Task,

Regard’s

Few days back, At remote location, when I converted a physical Linux machine into virtual machine (based on ESXI 5.5 , machine ver 10) I received following error when tried to edit its properties to add new interface card.

Recently at a network where multiple NAS were implemented with single centralized billing system(radius Manager with Free radius as backend engine) , I had many mrtg base graphs for each NAS, and DUDE system to monitor various instances of the target systems, but there was no single graph to monitor overall ONLINE users of all NASES. MRTG was configured on main Billing ssytem, to sort this I used the following bash script and tag it with the mrtg cfg script.

.

SCRIPT TO PRINT ONLINE SESSIONS IN FREERADIUS

First create the script

mkdir /temp
touch /temp/online.sh
chmod +x /temp/online.sh
nano /temp/online.sh

Now paste the following code, [make sure to change the IP, ID and Password]

Note: I used this script for Radius Manager base freeradius billing system.

#!/bin/bash

SQL_USERNAME=radius_username
SQL_DATABASE=radius
SQL_PASSWORD=your_password
SQL_SERVER=127.0.0.1
SQL_ACCOUNTING_TABLE=radacct
BACK_DAYS=3

SESSIONS=`mysql -BN -u$SQL_USERNAME -p$SQL_PASSWORD -h $SQL_SERVER $SQL_DATABASE -e \
"SELECT COUNT(*) FROM $SQL_ACCOUNTING_TABLE \
WHERE acctstoptime IS NULL \
AND Acctstarttime > NOW() - INTERVAL $BACK_DAYS DAY;"`

echo $SESSIONS
echo $SESSIONS

Save & Exit.

.

MRTG.CFG FILE TO GENERATE MRTG GRAPH

Now create a MRTG cfg file and tag it with your master mrtg config file or run it as individual , its up to you and your local design.

#Radius.cfg
# Total Radius Users
Target[Radius.users]: `/temp/online.sh`
Title[Radius.users]: Central Billing System Logged in Users (Total)
PageTop[Radius.users]: <H1> Central Billing System  Logged in Users (Total)</H1>
MaxBytes[Radius.users]: 1000
Colours[Radius.users]: B#8888ff,B#8888ff,B#5398ff,B#5398ff
Options[Radius.users]: gauge,nopercent,noo,integer,growright
LegendI[Radius.users]: Radius Logged in Users
LegendO[Radius.users]:
YLegend[Radius.users]: Radius Logged in Users/Total
Legend1[Radius.users]: Radius Logged in Users/Total
Legend2[Radius.users]:
Unscaled[Radius.users]: ymwd

.

I will post the radius online users graphs tomorrow I.A

.

Regard’s
Syed Jahanzaib

MIKROTIK VPN/PPTP FOR VOIP

Yesterday I was configuring a site to site VPN/pptp connectivity at a remote location,  As showed in the above diagram. All connectivity and functions were working fine. Ping from client to client behind each mikrotik was working fine, clients could see each other directly without NATTING, but strangely SIP/VOIP packets were not passing through. upon running TORCH , I could see the SIP traffic on UDP port 5060 was working but in very low volume , in bits. After running some sniffing, I found out that the problem was with the poor implementation at SIP protocol level on most commercial routers and the fact that this technology is just useful for outgoing calls, but not for incoming calls

After turning off SIP ALG (SIP Helper) ,everything start working .

Either by GUI or via CLI

GUI:

Goto IP > Firewall > Services > SIP [and disable it]

CLI:

/ip fi service-port disable sip

Now VoIP calls are working perfectly. Writing this, just in case some one else may face this issue with banging his head on the wall ;)

.

Regard’s
SYED JAHANZAIB

Following is a small tip to add SEARCH or EDIT function for DMASOFTLAB Radius Manager admin page.

Ideally you should have HTML editor software, I use Ms FRONTPAGE, but if you know the basics of html, you can even use any good text editor like NOTEPAD++

in /var/www/radiusmanager folder, open the adminmain_tpl.htm file in the html editor.
(for centos , use /var/www/html/radiusmanager/)

You will see something like following.

Now search for word {CONTENT} and after this line, paste the following html code

&nbsp;<table border="1" width="100%">
<tr>
<td><table width="100%" border="0" cellpadding="5" cellspacing="0" class="tb-bg">
<tr>
<td><form name="form2" method="post" action="admin.php?cont=list_users">
<p class="title2"><font color="#FF0000">{FNDUSR23} User
Database</font></p>
<table border="0" align="center" cellpadding="2" cellspacing="2" width="421">
<tr>
<td nowrap class="normal" width="112"><div align="left">
{FNDUSR2}:
</div></td>
<td class="normal">&nbsp;<input name="username" type="text" class="normal" id="username" size="29" maxlength="32"></td>
</tr>
</table>
<p align="center">
<input type="submit" name="Submit2" value="{FNDUSR23}">
</p>
</form> </td>
</tr>
</table></td>

.

Now it will look like following after the edition.

.

Save this file. (If you are saving from windows, then after saving, upload the file backup to /var/www/radiusmanager/ folder [if you have Ubuntu.
[ If you have centos then copy to /var/www/html/radiusmanager/ ]

Now reload the admin page and you will see some thign like as below …

Regard’s
Syed Jahanzaib

Recently i configured a site to site vpn connectivity (Head office to Branch office) at some place. Everything was working fine , both end clients could access each other with direct access as proper routes were setup, But strange issue was happening that if the branch office mikrotik goes offline or Re connects the pptp dialer,    static route at head office mikrotik becomes un-reachable

(manual route was added at H.O mikrotik to access branch offices via dynamic pptp interface).

As showed in the image below … (head office router)

It was happening because the route is looking at a dynamic interface. When the dynamic interface goes away (branch office mikrotik pptp disconnect-reconnect) the Route does not know which interface to point to. . To sort this issue, I added ROUTE in ppp/secret section @ Head Office mikrotik.

As showed in the image below ….

.

The above subnet 192.168.88.0/24 is branch office clients subnet. now whenever the branch will re connect the pptp, a dynamic route will add each time on H.O mikrotik, so it will know that from which route it should access B.O clients.

As showed in the image below.

.

TIP:

You can do it manually too by assigning static ip, and in route use that ip in gateway, But I prefer to use dynamic route , because the route will be created dynamically each time when user connected to the router and disappear when user disconnect. And so the route will work transparently even if changes are made in other sections.

Regard’s

Syed Jahanzaib

[with reference to following

https://aacable.wordpress.com/2012/11/26/dmasoftlab-radius-manager-sms-notification-configuration/

https://aacable.wordpress.com/2012/11/26/howto-configure-your-local-http-gateway-using-kannel-on-ubuntu/ ]

Recently I configured KANNEL (again) for a client in KARBALA/IRAQ. The OS was UBUNTU 12.04.When we run the Bearerbox and SMSBOX manually in terminal, KANNEL HTTP API works fine. But when the box is restarted, SMS goes in QUEUE.

Result for manually executed bearerbox and smsbox in terminal (separate terminal for each command) like

bearerbox -v 0 /etc/kannel/kannel.conf

smsbox -v 0 /etc/kannel/kannel.conf

Sms via web works fine.

But when the system is rebooted ,  and I tried to send SMS , all messages were going in QUEUE and following message appear on browser.

