Cyberoam PPTP VPN For Telecommuters

Have recently done some experimenting with the Cyberoam PPTP VPN for road warrior connections. We were having a LOT of instability issues with L2TP VPN. The biggest reason for using L2TP is security as it encrypts all traffic, but if your user’s apps and everything are encrypted anyway, this can cause a bottleneck.

Another issue that comes up with Cyberoam L2TP VPN is that it’s not easy to use their Windows Domain login, or even LDAP login so far as I’ve tested. This isn’t a problem with any OS before Windows 7, but Windows 7 doesn’t always send the correct credentials to the domain. This will cause password dialog boxes to pop up all over the place, many times for no reason.

Set Up Cyberoam PPTP VPN

I have run PPTP and L2TP VPN at the same time but never had much chance to see if they didn’t conflict with each other if people are connecting to both. I think as long as the IP addresses it gives out are different it’s likely not a problem.

Step 1 – Go to the VPN section in the GUI and Click on PPTP. Fill in the form. You’ll want to select a LAN port for the local IP address. You will also need to provide an IP address range, these need to be IP addresses on your local network that won’t be used for anything else.

Fill in your local DNS servers here, not your ISP’s so your users can get access to things on the local network easier.

Step 2 – Go ahead and click OK and then click “Add Members” and select which users you want to be able to use the PPTP VPN connection. These CAN be Windows users from AD. It works fine.

Step 3 – Set up your VPN client. I ran the VPN wizard in windows Vista and the only thing I had to change in the settings to get this to work right was I selected “Optional  Encryption” under the security settings. I also made sure the “Unencrypted password (PAP)” was selected under the “Allow these protocols” section at the bottom.

Keep in mind this method will not encrypt traffic. So you may be blasting login information over the internet. This is a good method to use if you need to connect to already secure services on your network. If it’s encrypted on your LAN it’s encrypted over your PPTP connection too.

Personally I would only use this for a highly locked down username with no access to anything but local network. This is also not a terrible way to connect back to your phone system for VOIP service.

Intermediate Home Internet Troubleshooting

So  you’ve having trouble with your internet at home. It may or may not be completely down and you are trying to figure out where the problem is. It might be slow, it might drop off a lot.  Your router and modem have been rebooted many times, but before you call Tech Support and get told to do that all over again, you want to know what you can do.

Well fortunately there are a few things a home user can do to check their internet and see potentially what the problem is before calling Tech Support. The first thing you should do if you haven’t already is go through my “How to Fix Most Internet Problems” article.

Here’s what to do if you are completely down:

Check If You Are Resolving DNS

Resolving DNS is fancy IT speak for, “Can your computer find the IP address of a site by its name.”  It actually means more than that, but for home use the following overly simple explanation should suffice.

Every website on the internet has an associated “IP Address” so that your computer can know where that website is located on the web. When you type ‘google.com’ into your web browser, your computer asks a Domain Name Server what the IP address for google.com is. It then takes the returned IP address and goes to the site. For instance google.com’s IP address as of this writing was ‘74.125.227.105’. If you copied and pasted that IP address into your browser it would go directly to google.com.

What you want to find out is if your computer can look up a DNS address. This assumes you are logged in as an administrator account on your Windows 7 computer.

Step 1 – Open a command prompt by clicking your start menu and typing “cmd” into the search box and hit enter.

Step 2 – Type “ipconfig /flushdns” and hit enter.

Step 3 – Type “ping google.com”. You should get something very similar to this back:

If you only get the first line where it says “Pinging google.com [74.125.227.105]” but then no replies it means you are at very least resolving DNS. That means that your router is at least seeing your ISP’s domain name servers and they are responding. It also means you aren’t getting traffic back from the internet. The blockage is MOST likely on your service provider’s end.

If you get a “Host not found” error, it means you flat aren’t connected to anything. This could show a bad router, modem or even bad settings in your computer. So let’s try and eliminate the computer as the culprit.

Check your Network Settings

If you followed my advice on setting up home wi-fi then follow these instructions here to make sure your computer’s settings are correct.

Step 1 – Right Click on the network connection icon down by your system clock and select Open Network and Sharing Center. Note: If you connected wirelessly, this will instead look like a cell phone’s signal icon with the five bars.

Step 2 – Click on “Change Adapter Settings”.

Step 3 – Right click on the active network connection and select “Properties”.

Step 4 – Select “Internet Protocol Version 4 (TCP/IPv4) and click the “Properties” button.

Step 5 – Make sure your settings match the picture below.

If the settings are set to “Use the following” on either of those, and you followed my guide to setting up your router, the settings are just wrong and fixing that will probably solve your issue.

