Installing the new Veeam Software Appliance v13

By Tomica Kaniski in Other 0 Comment

It’s finally here – the Veeam Software Appliance, v13!

 

What is it?

A simple to deploy, hardened Veeam instance, which is not installed on Windows anymore, but comes with it’s own (Rocky) Linux – everything packed in a nice software appliance!

Very nice!

 

Naturally, should be installed ASAP! 🙂

 

Installation

So, without actually reading the manual, I went and installed it in my lab (that’s how easy is to start with it!). There will be plenty of time to read the manual once issues start… right?!

Installation has a few steps:

  • obtain the installation ISO image from here (or from your account page):
    • be careful to select Linux appliance, and not the Windows installation ISO

  • prepare hardware to install it to – for me, it’s a Windows Server 2025 Hyper-V VM (4 vCPU, 18 GB RAM, 2×240 GB HDD, SecureBoot (MS UEFI CA) enabled):
    • check the requirements here

  • once you selected and prepared your hardware, you can start the installation – it looks like this:

  • in case you didn’t read the hardware requirements, you may face this error (so, go back, re-read the hardware requirements and update your hardware):

  • and after this question, the (automatic) installation proceeds, with no more inputs required from your side:
    • while waiting for it to install, I recommend you take a look at the nice, shiny, new What’s new document!

  • installation took ~35 minutes on my machine

 

Initial configuration

After the automatic installation finished, there are a couple of initial settings that have to be taken care of:

  • accepting the necessary agreements:

  • assigning a hostname
  • setting up networking
  • configuring time source
  • setting up passwords for the admin accounts (Host Administrator and (optionally) Security Officer):
    • really liked the process of setting up the MFA for host administrator here (as SO is optional, MFA for this account will be setup later, inside the web interface)!
    • don’t use passwords that are too short… or the same! 😁

  • summary:

And… that’s it! Veeam is installed and initially configured, and now you can access it via browser:

  • host management at https://<vsa-ip-address>:10443/

  • Veeam Backup & Replication web interface https://<vsa-ip-address>/
    • (or just use the Windows console for full experience)

What a nice installation experience! Well done, Veeam people! 👏

Of course, next I’ll install my license, add rest of the infrastructure, setup my backup jobs, and connect it to (Veeam One) monitoring.

After all, it’s a “normal” Veeam solution we already know and work with.

Cheers!

Add a route to your VPN connection via PowerShell

By Tomica Kaniski in Other 2 Comments

I’m sure that you’re using some VPN somewhere, and you’re having “trouble” with split tunneling and routing, right?

Well, I had. 😀

As I’m “here and there” most of the time, I’ve setup an “anchor” location (no, it’s not in the cloud… yet) which is always available via VPN, and which has few machines that I’m, more or less, using regularly. When I’m not there, I connect there via my precious Windows 10/11 laptop and work as I’m there locally. I know – you know what VPNs are used for… bear with me a bit longer. 😀

So, all good – I have a VPN client (Windows built-in), a VPN server and Internet connection, and I can work.

One thing that I like to have is Internet access which is not routed via my “anchor” location, so that “the work stuff” goes through VPN and “the fun stuff” not.

It’s really easy to set this up – in properties of your VPN connection, just untick the “Use default gateway on remote network” checkbox:

But then you’ll have an issue with connecting to “the work stuff” – your current default gateway doesn’t know where “the work stuff” network is and how to get there.

It needs a route.

No problem, it’s easy to add a route in Windows (my “the work stuff” network is 192.168.13.0/24 and my VPN gateway is 192.168.14.1, or publicly 141.138.55.154):

And now you have access to “the work stuff” network again! And Internet access works as it should (not via the “anchor” location)!

Great.

But then you disconnect. And reconnect. And route you’ve added is gone. So, you repeat the procedure. Or script it. Or…

What if I tell you there is actually a better way?