3: Queued for later delivery

---

All kannel related services were starting properly, like bearerbox, smsbox etc. As showed below …

root@rm:~# ps aux |grep kannel
kannel    2964  0.0  0.0   7424   720 ?        Ss   09:47   0:00 /usr/sbin/run_kannel_box --pidfile /var/run/kannel/kannel_bearerbox.pid --no-extra-args /usr/sbin/bearerbox -v 4 -- /etc/kannel/kannel.conf
kannel    2966  0.0  0.2  82652  2784 ?        Sl   09:47   0:00 /usr/sbin/bearerbox -v 4 -- /etc/kannel/kannel.conf
kannel    2975  0.0  0.0   7424   720 ?        Ss   09:47   0:00 /usr/sbin/run_kannel_box --pidfile /var/run/kannel/kannel_wapbox.pid --no-extra-args /usr/sbin/wapbox -v 4 -- /etc/kannel/kannel.conf
kannel    2978  0.0  0.0   7424   724 ?        Ss   09:47   0:00 /usr/sbin/run_kannel_box --pidfile /var/run/kannel/kannel_smsbox.pid --no-extra-args /usr/sbin/smsbox -v 4 -- /etc/kannel/kannel.conf
kannel    2980  0.0  0.2  65948  2644 ?        Sl   09:47   0:00 /usr/sbin/smsbox -v 4 -- /etc/kannel/kannel.conf
root      2993  0.0  0.0   3328   876 pts/2    S+   09:47   0:00 grep --color=auto kannel

After checking the bearerbox.log, I saw following error

tail -f /var/log/kannel/bearerbox.log
***************************************************************************************
2014-11-21 10:41:55 [1912] [6] INFO: AT2[/dev/ttyACM0]: opening device
2014-11-21 10:41:55 [1912] [6] ERROR: AT2[/dev/ttyACM0]: open failed! ERRNO=13
2014-11-21 10:41:55 [1912] [6] ERROR: System error 13: Permission denied
2014-11-21 10:41:55 [1912] [6] ERROR: AT2[/dev/ttyACM0]: at2_device_thread: open_at2_device failed.
2014-11-21 10:41:55 [1912] [6] ERROR: System error 13: Permission denied
2014-11-21 10:41:55 [1912] [6] ERROR: AT2[/dev/ttyACM0]: Couldn't connect (retrying in 10 seconds).
***************************************************************************************

.

With the help of kannel users mailing list, I found that KANNEL user must be allowed to write access /dev/ttyACM0 (or your modem device name).

For ubuntu, simply add the user KANNEL to DIALOUT group.

usermod -a -G dialout kannel
chown  kannel  /dev/ttyACM0

Also remove the comment sign from START_SMSBOX in /etc/default/kannel so that smsbox may also start on system boot.

Alhamdolillah Problem Solved!

I am sharing this info because it took around 1 days of head banging with the wall, and I surely dont want anyone else to stuck in the same situation (if the issue is same)

Sample of config files

root@rm:/etc/kannel# cat /etc/default/kannel
START_WAPBOX=1
START_SMSBOX=1

my /etc/kannel/kannel.conf FILE

cat /etc/kannel/kannel.conf

# Syed Jahanzaib
# https://aacable.wordpress.com
# aacable [at] hotmail.com

group = core
admin-port = 13000
smsbox-port = 13001
admin-password = zaibadmin
status-password = zaibstatus
log-file = "/var/log/kannel/bearerbox.log"
log-level = 0
box-deny-ip = "*.*.*.*"
box-allow-ip = "127.0.0.1"

group = smsc
smsc = at
modemtype = teltonika
device = /dev/ttyACM0
# Change above port to match your port, it could ACM1 or USB0, if you dont set it correctly,  it will not work and you will get error in logs that unable to connect to device)
speed = 19200
my-number = 0333302100000 # (put your sim number, not necessary)

# for teltonkia only, if you are using other brand you may need to get there INIT strings
group = modems
id = teltonika
name = "Teltonika E12"
detect-string = "Undefined"
enable-mms = true
init-string = "AT+CNMI=2,2,0,1,1"
speed = 115200

# for Huawei USB/GSM modem e155 i guess, remove hashes from below lines if u r using this model.
#group = modems
#id = huawei
#name = "Huawei"
#detect-string = "huawei"
#enable-mms = true
#init-string = "ATZ"
#init-string = "ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0"

group = smsbox
bearerbox-host = localhost
sendsms-port = 13013
global-sender = 13013
sendsms-chars = "0123456789 +-"
log-file = "/var/log/kannel/smsbox.log"
log-level = 0
access-log = "/var/log/kannel/access.log"

group = sendsms-user
username = kannel
password = kannel
concatenation = true
max-messages = 3

group = sms-service
keyword = default
get-url = "http://localhost/kannel/receivesms.php?sender=%p&text=%b"
accept-x-kannel-headers = true
max-messages = 3
concatenation = true
catch-all = true

:)

Regard’s
Syed Jahanzaib

 یااللہ تیرا شُکر ہے میرے مالک  کہ تو نے مجھے وہ نعمتیں عطا فرمائیں

کہ جن کا میں مستحق نہ تھا , مجھ پر اپنا کرم کر مالک

ﯾﺎ ﺍﻟﻠﮧ ﮨﻤﯿﮟ ﻋﺎﺟﺰﯼ ،ﺍﻧﮑﺴﺎﺭﯼ، ﺩﺭﮔﺰﺭ ﺍﻭﺭ ﺗﻮﺑﮧ ﮐﺮﻧﮯ ﻭﺍﻟﻮﮞ ﻣﯿﮟ ﺷﺎﻣﻞ ﻓﺮﻣﺎ

آمین

 ~!~ Syed Jahanzaib ~!~

Assalam Va Alekum,
Greetings to all,

Recently I purchased an GPS tracking device for my car. As I can see its performance is very good, and it provides me quite accurate results of live or history track.of the vehicle movement, but the device has its costs and for web track there are annual charges too. So If I have few vehicles it will be costly to get them all monitored. So just for curiosity I did some R&D and found TRACCAR , which is a Linux base vehicle / fleet tracking management system , the best thign is its FREE ;) and we all love to have FREE lunch at anyplace, anywhere (if its Legal preferably :)

As I have made this or test purposes, if some is interested and have no experience in linux or want to first try it in easy way, simply install traccar client, and contact me, I will make one account for you on my web server which is live 24 hours, and you can then see its working and performance. Message me if required.

Benefits of TRACCAR and its possible usage …

- Any Vehicle Tracking / maintain history
– Can be used for personnel tracking
– Can be used as a commercial solution as well
– Can be used to track your lost mobile phone
– You can inquire about location by sending SMS to the device and it will return sms you the location with URL
– Maintain History and Track of the device and speed of vehicles
– Many others …

Hardware Software used in this Guide.

1- Linux base System , I used Ubuntu 12.04 32 bit edition as an example (hardware specs can be anything, nothing fancy required) , The system should have static public ip or it can work port forwarding as wel (if you dont have one, it can be manipulate with some workarounds like ddns too)
2- TRACCAR application which will be used to store/update client data and web portal for management purposes.
3- For client side tracking, I used ANDROID base mobile phone with GPS and GPRS. (HTC DESIRE HD MODEL with Ufone base GPRS (for location update on server, so GPRS must be activated on the SIM in order to update data from client to server) and WiFi where its available (it can store data if no internet is available and will update when it will get access to internet)

First we will configure SERVER side.

