YAML Files for ESP32

 Gree Versati III

https://gist.github.com/slanckma/3bad4ff49545488a3719766bdf0cdc76

TUF-2000M Water flow sensor

https://gist.github.com/slanckma/78c22fbb39e974607e3f3dc83933aaba

Homey Dongle integration in HA

https://gist.github.com/slanckma/cd979360bce88118ffde4503363dd14a

Athom Garage door opener

https://gist.github.com/slanckma/37030a51a75202c320205b0cbc68277d

online video m3u8 download

 
Chrome -> dev tools -> network -> filter m3u8

Copy player.js m3u8 URL to VLC -> File -> Open Network -> Stream Output -> Settings

Name and mp4

Click OK and wait for timebar to complete.

Home Assistant Gree Versati III modbus ESP32

 

Versati III has an interface that communicates via the Modbus software protocol over RS-485 (physical layer standard). RS-485 can between -7 and +12V.

This needs to be converted to TTL, Transistor-Transistor Logic, which operates at low voltages. TTL can be read by ESP32 (not RS-485)

Based on 

https://github.com/peca2345/ESPHome-modbus-heatpump-Gree-Versati-III/blob/main/README.md

Wiring Diagram

Versati_Modbus----RS485--DollatekModule--TTL----ESP32

Hardware

ESP32 NodeMCU Module USB Type-C ESP32 Development Board Dual-Core 2.4GHz WiFi + Bluetooth CH340C for Arduino
https://www.amazon.com.be/dp/B0D8VN3J77?ref=ppx_yo2ov_dt_b_fed_asin_title&th=1

Pinout

https://lastminuteengineers.com/esp32-pinout-reference/

Note that the pinout can be differently ordered.

DollaTek 5 x 5V MAX485 / RS485 TTL Module to RS-485 MCU Development Board

https://www.amazon.com.be/dp/B07DK4QG6H?ref=ppx_yo2ov_dt_b_fed_asin_title

A & B are the connector for RS-485.

DI, DE, RE, RO are the connectors for TTL.

Good article explaining TTL-RS485

https://vault.nimc.gov.ng/blog/esp32-rs485-ttl-converter-guide-1764801490#:~:text=Hey%20guys!,expand%20your%20ESP32's%20communication%20horizons!

Azure

 

Azure has several hierarchical levels.

From a technical perspective, the order is (highest first):

Subscription (PROD, DEV, ...).

Resource Group (grouping everything related to a service , like firewall, servers, ...)

Inside Resource Group we can have

- VMs 

- interfaces

- disks

-Virtual Networks

    - a VNET contains a big subnet which can then be split into smaller subnets.

    - Peering between VNETs

-  A routing table 

 - Network Security Group (Rules inbound outbound)

- NAT Gateway

- IP addresses

    

test

import os

import argparse

import json

def load_json_file(filepath):

    with open(filepath, 'r') as f:

        return json.load(f)

def find_json_by_id(ref_value, folder):

    for root, _, files in os.walk(folder):

        for fname in files:

            if fname.endswith(".json"):

                path = os.path.join(root, fname)

                try:

                    with open(path, "r") as f:

                        content = json.load(f)

                        if isinstance(content, dict) and content.get("listId") == ref_value:

                            return content

                except Exception:

                    continue

    return {}

def find_app_template_by_id(appref, folder):

    for root, _, files in os.walk(folder):

        for fname in files:

            if fname.endswith(".json"):

                path = os.path.join(root, fname)

                try:

                    with open(path, "r") as f:

                        content = json.load(f)

                        if content.get("appId") == appref or content.get("id") == appref:

                            return content.get("serverNames", [])

                except Exception:

                    continue

    return []

def process_policy(input_json, base_dir):

    output = []

    lines = json.dumps(input_json, indent=2).splitlines()

    i = 0

    while i < len(lines):

        line = lines[i]

        output.append(line)

        if '"ref"' in line:

            ref_value = line.split(":")[1].strip().strip('",')

            prev_line = lines[i - 1] if i > 0 else ""

            if "DataPrefixList" in prev_line:

                data = find_json_by_id(ref_value, os.path.join(base_dir, "policy_lists", "DataPrefix"))

                name = data.get("name")

                if name:

                    output.append(' ' * 10 + f'"name": "{name}",')

                for entry in data.get("entries", []):

                    if "ipPrefix" in entry:

                        output.append(' ' * 10 + f'"ipPrefix": "{entry["ipPrefix"]}",')

            elif "appList" in prev_line:

                data = find_json_by_id(ref_value, os.path.join(base_dir, "policy_lists", "App"))

                name = data.get("name")

                if name:

                    output.append(' ' * 10 + f'"name": "{name}",')

                for entry in data.get("entries", []):

                    if "app" in entry:

