Reset OpenVPN Access Server

If your Access Server isn’t working (mine stopped listening on all ports, web interface wasn’t accessible), run the initialization script to set it up from scratch.


Log into the console as root and run the following command:
/usr/local/openvpn_as/bin/ovpn-init –force


Disable TP-Link Archer C7 constant UDP broadcast

If your packet capture looks like this:


KANNOU%N………G.Archer C7 v2….Archer C7 v2………………………………….1.02.65……………………………………….

then –

go to the router admin page > USB Settings > Print Server > Stop

Squid config file

The passwords file needs to be created and then populated using htpasswd.

http_port 3128
access_log /var/log/squid/access.log combined

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm proxy

acl foo proxy_auth REQUIRED
http_access allow foo
http_access deny !foo
http_access deny foo all
#http_access allow localnet
http_access deny all

EdgeRouter register DHCP devices in local DNS

set service dhcp-server hostfile-update enable

This will write your DHCP leases into the hosts file, and if you’re using dns fowarding, allow you to resolve ‘local’ resources.

Renew DHCP for the system in question for it to be registered in DNS. Also, run:

sudo /etc/init.d/dnsmasq restart

Windows AD DNS – reverse DNS, automatically add DNS records for non AD machine

Reverse DNS –

open DNS, create a reverse lookup zone, Primary zone, all DNS servers in the domain, IPv4, network ID – enter whatever it is for the network (e.g. 192.168.1), allow only secure dynamic updates, finish.

Does not work with AD-bound computers unless other DHCP configuration is done.

To fix this: open DHCP, right click IPV4, properties, Advanced tab, Credentials. You have to create a new user for this purpose, and add it to the DnsUpdateProxy group.

To have DNS records automatically created for devices not part of AD:

Go to DHCP. Right click scope, open properties, DNS Tab, check Dynamically update DNS records for DHCP clients that do not request updates.

Windows show MAC of connected access point

netsh wlan show interfaces

C:Userschris>netsh wlan show interfaces

There is 1 interface on the system:

    Name                   : Wireless Network Connection
    Description            : Intel(R) Dual Band Wireless-AC 7260
    GUID                   : 7e7d4d3a-8a96-4853-9e8d-b0d25e9d09ef
    Physical address       : e8:b1:fc:---
    State                  : connected
    SSID                   : ------
    BSSID                  : 46:d9:e7:---
    Network type           : Infrastructure
    Radio type             : 802.11n
    Authentication         : WPA2-Personal
    Cipher                 : CCMP
    Connection mode        : Auto Connect
    Channel                : 6
    Receive rate (Mbps)    : 300
    Transmit rate (Mbps)   : 300
    Signal                 : 87%
    Profile                : ---

    Hosted network status  : Not started

2019-08-19 10_07_25-Clipboard

You’ll need to set up an AD account for this purpose. Password should not expire, and (I think you can) block the user from actually logging into a workstation for more security.

Device has booted from backup JunOS image

root@SW1> request system snapshot slice alternate
Formatting alternate root (/dev/da0s1a)…

Copying ‘/dev/da0s2a’ to ‘/dev/da0s1a’ .. (this may take a few minutes)
The following filesystems were archived: /

root@NHC0-PUR-SWA001> request system reboot

Reboot the system ? [yes,no] (no) yes

The switch reboots and the warning message goes away

If you still get the warning message you need to force the switch to reboot from the newly formatted partition.

root@SW1> request system reboot slice alternate

Blog at

Up ↑