HowTo: integrate pfsense's OpenVPN with a 3rd party notification service

Each time a client connects to the VPN / disconnects from the VPN, OpenVPN should trigger a script that will connect to a 3rd party service. This could be used for usage monitoring, security audits and more.
Assumption: OpenVPN is configured to use Radius for authentication.

In OpenVPN configuration file, find client-connect script configuration. OpenVPN with Radius auth has it configured as follows:
client-connect /usr/local/sbin/

Also make sure script-security is equal or greater than 2. See Openvpn manual for details.

Somewhere near the end of the script, add a call to your own script. Create your script from the following template:


NOTIFICATION_URL_CONNECT="< put your url here >" # for example, http://localhost/monitor.cgi?id=
NOTIFICATION_URL_DISCONNECT="< put your url here >"

if [ "$script_type" = "client-connect" ]; then
  echo "[connect] `date +"%Y-%m-%d %H:%M:%S"` executed as '$username'/$common_name from $untrusted_ip ($ifconfig_pool_remote_ip:$ifconfig_remote)" >> /var/log/zeuzeu.log
  /usr/local/bin/wget -O /dev/null "$NOTIFICATION_URL_CONNECT$username"
elif [ "$script_type" = "client-disconnect" ]; then
  /usr/local/bin/wget -O /dev/null "$NOTIFICATION_URL_DISCONNECT$username"
  echo "[disconnect] `date +"%Y-%m-%d %H:%M:%S"` executed as '$username'/$common_name from $untrusted_ip ($ifconfig_pool_remote_ip:$ifconfig_remote)" >> /var/log/zeuzeu.log


OpenVPM manual
Pfsense forum
OpenVPN Server Setup
How can I setup OpenVPN with IPv4 and IPv6 using a tap device?
Connects, but no comms between VPN and LAN2

Expanding filesystems in ESXi Virtual Machines on the fly

HowTo: update GeoLite Free Downloadable Databases

Here is a quick script to update MaxMind databases on Centos 6.
Use at your own risk - no warranty!!!


## -- Automatic update of MaxMind GeoLiteCountry and GeoLiteCity databases
##   ./
##   This utility updates MaxMind GeoLiteCountry and GeoLiteCity databases.
##   It requires 'wget' utility to work properly.
##   The databases are downloaded directly from MaxMind.
##   The old databases are backed up as .old.
## Copyright (c) 2014 

## TODO:
##   Recovery/rollback on error option
##   Currently, if error occurs, a full backup of /usr/share/GeoIP/ directory
##   remains and can be used for manual restore.
##   See TEMP_BACKUP variable for details.




# Uncomment the line below if you do not want backups



TEMP_BACKUP="/tmp/geoupdate-`date +%d-%b-%Y`.tgz"

# This script requires 'wget' utility. If 'wget' can't be found in PATH,
# specify the full path explicitly by modifying WGET variable below:
WGET=`/usr/bin/which wget 2>&-`;

# 1. Let's start with some error checking: WGET and GEOIP_LOCATION must exist.
if [ -z "$WGET" ] || [ ! -e "$WGET" ]; then
  echo "Fatal error: '$WGET' not found; can't proceed.";
  exit 1;

if [ ! -d "$GEOIP_LOCATION" ]; then
  echo "Fatal error: could not find '$GEOIP_LOCATION' directory."
  exit 2;
if [ "0" -ne "$?" ]; then
  echo "Fatal error: can't change to '$GEOIP_LOCATION' directory; Check permissions and try again";
  exit 3;

# 2. Create a full directory backup

#tar cvfz "/tmp/geoupdate-`date +%d-%b-%Y`.tgz" -C "$GEOIP_LOCATION" --wildcards '*.dat'
(cd $GEOIP_LOCATION; tar cfz $TEMP_BACKUP *.dat;)
# error checking must follow here
if [ "0" -ne "$?" ]; then
  echo "Fatal error: can't backup '$GEOIP_LOCATION' directory.";
  exit 4;

# 3. Download everything


# 4. Backup current databases; delete old backups in the process
if [ ! -z "$DB_BACKUP_PREFIX" ]; then
  for f in $DB_FILES; do
    [ -f "$f$DB_BACKUP_PREFIX" ] && /bin/rm "$f$DB_BACKUP_PREFIX"
    /bin/mv "$f" "$f$DB_BACKUP_PREFIX"

# 5. Unpack the updates

for f in *.gz; do
  gunzip -c "$f" > `basename "$f" .gz`

# 6. Verify
for f in $DB_FILES; do
  [ ! -f "$f" ] && echo "Fatal error: '$f' could not be downloaded." && exit 5;

# 7. Clean everything up (comment out the line below if you want to keep the backup)
/bin/rm "$TEMP_BACKUP"

HowTo: restore SSH access to HP Procurve 2810-48G switch

If you connect to your switch with multiple SSH sessions and lose network connection, you might end up with no access to the switch as there is a limit on a number of active sessions the switch supports.

How do you kill SSH sessions if you can't log in?
If you are lucky to have SNMP configured on the switch, you can kill the stalled sessions via SNMP.
From your Linux management station execute:

snmpwalk  -v1 -c private tcpConnState | grep

where private is your community string and is the management IP address of your switch.

This will list all SSH sessions like this: = INTEGER: established(5)

where is IP address you connected to the switch from. To kill this session, execute:

snmpset -v1 -c private i deleteTCB

That's it.

neither ... nor ...

The Oxford Dictionary of American Usage and Style says:
"neither ... nor. Singular or Plural Verb. This construction takes a singular verb when the alternatives are singular or when the second alternative is singular... Moreover, the verb should precisely match the form mandated by the second of alternatives."

Also see , in particular:

"When subjects are connected with neither/nor, the one closest to the verb controls the agreement. Thus, neither you nor I am."