SERVER CONFIGURATION

[UBUNTU 12.04 32bit Edition]

Login to your linux server with root, and first update and install Java DK.

apt-get update
aptitude install openjdk-7-jre-headless

Now download TRACCAR server application in temp folder, unzip it and run its installer.

mkdir /temp
cd /temp
wget https://sourceforge.net/projects/traccar/files/traccar-linux-32-2.10.zip/download
unzip traccar-linux-32-2.10.zip
#=======
#INSTALL
#=======
/temp/traccar.run

.

Now Start TRACCAR service

service traccar start
#OR
sudo /opt/traccar/bin/traccar start

You should see some thing like on successful startup …

You can see its logs as well for troubleshooting and information purposes.

tail -f /opt/traccar/logs/tracker-server.log

TRACCAR server logs

Now access it from the WEB by

http://yourlinuxip:8082

It may take some times to load the page / plugin.
Login With following default credentials

ID = admin
Pass = admin

After successful login, you will see TRACCAR web panel with default map.
On left side you will see DEVICES menu, Click on ADD button, and enter details
As showed in the image below …

ADd device in Traccar Server Panel

NAME = Your Device or Person Name

UNIQUE IDENTIFIER =  Enter your IMEI number, you can find it on your device properties.

Click on SAVE.

Now moving to CLIENT end configuration …

CLIENT SIDE CONFIGURATION:

For test purposes, I am showing you howto add android mobile device for tracking (as most of android phones nowa days have GPS module. So basically what you need is a GPS capable Device with Internet Access, (your SIM OR mobile must have Internet access in order to update data like coordinates and others to the server. in case your mobile/device have no internet access, it will store data locally and will update as soon it gets internet access.

Download TRACCAR-CLIENT application on your mobile and install it,

https://dl.dropboxusercontent.com/s/nwzqkt0dkif1bap/traccar-client-release.apk

or you can install it directly from Google play store like

https://play.google.com/store/apps/details?id=org.traccar.client

Once its installed open it (traccar client)
As showed in the image below …

TRACCAR client on android

.

Now you must modify settings as shown, [pretty simple and common to understand :p ]

traccar client settings

- DEVICE IDENTIFIER  =  In Device identifier, you will see you unique IMEI No. (International Mobile Equipment Identity number IMEI) you should add the same in your server section as well (In ADD device)

- SERVER ADDRESS   =  Enter your server IP address (traccar server) or if you dont have static ip, you can use DYNAMIC DNS on your dsl/router and do port forwarding of required ports liek 8082 for web panel , and 5002 (depend on device model)

- SERVER PORT  =  In general cases port may be same as for this model its 5002, (but it can vary from GPS device model)

- FREQUENCY  =  How often (in seconds) client should upload data to the server (For initial test purpose make this value less like 60 seconds)

- LOCATION PROVIDER  =  Select MIXED provider, so that if GPS is not working, it should update possible coordinates with the nearest mobile network tower. The exact location may not be accurate in network provider settings , but sometimes sufficient to get idea.GPS only settings provide more accurate position but it requires sky sight.

- SERVICE STATUS  =  select this option so that the client starts sending data. (this service be running all the time )

If you click on MENU and then on STATUS, you can see the LOGS
As showed in the image below …

CLIENT DEVICE LOGS

.

---

 

Some more snaps of settings for android client, just for reference purposes

Android Base Mobile – Location Settings

ANDROID = Traccar-client Configuration

Android – traccar-client location provider settings

Traccar-client LOGS, on successful connection

Now at server end… select the device you added earlier and you will start seeing its status. For a better tracking view, Go outside with your device and have a 4-5 kilometers walk or running (its good for health too you know but I myself is so lazy that even with over weight, I dont walk much :P )
Now see the view IN DIFFERENT STYLE ;)

UPDATING TRACCAR-WEB.WAR for new features ehancements

SOURCE:

To add some features and enhancements to your previous traccar web portal by Anton Tananaev, update it with Mr.Vitaly Litvak version.
Here are instructions: https://github.com/vitalidze/traccar-web/tree/dev#installation

> Download the updated .war file

wget http://myultrashare.appspot.com/s/traccar-web/dev/latest/traccar-web.war

Now stop traccar service and replace the war file in intalled folder.

service traccar stop
cp traccar-web.war /opt/traccar/
service traccar start

Now you will see new enhanced featured like which don’t exist in original traccar-web project:

• converted traccar-web to maven project to simplify builds
• following device
• printing device name
• recording device trace
• printing time stamps at device trace points (frequency is configured in Settings >> Preferences) both for archive and recorded trace
• translations to
  • russian language (available via ?locale=ru URL parameters)
  • german language (available via ?locale=de URL parameter)
  • italian language (available via ?locale=it URL parameter)
  • spanish language (available via ?locale=es URL parameter)
  • polish language (available via ?locale=pl URL parameter)
  • tagalog language (available via ?locale=tl URL parameter)
  • hungarian language (available via ?locale=hu URL parameter)
• show server log menu for viewing tracker-server.log file on Web
• speed filtering in archive view
• change default map center position, zoom, provider (Google, OSM, Bing) (in Settings >> Preferences)
• replaced ‘current state’ panel with popups. They appear either when you hover a row in ‘devices’ table or when you hover a marker on map
• archive panel is collapsed by default. There is a button in upper right hand corner to expand it
• new ‘managers’ functionality:
  • added new role to traccar – manager. Managers can add users and can manage access between devices of their users. So they have access to their devices and to devices of all managed users.
  • administrators have full access to everything. They can manage all devices, all users and access between devices and users
  • there is a new menu item called ‘Share’ to manage access to selected device
• improved performance of positions loading when DB grows up
• fixed issue when devices are not updated between different instances of web browser
• moved DB transaction management and user rights checks outside of data service implementation (AOP) with google guice
• possibility to detect ‘offline’ devices – when signal hasn’t came for some time (set up in device settings). They will be shown on a map with a marker of different colour and there will be some sign in popup that they are actually offline.
• new device status – idle. It is shown in popup and also there will be a time of idling. Each device got new setting ‘Idle when speed is <=’, which is zero by default. It may be changed to some reasonable value, which is then used to consider device idle (for example to handle ‘satelite drift compansation’).
• possibility to restrict ordinary users to manage (i.e. add/edit/delete) devices. Configured in global application settings.
• save sort order in devices grid into browser cookies
• mobile web UI based on framework7 with general functions for GPS tracking, available at m/ URL, i.e. http://server-ip:8082/m/
• RESTful API. Available at /traccar/rest/{methodName} – allows to call methods from DataService class. Full documentation will be available by request.
• ‘Address’ column in archive (hidden by default)
• ‘Distance’ column in archive with total distance at the bottom
• possibility to export archive to CSV and GPX
• possibility to import archive from GPX
• possibility to log in via GET request to a separate servlet (for example, for integration on external sites) – http://server-ip:8082/traccar/s/login?user=your_username&password=your_password
• possibility to change other user’s password for administrators and managers
• possibility to change device marker

If time will allow , I will add some more snaps and customizations that can be made. Its a open source application, you can make your contribution as well.

You can get more details on this project from following link

http://www.traccar.org/

.

.

Regard’s
Syed Jahanzaib

The WordPress.com stats helper monkeys prepared a 2014 annual report for this blog.

Here’s an excerpt:

The Louvre Museum has 8.5 million visitors per year. This blog was viewed about 1,300,000 times in 2014. If it were an exhibit at the Louvre Museum, it would take about 56 days for that many people to see it.

Click here to see the complete report.