Step 6 – Click OK on the TCP/IP properties window, and on the adapter properties window. If you made any changes you will need to wait a few seconds for your computer to apply them.

Step 7 – Check and see if you can resolve DNS now. If you can, try opening a website.

If this doesn’t solve your problem then the next possibility is a bad router.

Router Issues

The easiest way to take the router out of the equation is to hook your computer directly into your modem and see if that solves the problem.

Step 1 – Find the cable leading from your router to your modem. On the back of the router it’s the cable in the port marked “Internet” or “Modem” if you have a normal home grade router. Disconnect this cable from the router and plug the end that used to be in the router directly into the ethernet port on your computer.

Step 2 – Unplug the power from the modem, count to ten, then plug it back in.

Step 3 – Once the modem has booted up completely, try resolving DNS.

If that worked then it’s probably your router causing the problem. You can reset it back to factory defaults then run through my Wi-Fi guide again and see if that fixes the problem.

If it doesn’t work it’s PROBABLY your modem, or the ISP. At this point you should really call tech support and see if they can’t help you. Sometimes telling them you did these things will speed the process up.

If you have another computer with an ethernet port on it, it’s a good idea to test a second one just to make sure it isn’t your computer. Most of the time it isn’t because other devices in the house will be connecting fine, and that computer won’t.

NOTE: Some ISP’s like AT&T might sell you a modem that is also a router, they typically call these “Gateways”. You might also have a modem/router combination for your cable internet. If this is the case you typically need to call tech support anyway.

Please be aware that if you have AT&T’s DSL service and you got one of their 2WIRE gateways, you’ll be happy to know that unlike most ISP’s AT&T fully supports this hardware. Their tech support agents can either walk you through fixing most basic networking problems with it or actually resolve the problem from their end by logging into it themselves. This is very convenient if you aren’t very tech savvy.

Slow Internet Troubleshooting

This problem is a little more vague and hard to pin down than being completely down. For one you need to know what speed internet you’re paying for. Let’s assume you are getting 3mb download speed, and 1mb upload. This is a common plan across the US.

Step 1 – Go to speedtest.net.

Step 2 – Click the “Begin Test” Button. Wait for the test to complete.

When it completes, as long as you aren’t streaming videos or have some other device using the internet, you should get something within 10%-15% of your speed back. So if you have 3meg/1meg, your download speed should show something like 2.7 at the lowest, and your upload should be .8-.9 at the lowest.

If it is lower than that your ISP may be having a problem. You can eliminate your own hardware by running a speed test on another device. If it shows the same, turn off all internet using devices except the computer you are on, your router and your modem. Run the test again, see if it is still the same.

If the speedtest never gets better, you should call your ISP and see if they can fix it. Sometimes things just come loose on their end, settings get screwed up, etc.

If it is better on another device consistently, you might want to run some anti-malware software on that computer or call someone to check it out for you.

Telnet Commands for ShoreTel Phones

I wrote a post on how to telnet into a ShoreTel phone but not much about what you can do once you’re in there. I checked around on the internet for a listing of commands you can run and what they do and the documentation is pretty scarce. I did find that ShoreTel nicely put several commands in their Maintenance guide for 11.2, and probably every maintenance manual they’ve put  out. Also some of these commands can be done through the PhoneCTL utility it talks about in section 6.4.5.

I did a telnet session into one of my phones to see what commands were available.

I copied and pasted a lot of this from the telnet output of my phone. I’ve tried to run most of these commands and commented whether it works or not. If anyone has any additions to this please use the comments or contact me form so I can add it.

This is a work in progress and I’d welcome any submissions on commands that have been discovered. If it’s something that can ruin the phone, please make note of that when you send.

ShoreTel Related Commands

These are some commands not expressly listed in the “help” system in the phone.

bootChange – This will let you enter the IP address, ShoreTel server IP and other things. It doesn’t persist any changes you make, so if you are trying to change the IP or something of a remote phone, you really should either talk a user through this or use DHCP reservations. I have a feeling the items you enter on the phone setup screen are stored in a text file somewhere on the phone.  – Updated 9/4/2012

printsysInfo – Shows a lot of system info for the phone. You can see MAC address, IP address, which FTP server it is set to download from, SNTP server information and all that here. This will show firmware versions as well.

reboot – Reboots the phone.

ping “xxx.xxx.xxx.xxx” – Pings an IP address. you need to enclose the IP address in quotes.

prtleveltabs – Prints the volume levels of the various audio outputs on the phone.

setAllCallApearanceLEDs [state] – Just for fun, you can turn on and off all the Call Appearance LEDs. State is a 0 or a 1. I did type that right, there is only 1 “p” in Apearance.  I haven’t figured out how to turn them green.