                        output.append(' ' * 10 + f'"app": "{entry["app"]}",')

                    if "appRef" in entry:

                        #output.append(' ' * 10 + f'"appRef": "{entry["appRef"]}",')

                        servers = find_app_template_by_id(entry["appRef"], os.path.join(base_dir, "policy_templates", "CustomApp"))

                        for server in servers:

                            output.append(' ' * 10 + f'"serverName": "{server}",')

        i += 1

    return output

def main():

    parser = argparse.ArgumentParser(description="Expand Cisco SD-WAN policy file with inlined entries.")

    parser.add_argument("base_dir", help="Base directory (extracted from policy.tar)")

    parser.add_argument("input_file", help="Filename of the input policy (e.g. CHINA-DATA-POLICY-S1.json)")

    args = parser.parse_args()

    input_path = os.path.join(args.base_dir, "policy_definitions", "Data", args.input_file)

    input_data = load_json_file(input_path)

    output_lines = process_policy(input_data, args.base_dir)

    output_path = os.path.splitext(args.input_file)[0] + "_expanded.json"

    with open(output_path, "w") as f:

        f.write("\n".join(output_lines))

    print(f"✅ Expanded file written to: {output_path}")

if __name__ == "__main__":

    main()

Asus Entware

 Installed on USB device

Has tcpdump

If command doesn't work 

(caused when router reboots)

 do :

cd /tmp

ln -s /tmp/mnt/opt opt

EVE-NG GUI not working

 systemctl restart apache2

systemctl restart tomcat9

eve-ng NAT cloud not giving IP via DHCP

 find /etc -type f | xargs grep "172.29.129"

which gave me
/etc/udhcpd.conf:start 172.29.129.1 #default: 192.168.0.20
/etc/udhcpd.conf:end 172.29.129.253 #default: 192.168.0.254
/etc/udhcpd.conf:opt router 172.29.129.254

so now I know that the process is called udhcpd. Then did a
systemctl restart udhcpd

and now I'm getting an IP.

eve-ng c8000v image gives white console after template push

 Issue Cause: When vManage controls the cEdge, it change the CLI from "platform console serial" to "platform console virtual", once it changed, you lost the eve-ng console.

Following is what you need to do:

a) Create a CLI Add-On feature template, add "platform console serial" to the template

b) Associate this add-on template to the device template under the Additional Templates Section

c) Reboot your cEdge, then that fix the issue

IP Public subnets blocks

All blocks as big as possible except RFC1918

0.0.0.0/5
8.0.0.0/7
11.0.0.0/8
12.0.0.0/6
16.0.0.0/4
32.0.0.0/3
64.0.0.0/2
128.0.0.0/3
160.0.0.0/5
168.0.0.0/6
172.0.0.0/12
172.32.0.0/11
172.64.0.0/10
172.128.0.0/9
173.0.0.0/8
174.0.0.0/7
176.0.0.0/4
192.0.0.0/9
192.128.0.0/11
192.160.0.0/13
192.169.0.0/16
192.170.0.0/15
192.172.0.0/14
192.176.0.0/12
192.192.0.0/10
193.0.0.0/8
194.0.0.0/7
196.0.0.0/6
200.0.0.0/5
208.0.0.0/4

Blocks split in half

0.0.0.0/6
4.0.0.0/6
8.0.0.0/8
9.0.0.0/8
11.0.0.0/9
11.128.0.0/9
12.0.0.0/7
14.0.0.0/7
16.0.0.0/5
24.0.0.0/5
32.0.0.0/4
48.0.0.0/4
64.0.0.0/3
96.0.0.0/3
128.0.0.0/4
144.0.0.0/4
160.0.0.0/6
164.0.0.0/6
168.0.0.0/7
170.0.0.0/7
172.0.0.0/13
172.8.0.0/13
172.32.0.0/12
172.48.0.0/12
172.64.0.0/11
172.96.0.0/11
172.128.0.0/10
172.192.0.0/10
173.0.0.0/9
173.128.0.0/9
174.0.0.0/8
175.0.0.0/8
176.0.0.0/5
184.0.0.0/5
192.0.0.0/10
192.64.0.0/10
192.128.0.0/12
192.144.0.0/12
192.160.0.0/14
192.164.0.0/14
192.169.0.0/17
192.169.128.0/17
192.170.0.0/16
192.171.0.0/16
192.172.0.0/15
192.174.0.0/15
192.176.0.0/13
192.184.0.0/13
192.192.0.0/11
192.224.0.0/11
193.0.0.0/9
193.128.0.0/9
194.0.0.0/8
195.0.0.0/8
196.0.0.0/7
198.0.0.0/7
200.0.0.0/6
204.0.0.0/6
208.0.0.0/5
216.0.0.0/5