Last Updated: 31st December, 2014 / 16:40pm / GMTZ +5 / PK

Assalam Va Alaekum,

I was receiving many complains from few network operators of being annoyed by an proxy application name HOTSPOT SHIELD which you can use to create tunnel between you and the ‘unknown’ location and then you can bypass all filtering of your local network and can do all the ‘dirty work’ which is normally blocked in general networks. Also usage of such tools results in blacklisting your or your Internet service provider public IP. It is a very common application here in Pakistan to open the Youtube or VOIP  (which are banned here officially). So I have done some lab testing for Mikrotik and found following IP Block lists and few ports which are used by HOTSPOT SHIELD.

/ip firewall address-list
add address=108.161.187.0/24 disabled=no list=hotspotshield_zaib
add address=157.56.106.0/24 disabled=no list=hotspotshield_zaib
add address=157.56.144.0/24 disabled=no list=hotspotshield_zaib
add address=198.144.116.0/24 disabled=no list=hotspotshield_zaib
add address=204.14.77.0/24 disabled=no list=hotspotshield_zaib
add address=204.14.0.0/16 disabled=no list=hotspotshield_zaib
add address=205.164.34.0/24 disabled=no list=hotspotshield_zaib
add address=209.73.0.0/16 disabled=no list=hotspotshield_zaib
add address=212.118.232.0/24 disabled=no list=hotspotshield_zaib
add address=216.172.138.0/24 disabled=no list=hotspotshield_zaib
add address=216.172.0.0/16 disabled=no list=hotspotshield_zaib
add address=46.0.0.0/8 disabled=no list=hotspotshield_zaib
add address=66.171.229.0/24 disabled=no list=hotspotshield_zaib
add address=68.68.107.0/24 disabled=no list=hotspotshield_zaib
add address=68.68.108.0/24 disabled=no list=hotspotshield_zaib
add address=69.22.168.0/24 disabled=no list=hotspotshield_zaib
add address=69.22.170.0/24 disabled=no list=hotspotshield_zaib
add address=74.115.0.0/16 disabled=no list=hotspotshield_zaib
add address=94.245.121.0/24 disabled=no list=hotspotshield_zaib
add address=69.22.185.0/24 disabled=no list=hotspotshield_zaib
add address=174.129.0.0/16 disabled=no list=hotspotshield_zaib
add address=199.255.208.0/21 disabled=no list=hotspotshield_zaib
add address=216.172.135.0/24 disabled=no list=hotspotshield_zaib
add address=67.220.0.0/16 disabled=no list=hotspotshield_zaib
add address=54.0.0.0/8 disabled=no list=hotspotshield_zaib
add address=50.0.0.0/8 disabled=no list=hotspotshield_zaib
add address=79.125.0.0/16 disabled=no list=hotspotshield_zaib

# Now create Rules to block above address list and additional ports
/ip firewall filter
add action=drop chain=forward comment="Block_Hotspot_Shield_Addresses_(test phase_zaib)" disabled=no src-address-list=hotspotshield_zaib
add action=drop chain=forward comment="Block_Hotspot_Shield_Ports_(test phase_zaib)" disabled=no dst-port=990,179,105,706,5245,3451,15009 protocol=tcp

After applying rules, Hotspot Shield stopped connecting.

.

Note: It was observed that it is almost impossible to block it 100% but with above method, I got 99% success. Its impossible to block all the proxy tools/apps as there are thousands of them. but with some smart configuration you can only minimize the chances of there utilization. Make sure you use OPENDNS and if you have static public IP address, then create account and block all the proxy / anonymizer category. Make sure to forcefully redirects all the DNS traffic to your own dns server which should be using opendns or some filtering mechanism to block or POISON the BAD sites.

Also it was noted that I ahve used some large IP blocks like /8 or /16 (rather the just /24) because hotspot shield have thousands of IP addresses/blocks which it uses. So it is quite possible that some valid content also gets DROPPED/BLOCKED which falls in same subnet. More Tests would be required then by using any capturing tool or mikrotik own tool called TORCH.

Example of torch in MT.

Its still under testing and will post some confirmed reports after few days. It is requested that you if have List of IP addresses which are used by HSS or other proxy, post details in comments or email me.

I will update more as I get time… got to run home, Home Ministry calling ;) You know what I mean :D

Regard’s
Syed Jahanzaib

This script is not for general public usage. sharing it just for a reference purpose.

The following script was made to help a usea in a very specific condition.It was a setup specific issue and a quick dirty temporary solution was made to deploy this script to solve the problem for a short period of time only. Its not very neat and clean and probably it could be done with more sophisticated code with fewer line. but no time :)

Scenario:

You have 8 public ip pool and only one ip is used at mikrotik wan. now problem is that your ISP blocks your Public ip for few minutes dueto some grey traffic passing and you cannot block the grey traffic for some reasons. This script will help in this situation that if your IP gets blocked by the ISP, it will immediately (or by scheduled) changes the ip to next available ip address. and then it will also email you the result or alert.

Scenario was discussed here.

http://forum.mikrotik.com/viewtopic.php?f=9&t=92666&p=463406#p463406

#

# 9th Jan, 2015
# Script Starts here ... Tested with Mikrotik 6.xx ...
# Internet Host to be checked You can modify them as per required, JZ
# Setting various variables to be used later in this script

# Host to be monitor, like google dns and opends servers
:local host1   "8.8.8.8"
:local host2   "208.67.222.123"
:global InternetStatus;
:global InternetLastChange;
:global gmailsmtp
:set gmailsmtp [:resolve "smtp.gmail.com"];

# Set your Gmail ID and Password
:global sendermail YOUR_GMAIL_ID@gmail.com
:global gmailpass YOUR_GMAIL_PASSWORD

# Do not modify data below without proper understanding.
:local i 0;
:local F 0;
:local date;
:local time;

# PING each host 2 times
:for i from=1 to=2 do={
if ([/ping $host1 count=1]=0) do={:set F ($F + 1)}
if ([/ping $host2 count=1]=0) do={:set F ($F + 1)}
};

# If both links are down and all replies are timeout, then link is considered down
:if (($F=4)) do={

##  ADD YOUR RULES HERE, LIKE ROUTE CHANGE OR WHAT EVER IS REQUIRED, Example is below ...
:log error "ISP LINK SEEMS TO BE DOWN, Changing IP Address /jz"

:set InternetStatus "DOWN";
:set date [/system clock get date];
:set time [/system clock get time];
:set InternetLastChange ($time . " " . $date);
/ip address

:if ([get [find comment="ether1_wan_ip_1"] disabled] = false) do={
disable [find comment="ether1_wan_ip_1"]
enable [find comment="ether1_wan_ip_2"]

} else={
:if ([get [find comment="ether1_wan_ip_2"] disabled] = false) do={
disable [find comment="ether1_wan_ip_2"]
enable [find comment="ether1_wan_ip_3"]

} else={
:if ([get [find comment="ether1_wan_ip_3"] disabled] = false) do={
disable [find comment="ether1_wan_ip_3"]
enable [find comment="ether1_wan_ip_4"]

} else={
:if ([get [find comment="ether1_wan_ip_4"] disabled] = false) do={
disable [find comment="ether1_wan_ip_4"]
enable [find comment="ether1_wan_ip_5"]

} else={
:if ([get [find comment="ether1_wan_ip_5"] disabled] = false) do={
disable [find comment="ether1_wan_ip_5"]
enable [find comment="ether1_wan_ip_6"]

} else={
:if ([get [find comment="ether1_wan_ip_6"] disabled] = false) do={
disable [find comment="ether1_wan_ip_6"]
enable [find comment="ether1_wan_ip_7"]