Networking Commands

Command – ShoreTel/VxWorks Documentation – My Thoughts

hostAdd “hostname”,”inetaddr” – add a host to remote host table; “inetaddr” must be in standard Internet address format e.g. “90.0.0.4” – Command works. If you don’t have a DNS server this could be somewhat useful as it adds a host and IP address combination to the phone.

hostShow – print current remote host table – Works. Shows the host table with hostname/ip address combinations. In mine I got the following output:


netDevCreate “devname”,”hostname”,protocol – create an I/O device to access files on the specified host (protocol 0=rsh, 1=ftp) – Works. This is a file access command. Not sure what use it might be.

routeAdd “destaddr”,”gateaddr” – add route to route table – Works. Adds a network route. This might can be used as a way to direct a phone to the ShoreTel server without the aid of a static route in a router. Will have to try this.

routeDelete “destaddr”,”gateaddr” – delete route from route table – Works. Removes routes added with above command.

routeShow – print current route table – Works. Shows the current routing table.


iam “usr”[,”passwd”] – specify the user name by which you will be known to remote hosts (and optional password) – Works. Probably a vxworks specific command. Not entirely sure of use.
whoami – print the current remote ID – Works. Got the output “value = 1 = 0x1”. Again might just be a VxWorks thing with no relevance to ShoreTel.
rlogin “host” – log in to a remote host;”host” can be inet address or host name in remote host table – Doesn’t work. Returns “undefined symbol”.

ifShow [“ifname”] – show info about network interfaces – Works. Shows information about the physical interfaces on the phone.

inetstatShow – show all Internet protocol sockets – Works. Shows ports and sockets the phone might be using. Could be  useful if you have firewall issues.


tcpstatShow – show statistics for TCP – Works. Shows stats on network activity.


udpstatShow – show statistics for UDP – Works. Shows UDP stats. Same as tcpstatShow, just shows UDP protocol stats instead.


ipstatShow – show statistics for IP – Works. Overall IP stats.


icmpstatShow – show statistics for ICMP – Doesn’t work, or might not have had data.

arptabShow – show a list of known ARP entries – Works. Shows ARP table.


mbufShow – show mbuf statistics

IO Commands

This looks like VxWorks file system commands. Not entirely sure that this can be used for troubleshooting purposes. I won’t comment on these as they are almost identical to DOS commands. these probably have a real potential to screw your phone up.

cd “path” – Set current working path

pwd – Print working path
ls [“wpat”[,long]] – List contents of directory
ll [“wpat”] – List contents of directory – long format
lsr [“wpat”[,long]] – Recursive list of directory contents
llr [“wpat”] – Recursive detailed list of directory
rename “old”,”new” – Change name of file
copy [“in”][,”out”] – Copy in file to out file (0 = std in/out)
cp “wpat”,”dst” – Copy many files to another dir
xcopy “wpat”,”dst” – Recursively copy files
mv “wpat”,”dst” – Move files into another directory
xdelete “wpat” – Delete a file, wildcard list or tree
attrib “path”,”attr” – Modify file attributes
xattrib “wpat”,”attr” – Recursively modify file attributes
chkdsk “device”, L, V  – Consistency check of file system
diskInit “device”  – Initialize file system on disk
diskFormat “device” – Low level and file system disk format – This seems like a bad idea.

 

How to Set up A Router for Home WiFi

People ask me occasionally about how to set up WiFi and make sure it’s secure. It’s not something that is easy to explain in person, it takes illustrations. So I’ve compiled it here.

First off, I suggest Linksys routers. If you don’t have one, go get a Linksys E2000 router. You can find them at Office Depot, Best Buy or most big box stores. I’ve also shamelessly added a link at the bottom of the page to get one on Amazon.

It isn’t totally necessary to get an E2000. An E1000, E2500, E3000, or Similar “E” router will have almost identical instructions. Most Cisco-Linksys routers will actually have similar screens.

Also grab some ethernet cable. You can buy this, make your own, or go to your IT guy’s office at work and ask if he has any spare pieces. You’d be surprised at how often the answer is, “Yes, how much do you need?” He might even be so happy for anyone coming around that doesn’t need to reboot their computer that he’ll make the cable for you. Your router will come with a piece, but you will need two pieces for the first setup even if you are going entirely wireless.

Step 1 – Unplug your modem from the power and disconnect it from your computer, or old router.

Step 2 – Look on the back of the router for the port (the hole) labeled “Internet” or “WAN”. Plug one piece of patch cable in here, and plug the other end of that cable into the modem’s Ethernet Port. Pro-tip: They look like big telephone jacks.

Step 3 – Plug the other piece of Ethernet cable into the port labeled “1” and plug the other end of that cable into your laptop or desktop’s Ethernet port.