ip route vrf 1 0.0.0.0 248.0.0.0 Null0

ip route vrf 1 8.0.0.0 254.0.0.0 Null0

ip route vrf 1 11.0.0.0 255.0.0.0 Null0

ip route vrf 1 12.0.0.0 252.0.0.0 Null0

ip route vrf 1 16.0.0.0 240.0.0.0 Null0

ip route vrf 1 32.0.0.0 224.0.0.0 Null0

ip route vrf 1 64.0.0.0 192.0.0.0 Null0

ip route vrf 1 128.0.0.0 224.0.0.0 Null0

ip route vrf 1 160.0.0.0 248.0.0.0 Null0

ip route vrf 1 168.0.0.0 252.0.0.0 Null0

ip route vrf 1 172.0.0.0 255.240.0.0 Null0

ip route vrf 1 172.32.0.0 255.224.0.0 Null0

ip route vrf 1 172.64.0.0 255.192.0.0 Null0

ip route vrf 1 172.128.0.0 255.128.0.0 Null0

ip route vrf 1 173.0.0.0 255.0.0.0 Null0

ip route vrf 1 174.0.0.0 254.0.0.0 Null0

ip route vrf 1 176.0.0.0 240.0.0.0 Null0

ip route vrf 1 192.0.0.0 255.128.0.0 Null0

ip route vrf 1 192.128.0.0 255.224.0.0 Null0

ip route vrf 1 192.160.0.0 255.248.0.0 Null0

ip route vrf 1 192.169.0.0 255.255.0.0 Null0

ip route vrf 1 192.170.0.0 255.254.0.0 Null0

ip route vrf 1 192.172.0.0 255.252.0.0 Null0

ip route vrf 1 192.176.0.0 255.240.0.0 Null0

ip route vrf 1 192.192.0.0 255.192.0.0 Null0

ip route vrf 1 193.0.0.0 255.0.0.0 Null0

ip route vrf 1 194.0.0.0 254.0.0.0 Null0

ip route vrf 1 196.0.0.0 252.0.0.0 Null0

ip route vrf 1 200.0.0.0 248.0.0.0 Null0

ip route vrf 1 208.0.0.0 240.0.0.0 Null0

ip route vrf 1 0.0.0.0 252.0.0.0 Tunnel100592

ip route vrf 1 4.0.0.0 252.0.0.0 Tunnel100592

ip route vrf 1 8.0.0.0 255.0.0.0 Tunnel100592

ip route vrf 1 9.0.0.0 255.0.0.0 Tunnel100592

ip route vrf 1 11.0.0.0 255.128.0.0 Tunnel100592

ip route vrf 1 11.128.0.0 255.128.0.0 Tunnel100592

ip route vrf 1 12.0.0.0 254.0.0.0 Tunnel100592

ip route vrf 1 14.0.0.0 254.0.0.0 Tunnel100592

ip route vrf 1 16.0.0.0 248.0.0.0 Tunnel100592

ip route vrf 1 24.0.0.0 248.0.0.0 Tunnel100592

ip route vrf 1 32.0.0.0 240.0.0.0 Tunnel100592

ip route vrf 1 48.0.0.0 240.0.0.0 Tunnel100592

ip route vrf 1 64.0.0.0 224.0.0.0 Tunnel100592

ip route vrf 1 96.0.0.0 224.0.0.0 Tunnel100592

ip route vrf 1 128.0.0.0 240.0.0.0 Tunnel100592

ip route vrf 1 144.0.0.0 240.0.0.0 Tunnel100592

ip route vrf 1 160.0.0.0 252.0.0.0 Tunnel100592

ip route vrf 1 164.0.0.0 252.0.0.0 Tunnel100592

ip route vrf 1 168.0.0.0 254.0.0.0 Tunnel100592

ip route vrf 1 170.0.0.0 254.0.0.0 Tunnel100592

ip route vrf 1 172.0.0.0 255.248.0.0 Tunnel100592

ip route vrf 1 172.8.0.0 255.248.0.0 Tunnel100592

ip route vrf 1 172.32.0.0 255.240.0.0 Tunnel100592

ip route vrf 1 172.48.0.0 255.240.0.0 Tunnel100592

ip route vrf 1 172.64.0.0 255.224.0.0 Tunnel100592

ip route vrf 1 172.96.0.0 255.224.0.0 Tunnel100592

ip route vrf 1 172.128.0.0 255.192.0.0 Tunnel100592

ip route vrf 1 172.192.0.0 255.192.0.0 Tunnel100592

ip route vrf 1 173.0.0.0 255.128.0.0 Tunnel100592

ip route vrf 1 173.128.0.0 255.128.0.0 Tunnel100592

ip route vrf 1 174.0.0.0 255.0.0.0 Tunnel100592

ip route vrf 1 175.0.0.0 255.0.0.0 Tunnel100592

ip route vrf 1 176.0.0.0 248.0.0.0 Tunnel100592

ip route vrf 1 184.0.0.0 248.0.0.0 Tunnel100592

ip route vrf 1 192.0.0.0 255.192.0.0 Tunnel100592

ip route vrf 1 192.64.0.0 255.192.0.0 Tunnel100592

