Month: November 2015

Joining RG316 Coaxial Antenna Cable

Recently I needed to join some lengths of RG316 antenna cable following an office move. This cable is used for a mobile phone repeater/booster on the input side and where it was wired into the building, the N-type plug had been fitted afterwards and was too large to pull out through the hole in the wall and the cable had to be cut.

After looking online and not really finding much useful information for this very thin cable I thought I’d detail what I did to make it work.

I started by cutting off the plug end, but leaving about 18 inches of cable just in case it went wrong then I had some extra cable to work with. Once you’re ready to reattach it in it’s new location, I stripped about 1.5 inches of the outer insulation from both ends to be joined, being careful not to damage the braid/shield conductor.

Next, you’ll want to push the shielding back to expose the inner core, it may be tight and not move easily but with a bit of a wiggle I was able to do this.

Take some suitable size heat shrink tubing that is large enough to fit over the outer cable and slide that on before we go any further. Then, cut off about a quarter of an inch of the inner core on one side and strip a small amount of insulation from both inner cores. Take a piece of very thin heat shrink tubing and cut it to a suitable length to put over the inner core to cover your join and then solder the core, slide the tubing over the join and heat it up to shrink it on.

We’re almost done now. Push the braiding back over the inside join, if you have cut the lengths right there should be an overlap of about a quarter of an inch on the braiding and both sides of it should ‘mesh’ together in the middle. Now carefully, you want to solder the outside of these braids together, I’d suggest doing it in small spots and don’t hold the soldering iron on it for very long otherwise you’ll end up melting the heat shrink tubing in the inner core. If you’ve got good quality cable and solder it should work easily and the solder will flow nicely around the braid to create a very good joint.

Finally, slide the larger heat shrink tubing we put on earlier over the whole join and heat it up to shrink it which will protect the join and help strengthen it.

It’s important that you join the cable in this way so that the braid surrounds the join. Many people would just twist up the braid and join both the braid and inner core using a screw terminal block but this is very bad for the signal and makes is susceptible to a lot of external interference. When we are working with cellular or otherwise very weak signals this would make it very problematic. After what I have done here, we have a 30 meter length of cable from the antenna to the booster box and we are receiving a full 5 bars of signal on the input side which is very good considering the length of the cable run and goes to show that using good quality cable along with quality fittings can really make or break a job.

I wish I had taken some photos along the way when I was working on this but hopefully you can work out what I am trying to explain here. As always, if you have any questions please feel free to let me know in the comments.

Using ESXi Customizer on Windows 10

I recently required the use of ESXi Customizer to integrate some NIC drivers into my ESXi 5.5 ISO.

Having never used it before, I was surprised to see that it was not compatible with Windows 10 but as the script is now unsupported, I understand why. I’m no programmer but it states that it is supported on Windows 8 and 8.1 so 10 should be similar enough to work so I got cracking to disable the compatibility checks and see if I could make use of it.

Once you’ve downloaded and extracted ESXi Customizer, you’ll have a bunch of files in a folder. The file we are looking for is called ESXI-Customizer.cmd and you need to open that in a text editor such as Notepad, you should be able to right-click it and choose ‘Edit’ to do this.

Then you need to find and remove the following lines:

if /I "%1"=="silent" goto :eof
if "!WinVer!"=="5.0" call :logCons --- INFO: Running on Windows 2000. What?!
if "!WinVer!"=="5.1" call :logCons --- INFO: Running on Windows XP.
if "!WinVer!"=="5.2" call :logCons --- INFO: Running on Windows Server 2003.
if "!WinVer!"=="6.0" call :logCons --- INFO: Running on Windows Vista or Server 2008.
if "!WinVer!"=="6.1" call :logCons --- INFO: Running on Windows 7 or Server 2008 R2.
if "!WinVer!"=="6.2" call :logCons --- INFO: Running on Windows 8 or Server 2012.
if "!WinVer!"=="6.3" call :logCons --- INFO: Running on Windows 8.1 or Server 2012 R2.
if "!WinVer!" GTR "6.3" call :logCons --- WARNING: Running on a Windows newer than 8.1 / 2012 R2. Don't know if this will work ...
if "!WinVer!" LSS "5.1" call :earlyFatal Unsupported Windows Version: !WinVer!. At least Windows XP is required & exit /b 1
if "!WinVer!" NEQ "6.1" call :logCons --- WARNING: Your Windows version is supported for customizing ESXi 5.x, but not ESXi 4.1.

And save the file. Now, you can run it and use the program as needed and it will open and run on Windows 10. I wouldn’t recommend using this for anything mission-critical as I can’t guarantee there aren’t any bugs with running it on an unsupported system but for me it worked fine and the resulting ISO worked perfectly.

Securing VMWare ESXi on a Dedicated/Root Server with a Single IP Address, Single NIC

Before I start, I’ll say that the title above is misleading. It is not, to the best of my knowledge possible to run ESXi along with routing for your VMs on a single IP address but when I was researching the possibilities I found it extremely difficult to find information on this so this may help other users in a similar situation to find this post.

This post assumes that you have your dedicated server up and running with a version of VMWare ESXi, I chose version 5.5 but it should apply to other versions as well.

