Re-initialize log4j2 loggers from properties

Programmatically modifying the current configuration after Initialization:

   public void initLogging(Properties props) {
    try {
        StringWriter writer = new StringWriter();
        props.store(writer, "");
        final InputStream is = new ByteArrayInputStream(writer.getBuffer().toString().getBytes());
        final ConfigurationSource source = new ConfigurationSource(is, new File("log4j2.properties"));

        final LoggerContext ctx = Configurator.initialize(null, source);

        ContextAnchor.THREAD_CONTEXT.set(ctx);
        final Configuration config = PropertiesConfigurationFactory.getInstance().getConfiguration(ctx, source);
        ctx.reconfigure();
        ctx.start(config);
        ContextAnchor.THREAD_CONTEXT.remove();

    } catch (Exception e) {
        log.error("Unable it initialize log4j2", e);
    }

}

Convert ext3 to ext4 File system

umount /data
tune2fs -O extents,uninit_bg,dir_index /dev/sdb1
tune2fs -r 1024 /dev/sdb1
fsck /dev/sdb1
mount -a

Setup IPSec VPN on Ubuntu with strongSwan and PSK/XAUTH on Amazon EC2

I prefer strongSwan over Openswan because it's easier to setup and doesn't require a L2TP daemon.

Configure new security group

Create a new security group (EC2 Management interface -> Security groups) and allow traffic to UDP ports 500 and 4500. Also allow access to SSH TCP port 22.

EC2-security-group.png

Start a new Ubuntu instance

Launch EC2 micro instance and assign security group you just created. Connect to you server via SSH and and execute this script:

#!/bin/sh
#
# Please define your own values for those variables.
# If you want to generate a random pre-shared key (PSK) you can use the following openssl command:
#
#  openssl rand -hex 32
#

IPSEC_PSK=insecure_psk
VPN_USER=johndoe
VPN_PASSWORD=insecure_password

# IP addresses will be found automatically using AWS metadata endpoints
PRIVATE_IP=`wget -q -O - 'http://169.254.169.254/latest/meta-data/local-ipv4'`
PUBLIC_IP=`wget -q -O - 'http://169.254.169.254/latest/meta-data/public-ipv4'`

# Install openswan and required plugin
apt-get install -y strongswan strongswan-plugin-xauth-generic

cat > /etc/ipsec.secrets <<EOF
$PRIVATE_IP  %any  : PSK "$IPSEC_PSK"

jeff : XAUTH "jeffpassword"
mike : XAUTH "mikepassword"
EOF

cat > /etc/ipsec.conf <<EOF
config setup
    cachecrls=yes
    uniqueids=yes
    strictcrlpolicy=yes
#    charondebug="ike 4, knl 4, cfg 4, net 4, esp 4, dmn 4,  mgr 4"

conn %default
    keyexchange=ikev2
    ike=aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1
536,aes128-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,aes256-sha1-modp1024,aes256-sha256-modp1024,aes256-sha
256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-s
ha384-modp2048,aes256-sha384-modp4096,aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1
-modp1024!
    esp=aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1,aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp204
8,aes128-sha256,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes128gcm12-aes128gcm16-aes2
56gcm12-aes256gcm16-modp2048-modp4096-modp1024,aes128gcm16,aes128gcm16-ecp256,aes256-sha1,aes256-sha256,aes256-sha256-modp1024,aes256-
sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-
modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16,aes256gcm16-ecp384,3des-sha1!
    compress=yes
    dpdaction=clear
    dpddelay=300s
    rekey=no
    left=%any
    leftsubnet=0.0.0.0/0
    leftfirewall=yes
    right=%any
    rightsourceip=10.42.42.0/24,2002:25f7:7489:3::/112
    rightdns=8.8.8.8,8.8.4.4,2001:4860:4860::8888,2001:4860:4860::8844


conn ipsec-xauth-psk
    keyexchange=ikev1
    authby=xauthpsk
    xauth=server
    auto=add
EOF

# Restart openswan
service strongswan restart

Allow IPv4 packet forwarding in /etc/sysctl.conf:

net.ipv4.ip_forward=1

Reload the changes:

sysctl -p

We also need a NAT rule:

# VPN NAT
/sbin/iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -o eth0 -j MASQUERADE

GitHub – vlad-aleksandrov

Vladimir Aleksandrov