Monday, April 18, 2022

Unifi Controller - STUN Not Working Through Cloudflare

 




Intro:

I had made some changes, removed the previous CDN and started using Cloudflare on a new site. Everything seemed ok at first. Setup the DNS records Cloudflare asks for on my serving host, Cloudflare verifies you own the domain, 24 hours later, and you're good to go......sorta.



Problem:

I have a slew of DDNS names running off of another domain for clients. About a week goes by and I realize I'm not able to resolve a client's DDNS name. I figure it's part of a local outage. Later that day I try again and the issue persists so I press on.



Fix:

First off I realized that the DDNS NS records didn't get pulled in to Cloudflare.

Ok so to solve that I literally had to import in each DDNS name, mark it as a NS record, and point it back to the name server where I have the DDNS service running. Within 15 minutes all of the NS records started working again.

A few days pass and I log into to take a look at my Unifi controller. Normally it's blabbering about latency errors from every single wireless client on every single site I have. The device don't actually have an issue but Ubiquiti doesn't seem to care when you try to inform them about the situation. Anyway that's a whole other conversation for another time.

I'm seeing STUN errors on every single device. I login into the router and double check port forwarding for the standard port of 3478. It's there all right. Turns out you can't hide an IP address through Cloudflare which has a STUN server running on it. Cloudflare only port forwards a select number of HTTP and HTTPS ports. The default for STUN, 3478, is not on the list. (While using a Unifi Cloud Key you cannot change this port. I can't even SSH into the damn thing to play around with the internals. I will do this in another post). So you have to select the gray cloud icon in Cloudflare and set that A record to not be proxied. Bummer.



Extras:

Here's a link to Unifi's default ports:

Here's a link to the article on Cloudflare denoting what port are forwarded:



πŸ‘½

Sunday, April 17, 2022

pfSense - Delete Expired DHCP Leases Manually

 

 

Intro:

Here's a quick way to remove/purge all expired DHCP leases from pfSense if you don't feel like waiting until pfSense reclaims them.

 This is also super helpful if an IP address is mistakenly assigned to the wrong MAC via DHCP and you then need to assign it as static to a different MAC. If you're making quick changes to the DHCP server you'll find a use for this.

 

Fix:

  1. Log into your pfSense box.
  2. Top right, click on "Diagnostics" ➡ "Edit File".
  3. Load "/var/dhcpd/var/db/dhcpd.leases".
  4. Select the blocks that you need to remove. Each block of data begins with the word "leases" and ends with a curly brace, "}".
  5. When done editing the file directly click on "Save" near the top left of the edit box.

 

Extras:

There may be another file with the same name but with a tilde "~" sign after it. This file indicates that it is a backup of the original "dhcpd.leases" file. To be sure you've changed it in all necessary files, go ahead and delete the leases from this backup file as well or make life easy and just copy the "dhcpd.leases" content over to the "dhcpd.leases~" file and save.
 
DHCPv6 Leases can also be deleted but the file names are slightly different as seen below, however the files reside in the same folder as the IPv4 files:
 

IPv6:

  • dhcpd6.leases
  • dhcpd6.leases~

IPv4:
  • dhcpd.leases
  • dhcpd.leases~


πŸ‘½

Copy Saved PuTTY Sessions from One Computer to Another


Intro:

I needed to move all my saved sessions from my main PC to my laptop. Instead of recreating them one by one I decided to dig around and see where PuTTY saves it's sessions to.

Fortunately they are saved in the Windows Registry and a quick export and import on the new machine is all that's needed.

Fix:
  1. Press the Windows key and search for "regedit.exe" on the source machine.
  2. If you're on Windows 10 you can paste the following link into regedit, "HKEY_CURRENT_USER\Software\SimonTatham\PuTTY".
  3. Right click on the tree named, "PuTTY" and select "Export".
  4. Save the file with a memorable name and to a location that you can use later to recall the saved .reg file.
  5. On the target computer recall that .reg file.
  6. Make sure PuTTY is not open. If it is, close it.
  7. Double click on that .reg file and select "Yes" to merge the file with the current registry.
  8. One that file has been imported open PuTTY and check that everything looks as it should.
  9. IMPORTANT - If you have saved certificates they will point to a location on the previous machine. You should copy them over with the same file name and folder structure as on the source machine.


πŸ‘½

Making Direct Changes to the Windows Host File


Intro:

There has to be a quick and easy way to edit the Windows Hosts file directly.

Also the following directions have been tested in Windows 10 only, however I'm sure they'll work in previous versions that use UAC.

Here's some information on the Wiki about Hosts files in general:


Problem:

Needed to edit the Windows host file without copying it to the Desktop, making changes to it, copying it back to the Windows folder.


Fix:

  1. Press the Windows Key.
  2. Type "notepad" in the search box.
  3. Right click on "Notepad" in the search box and select "Run as Administrator"
  4. In Notepad click on "File" ➡ "Open"
  5. Paste in "c:\windows\system32\drivers\etc\hosts".
  6. Make the necessary changes to the file.
  7. Select "File" ➡ "Save".



πŸ‘½