If you install a fresh copy of Windows XP in 2022, you will probably notice that the automatic activation process fails. This is because Microsoft retired this service, after all the OS is more than 20 years old and it is not able to connect to most SSL sites anymore.
But do you know that Windows XP can still be activated? For that, start the activation wizard and try to activate Windows online: it will fail.
Then select “Activate by Phone” and follow the guided messages, you will be asked for a series of numbers like the ones displayed on the screenshot below.
Once you get you activation code, bingo, it works!
Yesterday I finally tried an upgrade path from Windows 2000 to Windows XP to Windows 7 on my AMD K6-2+ 550 system. As it may be of interest to some other people, here are some notes about the process:
Upgrading from Windows 2000 to Windows XP SP3 went totally smoothly, all my hardware still had functioning drivers after the upgrade process. The OS itself feels a bit slower than Windows 2000 but some programs that did not run on 2000 now work on XP. The only problem in 2022 is that you can’t (easily) activate Windows XP nor do any Windows Updates as the feature has been discontinued by Microsoft.
Upgrading from Windows XP to Windows 7 also went well, I started the installer in the evening and the next morning my Windows 7 desktop was ready. Now for the bad part…the OS feels globally very sluggish. It perfectly works, you can run modern software (as long as it doesn’t need SSE) but the user experience is not enjoyable. And the biggest problem is the support of legacy hardware. On my system, my Sound Blaster 128 an my 3Com 3C905 NIC are not recognised anymore and no drivers exist for Windows 7.
So the bottom line is: yes, Windows 7 will absolutely run using around 400MB of RAM after boot, but the big issue is the unsupported hardware coming from Windows XP where everything works. This is no real wonder, the hardware and XP are “period matching”. Windows 7 on the other hand was released in 2009, 10 years later.
If you read this, you are probably aware that there is a hue security flaw in the current log4j < 2.15 implementation that can lead to code execution on your server, see https://therecord.media/log4j-zero-day-gets-security-fix-just-as-scans-for-vulnerable-systems-ramp-up/ for a full story.
This post is about how to configure Elastic Search (ELK) and Logstash on your CentOS 8 system to avoid this so you don’t have to search.
vim /etc/logstash/jvm.options
# CVE-2021-44228
-Dlog4j2.formatMsgNoLookups=True
systemctl restart logstash
vim /etc/elasticsearch/jvm.options
# CVE-2021-44228
-Dlog4j2.formatMsgNoLookups=True
systemctl restart elasticsearch
Do this for every service that uses log4j. Solr is also affected for example, the pattern is to find the file (usually jvm.options in Apache products) that permits you ti add this JVM option to your service startup command line.
Today, we look how to configure an L2TP VPN server so you can remotely connect to your Mikrotik router from a Windows or MacOS computer.
The first step is to create a VPN user, this is done in PPP > Secrets. The options are mostly straightforward:
Name: you username
Password: select a strong password for you user
Service: select l2tp (or any)
Profile: default-encryption
Local address: set the IP address of you mikrotik device on the LAN-side
Remote address: this is the IP address you will get from the VPN, select an address that is available on your LAN
The next step is to enable the L2TP server, click PPP > L2TP Server
Enable it
Default Profile: default-encryption
Authentication: mschap2
Use IPsec: yes
IPSec Secret: select a strong password, this is the pre-shared key
Now we need to create firewall rules to allow L2TP/IPsec traffic. Be sure to create these 2 rules before your input chain “DROP” rule.
Rule 1:
Chain: input
Protocol: 50 (ipsec-esp)
Rule 2:
Chain: input
Protocol: 17 (udp)
Ports 500, 1701, 4500
The next step is to configure IPsec so it can talk to Windows and MacOS, there is a matrix for the supported protocols on https://help.mikrotik.com/docs/display/ROS/IPsec but I will give you the most compatible settings I found in the screenshots below.
To do so, select IP > IPSec > Proposals and then Profiles
And that’s it, now on a Windows 10 PC you can just add a new L2TP VPN connection, and it should work!
Recently I had to upgrade an HPE DL325 server which was running on VMWare ESXi 6.7U3 HPE Custom ISO, to VMWare ESXi 7.0.2 HPE Custom ISO
Doing so I got an “MISSING_DEPENDENCY_VIBS ERROR” on module HPE_bootbank_ssacli_4.15.6.0-6.7.0.75355516 at the end of the installation process.
To solve this, you have to reboot your ESXi host, enable SSH on it and then disable the problematic module so the upgrade process can proceed without an error:
[root@esxi1ng:~] esxcli software vib list | grep ssacli
ssacli 4.15.6.0-6.7.0.7535516 HPE PartnerSupported 2020-05-05
[root@esxi1ng:~] esxcli software vib remove --vibname ssacli
Removal Result
Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
Reboot Required: true
VIBs Installed:
VIBs Removed: HPE_bootbank_ssacli_4.15.6.0-6.7.0.7535516
VIBs Skipped:
Done, that’s all there is to it, you can now upgrade.
In our previous post, we showed how to automatically generate and activate/renew a Let’s Encrypt TLS certificate on a Mikrotik device: https://www.amd-k6.com/automate-letss-encrypt-tls-certificate-on-mikrotik-routeros/
Today, we look at configuring an SSTP VPN server which uses this certificate so you can remotely connect to your Mikrotik router from a Windows PC, for example.
The first step is to create a VPN user, this is done in PPP > Secrets. The options are mostly straightforward:
Name: you username
Password: select a strong password
Service: select sstp
Profile: default-encryption
Local address: set the IP address of you mikrotik device on the LAN-side
Remote address: this is the IP address you will get from the VPN, select an address that is available on your LAN
To configure an SSTP or OpenVPN service on my Mikrotik Router, I had the need to generate and upload a real TLS certificate to the device. Some solutions exist in various blog posts but they are either too complicated, outdated or badly documented. So I made my own post and script. I hope it helps someone!
The goal here is to generate a Let’s Encrypt certificate and upload/activate it on a Mikrotik router. What you will need to do manually is:
Generate a Let’s Encrypt certificate
Create an user to SSH to your Mikrotik
Run the script to transfer and activate the certificate