} else={
:if ([get [find comment="ether1_wan_ip_7"] disabled] = false) do={
disable [find comment="ether1_wan_ip_7"]
enable [find comment="ether1_wan_ip_8"]

} else={
:if ([get [find comment="ether1_wan_ip_8"] disabled] = false) do={
disable [find comment="ether1_wan_ip_8"]
enable [find comment="ether1_wan_ip_1"]

}
}
}
}
}
}
}
}
#};
} else={

##      If reply is received , then consider the Link is UP
:if (($InternetStatus="DOWN")) do={
:log warning "WARNING :The INTERNET link have been restored";
:set date [/system clock get date];
:set time [/system clock get time];
:set InternetLastChange ($time . " " . $date);
:set InternetStatus "UP";
:global wanip

# Fetch your PUBLIC ip address from dnsomatic so that its info can be used at required session for info purposes ...
/tool fetch url="http://myip.dnsomatic.com/" mode=http dst-path=mypublicip.txt
local ip [file get mypublicip.txt contents ]
:set wanip "$ip";
:log warning "Internet Monitor by ZAIB Report: Internet seems to be UP with ISP_NAME ip   $wanip"

/tool e-mail send to="RECEVER_EMAIL@gmail.com" password=$gmailpass subject="ISP_NAME Link or IP was DOWN. Now new WAN IP address is $wanip" from=$sendermail server=$gmailsmtp start-tls=yes body="ISP_NAME Link or IP was DOWN. Now new WAN IP address is $wanip *******  Regard's > >>>>> Syed Jahanzaib aacable@hotmail.com ****** "
}
}
}
}
}
}
}
}

Regard’s

Syed Jahanzaib

Last  Updated:  16th January, 2015

1- Sygic Introduction
2- Download Link
3- Installation Instruction
4- Latest Release (14.7.5) Overview with screenshots [Latest Release as of January, 2015]
5- 14.3.2 Overview with screenshots [Stable Release of 2014 ]
6- Pakistan MAP Last Updates

1- Sygic Introduction

I do have to admit that I have a very poor sense of direction and never quite trust myself that I know the best route. I use Google Maps to plan my route before leaving my place, even for around my home town. Google Maps/Navigation is fantastic. It’s easy to use, stays (mostly) up-to-date, and is built into Android’s core. However, it has one major flaw: Offline navigation simply doesn’t exist within Google Maps. Specially If you’re heading into uncharted territory where cell service may be sketchy or non-existent, you’re basically on your own. And getting lost is not a fun experience. (It happened with me frequently in the past. One horrible experience I still remember of getting lost at Karachi board office area, and in north Nazimabad, I spent more then 1 hour just to get on main road :P lol )

The solution? A third-party GPS application with offline support, like Sygic’s Maps & GPS Navigation. Sygic works by downloading and storing maps on your smartphone for offline use — so you can have a fully functioning GPS with no internet connection.  Be aware, Note that like any other cpu/resource hungry application or other navigation app m this one does use a heavy amount of battery. Make sure if you are using Sygic for android in car for longer time, you must have car mobile charger with you. I used SAMSUNG Galaxy S3 mobile charger (which coasted 400 Pak Rupees / original but slightly used)

2- Download Link

Download URL: [Pre_Activated]  http://xxxxxxxxxxxxxxxxxxxxxxx [Google Drive Link, ]

3- Installation Instructions

To install Sygic 14.x.x for android, follow instructions as below …

1- Unzip the sygic zip file, it will be extracted to a folder name SYGIC.
2- Now upload this SYGIC folder and sygic_xxxxx.apk file to root of your android (like in main root)
3- Open any File Explorer on your android set, browse to main root folder (where you uploaded the .apk file)  and execute sygic_xxxxx.apk and follow the on screen instructions and it will install sygic application.
4- By default it will not have map for Pakistan, Make sure you have some good internet connection (wifi)
Open Sygic application, and goto Settings, Manage Map , and download PAKISTAN map from MIDDLE EAST section. Download size would be around 100 MB.

SIMPLE :)

Example of Folder Structure:

I have included its manual in PDF format as well for some learning purposes.

Note: In my personnel experience, Sygic 14.3.2 is quite stable release and works better then all new beta releases, I suggest to stick with the 14.3.x version until some really stable release.

4- 14.7.5 Overview with screenshots

Sygic 14.7.5

Sygic GPS Navigation released 14.7.5 version which have fixed occasional crashing and few minor bugs. using it my Samsung Galaxy S3 working good. For more information on Sygic, visit there web site at http://www.sygic.com/en/gps-navigation

.

.

CHANGE Log’s for 14.7.x versions …

Changelog: 14.7.5 r121030
– Fix for search
– Fix for signposts [for android 4.0]
– Some little fixes

Changelog: 14.7.4 r121032
Main change is support for Octa-core devices

Changelog: 14.7.3 -r121023
coming soon

Changelog: 14.7.2 -r121024
just two minor fixes

Changelog: 14.7.1 r121014
Triplog – show on map
New icon [launcher]
Navigate to photo from gallery
Fixed roundabout icon in left side driving countries
crash fixes

Changelog: 14.7.0 r120989
many fixes for crashes that we see in Google developer console and Crashlytics
New maps 2014.06
Poi subcategories are orders alphabetically
New widget manager with new widgets: Navigate to photo + SOS widget + Travel book [travel book – show on map will come little later]
Fixed auto close
optimization of dropbox
Search is enabled while navigating
Fix for internet connection after „log-out“
Route summary – avoiding instruction via overflow icon
Fixed crash after clicking home more times
BlackBox settings
reworked roundabout icon

5- 14.3.2 Overview with screenshots with Dashboard Options

.

Searching with GPS coordinates is now possible. (applicable with 14.x versions i guess)

6- PAKISTAN MAP LAST UPDATE

Rudolf Wuscher (Sygic Support)
Jan 15 09:30
Hello Syed, Thank you for contacting Sygic.

The current map version for Pakistan is 2011.02. At the moment, we don’t have an update planned, although we will release an update as soon as we strike a deal from one of our map data providers.

Best regards,
Rudolf
Sygic Customer Support

Its true that SYGIC maps are a bit old (for Pakistan), but still they provide best navigation for general traveling. To overcome this issue, I usually use GOOGLE Map and plan the route according to my requirement, then I save its link and convert it with ITF converter tool. then I import it in SYGIC MAPS , and it works good.

If some is interested to know how to convert Google map route to android Sygic, let me know and I will post an guide for it. or read this link.

http://www.createweb.be/wordpress/?p=920

Import Route works fine with ver 14.3.x or older , but Not working with 14.7.x

.

Regard’s
Syed Jahanzaib

As asked by few friends, i thoughts its a good idea to share it with all.

What is METAROUTER?

as defined by Greg

“Metarouter is a way to have logical routers running on your routerboard. In essence, you create a virtual router on your RB, then you assign some interfaces to it. You then can hand this virtual router off to a customer hand allow them to administer it without effecting any of the core functions necessary on the device. .”

Also on METAROUTER you can use openwrt image to host tiny linux and its few apps in it. like APACHE, asterisk etc. web server was in highly demand by local cable operator who wanted to host NON payment/reminder page to be shown at there clients.

Currently MetaRouter can be used on

• RB4xx, RB7xx series, RB900 series, RB2011.xx boards
• Listed PPC boards: RB1000, RB1100, RB1100AH and RB800.

