2 files changed, 123 insertions, 0 deletions
diff --git a/content/posts/archlinux-and-bridged-libvirt-plus-ufw.rst b/content/posts/archlinux-and-bridged-libvirt-plus-ufw.rst
new file mode 100644
index 0000000..cb4850d
--- /dev/null
+++ b/content/posts/archlinux-and-bridged-libvirt-plus-ufw.rst
@@ -0,0 +1,68 @@
+Arch+libvirt+bridges+ufw
+########################
+:date: 2014-07-03 14:48
+:tags: archlinux,libvirt,network-bridge,ufw,netctl
+
+I never thought getting bridged network for libvirt 
+clients to work under archlinux. Here is the digest.
+
+Adding Bridge Network with netctl
+---------------------------------
+eth0 needs to be up in order to get the bridge working
+
+
+**/etc/netctl/bridge**
+
+.. code-block:: bash
+    
+    Description='bridge'
+    Interface=br0
+    Connection=bridge
+    BindsToInterface=(eth0)
+    IP=static # or dhcp
+    Address=('1.2.3.4/24')
+    Gateway='1.2.3.1'
+    DNS=('1.2.3.3')
+    ExecUpPost="brctl stp $Interface on||:"
+
+**/etc/netctl/eth_bridged**
+
+.. code-block:: bash
+    
+    Description='eth0 without ip'
+    Interface=eth0
+    Connection=ethernet
+    IP=no
+    IP6=no
+
+**enable the bridge**
+
+.. code-block:: bash
+
+    systemctl disable dhcpcd@eth0 # if applicable
+    netctl enable bridge
+    netctl enable eth_bridged
+
+After a reboot the interface should be available and libvirt should be able to use the bridge for libvirt clients.
+If you have ufw in place, add this line to **/etc/ufw/before{,6}.rules** between \*filter and COMMIT :
+
+.. code-block:: bash
+
+    -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
+
+maybe you also need the following lines in **/etc/sysctl.d/bridge.conf**:
+
+.. code-block:: bash
+
+    net.bridge.bridge-nf-call-ip6tables = 0
+    net.bridge.bridge-nf-call-iptables = 0
+    net.bridge.bridge-nf-call-arptables = 0
+
+enable security changes
+
+.. code-block:: bash
+
+    ufw disable
+    ufw enable
+    sysctl -p /etc/sysctl.d/bridge.conf
+
diff --git a/content/posts/scripting-forti.rst b/content/posts/scripting-forti.rst
new file mode 100644
index 0000000..7ee3a23
--- /dev/null
+++ b/content/posts/scripting-forti.rst
@@ -0,0 +1,55 @@
+Scripting the Fortigate VPN Client
+##################################
+:date: 2014-09-12 13:37
+:tags: expect, fortigate
+
+Again there was a need to fix frickelsoftware. In that case i needed a permanent vpn connection via the fortigate vpn client .
+Problem is, that the tunnel disconnects after some time but the client does not exists and that input cannot simply piped into the executable.
+
+I wrote an Expect script which works work around both issues:    
+
+.. code-block:: tcl
+    
+    #!/usr/bin/expect -f
+    # cd into the 64 bit folder of the client
+    # usage: efort.exp
+
+    spawn ./forticlientsslvpn_cli --server <VPNIP>:<VPNPORT> --vpnuser <VPNUSER> 2>&1
+    log_user 0
+    send_user "Logging in\n"
+    expect "Password for VPN:"
+    send "<VPNPASSWORD>\n"
+
+    # i needed ths for 'certificate error'
+    expect "Would you like to connect to this server"
+    send "Y\n"
+    send_user "Beginning to connect\n"
+    expect "STATUS::Tunnel running"
+    send_user "Tunnel running!\n"
+
+    # this is how long the next expect waits for pattern match, in seconds
+    set timeout 90001
+    expect "STATUS::Tunnel closed"
+    send_user "Tunnel closed!\n"
+    send_user "Dying\n"
+    close
+    exit
+
+
+At the end, enterprise-loop the script and we are done!
+
+.. code-block:: bash
+
+    #!/bin/sh
+    cd "$(dirname "$(readlink -f "$0")")"
+    while sleep 1;do
+        expect efort.exp
+        echo "Restarting forticlient !"
+    done
+
+
+Fyi: It seems it is not that easy to find the fortigate client for linux, if you are lucky you can get it from the `official FTP server`_ or have a look at the current `fortclientsslvpn AUR package`_.
+
+
+.. _official FTP server: ftp://pftpintl:sgn89IOngs@support.fortinet.com/FortiGate/v5.00/5.2/5.2.0/VPN/SSLVPNTools/forticlientsslvpn_linux_4.4.2303.tar.gz
+.. _fortclientsslvpn AUR package: https://aur.archlinux.org/packages/forticlientsslvpn/