Duck in Black and White

Shot with the Fuji X-T1 and the Leica Summilux-M 50mm ASPH

Posted on September 8, 2014 by Willem and filed under Photography, Personal and tagged duck black and white.

Apple OSX Server Firewall

My Apple OSX server (Mountain Lion) at home is the centre of my network and entertainment system. It provides provides the following services:

DNS
DHCP
VMWare Server platform (VMWare fusion)
Air Video HD Server (for streaming video over the network)
General Internet download station

Since several (soft-, and hardware) upgrades and redesigns of my internal network (from a single VLAN to a multi-VLAN with firewall services and traffic inspection) several services failed under certain circumstances. E.g. Air-Video would work internally where the client was in the same network as the OSX server network interface. But trying to connect through the SSL VPN stopped working for some reason. Also, the VNC Viewer did work in the old days, but stopped working over time. Same for several static NAT entries; worked before, and stopped working without 'no reason'. Other services like ssh did work in the old and new network design....

Apple OSX DHCP Server Challenges

The last week, I've been experimenting with the Juniper Mobility System Software (MSS) in conjunction with two Juniper/Trapeze Access Points (type WLA522E). The MSS software is a Wireless LAN Controller (WLC) with manages the Access Points, and like so many Juniper Product; it can run in a virtual machine.

For the AP's to boot / connect to the network they need some basic information about where to find the WLC from which they receive their wireless settings. This can be done through DNS, or through DHCP. The first uses specific DNS records, and the latter uses DHCP Options (option 43 to be precise). I wanted to use the latter (which is a bit more challenging).

On The Sunny Side

Posted on August 12, 2014 by Willem and filed under Photography, Personal and tagged Black and White.

Juniper Unified Access Control With Junos Pulse

This blog post hold the key ingredients for successfully authenticating on layer 2 (802.1x or dot1x) and layer 3 with:

General Information

The setup consists of four networks (VLAN's) and Internet access. Inter-VLAN communication is handled by a Juniper SRX210. The four VLAN's are:

Untrust (VLAN 20)
The Internet
Trust (VLAN 10 - 192.168.1.0/24)
This VLAN hosts the UAC, Active Directory, DNS and DHCP services
Production (VLAN 100 - 192.168.100.0/24)
Network where the normal workstations are placed
Quarantine (VLAN 200 - 192.168.200.0/24)
This is where the naughty people/PC's are dropped

When a PC is placed in Quarantine, it looses all access to the Internet, but can still resolve domain names, access minimal internal services like the DHCP server and the UAC.

The components on the network are:

Domain Controller + DNS Server - 192.168.1.10
DHCP Server - 192.168.1.1
UAC - 192.168.1.11
Gateway(s) - .254

Really Right Stuff L-Plate For Fuji X-T1

The Arca-style tripod heads and plates are one of my favorites. I use them now for over 4 years, and I guess I'll be using them for a long time. Especially the so-called L-plates are awesome.

The L-plates are plates which enables you to put the camera in portrait orientation on the tripod head, without putting the top of the head in an awkward vertical position, which lowers the effective height of your camera on the tripod.

For my former Nikon D300 I had a L-plate by Really Right Stuff, and now that I upgraded to a Fujifilm X-T1, I needed one for that model. This time they (Really Right Stuff - RSS) created a modular L-plate. The former D300 version was made out of one piece, but the this one allows you to remove the L-part of the plate, making the camera lighter. So you need to add that part if you intend to shoot in the portrait orientation. The good thing is that you can order the parts separately. So you can start with the base plate and get the L-part when you need it. I just got them both at the same time.

The entire kit comes with the appropriate hex wrenches and a small screw which can be used on the bottom plate as a stop, so the camera won't accidentally slide out of the ball head. Unfortunately, there's only one stop screw available on the bottom, so the camera can still slide to the other side.

The connection of the two parts is rock solid. No movement what so ever. I just hope that it doesn't wear over time.

While the L-plate is attached to the camera, you can still access all the important parts of the camera.

There is one downside to the L-plate. You cannot use the Fuji wired shutter remote when you have the l-part attached to the bottom plate. But you can always use the Fuji smartphone app to remotely control your camera via a wireless connection.

Posted on August 1, 2014 by Willem and filed under Photography, Gear, Review and tagged RRS Really Right Stuff L-Plate.

Induro BHL1 Ballhead

A couple of years ago I bought the Arca-Swiss Z1 Monoball (with flip-lock) to support my Nikon D300 with several lenses. An excellent ballhead which would last you a life time (that's what I said at the time). And that statement is still valid, IF I was still shooting with (large) DSLR's. In the mean time I sold my DSLR and went for something a bit more compact with the Fujifilm X-T1.

Scaling down on the camera part means that I can also scale down the accessories. A smaller and lighter camera doesn't need a beast like the Arca-Swiss Z1 Monoball for tripod support. Something smaller and lighter (and cheaper) would also suffice.

