Monday, August 28, 2017

My CCIE Lab Experience - Part I

Today, I attempted the CCIE R&S lab. It was my first attempt, and I failed. I haven't received the infamous CCIE lab result e-mail, and I don't need it. I know I failed tshoot, passed diag, and failed config.

I'd like to tell you I was close - something like "I barely missed tshoot by two points, and I would have passed config but ran I out of time." That would make for a nice fluffy blog post. However, that's not the case. I fell apart during tshoot; I knew I failed within the first 90 minutes. I don't think I failed due to lack of protocol understanding. Rather, I buckled under the pressure and sheer intimidation of the lab topology. My structured troubleshooting methodology went out the window, and within minutes, I was reduced to something akin to a blind monkey pounding on a keyboard.

I'll tell you more about my experience in a moment, but first, I'd like to tell you a story. Four years ago, I decided I wanted to complete an Ironman Triathlon. A friend of mine, Nick, had completed several, and I found this inspiring. However, at the time, I hadn't run more than a mile in over ten years. I called Nick and told him I wanted to do an Ironman. His suggestion? Just run a marathon to start.

With less than four months to train, I signed up for my first marathon. I started by running a mile. My knees hurt badly, but I pushed through. Within a relatively short period of time, I worked my way up to running eight miles at once. Eight miles is obviously a far cry from a marathon, but for me, it was an accomplishment.

One week before the marathon, my wife urged me to run the half marathon instead of the full. She said "You've never even run a half! It would still be a huge accomplishment." However, when I commit to something, I follow through. I put on my running shoes and told my wife I would be back in around two hours. That night, I ran my first half marathon in the neighborhood surrounding my house. I hobbled in the front door nearly three hours later with a triumphant smirk on my face and told my wife "Well, I just ran a half. I guess I have to do the full now."

The following week, I stood at the starting line of the Philadelphia Marathon with several friends, most of whom had previously completed multiple marathons and triathlons. I was woefully unprepared, but it didn't matter. I set my mind to running a marathon; I told my friends, family, and coworkers I was running a marathon. More importantly, I told myself I was running a marathon. So damn it, I was running a marathon.

The first ten miles went surprisingly well. The friends I ran with helped keep the pace. However, shortly after mile ten, I told them to go ahead. I could no longer keep up, so I ran alone yet surrounded by 30,000 other runners. By mile twelve, my lack of training had become painfully apparent. My knee hurt badly, and I had over fourteen miles to go. However, the Philadelphia marathon offers an easy out at the half way point. There is a fork in the road. To the right is the finish line for the half marathon. There, you'll be greeted by thousands of cheering onlookers, snacks, and cold beverages. To the left is Kelly Drive, for those running the full marathon. There, the runners become sparse. The crowd thins. The euphoric buzz of the half is replaced by the silent internal battle that characterizes the full.

I chose left. By mile 15, I could not bend my left leg. My knee was simply unable to withstand the impact any longer. I tried stretching to no avail. Running was no longer an option. However, I committed to completing the marathon. I thought "If I can't run across the finish line, I'll drag myself across." And that's what I did. I limped the remaining 11 miles - a painful straight-leg limp that got progressively worse until every fiber of my being wanted to quit. I didn't quit.

When I arrived at the finish line, I heard the announcer congratulating other runners. "Congratulations, Joe, you did it!" he would say. However, his tone changed when he saw me limping in the distance. "Ohh, Matthew, you could have stopped, but you didn't," he announced over the loudspeaker, as I limped across the finish line. I chuckled, and I continued limping until the gold 30th Anniversary Philadelphia Marathon medal was placed around my neck.

I have since completed two marathons and somewhere around ten half marathons. I'm not fast, and I don't consider myself a serious runner. I just enjoy pushing myself beyond my comfort zone. However, that first medal - the medal I earned by limping across the finish line - means far more to me than any of the others. I was slow. I finished almost dead last. But I damn sure earned that medal. I still haven't attempted an Ironman, but I'll get there eventually. I put that goal on hold while I prepare for my CCIE.

Well, that was a bit of a tangent. This post was meant to be a CCIE lab recap, after all. However, I'm beaten down, exhausted, and reminded of that first marathon. I trained much harder for the lab than I did for that marathon, and I still failed. However, I know I accomplished something. I'm one step closer to a pass, and I have a strategy for my next attempt. Tomorrow, I'm booking another lab date.

Tomorrow, I'm also going to write a "part two" post where I detail the specifics of my lab attempt. Just not now. Now, I'm going to get some sleep - a full night, not just four hours of lab-prep sleep.

Monday, April 17, 2017

Using Tasker to Connect to AnyConnect VPN

When I am home, I access local resources over my WiFi network. When I am away, I VPN into my house so I can access these resources. I decided to find a way to have my Android phone automatically connect to my home VPN whenever I'm not connected to my home WiFi network. Enter Tasker: Tasker can automate pretty much anything on an Android phone.

Here is the specific use case I decided to automate:

If connected to SSID "HomeSSID"
    Then disconnect from AnyConnect VPN
If not connected to SSID "HomeSSID"
    Then connect to AnyConnect VPN named "HomeVPN"

As you can see, this is pretty simple logic. However, it's a bit tricky to a accomplish with Tasker and AnyConnect. Here are the methods I looked into:
  1. Create AnyConnect widget and have Tasker "press" the widget:
    • At the time of this post, Tasker does not have the ability to interact with a widget directly.
    • I did not want to use any an additional app to simulate screen presses. TouchTask may be able to do this, but I haven't tried it.
  2. Call intent to tell AnyConnect to connect to VPN:
    • This is probably the most elegant solution. However, after a bit of trial and error, I wasn't able to figure out how to call the intent directly.
  3. Use AnyConnect browser link to call connect to VPN:
    • This is the option that I used.
    • This requires enabling external control of AnyConnect, and is a potential security risk. An attacker could create a link to connect to a VPN, tunnel all traffic, and use it for a man-in-the-middle attack. For my use case, the benefit outweighs the risk.
After a bit of research, I found that Tasker can call intents. According to Google's Android API guide, "An Intent is a messaging object you can use to request an action from another app component." I spent a while reviewing "adb logcat" output trying to determine exactly what intent is called when the AnyConnect widget is pressed hoping I could then call this intent directly. I also used the Android App "Intent Intercept" to no avail.

However, it turns out some apps have intents that can be called through browser links. AnyConnect is one such app. In order for this to work, the "External Control" setting must be set to "Enabled" in the AnyConnect app settings. Once this setting is changed, the following browser link will launch the AnyConnect profile "HomeVPN." This browser link can then be called through Tasker.
I ended up creating two Tasker tasks with two associated Tasker profiles - one to connect to my VPN when not connected to my home wireless network, and one to disconnect from my VPN when connected to my home wireless network. I use certificate-based AnyConnect authentication which makes connecting a bit easier, since I don't need Tasker to pass credentials to AnyConnect. I also found that a two-second delay before connecting to my VPN was often necessary to give my phone enough time to finish transitioning from WiFi to LTE.