blocodenotas.com.br

TROUBLESHOOTING VPN FORTIGATE

Habilitar

diagnose vpn ike log-filter clear

diagnose vpn ike log-filter src-addr4 191.177.130.225

diagnose debug application ike -1

diagnose vpn ike log-filter list

diagnose debug enable

Desabilitar

diagnose debug disable

diagnose vpn ike log-filter clear

CORRIGIR ERRO ESXi LookupAndOpen[file]

Mensagem de erro.

Failed to power on virtual machine SRVXX. File system specific implementation of LookupAndOpen[file] failed Click here for more details

Para verificar se o disco está com erro

.vmkfstools -x check /vmfs/volumes/datastorepath/vm name/vm name main base disk.vmdk

Para corrigir o disco

vmkfstools -x repair /vmfs/volumes/datastorepath/vm name/vm name main base disk.vmdk

vi lista_mac.sh

#!/bin/sh
#vmrale
for VSWITCH in `vsish -e ls /net/portsets/ | cut -c 1-8`
do
echo $VSWITCH
for PORT in `vsish -e ls /net/portsets/$VSWITCH/ports | cut -c 1-8`
do
CLIENT_NAME=`vsish -e get /net/portsets/$VSWITCH/ports/$PORT/status | grep clientName | uniq`
ADDRESS=`vsish -e get /net/portsets/$VSWITCH/ports/$PORT/status | grep unicastAdd | uniq`
echo -e “\t$PORT\t$CLIENT_NAME\t$ADDRESS”
done
done

chmod 755 lista_mac.sh

HABILITAR CERTIFICADO NO APACHE

ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf
nano /etc/apache2/sites-available/default-ssl.conf

SSLCertificateFile /etc/letsencrypt/live/srv1.seudominio.com.br/privkey.pem
SSLCertificateKeyFile /etc/letsencrypt/live/srv1.seudominio.com.br/chain.pem
SSLCertificateChainFile /etc/letsencrypt/live/srv1.seudominio.com.br/cert.pem

a2enmod rewrite
a2enmod ssl
a2ensite default-ssl.conf
service apache2 restart

FORWARD COM IPTABLES

Criar as regras

NAT de destino
iptables -t nat -A PREROUTING -i eth0 -p tcp -d IP_DESTINO –dport 2000 -j DNAT –to-destination NOVO_IP_DESTINO:2000 -m comment –comment “Acesso ao Aplicativo”

NAT de origem
iptables -t nat -A POSTROUTING -p tcp -d NOVO_IP_DESTINO –dport 2000 -j SNAT –to-source NOVO_IP_ORIGEM -m comment –comment “Acesso ao Aplicativo”

Liberação de encaminhamento
iptables -A FORWARD -p tcp –dport 2000 -j ACCEPT -m comment –comment “Acesso ao Aplicativo”

Deletar as regras

NAT de destino
iptables -t nat -D PREROUTING -i eth0 -p tcp -d IP_DESTINO –dport 2000 -j DNAT –to-destination NOVO_IP_DESTINO:2000 -m comment –comment “Acesso ao Aplicativo”

NAT de origem
iptables -t nat -D POSTROUTING -p tcp -d NOVO_IP_DESTINO –dport 2000 -j SNAT –to-source NOVO_IP_ORIGEM -m comment –comment “Acesso ao Aplicativo”

Liberação de encaminhamento
iptables -D FORWARD -p tcp –dport 2000 -j ACCEPT -m comment –comment “Acesso ao Aplicativo”

CERTIFICADO LET’S ENCRYPT

Instalação

apt-get update
apt-get install certbot

Gerar certificado

certbot certonly –non-interactive –standalone –agree-tos –email [email protected] -d srv1.seudominio.com.br

Revogar e deletar certificado

certbot revoke –cert-path etc/letsencrypt/live/srv1.seudominio.com.br/fullchain.pem
certbot delete

Renovar certificado

certbot renew –noninteractive

TROUBLESHOOTING VPN FORTIGATE

CORRIGIR ERRO ESXi LookupAndOpen[file]

LISTAR MAC ADDRESS NO ESXI

HABILITAR CERTIFICADO NO APACHE

FORWARD COM IPTABLES

CERTIFICADO LET’S ENCRYPT

ZERAR HIT EM TODAS AS POLÍTICAS FORTIGATE

FORÇAR UPDATE UTM FORTIGATE

RESOLUÇÃO DNS DE OBJETO FORTIGATE

STATUS INTERFACE FORTIGATE