Sylvan Korvus

Quick notes on an issue I resolved today:

Client’s imageRunner 3030 had been successfully sending scans via email for years. It was using mail.shaw.ca port 25 with no SSL or authentication – SSL failed to work so we lived without it.

4 days ago it stopped working. I was unable to get the device to successfully send via any other servers, eg. smtppro.zoho.com, or the testing service https://mailtrap.io .

In order to test sending from the device, I did a print-from-file, saved to a user inbox on the device instead of printing, and then had the ability to send that file from the inbox via email as needed. Consistent error message in the transmit log was 801 (very uninformative).

Tried the usual, rebooted the device, changed DNS servers, verified I could send email from my test Mac Mini (used Apple Mail and Thunderbird) to mail.shaw.ca. Was ready to give up and recommend buying something from this century (it actually appears to date from 2009).

Out of curiosity I pursued a little further, and was able to finally diagnose the issue with a combination of tcpdump to check what was being sent, netcat to test the outgoing email commands, an “expect” script for netcat, and a Java-based SMTP receiver on the local Mac: DevNull SMTP Server .

sudo tcpdump port 25 allowed me to watch smtp related traffic in & out of the test machine, so I could see exactly what was being sent to mail.shaw.ca (so I could format netcat commands correctly), and have a second copy of what the imageRunner was sending to the local test smtp server.

I started the DevNull server via terminal:

sudo java -jar DevNullSmtp.jar -p 25 launched the server with its window for monitoring, and used port 25, since it’s very difficult to specify the port for the imageRunner to use. I changed the SMTP server for the imageRunner to this IP of this test Mac.

Instead of laboriously typing netcat commands (after doing it a few times), I set up a simple script. This “microHOWTO” provided the example “expect” script as well as being a good reference on the commands. I merely edited the provided script with the particulars of the mail I was trying to get the imageRunner to send, using the same from: address etc. mail.shaw.ca didn’t send any mails from netcat until I included the to, from, and data fields in the DATA section of the mail, as done in the script here.

I was able to send test emails from the script through mail.shaw.ca. The incoming data from the imageRunner as viewed in the DevNull server looked almost identical, and here is where I finally found the source of the problem:

The hostname on the imageRunner was improperly set to “Canon iR3030”. This had never caused any problems before, but it was sending its hostname to the SMTP server in the EHLO line as “Canon ir3030.hitronhub.home” (the default local domain); the test Mac was successfully sending using its own hostname “macname.hitronhub.home”. I eliminated the space from the hostname, and the problem was fixed, the imageRunner was now able to send mail through mail.shaw.ca again.

Obscure little issue. Don’t put spaces in hostnames!

Filed under: geek by sylvan
Comments Off on Canon imageRunner 3030 suddenly unable to send email

I ran into a difficult technical problem recently, and after a lot of googling, managed to find a fix. I’m writing this post in case anyone else has the same issue.

Description of the issue:

• Trying to connect to a L2TP VPN from Windows 10 to a Synology Diskstation (but others have described the same problem connecting to other types of servers).
• Diskstation is a 213J running DSM 6.2.4-25556.
• PC is a Lenovo M91p running Windows 10 Pro 21H1 / 19043.1055. General network connectivity is fine.
• The VPN fails to connect. Examining logs in Windows Event Viewer, attempting to connect would consistently fail with an error from RasClient:
  CoId={96684EEB-618C-0002-366E-68968C61D701}: The user MACHINE\Username dialed a connection named VPNName which has failed. The error code returned on failure is 809.
• An Information entry precedes the Error message, “VPNName requires attention”. This is what eventually led me to the solution.
• Error 809 is described by Microsoft: “The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g., firewalls, NAT, routers) between your computer and the remote server is not configured to allow VPN connections. Please contact your administrator or your service provider to determine which device may be causing the problem.” (This message also appeared in the VPN Settings after a failure to connect.)
  https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy-troubleshooting

A very similar problem is described on the Ubiquiti forums here on a post by “rybad“:  “L2TP VPN error 809 Frustrating!”

The problem appears to be similar that described here in a post on Microsoft Community by “sbudaj”: “Problem with Connecting to a VPN”, but that user had different error messages.

Initial Diagnostics & Attempted Solutions:

• Another device (MacBook Air with MacOS 10.13.6) was able to connect to the Synology VPN without problems, so issue isn’t the local router, remote router (L2TP ports are correctly forwarded), or the VPN server config.
• In PowerShell, was able to ping the VPN server without problem.
• Ruled out Malware Bytes (uninstalled)
• Ruled out Windows Defender Firewall (disabled)
• I looked into ways to test a UDP connection on Windows, but didn’t proceed with installing the software to do so.
• Tried suggestion listed here: https://answers.microsoft.com/en-us/windows/forum/windows_10-networking/problem-with-connecting-to-a-vpn/91f9c5d7-7186-4982-bb5f-b203b1f8f367?page=2 – uninstalling the Wan Miniport interfaces in the WiFi adapter in Device Manager, then reinstalling them via “Scan for hardware changes”, with no effect.