Looking around on the Internet I ran into the Induro brand. They make tripods, monopods, and (ball)heads. The one I got is their smallerst BHL ballhead (BHL1).

It's relatively small (compared to the Arca), and about 200grams lighter, while it's still capable of bearing a 20kg load. Not that my current gear comes even near that weight.

It also has the main features of the Arca-Swiss Monoball. Nice bog knobs, with variable friction setting. It also comes with a all-round camera plate (PU60), and a nice bubble-level. The latter is kinda small, so I don't know if it's very usable in the field.

I use the included PU60 plate on my Nikon P7000 P&S camera if necessary. The Wimberley P-5 is my preferred plate under my M9. The Fuji X-T1 is using a Really Right Stuff L-Plate (BXT1). I tested the PU60 on my M9, but even with the rubbery pads on the plate, I could still easily rotate the plate under the camera. This doesn't happen when I use the Wimberley P-5 plate.

This shouldn't be a problem in everyday use, but when you want to do some long-exposures, you don't want the camera to move around the plate itself.

The following photos might give you some idea of the ball head with the included PU60 plate.

The tension on the ball is adjustable (by the 'wheel' in the large knob. It allows you to maintain movement of the ball head, but when you let go of the camera, it stays in the position when you let go. The adjustment can be done with the tip of your finger. If that is hard, you can also use a small coin (or screwdriver) to adjust the friction setting.

It also features a locking mechanism that makes sure that you don't accidentally 'loose' the camera when moving around. This might happen when you loosen the plate. One condition is that the plate attached to the camera has 'stop screws' on the bottom. If these are present, you need to pull and turn the release knob. After that you can safely remove the camera from the ball head.

Posted on August 1, 2014 by Willem and filed under Gear, Photography, Review and tagged ballhead induro bhl1.

Rotterdam Seen From The Maas

The photos were taken during a trip on the Pancake-boat in Rotterdam.

Posted on July 30, 2014 by Willem and filed under Photography, Personal and tagged rotterdam.

Park Hoge-Veluwe Photo Meet

A couple of weeks ago, I went to Park Hoge-Veluwe for a photo/gear meet. The meet was organised by the (or at least one of the) biggest geek/tech fora in the Netherlands. Here are some photos of that day.

The photos were taken with my Leica M9 + Leica 50mm Summilux Asph and the Fujifilm X-T1 + 18-55mm.

Posted on June 17, 2014 by Willem and filed under Leica M9, Photography, Personal and tagged trees Park Hoge-Veluwe 50mm Fujifilm Leica M9 Nature x-t1.

Juniper SRX210 Sudden Back-To-Factory Defaults

Earlier this week I configured an Juniper SRX210 for testing. The configuration consisted of several security zones, IDP, UAC (layer3 enforcement) and Application Firewall and Identification. The Junos version I used was JUNOS 12.1X46-D15.3.

This setup worked until today. Today, the SRX was unresponsive. No ICMP reply, no SSH access, nothing. Accessing the SRX via the serial console showed me the Amnesiac login. This means that the configuration is gone. At least the configuration I created was reset to the factory defaults config. A typical WTF!!! moment.

Fortunately, I had configured logging to an external source (Splunk). So I went to investigate. Turned out that the SRX stopped sending syslog messages around 01:30PM. Further investigation showed that the config was actually reset (UI_FACTORY_OPERATION event), and checking the event-codes, it was (probably) done by pressing the reset button on the device.

(the following logging should be read bottom-top)