Hardware Software Used in this guide:

Routerboard Model = RB2011UiAS-2HnD
Mikrotik ROS version = 6.27

Howto install METAROUTER

First download OPENWRT image into mikrotik. Open New Terminal, and issue following command …

/tool fetch url=http://openwrt.wk.cz/trunk/mr-mips/openwrt-mr-mips-rootfs-31411-basic.tar.gz

Now import the openwrt downloaded in above step,

As showed in the mage below …

Now we need to add virtual network interface into this machine. We also have to provide valid network configuration with internet access so that it can download required software later. For this demonstration purposes I added manual IP , but you can use virtual bridge and use your mikrotik DHCP serve to allow internet access to the metarouter machine or whatever you prefer to establish network connectivity.

In the below pic, I selected ETHER2 which is LAN interface of mikrotik host.

.

Now double click on newly created machine and select CONSOLE and press enter key few times to get command prompt.

.

Edit the network configuration file.

vi /etc/config/network

Press “i” to enter edit mode.

and configure the network as per your local need.

.

Add DNS server entry for resolving internet hosts …

vi /etc/resolv.conf

After setting network configuration, save and exit. enable/restart the network services so changes can take effect.

/etc/init.d/network enable
/etc/init.d/network restart

Now try to ping any internet site to verify the connectivity. On successful attempt, you should get reply.

.

.

Howto install APACHE web server in METAROUTER to host your files.

Install APACHE web server with OPKG (like yum or apt-get)

Edit the opkg file

vi /etc/opkg.conf

Change a string in first line, as it should be like below one …

src/gz snapshots http://openwrt.wk.cz/trunk/mr-mips/packages

Now update opkg (like you do in ubuntu to update apt-get)

opkg update
opkg install apache

its better if you restart your mikrotik routerboard with reboot command so that all changes should take effect properly otherwise you MAY see few errors on accessing apache.

Now start apache service

apachctl start

(or restart as required)

Access via browser

html index files are placed at

/usr/share/htdocs

To be continued ….

Regard’s
Syed Jahanzaib

Some personnel notes /references for CENTOS , as my future R&D will be done mainly in centos dueto its preloaded options for ease of use.

1- Configuring Static IP address in CENTOS [6.x]

If you want to configure static IP address in CENTOS, then edit following file

vi /etc/sysconfig/network-scripts/ifcfg-eth0

Use following as sample

DEVICE=eth0
HWADDR=00:0C:29:73:0A:5A
TYPE=Ethernet
UUID=d34531a1-3c76-4527-8e50-448857568abc
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.10.2  # IP Address you want to fix
NETMAST=255.255.255.0   # Netmask as per network
GATEWAY=192.168.10.1   # Your Router/DLS Gateway
DNS1=8.8.8.8   # Your ISP DNS or standard Google dns

Note: set following for sure
NM_CONTROLLED=no
BOOTPROTO=static
ONBOOT=yes

Save & Exit, and restart the network service or interface to take effect

service network restart

OR

ifdown eth0
ifup eth0

Issue IFCONFIG command to verify the result.

centos7 is a mess :( so better to stick with 6

2- Disabling default firewall SELINUX

To disable builtin firewall in centos, edit following

vi /etc/selinux/config

and change the

SELINUX=enforcing

to

SELINUX=disabled

Save & Exit.

Or use the SED shortcut ;) # Zaib

sed -i "s/=enforcing/=disabled/g" /etc/selinux/config

3- Adding Necessary Tools

Some must-have tools

yum install -y nano wget curl net-tools lsof

 4- SERVICES Related

service --status-all

To disable service on startup , use

chkconfig httpd off

To be continued …

#z@iB

[As demanded by few Humans ;) ]

Following is an customized script to install DMASOFTLAB Radius Manager ver 4.1 in CENTOS 6.x / 32bit

The aim of writing this script was to save some time and efforts every time I put in new RM installation. Since DMA don’t have any official support forum (except for there email support which is valid for paid customers only) , so I thought it might be helpful for others too  by sharing this info :)

I know very well that It is not a perfect script, it can be very well shorten as per the requirement, but still it does it’s job very nicely with out any user intervention :)

Suggestions are most welcome at  . . .
aacable @ hotmail . com

Requirements:

1- Fresh Installation of CENTOS 6.x 32bit  (script is well tested with 6.6 edition 32bit edition only)

2- good Internet access, off course ; )

3- Valid License files provided by DMASOFTLAB , valid with your physical (or virtual) interface MAC address [You can upload your license files in /temp folder as this script will try to copy the 2 licenses files required [lic.txt and mod.txt] from temp folder to appropriate place.

What components does this script add to the system ?

This script will install following in your system. (as per order nos.)

> Disable iptables service , ipv6 and selinux in centos

> Download Radius Manager from remote location (preferably Google Drive, adjustable in the script)

> Install necessary components like mysql , apache2, php5 etc

> Download and install dmasoftlab required components like libltd* , IONCUBE and add its entries in Apache’s php config file

> Download and compile freeradius-server-2.2.0-dma-patch-2 package

> Add Radius & Conntrack DB in mysql suing CLI (I have configured default password for mysql which is ‘zaib1234′ , you can change it later)

> Extract Radius Manager Installation file & install it accordingly.

> Restart Services like apache2, mysql, radius

IMPORTANT:

1- Before accessing RM ACP , make sure you upload valid LICENSE files in /var/www/html/radiusmanager folder

2- This script will set mysql password to “zaib1234″ , you can change it later.

How-to Execute The Script  !!

There are several ways to do it, one is explained below . . .

Create a new script

touch /rm-centos-32bit.sh
chmod +x /rm-centos-32bit.sh
vi /rm-centos-32bit.sh

Now copy paste the following code.

#!/bin/bash
clear
echo "$COL_GREEN Radius Manager installer script for CENTOS 6.x 32bit"
echo "Copyright 2004-2013, DMA Softlab LLC"
echo "All right reserved.. $COL_RESET"
echo "$COL_GREEN Script modified by Syed Jahanzaib for CENTOS"

# Colors Config  . . . [[ JZ . . . ]]
ESC_SEQ="\x1b["
COL_RESET=$ESC_SEQ"39;49;00m"
COL_RED=$ESC_SEQ"31;01m"
COL_GREEN=$ESC_SEQ"32;01m"

# Variables & Paths [jz]
wwwpath="/var/www/html"
radhost="localhost"
myusr_rad="radius"
mypsw_radius="radius123"
ctshost="localhost"
myusr_cts="conntrack"
mypsw_cts="conn123"
radusr="root"
httpusr="apache"

# MySQL ROOT Password , Change this variable according to your own setup if required. . . [[ JZ . . . ]]
sqlpass="zaib1234"

# RM Installation Package Download URL , Change this variable according to your own setup , if required. . . [[ JZ . . . ]]
#rmurl="http://wifismartzone.com/files/rm_related"
#Google Drive link is more reliable
rmurl="https://b59d0c94e88b62119ea102d0f74a3ba5fc260ea6.googledrive.com/host/0B8B_P2ljEc2xUEgyb1RjcWl1aUE"

# Temporary Folder where all software will be downloaded . . . [[ JZ . . . ]]
temp="temp"

# Packages which will be installed as pre requisite and to make your life easier
PKG="nano wget curl net-tools lsof mc make gcc libtool-ltdl curl httpd mysql-server mysql-devel net-snmp net-snmp-utils php php-mysql php-gd php-snmp php-process"