Solution

The information message “VPNName requires attention” eventually led me to this page from TPLink which addresses an issue where a Windows 10 machine cannot connect to an L2TP VPN on one of their routers.

https://www.tp-link.com/us/support/faq/1029/

The problem is as described in their second image: “Can’t connect to L2TP. The network connection between your computer and the VPN server could not be established because the remote server is not responding. […]”

I’m not going to repost the entire contents of the TP-Link page which includes a detailed walkthrough for performing the recommended actions, but I’ll post the summary here in case that page eventually becomes unavailable.

Note: the services changes in Step 1 may be unnecessary, I recommend trying Step 2 first then rebooting and seeing if the problem is fixed.

Step 1

Start the following services on the client PC:

    IKE and AuthIP IPsec Keying Modules

    IPsec Policy Agent

    Remote Access Auto Connection Manager

    Remote Access Connection Manager

    Secure Socket Tunneling Protocol Service

Step 2

Modify the Register of the Windows OS.

1. 1. Click Win+R, then type “regedit.exe” in the box. Click OK.
   2. Go to HKEY_LOCAL_MACHINE——SYSTEM——CurrentControlSet——services——RasMan——Parameters, Find “ProhibitIpSec“, double click it, then set the value as 0. If you cannot find the parameter in the list, you can new it like below, then rename it as ProhibitIpSec(case insensitive) and set the value as 0.HKEY_LOCAL_MACHINE——SYSTEM——CurrentControlSet——Services——PolicyAgent, find “AssumeUDPEncapsulationContextOnSendRule“, double-click it, and set its value to 2. If it doesn’t exist, new it like above and set it to 2.[Clarification: “new it” means create a new entry in the registry with the name & value described. Both of these entries are type DWORD (32-bit).]

Step 3

Restart the computer, make sure the services are started and try to connect to the VPN.

The services IPsec Policy Agent, Remote Access Auto Connection Manager, and Secure Socket Tunneling Protocol Service were set to Manual on my machine. I started them, changed them all to Automatic (Delayed Start).

Both of the registry entries were missing on my machine, and I entered them as described.

Following a reboot, the VPN connected successfully.

Now that I know about the registry change, I note the solution is also described at these locations, including terminal commands to make the registry changes quickly. It’s possible that the services changes above are unnecessary thus my recommendation to try just the registry edits first.

https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#windows

https://windowsreport.com/windows-10-connect-l2tp-vpn-reg/

https://superuser.com/questions/1298513/l2tp-ipsec-vpn-fails-to-connect-on-windows-10-works-fine-on-ios

I hope this helps someone out there!

Filed under: geek by sylvan
Comments Off on Problem connecting to L2TP VPN on Windows 10 (with possible solution!)

Back in 2014, the Georgia Straight published an article about Vancouver’s free book exchanges. I found the Google map they included (originally by Miranda Nelson, @charenton_ ) incredibly helpful for finding these shared repositories of books. On a sunny day, I love to hop on my bike and do a tour of several of them; generally I head west to the Kits area, or east towards Main & Fraser. 

In the course of these bike rides, I’ve noticed some book exchanges have disappeared, and some new ones have been installed. I emailed the Georgia Straight a couple times (as they requested in their Google map), but they never updated the map as far as I could see.

So I’ve duplicated the map and added my changes, now located here: Neighborhood book exchanges in Vancouver 2017. Please feel free to contact me with your own updates!

Filed under: geek, News by sylvan
No Comments »

I have been playing with GeekTool the last few days. It’s a small app for Mac OS X (preferences pane, actually) that adds text and images directly to the desktop. It’s highly scriptable and customizable, with people adding anything from the date and time, to log files, to RSS feeds and live satellite photos.

One thing I’ve added to my own desktop, is the Zen poem posted daily on the website DailyZen.com. It took a little work to be able to do it, so I thought I’d post my script.  (more…)

Filed under: geek by sylvan | tags: Mac
3 Comments »

Recently I was asked to solve a problem someone was having with JEditable. There were several fields on the page that existed as double-clickable text, which could then edited. The problem was, the tab key would not move between the fields.

The first step of course was to build a simple test environment: a page with several divs with ids such as “box1” “box2”  etc., JQuery and JEditable called, and JEditable configured to talk to a simple PHP script that simply echoes its input:

< ?php echo $_REQUEST["value"]; ?>

(more…)

Filed under: geek by sylvan | tags: javascript, jquery
2 Comments »