ip route vrf 1 192.128.0.0 255.240.0.0 Tunnel100592

ip route vrf 1 192.144.0.0 255.240.0.0 Tunnel100592

ip route vrf 1 192.160.0.0 255.252.0.0 Tunnel100592

ip route vrf 1 192.164.0.0 255.252.0.0 Tunnel100592

ip route vrf 1 192.169.0.0 255.255.128.0 Tunnel100592

ip route vrf 1 192.169.128.0 255.255.128.0 Tunnel100592

ip route vrf 1 192.170.0.0 255.255.0.0 Tunnel100592

ip route vrf 1 192.171.0.0 255.255.0.0 Tunnel100592

ip route vrf 1 192.172.0.0 255.254.0.0 Tunnel100592

ip route vrf 1 192.174.0.0 255.254.0.0 Tunnel100592

ip route vrf 1 192.176.0.0 255.248.0.0 Tunnel100592

ip route vrf 1 192.184.0.0 255.248.0.0 Tunnel100592

ip route vrf 1 192.192.0.0 255.224.0.0 Tunnel100592

ip route vrf 1 192.224.0.0 255.224.0.0 Tunnel100592

ip route vrf 1 193.0.0.0 255.128.0.0 Tunnel100592

ip route vrf 1 193.128.0.0 255.128.0.0 Tunnel100592

ip route vrf 1 194.0.0.0 255.0.0.0 Tunnel100592

ip route vrf 1 195.0.0.0 255.0.0.0 Tunnel100592

ip route vrf 1 196.0.0.0 254.0.0.0 Tunnel100592

ip route vrf 1 198.0.0.0 254.0.0.0 Tunnel100592

ip route vrf 1 200.0.0.0 252.0.0.0 Tunnel100592

ip route vrf 1 204.0.0.0 252.0.0.0 Tunnel100592

ip route vrf 1 208.0.0.0 248.0.0.0 Tunnel100592

ip route vrf 1 216.0.0.0 248.0.0.0 Tunnel100592

ip prefix-list PUBLIC-SUBNETS seq 1 permit 0.0.0.0/5

ip prefix-list PUBLIC-SUBNETS seq 2 permit 8.0.0.0/7

ip prefix-list PUBLIC-SUBNETS seq 3 permit 11.0.0.0/8

ip prefix-list PUBLIC-SUBNETS seq 4 permit 12.0.0.0/6

ip prefix-list PUBLIC-SUBNETS seq 5 permit 16.0.0.0/4

ip prefix-list PUBLIC-SUBNETS seq 6 permit 32.0.0.0/3

ip prefix-list PUBLIC-SUBNETS seq 7 permit 64.0.0.0/2

ip prefix-list PUBLIC-SUBNETS seq 8 permit 128.0.0.0/3

ip prefix-list PUBLIC-SUBNETS seq 9 permit 160.0.0.0/5

ip prefix-list PUBLIC-SUBNETS seq 10 permit 168.0.0.0/6

ip prefix-list PUBLIC-SUBNETS seq 11 permit 172.0.0.0/12

ip prefix-list PUBLIC-SUBNETS seq 12 permit 172.32.0.0/11

ip prefix-list PUBLIC-SUBNETS seq 13 permit 172.64.0.0/10

ip prefix-list PUBLIC-SUBNETS seq 14 permit 172.128.0.0/9

ip prefix-list PUBLIC-SUBNETS seq 15 permit 173.0.0.0/8

ip prefix-list PUBLIC-SUBNETS seq 16 permit 174.0.0.0/7

ip prefix-list PUBLIC-SUBNETS seq 17 permit 176.0.0.0/4

ip prefix-list PUBLIC-SUBNETS seq 18 permit 192.0.0.0/9

ip prefix-list PUBLIC-SUBNETS seq 19 permit 192.128.0.0/11

ip prefix-list PUBLIC-SUBNETS seq 20 permit 192.160.0.0/13

ip prefix-list PUBLIC-SUBNETS seq 21 permit 192.169.0.0/16

ip prefix-list PUBLIC-SUBNETS seq 22 permit 192.170.0.0/15

ip prefix-list PUBLIC-SUBNETS seq 23 permit 192.172.0.0/14

ip prefix-list PUBLIC-SUBNETS seq 24 permit 192.176.0.0/12

ip prefix-list PUBLIC-SUBNETS seq 25 permit 192.192.0.0/10

ip prefix-list PUBLIC-SUBNETS seq 26 permit 193.0.0.0/8

ip prefix-list PUBLIC-SUBNETS seq 27 permit 194.0.0.0/7

ip prefix-list PUBLIC-SUBNETS seq 28 permit 196.0.0.0/6

ip prefix-list PUBLIC-SUBNETS seq 29 permit 200.0.0.0/5

ip prefix-list PUBLIC-SUBNETS seq 30 permit 208.0.0.0/4

IP Fragmentation

Some basic info

Ethernet header is 14bytes

TCP header is 40byes

standard IP MTU is 1500bytes

DF is not set 

find MTU of source