Step 4 – Plug the router into power. Wait for the router to fully boot up. This usually takes about a minute.

Step 5 – Open the web browser on your computer and type “192.168.1.1” into the address bar and hit enter. Do not type this into the Google bar. See the picture below. Never mind that it says “192.168.227.1” in mine.

image

Step 6 – It will ask for a password. On Cisco/Linksys routers the username is “admin” and the password is “admin”.

Step 7 – My router had some Express setup screen that came up instead of what you see above. Just cancel that and get into the advanced setup screen. It’s not that complicated and I’m going to show you how to make things very secure.

Step 8 – Internet Setup – Leave the Internet Connection Type as “Automatic Configuration – DHCP”. Most Internet Providers don’t require a host name or domain name and you can leave MTU as default.

image

Step 9 – Network Setup – This is where we do things a bit different from most.

IP Address – The IP address is 192.168.1.1 by default. I would leave it like that. You’ll see in mine I’ve changed it. You can change the third number in the IP address to anything between 0 and 253 if you want.

If you change the IP Address write what you changed it to down. It’s important!

Subnet Mask – Leave this the default.

Device Name – You can change the device name to something different.

DHCP Server – Set DHCP server to enabled. The start IP address blank should be “100”. I always set Maximum Number of Users to 10, but if you have more than 10 Wi-Fi devices (laptops, phones, kindles, mp3 players, blu-ray players, XBOX, PS3, etc…) figure out how many you have and set this number to five or ten more than that.

Leave everything else here the default. It should fill the IP Address from above in the “Static DNS 1” blank.

Step 10 – Time Settings – Set this to your local time zone. You can see mine is wrong. It really doesn’t mean anything.

Step 11 – Click the “Save Settings” button. The router will reboot.

Step 12 – Close your web browser, wait a few minutes for the router to reboot.

Step 13 – Open the web browser and enter the IP address you change it to in Step 9, or the default “192.168.1.1” into your browser bar and hit enter.

If things work right the browser should open up to the page from before. If not, the easiest way to fix it is to reboot your computer.

On to the wireless set up!

Step 14 – Wireless – Click on the Wireless link at the top beside “Setup”. Change the Configuration View to “Manual” if it isn’t already.

Wireless Band – Select 2.4 GHz.

Network Mode – Select Mixed (this will allow a greater variety of devices to connect).

Network Name – Give your network a descriptive name, do NOT leave it as Linksys. Mine is “thegreentower”. You might want to name yours after your last name or something.

Channel Width – Leave this whatever the default is.

Channel – Leave this as Auto.

SSID Broadcast – Set to Enabled.

image

Step 15 – Click on Wireless Security and change the Security Mode to “WPA2 Personal”. If you have some really old devices you can set it to WPA.

DO NOT USE WEP! It is trivial to break WEP security. I’ve seen someone do it in five minutes.

Passphrase –  Enter a good 6 to 10 character password here. Something you’ll remember but that isn’t easy to guess. I’ve blacked mine out on the picture.

image

Step 16 – Click the “Save Settings” button at the bottom, reboot the router if you need to and you’re done!

The only other thing I would recommend doing is going to the Administration screen and changing the Router Password from something other than the default.

Congratulations!  You can now connect to your new, secure wireless network! Remember to enter the password you entered in step 15 to connect.

How to Telnet into a ShoreTel phone

This is one of those ‘probably never’ pieces of information. I’ve had to do this exactly one time to check and see why a phone was screwing up.

When you need to telnet into any ShoreTel device you must be using the ShoreTel server. You’ll need to know the IP address of the phone you need to telnet into. You can find this in the Shoreware Director under IP Phones > Individual IP Phones.

TelNet Shoretel Phone Screen

  1. Remote into the ShoreTel Server
  2. Go to a command prompt and type in “cd \Pro*\Sho*\*ser*” (that’s a fancy wildcard trick to get there faster).
  3. Type “phonectl -pw 1234 -telneton XXX.XXX.XXX.XXX”. The phone password is usually 1234, but you can change it under IP Phones > Options. Of course this will require a phone reboot, and if your phone is having issues you may have to do it manually. The XXX.XXX.XXX.XXX is the IP address of the phone.
  4. Telnet into the phone from your ShoreTel Server. If the telnet fails, you’ll have to do steps 1 through 3 again.

If you found this information useful please use the like button below, or +1 us on Google+!

Note: The full path should be “C:\Program Files\Shoreline Communications\ShoreWare Server”. It could also be “C:\Program Files (x86)\Shoreline Communications\ShoreWare Server”

You could also do a “dir \s phonectl.exe” and try to find the phonectl.exe command that way. You can copy that program and the ipbxctl.exe files to another computer and telnet into the phones and switches without remoting into your ShoreTel server.