-
The joys and pains of a VPN
After many years of securing each service, i.e. email, web site, etc. for my servers and servers I managed, I came to realize that the only way to secure a company with more than 1 server is with a VPN. Now that I've used a VPN for about a week, I'm extremely happy with it. This will allow us to stop maintaing the firewall on 7 separate servers! My IT coordinator has done an amazing job at getting it running and when he was stuck, he called in a pro (knowing when to say that you don't know something scores points in my book).
This week, we were trying to connect our San Diego office to our main Minneapolis office. This proved to be much harder than it should have been. We have Cisco routers on both ends and used the EZVPN in the router to establish the connection; turns out it wasn't very easy. We had it working yesterday, but when I took it into the office, it failed to work. I took another stab at it today. After lots and lots of Google searching, I stumbled across some information about MTUs and made a few changes that amazingly got the VPN working flawlessly! The problem was that I could make connections that only sent a little data, but SSH connections and full web pages over the VPN failed.
The following are changes I had to make to the Cisco 871 on the remote side:
crypto isakmp keepalive 10 periodic
For the Vlan and Ethernet interfaces, I set:
ip mtu 1400
and on the Vlan1 interface, I set:
ip tcp adjust-mss 1200
(The last bit was the key.)
I'm tempted to get Cisco certified, but I'd probably pull my hair out if I encountered a problem like this again.
-
Picking the right shoes
When I was young, the only shoes that would fit were the blue ones! That was then, now things are a bit more complicated. Up until I started running, I just got some cheap shoes and didn't really care. Road Runner Sports has a free service called Shoe Dog that helps you pick the right shoe based on so criteria, a tread mill test, and an analysis of your arch. I had been using the same series of shoe, Asics GT-2100 series for a few years. When I went to get my latest pair of shoes, I went with the GT-2140, the latest in the series. Turns out that they made some major changes to the shoe that made them very painful when running. Luckily Road Runner Sports has a 60 day guarantee on the shoes (if you're part of their "club") that allows you to run in them. I ran a few times and had such pain, that I returned to Road Runner Sports, did the Shoe Dog again and picked a Saucony shoe that so far is a bit more comfortable.
I'm amazed that I never paid much attention to shoes even though I have spent a lot of time walking and running; if I had known how much a shoe could make a difference in comfort, I would have spent the money for a good shoe a long time ago!
-
Courteous neighbors
Last Sunday, I went to take in our trash can and found a surprise, dog poop wrapped in a paper towel (no, I didn't touch it). The trash got picked up on Saturday, but I didn't get around to bringing in the can until the next day. To make matters worse, it rained, so I had to attempt to clean out the trash can by scooping out the poop with a stick and then hosing it down. What kind of neighbor, a) puts their dog's poop in someone else's trash can (I always take my dog's poop in a bag back home as I think it is rude to deposit it in someone else's trash can and b) didn't use a bag to scoop the poop!
Uggh. We live in a pretty decent neighborhood and have friendly neighbors, but I guess when people aren't watching people just do whatever they want.
-
Tough decisions
About 4 years ago, I became a trained member of my local CERT, Community Emergency Response Team. I attended meetings did training, and even helped out during the 2007 wildfires here in San Diego. As my Disaster Service Worker card expires in June, I started looking at what it took to renew it. There was a lot of email flying around about the requirements and they changed a few times in the last few weeks (about 1.5 years ago, the CERT coordinator for San Diego left for a new job and was replaced by someone that seems bent on making life hard for us volunteers). Last night I went to my local CERT meeting and they talked about the requirements to renew the card and then brought up the topic that they've been talking about for 4 years and that is how to outfit a container box that it has with supplies as the money is coming from the city. The box is a huge step forward (it actually exists), but the money still hasn't been released by the city (it comes from "developer funds" that people paid when our community was first built). Will the city ever release the funds? I don't know and I'm a bit tired of it.
When I came home last night, I made a decision that both saddened me and relieved me at the same time. I decided not to continue with CERT. I really like the concept of being a community volunteer in case of a disaster, but the hoops that I'd have to go through to continue to be a volunteer are just not worth my time. I will be renewing my EMT certification which I've done every two years for the last 16 years, so that I can continue to be trained in case a disaster strikes or maybe I cut my finger and I need to patch myself up.
Judging by the low attendance and some of the discussion at the meeting last night, I won't be surprised if CERT membership declines rapidly. I really like the concept of CERT and believe it can be an invaluable resource, but it seems like there is far too much politics involved in my local CERT (the new coordinator won't let anyone email her; we must go through our area people who then talks to a liaison who then talks to her or something like that; the old coordinator responded to a number of my email messages and never made people go through hoops like this).
In any case, I liked being part of CERT, but it is time for me to move on. I wish CERT the best of luck and I hope that things turn around and interest in CERT goes back up.