May 28 13:28:30 10.0.0.1 1 2014-05-28T13:28:30.808+02:00 srx210 mgd 6211 UI_COMMIT_PROGRESS [junos@2636.1.1.1.2.36 message="finished copying juniper.db to juniper.data+"]
May 28 13:28:30 10.0.0.1 1 2014-05-28T13:28:30.369+02:00 srx210 mgd 6211 UI_COMMIT_PROGRESS [junos@2636.1.1.1.2.36 message="copying juniper.db to juniper.data+"]
May 28 13:28:30 10.0.0.1 1 2014-05-28T13:28:30.369+02:00 srx210 mgd 6211 UI_COMMIT_PROGRESS [junos@2636.1.1.1.2.36 message="finished loading commit script changes"]
May 28 13:28:30 10.0.0.1 1 2014-05-28T13:28:30.368+02:00 srx210 mgd 6211 UI_COMMIT_PROGRESS [junos@2636.1.1.1.2.36 message="no transient commit script changes"]
May 28 13:28:30 10.0.0.1 1 2014-05-28T13:28:30.368+02:00 srx210 mgd 6211 UI_COMMIT_PROGRESS [junos@2636.1.1.1.2.36 message="no commit script changes"]
May 28 13:28:30 10.0.0.1 1 2014-05-28T13:28:30.367+02:00 srx210 mgd 6211 UI_COMMIT_PROGRESS [junos@2636.1.1.1.2.36 message="start loading commit script changes"]
May 28 13:28:30 10.0.0.1 1 2014-05-28T13:28:30.133+02:00 srx210 rmopd 1350 PING_TEST_COMPLETED [junos@2636.1.1.1.2.36 test-owner="XS4ALL" test-name="testsvr"]
May 28 13:28:30 10.0.0.1 1 2014-05-28T13:28:30.355+02:00 srx210 mgd 6211 - - auto-snapshot is not configured
May 28 13:28:28 10.0.0.1 1 2014-05-28T13:28:28.814+02:00 srx210 mgd 6211 UI_LOAD_JUNOS_DEFAULT_FILE_EVENT [junos@2636.1.1.1.2.36 pathname="/etc/config//srx210h-defaults.conf"]
May 28 13:28:27 10.0.0.1 1 2014-05-28T13:28:27.823+02:00 srx210 mgd 6211 UI_LOAD_JUNOS_DEFAULT_FILE_EVENT [junos@2636.1.1.1.2.36 pathname="/etc/config//jsrxsme-series-defaults.conf"]  
May 28 13:28:27 10.0.0.1 1 2014-05-28T13:28:27.217+02:00 srx210 mgd 6211 UI_LOAD_JUNOS_DEFAULT_FILE_EVENT [junos@2636.1.1.1.2.36 pathname="/etc/config//junos-defaults.conf"]   
May 28 13:28:26 10.0.0.1 1 2014-05-28T13:28:26.808+02:00 srx210 mgd 6211 - - WARNING: activating factory configuration
May 28 13:28:25 10.0.0.1 1 2014-05-28T13:28:25.378+02:00 srx210 mgd 6211 - - WARNING: removing all configurations
May 28 13:28:25 10.0.0.1 1 2014-05-28T13:28:25.232+02:00 srx210 mgd 6211 UI_FACTORY_OPERATION -
May 28 13:28:25 10.0.0.1 1 2014-05-28T13:27:35.000+02:00 srx210 rmopd 1350 PING_TEST_COMPLETED [junos@2636.1.1.1.2.36 test-owner="XS4ALL" test-name="testsvr"]
May 28 13:27:19 10.0.0.1 1 2014-05-28T13:26:39.941+02:00 srx210 - - - - last message repeated 11 times
May 28 13:17:19 10.0.0.1 1 2014-05-28T13:16:34.309+02:00 srx210 - - - - last message repeated 11 times
May 28 13:07:19 10.0.0.1 1 2014-05-28T13:06:28.346+02:00 srx210 rmopd 1350 PING_TEST_COMPLETED [junos@2636.1.1.1.2.36 test-owner="XS4ALL" test-name="testsvr"]
May 28 13:05:33 10.0.0.1 1 2014-05-28T13:05:33.297+02:00 srx210 rmopd 1350 PING_TEST_COMPLETED [junos@2636.1.1.1.2.36 test-owner="XS4ALL" test-name="testsvr"]
May 28 13:04:38 10.0.0.1 1 2014-05-28T13:04:38.248+02:00 srx210 rmopd 1350 PING_TEST_COMPLETED [junos@2636.1.1.1.2.36 test-owner="XS4ALL" test-name="testsvr"]
May 28 13:04:19 10.0.0.1 1 2014-05-28T13:04:19.548+02:00 srx210 utmd 1380 AV_PATTERN_UPDATED [junos@2636.1.1.1.2.36 version="05/28/2014 12:36 GMT, virus records: 522178" file-size="18635751"]
May 28 13:03:42 10.0.0.1 1 2014-05-28T13:03:42.934+02:00 srx210 rmopd 1350 PING_TEST_COMPLETED [junos@2636.1.1.1.2.36 test-owner="XS4ALL" test-name="testsvr"]

This is strange, since there was no one around at the time. So it must have been some sort of bug that caused this.

Thankfully I had a backup of the config, so the device was up and running again within 10 minutes. So now I have to keep an out out for this. Especially the next couple of days.

UPDATE: There's is definitely something wrong with the hardware. I tried different Junos versions (also stable recommended versions), and different configs, but for some reason the device detect a 'Config button pressed' event and goes back to the default factory config. This happens within 12 hours.

The device keeps going back to the factory default config. Today I changed the behavior of the reset button. The reset button doesn't react to physical interactions when adding the following line to the config:

root@srx210# set chassis config-button no-clear no-rescue

Let's see if that helps. If it does, it means that the hardware reset button (mechanism) is malfunctioning.

UPDATE 2: looks like the config button config did the trick (so far). The device is still up-and-running for nearly 24 hours. -keepingfingerscrossed-

UPDATE 3: and we have a winner. The SRX210 is still operational. Just need to remember to add the command when I reconfigure it. Perhaps a sticker on top as a visual reminder :-)

Posted on May 28, 2014 by Willem and filed under Annoying, Junos, Security and tagged srx Junos Juniper.