Zobrazují se příspěvky se štítkemHowtos. Zobrazit všechny příspěvky

úterý 22. října 2024

Mikrotik + O2 (Cetin) + IPv6

Nastavení routeru Mikrotik pro O2 internet

Klíčová slova: mikrotik, IPv6, PPPoE, O2, Cetin, VLAN

Pořídil jsem si domů nový skvělý optický O2 internet, ale nechtěl jsem jejich router, když mám doma Mikrotik :) Stálo to ale trochu nastavování. Chtělo to správně nastavit PPPoE a IPv6 komunikaci. Vycházel jsem z těchto článků, přepíšu je i sem, kdyby se náhodou v budoucnu někde ztratily:

Postup

Interfaces -> nový interface

Type: VLAN
jméno: vlan-848 #může být i jiné
VLAN ID nastavit na 848
Interface, ke kterému tu VLAN přidat, je ether1 #to je defaultní WAN port Mikrotiku
ostatní defaulty: MTU 1500, ARP enabled

Interfaces -> nový interface

Type: PPPoE Client
jméno: pppoe-o2-out1 #může být i jiné
Max MTU i MRU: 1492
Interfaces: vlan-848
Dial Out: user/pass: o2/o2 nebo cetin/cetin nebo adsl/adsl

IP -> DNS

přidat nějaké od O2, případně CZ NIC: 193.17.47.1, 185.43.135.1, 2001:148f:ffff::1, 2001:148f:fffe::1 nebo CESNET: 195.113.144.194, 2001:718:1:1::2, 195.113.144.233, 2001:718:1:101::3

IP -> Firewall (NAT, přidat pravidlo)

Chain: srcnat
Out. interface: pppoe-o2-out1
Action: masquerade

IPv6 -> Settings (enabled)
IPv6 -> DHCP Client

Interface: pppoe-o2-out1
Pool name: o2ipv6 #může být i jiné
Pool prefix length: 64 nebo 56 #asi chodí obojí
Use peer DNS, Add Default Route

IPv6 -> Addresses

Add new
Address: ::/64
From pool: o2ipv6
Interface: bridge
Advertise

IPv6 -> Neighbors (Neighbor discovery, nd)

Buďto přidat nebo upravit stávající
Interface: all nebo bridge #asi chodí s oběma
MTU: 1460 nebo 1492 #asi chodí s oběma

Test IPv6.

úterý 27. prosince 2022

Using JsignPDF with eObcanka in Linux

So you've got your eObcanka and purchased a fully qualified certificate from some provider (PostSignum in my case). And you've decided to generate that cert to eObcanka's protected storage to be more secured and qualified as well :) Assuming you also have purchased some smart card reader which can ber used to read eObcanka's chip. Now how to use it in Linux to sign some document.

1st you need the middleware software for that. They provide only an Ubuntu package but it can be used in other systems as well. In my case I didn't have to make any customizations in Debian Unstable.

Then you need a software to sign your PDF which is PKCS11 capable. Currently I know about three free Linux softwares which can digitally sign a document using some hardware token (PKCS11): LibreOffice, Okular (in it's latest development version with some supporting libraries - Poppler) and JSignPDF. So ...

LibreOffice still quite sucks because it can sign the document but you can not place a visible mark about that anywhere. But the configuration is quite easy, IMHO it uses the same configuration as Thunderbird does.
Also Okular still quite sucks. Configuration is also the same as Thunderbird uses so it's good. But again, there is a problem with the visible mark of the digital signature. It's better than LibreOffice beacause at least you can place the visible mark somewhere. But you can not easily configure the text properties so it looks usually quite lousy.
So from the three mentioned softwares I use JSignPDF where you can do some fine-tunning of the visible mark.

How to configure JSignPDF to use PKCS11

So you have downloaded the latest version of JSignPDF (now it is 2.2.0, to use PKCS11 you need at least version 2.0.0) for example in ~/prg/JSignPDF. Now edit the conf/pkcs11.cfg and fill it with:

name=eObcanka
library=/usr/lib/x86_64-linux-gnu/libeopproxyp11.so
slot=1

After that edit the file conf/conf.properties and uncomment the line

pkcs11config.path=conf/pkcs11.cfg

After this you can put your eObcanka to the card reader and run the jsignpdf.sh. It should behave like this:

FINE Relaxing SSL security.
FINE Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg
FINE PKCS11 provider registered with name SunPKCS11-eObcanka
FINE PKCS11 provider registered with name JSignPKCS11-eObcanka

Now you should see a new PKCS11 type of key and certificates storage.

středa 21. října 2020

Setting up Thunderbird for Office365 with two factor authentication

Let's walk through setup of Mozilla Thunderbird mail client to read mail from Office365 with 2-factor authentication. We will also setup the shared mailbox here.

Googling around and searching for a solution to setup mail client for use with Microsoft Office365 you can get quite a lot of manuals, for example this. However they works only with 1-factor authentication. There are two solutions how achieve the goal with 2-factor for which you have to use use OAuth2 method.

Use an Owl plugin for older versions of Thunderbird (prior 78). It works quite good but costs the money.
Use Thunderbird 78 and above.

So let's use the new version of Thunderbird, the account of a user in MS365 and a shared mailbox in MS365. Thunderbird settings are these then:

IMAP settings of user account

  Server Type: IMAP mail server
  Server name: outlook.office36.com
  Port: 993
  User Name: user@example.com
  Connection Security: SSL/TLS
  Authentication Method: OAuth2

SMTP settings of user account

  Server name: smtp.office36.com
  Port: 587
  Connection Security: STARTTLS
  Authentication Method: OAuth2
  User Name: user@example.com

IMAP settings of shared mailbox

  Server Type: IMAP mail server
  Server name: outlook.office36.com
  Port: 993
  User Name: shared-mailbox@example.com
  Connection Security: SSL/TLS
  Authentication Method: OAuth2

When prompted for a password for shared-mailbox@example.com in OAuth2 dialog, click "Use a different user" and provide credentials for your user account. So it's not necessary to create any password for the shared mailbox or setup the authentication method in MS365.

For SMTP of the shared mailbox just use the already configured SMTP for user.