powershell to see max MTU of win11:

netsh interface ipv4 show interfaces 

Send some test traffic that is bigger than the MTU of the source

ping -l 1600 <destination>

Check with wireshark at destination

fragmented in 2 packets

first packet

second packet

DF is set

Send some test traffic that is bigger than the MTU of the source 

ping -l 1600 -f <destination>

packet will be dropped at the laptop

Wireshark display GRE packets

 

display filter ip.proto == 47

Add colummn with the following details:

VRF Route leaking via static routes

R1

10.170.138.14

|

|

Gi1/9-10.170.138.13

SW001(VRF INTERNET)

|

SW001(GLOBAL)

|

SW001(VRF ATT)

Gi1/2-10.170.137.2

|

|

Gi1/1-10.170.137.1

Router

|

|

network

|

|

10.0.29.3

To achieve this, we do vrf route leaking via static routes. It is not possible to leak directly between to vrfs, but it is possible between vrf and global in both directions.

On SW001:
VRF INTERNET (leak destination to global)
ip route vrf INTERNET 10.0.29.3 255.255.255.255 10.170.137.1 global

VRF ATT (leak source to global)
ip route vrf ATT 10.170.138.14 255.255.255.255 10.170.138.14 global

GLOBAL (static route to next-hops defined in static routes above)
ip route 10.170.137.1 255.255.255.255 GigabitEthernet1/2
ip route 10.170.138.14 255.255.255.255 GigabitEthernet1/9

NAT and PAT on ASA

 Best reference

https://www.practicalnetworking.net/stand-alone/cisco-asa-nat/

mac securecrt send cisco break to rommon

 in securecrt configure session with VT220 keyboard mapping and press F5 continuously when the router boots.

OpenWRT linksys with TC and NETEM

 

install openwrt on e4200v2 

Open ssh and http on the WAN (disable firewall)

Via GUI of openwrt (LuCi) install tc-full and kmod-netem

Inject some delay:

tc qdisc add dev internet root netem delay 10ms

Disable delay:

tc qdisc del dev internet root

tc -s qdisc ls dev internet

vmware esxi letsencrypt certificate

 Good info on how to install ssl certificate on esxi

(note that I run 6.5 which only seems to work with w2c 1.0.0)

https://github.com/w2c/letsencrypt-esxi/wiki/Installation-via-Web-UI

https://www.it-connect.fr/vmware-esxi-lets-encrypt-la-solution-pour-obtenir-un-certificat-ssl-gratuit/

Defining traffic in Ostinato 

The following only applies if you are sending unidirectional traffic and don't care about the traffic not returning. 

 

When you don't resolve the MAC layer (ARP), then there's no need to define devices. Just add streams and in "Protocol Data", open "Media Access Protocol" and make destination the next hop mac (ip neigh show) and source as increment to simulate MAC addresses

Now add the IPv4 IPs

and make sure that the number of packets sent is the same as your source amount

 

NAT

symmetric NAT = Dynamic PAT (Cisco FWs)

 ASA Firewall allow traceroute

access-list outside_acl_in extended permit icmp any any time-exceeded
access-list outside_acl_in extended permit icmp any any unreachable
!
access-group outside_acl_in in interface outside

!

policy-map global_policy

 class inspection_default

  inspect icmp

  inspect icmp error