L2TP/IPSEC on Cisco ASA

This is the configuration for L2TP/IPSEC on Cisco ASA.
This assumes that there is an aaa-server configured named ad_vpn for vpn users.
When using aaa-server protocol ldap then only pap is valid authentication type.
If you use radius authentication instead of ldap then ms-chap-v2 authentication can be enabled.

ip local pool vpnclient 172.16.20.100-172.16.20.120 mask 255.255.255.0

access-list vpnclient_splitTunnelAcl remark Internal
access-list vpnclient_splitTunnelAcl standard permit 192.168.45.0 255.255.255.0

group-policy vpnclient internal
group-policy vpnclient attributes
vpn-tunnel-protocol IPSec l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpnclient_splitTunnelAcl
intercept-dhcp enable

tunnel-group DefaultRAGroup general-attributes
address-pool vpnclient
authentication-server-group ad_vpn
default-group-policy vpnclient
strip-realm
strip-group
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication pap
no authentication chap
no authentication ms-chap-v1

crypto ipsec ikev1 transform-set l2tp1 esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set l2tp1 mode transport
crypto ipsec ikev1 transform-set l2tp2 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set l2tp2 mode transport
crypto ipsec ikev1 transform-set aes-256-l2tp esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set aes-256-l2tp mode transport

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set l2tp1 l2tp2 aes-256-l2tp
no crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs

crypto isakmp nat-traversal 20

crypto ikev1 policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400

crypto ikev1 enable outside

					

Installing FreeBSD on an existing ZFS pool

This post assumes that the zpool is using raw disks instead of partitions.
It is also assumed that the name of the existing zpool is pool0.

Start by booting the livecd and enter the shell.

Import the existing zpool:

# zpool import pool0

 

Create the new dataset for the root, and set the mountpoint to /mnt for the installation.

# zfs create pool0/ROOT
# zfs create -o mountpoint=/mnt -o canmount=noauto pool0/ROOT/FreeBSD
# zfs mount pool0/ROOT/FreeBSD

 
Fetch the installation files and install the distribution:

# cd /mnt
# fetch ftp://ftp.se.freebsd.org/pub/FreeBSD/releases/amd64/amd64/10.3-RELEASE/base.txz
# fetch ftp://ftp.se.freebsd.org/pub/FreeBSD/releases/amd64/amd64/10.3-RELEASE/kernel.txz
# fetch ftp://ftp.se.freebsd.org/pub/FreeBSD/releases/amd64/amd64/10.3-RELEASE/ports.txz
# fetch ftp://ftp.se.freebsd.org/pub/FreeBSD/releases/amd64/amd64/10.3-RELEASE/src.txz
# tar xvpf base.txz
# tar xvpf kernel.txz
# tar xvpf ports.txz
# tar xvpf src.txz
# cd /

 
Make the system bootable (change ada0 to your hdd):

# echo 'zfs_load="YES"' >> /mnt/boot/loader.conf
# echo 'zfs_enable="YES"' >> /mnt/etc/rc.conf
# zpool set bootfs=pool0/ROOT/FreeBSD pool0
# zfs unmount pool0/ROOT/FreeBSD
# zfs set mountpoint=/ pool0/ROOT/FreeBSD
# zpool export pool0
# sysctl kern.geom.debugflags=0x10
# dd if=/boot/zfsboot of=/dev/ada0 count=1
# dd if=/boot/zfsboot of=/dev/ada0 iseek=1 oseek=1024

 
Reboot and login as root, then change your password and do your usual configuration to /etc/rc.conf.

Closeups of crud on ks10008 board

I believe that some liquid have entered this board, most likely through the hole in the dvi connector, more specifically the hole from analog ground which has no metal pin.

Some close-ups using the usb microscope camera.

photo_2016-04-14_12-17-55

Part of board closes to the DVI connector:
crud-png

Another image close to the connector:
mix

A bit further from the connector:
nc1