# Turn off iptables and disabled
echo -e "$COL_GREEN Disabling iptables service, $COL_RESET"
service iptables stop
chkconfig iptables off

echo -e "$COL_GREEN Disabling IPv6 to avoid slow link issue $COL_RESET"
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6 = 1" >> /etc/sysctl.conf

# Turn off SELINUX andd disable it on boot
echo -e "$COL_GREEN Disabling SELINUX & setting it disabled on boot ... $COL_RESET"
echo 0 > /selinux/enforce
sed -i "s/=enforcing/=disabled/g" /etc/selinux/config

# Installing WGET which is not in default installation of CENTOS 6.5 Minimal [jz]
sleep 3
echo -e "$COL_GREEN Installing WGET to fetch required tools later ... $COL_RESET"
yum install -y wget

# Checking if /temp folder is previously present or not . . .
{
if [ ! -d "/temp" ]; then
echo
echo -e "$COL_RED /temp folder not found, Creating it so all downloads will be placed here  . . . $COL_RESET"
mkdir /$temp
else
echo
echo -e "$COL_GREEN /temp folder is already present , so no need to create it, Proceeding further . . . $COL_RESET"
echo
fi
}

# Clearing Old downloads in /temp to avoid DUPLICATIONS . . .
echo -e "$COL_RED Clearing Old downloads in /temp to avoid DUPLICATIONS . . . $COL_RESET"

rm -fr /$temp/radiusmanager*.*
rm -fr /$temp/freeradius*.*
rm -fr /$temp/libltd*.*
rm -fr /$temp/ioncube*.*
rm -fr /$temp/php-my*
rm -fr /$temp/libmy*
rm -fr /$temp/rm4.txt

# Checking IF $rmurl is accessible m if YES then continue further , otherwise EXIT the script with ERROR ! [[ JZ .. . .]]
echo -e "$COL_GREEN Checking if zaib Google Drive or other URL to download requires  packages is accessible in order to proceed further. . .!! $COL_RESET"
sleep 3
cd /$temp
wget -q $rmurl/rm4.txt
{
if [ ! -f /$temp/rm4.txt ]; then
echo
echo -e "$COL_RED ERROR: Unable to contact $rmurl, or possibly internet is not working or your IP is in black list at destination server  !! $COL_RESET"
echo -e "$COL_RED ERROR: Please check manual if $rmurl is accessible or not or if it have required files, JZ  !! $COL_RESET"
exit 0
fi
}

######################

echo -e "$COL_GREEN $url accessible $COL_RESET ......OK......"
echo -e "$COL_GREEN Downloading RADIUS MANAGER 4.1.0 package from INTERNET  .  (Press CTRL+C to stop any time) $COL_RESET"
wget $rmurl/radiusmanager-4.1.0.tgz
# Checking if RM installation file have been downloaded. if YES continue further , otherwise EXIT the script with ERRO ! [[ JZ .. . .]]
{
if [ ! -f /$temp/radiusmanager-4.1.0.tgz ]; then
echo .
echo -e "$COL_RED ERROR: RM Installation File could not be download or found in /$temp ! $COL_RESET"
exit 0
fi
}

echo -e "$COL_GREEN Installing some tools and other rpe requisite for the application ... ! $COL_RESET"
yum install -y $PKG
echo -e "$COL_GREEN YUM install/update Done.! $COL_RESET"

echo -e "$COL_GREEN Installing LIBMYCRYPT and PHPMCRYPT ... ! $COL_RESET"
wget $rmurl/libmcrypt-2.5.8-9.el6.i686.rpm
wget $rmurl/php-mcrypt-5.3.2-3.el6.i686.rpm
rpm -i libmcrypt-2.5.8-9.el6.i686.rpm
rpm -i php-mcrypt-5.3.2-3.el6.i686.rpm
sleep 3

# IONCUBE Installation:
# Now Download ioncube library and add it to php  . . . [[ JZ . . . ]]
echo .
echo -e "$COL_GREEN Installing IONCUBE  .  (Press CTRL+C to stop any time) $COL_RESET"
wget $rmurl/ioncube_loaders_lin_x86.tar.gz

# Checking if IONCUBE installation file have been downloaded. if YEs continue further , otherwise EXIT the script with ERROR ! [[ JZ .. . .]]
{
if [ ! -f /$temp/ioncube_loaders_lin_x86.tar.gz ]; then
echo .
echo -e "$COL_RED ERROR: COULD NOT DOWNLOAD IONCUBE !!! EXITING . . .  $COL_RESET"
exit 0
fi
}

tar zxvf ioncube_loaders_lin_x86.tar.gz
mkdir /usr/local/ioncube
cp -fr /$temp/ioncube/* /usr/local/ioncube/

# Now Add the appropriate ionCube loader to your php.ini . . . [JZ]
echo .
echo -e "$COL_GREEN Adding iONCUBE extension in PHP config file  .  (Press CTRL+C to stop any time) $COL_RESET"
echo "zend_extension=/usr/local/ioncube/ioncube_loader_lin_5.3.so" >> /etc/php.ini
echo .
echo -e "$COL_GREEN Downloading FREERADiUS 2.2.20-dma-patch-2 package  .  (Press CTRL+C to stop any time) $COL_RESET"
wget $rmurl/freeradius-server-2.2.0-dma-patch-2.tar.gz

# Checking if FREERADIUS is downloaded, just to make sure internet is working ,IF NOT, EXIT the script with ERROR ! [[ JZ .. . .]]
{
if [ ! -f /$temp/freeradius-server-2.2.0-dma-patch-2.tar.gz ]; then
echo .
echo -e "$COL_RED ERROR: COULD NOT DOWNLOAD FREERADIUS 2.2.20-dma-patch-2, possible INTERNET is not Working !!! EXITING . . .  $COL_RESET"
exit 0
fi
}

echo .
echo -e "$COL_GREEN Starting to Compile FREERADIUS  ...  (Press CTRL+C to stop any time) $COL_RESET"
sleep 3

cd /$temp
tar zxvf freeradius-server-2.2.0-dma-patch-2.tar.gz
cd /$temp/freeradius-server-2.2.0/

### Now proceed with the compilation of FREERAIDUS , applicable for all
./configure
make
make install
ldconfig
echo -e "$COL_GREEN Starting FREERADIUS by radiusd -xx coommand & start radius service.  (Press CTRL+C to stop any time) $COL_RESET"
radiusd -xx
service radiusd start
sleep 3

# ================================================================
# Creating MySQL databases with MySQL command line tool . . . [JZ]
# ================================================================
# ** FROM CLI ** . . . [JZ]
echo -e "$COL_GREEN Starting MYSQLD servuce to create Radius Manager Database.  (Press CTRL+C to stop any time) $COL_RESET"
echo -e "$COL_GREEN MYSQL password is set to   'zaib1234'  $COL_RESET"
service mysqld start
mysqladmin -u root password 'zaib1234'
echo .
echo -e "$COL_GREEN adding RADIUS user & DB in MYSQL  .  (Press CTRL+C to stop any time) $COL_RESET"
mysql -u root -p$sqlpass -e "create database radius";
mysql -u root -p$sqlpass -e "create database conntrack";
mysql -u root -p$sqlpass -e "CREATE USER '$myusr_rad'@'$radhost' IDENTIFIED BY '$mypsw_radius';"
mysql -u root -p$sqlpass -e "CREATE USER '$myusr_cts'@'$radhost' IDENTIFIED BY '$mypsw_cts';"
mysql -u root -p$sqlpass -e "GRANT ALL ON radius.* TO radius@$radhost;"
mysql -u root -p$sqlpass -e "GRANT ALL ON conntrack.* TO conntrack@$radhost;"