Start by creating a VM suitable for a firewall or router operating system, I highly recommend pfSense as it has a huge feature set, it’s free and easy to use. For my VM, I created this with 2GM RAM (overkill for my use but this server has a ton of RAM in it so…), 2  NICs, a 64GB virtual hard drive and 2 CPU cores which again is overkill for my use but why not…

I found the best way to install it is to upload the ISO to your ESXi datastore before installing it as I had issues when mounting it through vSphere client. Run through the installation as you normally would, the options are pretty self explanatory. Once you’ve done that and rebooted the VM you’re ready to start setting it up.

From vSphere, start by heading to the Configuration section for your server, then the Networking section. You will want to create a new vKernel with a private IP range, e.g., enable this for management access as well and leave the current gateway IP address as it is for now, and within that a new vSwitch for your VMs to connect to. Assign one of your pfSense NICs to the original vSwitch, and the other to your newly created private vSwitch. Then, head over to your pfSense VM console and use the menu to assign the interfaces appropriately, for the WAN NIC you should assign the second public IP that your host has provided. (If you haven’t already, and if it applies to you, make sure your pfSense VM has the correct MAC address configured for the IP address that you were provided with). Then if necessary, you can also change the LAN IP range from this same menu if the vKernel you made is different to the default for pfSense.

Next, you’ll need another VM running to make life easier with the rest of it. I chose to setup a basic Windows 7 install (again, uploading the ISO to the datastore first will save a ton of headaches) and attach the NIC of this VM to your private vSwitch. If all has gone to plan you should immediately be able to access the internet from this VM and more importantly, the pfSense Web Interface. So go ahead and login to that, the default username is ‘admin’ and password is ‘pfsense’. It’s a good idea to setup a remote access software of some kind so if you lock yourself out of vSphere, you can still access this VM to correct any issues, TeamViewer is a good option here.

Then, you will want to achieve something like this eventually:

Once you have got vSphere management and remote access to your Windows VM, you’re now ready to change your gateway settings on ESXi to remove it’s public IP address. Go into the properties for your second vKernel and find the IP address settings, click Edit next to the gateway address and change it to the internal IP address of your pfSense firewall. If all goes to plan you will temporarily lose access to vSphere. Then, login to your remote access and load up vSphere there, go into the properties of the original vSwitch and remove the management network options from it. That should then release the IP address and block external access to your ESXi host so for the moment you are limited to managing the host through the Windows VM.

If you require external management for the system, you can login again to pfSense and configure port forwarding rules and IP restrictions to allow management over your second public IP. I chose to setup a OpenVPN bridge to my home network so all VMs were accessible from my home network as well which is perfect for my use.

The only downside to all of this is that if for some reason your pfSense VM ever fails to boot, you’ve then got very little way of managing the ESXi host to correct the problem. My host, Hetzner, offers an IP-KVM service to give me BIOS-level access to the server which I hope will be adequate to fix any future issues should they arise.

Disclaimer: This solution may not be best practice or reliable, and I’m not an IT security expert but I believe the solution I have detailed here is secure enough to protect your server. However I cannot be held responsible if you do suffer a security breach as a result of following these instructions.

Do hit me up in the comments if you require assistance or would like to ask any further questions.

Cheap Dedicated Servers from Hetzner

After looking to upgrade my home IT infrastructure which is getting a bit of a headache to maintain, a friend of mine from #sh-hackspace recommended the folks at Hetzner for an affordable dedicated server, normally I would have shied away from such a solution due to the cost but in this case Hetzner really did seem to offer some great prices for a high spec server. They have a ‘Serverbidding’ system which is a Dutch auction (where the price goes down over time until someone buys it) where they have all their previously used servers up for grabs. Most of which are very affordable and high spec especially for such a low price.

So I took the plunge and decided on an i7-3770 server with 32GB RAM and 2x 3TB hard drives all for around 30 Euros a month, which equates to about £22 a month. It was a no brainer. After some initial problems with registering where they must have thought I was a suspicious character and rejected my order after providing my ID (which is a requirement for your first order with them), I had a little moan on their Facebook page and got everything worked out.

I have to say this system is impressive. So far I have installed VMWare ESXi 5.5 on the box so I can migrate some of my home virtual machines to it, and still have a ton of headroom on top of that to experiment with new things. Firstly this involved customizing the installation ISO to include Realtek NIC drivers to support the server (more on that in a future post). Hetzner do offer different NICs at additional cost, which works out around £9 a month for their ‘Flexi Pack’ which is required for all hardware upgrades, along with the price of the NIC itself which is around £18, I could have gone down this route but as it’s mostly for hobby use and I didn’t need official support, it wouldn’t have been cost effective. Hetzner also provide free use of their IP-KVM system for up to 3 hours to allow BIOS-level control of the server and with this, it also allows you to install a custom OS such as ESXi from my modified ISO file.

I did have to order an additional IP address though to use ESXi effectively on the server as the server itself requires a public IP (of which one is included with it) but then you also have to route all traffic from virtual machines through another one. I choose to go with pfSense as the firewall/router OS of choice as I’ve used it for many years at home and I am familiar with it. So I installed this and configured the MAC address of the pfSense VM to the one provided by Hetzner for the additional IP address, then it was just a case of setting up the interfaces in pfSense and I was ready to go.

There are some security considerations that cannot be ignored when running ESXi on a publicly-accessible server. Basically, it’s not designed to be. There are limited firewall options within the configuration but by default everything is open to the world, I will detail in my next post how I configured my server to be secure in this respect.