Welcome to Cameron's Adams State web page.

About me.

All posts

Recently aquired an ONIE switch from Penguin Computing to investigate it's capabilities. The switch is an Arctica model 4804i with 2GB RAM, dual PowerPC e500v2 processors, and runs Cumulus Linux. The environment proved fairly easy to configure with some knowledge of Debian networking.
In our case a baseline configuration was established via puppet with little effort beyond installing the puppet client. It's pretty sweet to see 48 1Gb and 4 10Gb network interfaces list out:

  ip addr sh
  4: swp2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500
  link/ether 6c:64:1a:00:9d:d0 brd ff:ff:ff:ff:ff:ff
  5: swp3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500
  link/ether 6c:64:1a:00:9d:d1 brd ff:ff:ff:ff:ff:ff
  6: swp4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500
  link/ether 6c:64:1a:00:9d:d2 brd ff:ff:ff:ff:ff:ff
  7: swp5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500
  link/ether 6c:64:1a:00:9d:d3 brd ff:ff:ff:ff:ff:ff
  54: swp52: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500
  link/ether 6c:64:1a:00:9e:02 brd ff:ff:ff:ff:ff:ff

Openvpn is not in the Cumulus Linux repository, so the following Debian Wheezy deb files were downloaded and installed:

  wget http://ftp.debian.org/debian/pool/main/o/openvpn/openvpn_2.3.2-7~bpo70+2_powerpc.deb
  wget http://http.us.debian.org/debian/pool/main/p/pkcs11-helper/libpkcs11-helper1_1.09-1_powerpc.deb 
  wget http://ftp.debian.org/debian/pool/main/e/easy-rsa/easy-rsa_2.2.2-1~bpo70+1_all.deb
  dpkg -i openvpn_2.3.2-7~bpo70+2_powerpc.deb
  dpkg -i libpkcs11-helper1_1.09-1_powerpc.deb
  dpkg -i easy-rsa_2.2.2-1~bpo70+1_all.deb

The Arch Linux wiki openvpn page has nice tutorials on setting up an easy-rsa and openvpn environment. Just remember, everything is already installed via the deb packages so no pacman needed.

A 4096 bit dh parameter file was was created on a local PC, and 4096 bit RSA key pairs don't take long on the switch itself.

  openssl dhparam -out dh4096.pem 4096

The use case needed the VPN to listen on an interface in a DMZ and exit on an interface in a management network.

  cloud --> DMZ --> VPN --> management

Clients manage devices in the DMZ from the management network. To avoid traffic short circuit to the DMZ interface from VPN clients a source or policy route was set up (use your own gateway for xxx)

  echo 200 custom >> /etc/iproute2/rt_tables
  ip rule add from lookup custom
  ip route add default via xxx.xxx.xxx.xxx dev swp12 table custom

A running openvpn daemon appears to use around 3 MB RAM. At first glance a dirt cheap vpn concentrator could be easily created.

Posted Fri 21 Aug 2015 04:30:50 PM MDT Tags:

In playing around with a new ASUS Chromebox, tried out the set_gbb_flags.sh utility with flags 0x489 to skip past the verification screen straight into dev mode using the legacy seabios. Worked great, except the shipped legacy bios does not recognize the USB keyboard and so grub can't see the ESC keypress and tries to boot ChromeOS from local SSD which fails. A newer bios fixes this problem.

Here is what worked to restore the box. Used a linux desktop, USB stick, SDD to SATA adapter, and SATA to USB adapter.

Download a Chromium OS build from Arnold the Bat.

Pull the SSD card from the chromebox and use the SSD to SATA adapter, plugged into the SATA to USB to write the Chromium OS on the drive:

  # dd if=Camd64OS-20140810010101.img of=/dev/(your block device here) bs=4M

Put the SSD back into the chromebox and boot it up. The Grub configuration on Chromium OS is set to try and boot from USB first and does recognize the USB controller. So now prepare the USB stick with Chromium OS (same dd command as above), plug it into the chrome box and reboot. Chromium OS should come up.

That's great but Chromium OS does not appear to ship with the set_gbb_flags.sh script or the utilities it wants to call, common_minimal.sh, gbb_utility, and flashrom.

Get the Chrome OS recovery image for the ASUS Chromebox.
It will be downloade as a zip file something like:


On the linux desktop unzip it and mount up partition 3 of the file

  # unzip chromeos_5712.88.0_panther_recovery_stable-channel_mp.bin.zip
  # kpartx chromeos_5712.88.0_panther_recovery_stable-channel_mp.bin
  # mkdir /tmp/cros3
  # mount -o ro /dev/mapper/loop0p3 /tmp/cros3 

The necessary files (set_gbb_flags.sh, common_minimal.sh, gbb_utility, flashrom) are in /tmp/cros3/usr/bin/old_bins/

Copy them to your running Chromium OS via SSH and reset the bios boot with

  sudo set_gbb_flags.sh 0x0

Now get completly get back to square one via the normal Chrome OS recovery procedure using the recovery image already downloaded.

Posted Wed 27 Aug 2014 10:39:22 AM MDT Tags:

Powered by ikiwiki.