I’m not really sure in which release this came out, but now you have an updated set of PowerShell cmdlets in (Windows 10/11) (which is cool!). For this story, the one we’re interested the most is Add-VpnConnectionRoute.

“So, doest that mean that, with it, I can configure my VPN connection to always have the route I need, whenever I connect to VPN? No more adding routes manually?!”

Exactly.

If I use the discussed Add-VpnConnectionRoute on my existing VPN connection, I can add the route I need and it will be written in the connection configuration and made active when the tunnel comes up, while still using the split tunneling.

Let’s see:

  • connected to “the work stuff” VPN and this is (part of) routing table prior the route configuration:

  • adding route configuration:

  • checking routes again:

As you can see, I’ve got new routes in my route table (it would be the same by using route add command above) and now I can access “the work stuff” without any issue:

And if I disconnect and connect again – it still works! 😊

Hope it helps someone!

Cheers!

Found my forgotten Raspberry Pi

By Tomica Kaniski in Other 2 Comments

And, naturally, decided to put it to use (although, for exactly what… is currently unclear). 😊

So… how?

As there was already a micro SD card inside my Raspberry Pi, I was all set!

Basically, what I had to do:

  • download the OS image (Raspberry Pi OS Lite)
  • download imaging software (Etcher)
  • extract the OS onto micro SD card
  • enable SSH by adding an empty file called “ssh” (yes, without any extension) to the boot volume
  • boot it up
  • set it up as I like

Extracting the OS image onto micro SD card is a “breeze” with right tools – select OS image, select where do you want to put it and click Flash:

After it’s finished, don’t forget to enable yourself the SSH access (it’s easier that way):

Done.

Let’s put the card back into Raspberry Pi and boot it up.

Few seconds later, you can use (e.g.) Windows Terminal and included SSH client to access your Raspberry Pi (default networking option is DHCP, with default username of pi and password raspberry):

I wanted to “tweak” my installation a bit (with the provided raspi-config script), so I’ve used the following for disabling unnecessary devices, custom network settings, etc.:

# raspi-config script is located in /usr/bin/raspi-config
# settings (some of them) are located in /boot/config.txt

# update the raspi-config script (or you can use 'sudo raspi-config nonint do_update') and vim... is nice to have
sudo apt update
sudo apt install -y raspi-config vim

# set static ip address (configure in '/etc/dhcpcd.conf', can check interfaces with 'ip link' - can be done nicer, but... :))
echo 'interface eth0' | sudo tee -a /etc/dhcpcd.conf
echo 'static ip_address=192.168.12.101/24' | sudo tee -a /etc/dhcpcd.conf
echo 'static routers=192.168.12.1' | sudo tee -a /etc/dhcpcd.conf
echo 'static domain_name_servers=192.168.12.1' | sudo tee -a /etc/dhcpcd.conf

# set password (for user 'pi')
echo "pi:MyExtraSecretPass#123" | sudo chpasswd

# set boot options to my liking
sudo raspi-config nonint do_boot_behaviour B1
sudo raspi-config nonint do_boot_wait 1

# set/disable unnecessary interfaces
sudo raspi-config nonint do_camera 1
sudo raspi-config nonint do_ssh 0
sudo raspi-config nonint do_vnc 1
sudo raspi-config nonint do_spi 1
sudo raspi-config nonint do_i2c 1
sudo raspi-config nonint do_serial 1
sudo raspi-config nonint do_onewire 1
sudo raspi-config nonint do_rgpio 1
sudo raspi-config nonint do_memory_split 16
sudo raspi-config nonint do_expand_rootfs
sudo raspi-config nonint do_wifi_country HR
sudo raspi-config nonint do_change_timezone Europe/Zagreb

# upgrade packages and set hostname
sudo apt upgrade -y
sudo raspi-config nonint do_hostname pimaster
sudo reboot

# ssh back into your pimaster
ssh [email protected]

And after a while, my Raspberry Pi is finally ready:

Cheers!