# UNTAR Copy WEB content

echo "$COL_GREEN Copying Radius Manager WEB content to $wwwpath/radiusmanager $COL_RESET"
cd /$temp
tar zxvf radiusmanager-4.1.0.tgz
mkdir $wwwpath/radiusmanager
cp -fr /$temp/radiusmanager-4.1.0/www/radiusmanager $wwwpath
sleep 3

# rename .dist files

mv $wwwpath/radiusmanager/config/paypal_cfg.php.dist $wwwpath/radiusmanager/config/paypal_cfg.php
mv $wwwpath/radiusmanager/config/netcash_cfg.php.dist $wwwpath/radiusmanager/config/netcash_cfg.php
mv $wwwpath/radiusmanager/config/authorizenet_cfg.php.dist $wwwpath/radiusmanager/config/authorizenet_cfg.php
mv $wwwpath/radiusmanager/config/dps_cfg.php.dist $wwwpath/radiusmanager/config/dps_cfg.php
mv $wwwpath/radiusmanager/config/2co_cfg.php.dist $wwwpath/radiusmanager/config/2co_cfg.php
mv $wwwpath/radiusmanager/config/payfast_cfg.php.dist $wwwpath/radiusmanager/config/payfast_cfg.php

# set ownership and permissions

chown $httpusr $wwwpath/radiusmanager/config
chown $httpusr $wwwpath/radiusmanager/config/system_cfg.php
chown $httpusr $wwwpath/radiusmanager/config/paypal_cfg.php
chown $httpusr $wwwpath/radiusmanager/config/netcash_cfg.php
chown $httpusr $wwwpath/radiusmanager/config/authorizenet_cfg.php
chown $httpusr $wwwpath/radiusmanager/config/dps_cfg.php
chown $httpusr $wwwpath/radiusmanager/config/2co_cfg.php
chown $httpusr $wwwpath/radiusmanager/config/payfast_cfg.php
mkdir -p $wwwpath/radiusmanager/tmpimages
chown $httpusr $wwwpath/radiusmanager/tmpimages
chown $httpusr $wwwpath/radiusmanager/tftpboot
chmod 600 $wwwpath/radiusmanager/config/system_cfg.php
chmod 600 $wwwpath/radiusmanager/config/paypal_cfg.php
chmod 600 $wwwpath/radiusmanager/config/netcash_cfg.php
chmod 600 $wwwpath/radiusmanager/config/authorizenet_cfg.php
chmod 600 $wwwpath/radiusmanager/config/dps_cfg.php
chmod 600 $wwwpath/radiusmanager/config/2co_cfg.php
chmod 600 $wwwpath/radiusmanager/config/payfast_cfg.php
chmod 644 $wwwpath/radiusmanager/config/docsis_keyfile
chmod 644 $wwwpath/radiusmanager/config/docsis_template

# chmod and copy binaries
cd /$temp/radiusmanager-4.1.0/
echo "Copying binaries to /usr/local/bin"
chmod 755 bin/rm*
cp bin/rm* /usr/local/bin

echo "Copying rootexec to /usr/local/sbin"
cp bin/rootexec /usr/local/sbin
chmod 4755 /usr/local/sbin/rootexec

# chmod and copy radiusmanager.cfg

echo "Copying radiusmanager.cfg to /etc"
cp etc/radiusmanager.cfg /etc
chown $radusr /etc/radiusmanager.cfg
chmod 600 /etc/radiusmanager.cfg

# create Tables

echo -e "$COL_GREEN Creating MYSQL Table $COL_RESET"
mysql -h $radhost -u $myusr_rad -p$mypsw_radius radius < sql/radius.sql
mysql -h $radhost -u $myusr_cts -p$mypsw_cts conntrack < sql/conntrack.sql

# create rmpoller service
echo "Enabling rmpoller service at boot time"
cp rc.d/rmpoller /etc/init.d
chown root.root /etc/init.d/rmpoller
chmod 755 /etc/init.d/rmpoller
chkconfig --add rmpoller

# create rmconntrack service
echo "Enabling rmconntrack service at boot time"
cp rc.d/rmconntrack /etc/init.d
chown root.root /etc/init.d/rmconntrack
chmod 755 /etc/init.d/rmconntrack
chkconfig --add rmconntrack

# copy radiusd init script

echo "$COL_GREEN Enabling radiusd service at boot time $COL_RESET"
chmod 755 rc.d/redhat/radiusd
cp rc.d/redhat/radiusd /etc/init.d
chkconfig --add radiusd

# copy logrotate script
echo "Copying logrotate script"
cp etc/logrotate.d/radiusd /etc/logrotate.d/radiusd

# copy cron job script
echo "$COL_GREEN Copying cronjob script $COL_RESET"
cp etc/cron/radiusmanager /etc/cron.d/radiusmanager
chmod 644 /etc/cron.d/radiusmanager

# comment out the old style cron job
sed -i 's/02\ 0\ \*\ \*\ \*\ root\ \/usr\/bin\/php/#2\ 0\ \*\ \*\ \*\ root\ \/usr\/bin\/php/g' /etc/crontab

# set permission on raddb files
echo "$COL_GREEN Setting permission on raddb files $COL_RESET"
chown $httpusr /usr/local/etc/raddb
chown $httpusr /usr/local/etc/raddb/clients.conf
sleep 3

echo -e "$COL_GREEN Re-Starting Apache2, Radius Service & add them in startup... $COL_RESET"
service httpd restart
chkconfig --add mysqld
chkconfig --add httpd
chkconfig --add radiusd
chkconfig mysqld on
chkconfig httpd on
chkconfig radiusd on

cp /temp/lic.txt $wwwpath/radiusmanager
cp /temp/mod.txt $wwwpath/radiusmanager

echo .
echo .
echo .
echo .
echo .
echo -e "$COL_GREEN All Done. Kindly RESTART the system one time to maek sure everything is ok on reboot."
echo -e "Dont forget to upload the correct License files for your valid MAC address in /var/www/html/radiusmanager folder"
echo -e "Please access ADMIN panel via http://yourip/radiusmanager/admin.php $COL_RESET"
echo -e "DMASOFTLAB RM Installation script modified for CENTOS by $COL_RED SYED JAHANZAIB / aacable@hotmail.com $COL_RESET"

Save & Exit …

Now execute the script by

/rm-centos-32bit.sh

After the script ends, do make sure that you don’t see any Error’s  on the installation. Thats why I have added 3 Seconds delay in few section so you can view the results.

Now UPLOAD your valid License into /var/www/radiusmanager OTEHRWISE YOU WILL SEE BLANK PAGE ON ACCESSING RM ADMIN PANEL.

.

Now try to access RM ACP via browser by

http://yourip/radiusmanager/admin.php

.

If you get blank page, then use tail command to view Apache error log , example

tail -f /var/log/apache2/error.log

.

OR more specifically

tail -f /var/log/apache2/error.log |grep lic

.

If you see any error like showed in the image below . . . (for not valid license), then make sure your license files are valid for right version and with the right mac address interface.

.

.

.

.

To deploy Radius Manager Patch 5 (4.1.5) , Kindly see the following Link

https://aacable.wordpress.com/2014/02/28/radius-manager-4-1-patch5-deployment/

I will add few snapshots and video as soon as I get some time.

.

.

.

Regard’s
Syed Jahanzaib