Configure Mikrotik SSTP VPN with TLS certificate

In our previous post, we showed how to automatically generate and activate/renew a Let’s Encrypt TLS certificate on a Mikrotik device: https://www.amd-k6.com/automate-letss-encrypt-tls-certificate-on-mikrotik-routeros/

Today, we look at configuring an SSTP VPN server which uses this certificate so you can remotely connect to your Mikrotik router from a Windows PC, for example.

The first step is to create a VPN user, this is done in PPP > Secrets. The options are mostly straightforward:

  • Name: you username
  • Password: select a strong password
  • Service: select sstp
  • Profile: default-encryption
  • Local address: set the IP address of you mikrotik device on the LAN-side
  • Remote address: this is the IP address you will get from the VPN, select an address that is available on your LAN
Continue reading

Automate Lets’s Encrypt TLS certificate on Mikrotik RouterOS

To configure an SSTP or OpenVPN service on my Mikrotik Router, I had the need to generate and upload a real TLS certificate to the device. Some solutions exist in various blog posts but they are either too complicated, outdated or badly documented. So I made my own post and script. I hope it helps someone!

The goal here is to generate a Let’s Encrypt certificate and upload/activate it on a Mikrotik router. What you will need to do manually is:

  • Generate a Let’s Encrypt certificate
  • Create an user to SSH to your Mikrotik
  • Run the script to transfer and activate the certificate
Continue reading

Kubernetes – Run workloads on the Control Plane Node

If you ever installed a Kubernetes cluster, you probably know that the minimal setup is composed of 2 nodes: a Control Plane Node (previously called master) and a Worker Node. This is a good thing as we usually don’t want workloads interfering with the API in production environments.

But what about lab environments where you want to run everything in a single VM for example? Well, it’s absolutely possible and actually very simple to configure a Control Plane Node to also accept workloads (pods).

This is managed by “taints”, which is a configuration string applied to nodes. On your Control Plant Node, you can see this by running:

# kubectl describe nodes YourNodeName | grep Taints

It will give you back a string resembling “node-role.kubernetes.io/master:NoSchedule”. NoSchedule, the name says it all.

Well, you can simply remove this taint by running the following command, note the “-” at the end to remove the taint:

kubectl taint nodes YourNodeName node-role.kubernetes.io/master:NoSchedule-

And that’s it, you can now run workload pods on your Control Plane Node in your lab.

CentOS Stream 8 software RAID1 and UEFI GPT Boot configuration

This post has nothing to do with the usual content of this website (not K6 related) but I’m sharing my experience of configuring a CentOS Stream 8 Linux software RAID 1 installation on an UEFI system that actually boots when you replace a failed disk.

Most of the tutorials and articles online are about such installations where the the disks are in MBR (legacy) mode and not GPT (UEFI) and this has a huge impact on how your system boots and how you act when a disk fails. We’ll have a look at a scenario where we:

  • Start by installing CentOS Stream 8 in software RAID 1 (on 2 disks) mode
  • Simulate the failing of one drive
  • Replace the drive so the RAID arrays are synchronized again
  • Configure the UEFI to be able to boot on this new replacement drive

For demonstration purposes, this will be done using a VM in VirtualBox, but it also applies to any PC or Server booting in UEFI mode, as most machines do nowadays.

Continue reading

Windows 2000 with nVidia FX5700

One of the hardest things to get right when currently installing a K6 machine is to have a working Windows/DirectX/Drivers combination. Well after some sweat I’m happy to say that I finally found the perfect sweet-spot:

  • Windows 2000 with unofficial SP5
  • nVidia GeForce FX 5700 with series-50 drivers
  • DirectX 9.0c from july 2006 (later versions may require SSE and crash on a K6 without telling you that)

This great success has lead to the update of the OS Support page with all the info one may want and need…the system doesn’t BSOD on nv4_disp.dll when running DirectX 8/9 applications and OpenGL also works fine!

SATA to IDE converters

If like me you are (or are looking to) running an SATA HDD/SSD in you K6 machine, you are probably wondering if you should buy a dedicated bootable SATA host-bus adapter PCI card or maybe use an IDE to SATA converter to plug your SATA drive on the motherboard’s IDE ports.

convertet-box

A good Promise PCI card will cost you around 30€ and it works flawlessly and performs very well, but what about these adapters from China you can get for 10€? Well, I tested 2 of them; they all use the same chipset and only the PCB differs a bit. Both adapter’s PCB look like shit with soldering marks all over the place; they are cheaply made but at first glance they work well.

converter-pcb

Unfortunately, they perform horribly bad to the point where I had the feeling my K6 system was 4-5 slower doing any action using the disk…so do yourself a favour and avoid them. Buy a good SATA controller instead!

Old Hardware Shop

One of the most frustrating experiences when building an old system is to be able to buy cheap parts but then have to pay a lot for all the shipping costs from different sources and countries…at least this is what I was faced with when building my K6 system :)

Fortunately there are some specialised online shops which actually sell old hardware for a very low price so one can combine shipping costs; I ordered several parts from CBO-DO.de and they are very nice and helpful :)