Recent Posts

strongswan ipsec vpn site to site
posted on 2016-12-02 09:42

This guide was written for debian 8.

network layout

local/left       lan: 192.168.0.0/16
local/left   gateway: 10.0.0.2
remote/right gateway: 10.0.0.3
remote/right     lan: 172.16.0.0/16

Our network, expressed differently:

192.168.0.0/16 --- unencrypted --- 10.0.0.2 === vpn === 10.0.0.3 --- unencrypted --- 172.16.0.0/16

In strongswan it doesn't matter which side is defined in either left or right, but this convention helps:

  • local = left
  • rremote = right

ipsec settings for the tunnel

These may be somewhat arbitrarily, but we got to use something:

phase1:
ikev1 / aes256 / sha2 / dh5 / 86400s (24h statt 8h)

phase2:
esp / aes256 / sha2 / dh5 / 3600s

( protocol / encryption / hashing / DH group or PFS if present / lifetime )

install

apt-get install strongswan libcharon-extra-plugins

define PSK

Add to /etc/ipsec.secrets:

10.0.0.2 10.0.0.3 : PSK "thatsmydamnsecretPSKwhichreallyshouldbearandomsting"

setup tunnel

/etc/ipsec.conf:

config setup

conn %default
    keyexchange=ikev1
    keyingtries=%forever
    leftauth=psk
    rightauth=psk
    auto=start

conn myconfig-main
    left=10.0.0.2
    ike=aes256-sha256-modp1536
    ikelifetime=86400s
    esp=aes256-sha256-modp1536
    lifetime=3600s

conn myconfig1
    right=10.0.0.3
    leftsubnet=192.168.0.0/24
    rightsubnet=172.16.0.0/16
    also=myconfig-main

include /var/lib/strongswan/ipsec.conf.inc

That way you can add additional phase2 entries analoguous to conn myconfig1.

%default is valid for everything, myconfig-main is included via auto=myconfig-main into other connection definitions.

test

service ipsec restart

These might help:

tail -f /var/log/syslog
watch -n1 -d ipsec statusall

Ping from withing your lan a host inside the remote lan.

For watching the pings, the ones you want to see will be colored:

tcpdump -D # discern the interface you need to have a look at, usually eth0 / 1
tcpdump -nli 1 icmp | grep -color -e $ -e 192.168.

routing rules are automatically added by strongswan, do service ipsec restart while watching:

watch -n1 -d "ip ru; ip r l t 220"
terminator apprentice color scheme
posted on 2016-11-30 17:38

Using terminator, colorschemes were always somewhat an issue for me, until I found Apprentice.

The terminator version I found like here.

To have something I can copy-paste (with my settings), here's some kind of documentation:

$ cat .config/terminator/config
[global_config]
  enabled_plugins = InactivityWatch, ActivityWatch, TerminalShot, Logger
  title_transmit_fg_color = "#bcbcbc"
  title_inactive_fg_color = "#bcbcbc"
  suppress_multiple_term_dialog = True
  title_transmit_bg_color = "#1c1c1c"
  title_inactive_bg_color = "#444444"
[keybindings]
  go_up = <Primary><Shift>k
  broadcast_group = <Primary><Shift>F10
  next_tab = <Primary>Tab
  prev_tab = <Primary><Shift>Tab
  broadcast_all = <Primary><Shift>F8
  go_down = <Primary><Shift>j
  go_right = <Primary><Shift>l
  broadcast_off = <Primary><Shift>F9
  go_left = <Primary><Shift>h
  group_all = <Primary><Shift>F8
  edit_window_title = <Primary><Shift>F11
[profiles]
  [[default]]
    palette = "#1c1c1c:#af5f5f:#5f875f:#87875f:#5f87af:#5f5f87:#5f8787:#6c6c6c:#444444:#ff8700:#87af87:#ffffaf:#8fafd7:#8787af:#5fafaf:#ffffff"
    visible_bell = True
    background_darkness = 0.73
    urgent_bell = True
    cursor_shape = underline
    background_image = None
    cursor_color = "#39ff35"
    foreground_color = "#bcbcbc"
    scroll_on_output = False
    font = Monospace 6
    background_color = "#262626"
    audible_bell = True
    scrollback_infinite = True
[layouts]
  [[default]]
    [[[child1]]]
      type = Terminal
      parent = window0
    [[[window0]]]
      type = Window
      parent = ""
[plugins]
php session lifetime
posted on 2016-11-24 15:58

Adjusting php's session lifetime is a bit tricky. On why go to stackoverflow and read this.

Here is what you'd usually try:

session.cookie_lifetime = 7200  # cookie valid for two hours
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 50  # with a probability of 50/1000 a session will be discarded after gc_maxlifetime
session.gc_divisor = 1000
session.gc_maxlifetime = 7200  # 2h until sessions are marked as outdated

This is nat a guarantee, its more like increasing the server's likeliness, to handle timeouts with the desired timef g.rame. Another possibility, on how to handle the timouts within the application itself, can be found in the link above, too.

apache redirect not-existing urls to homepage
posted on 2016-11-22 18:50
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ / [L,QSA]
proxmox vzdump to stdout
posted on 2016-11-21 13:30

Pipe a vzdump directly to STDOUT:

vzdump <VMID> --dumpdir /tmp --mode snapshot --stdout 

In /tmp the config will be dumped, but the dump will not be saved on disk. So the dump can easily piped to nc.

linux shell number converters
posted on 2016-11-19 15:26

These are interactive promts from converting between the different number formats to decimal and reverse.

# hex-dec
h2d() {
    echo
    echo TO DEC, ctrl+c to end
    echo
    while :
    do
        read -p "hex> " i
        echo "ibase=16; $i" | bc
        echo
    done
}
d2h() {
    echo
    echo TO HEX, ctrl+c to end
    echo
    while :
    do
        read -p "dec> " i
        echo "obase=16; $i" | bc 
        echo
    done
}

# oct-dec
o2d() {
    echo
    echo TO DEC, ctrl+c to end
    echo
    while :
    do
        read -p "hex> " i
        echo "ibase=8; $i" | bc
        echo
    done
}
d2o() {
    echo
    echo TO OCT, ctrl+c to end
    echo
    while :
    do
        read -p "dec> " i
        echo "obase=8; $i" | bc 
        echo
    done
}

# bin-dec
b2d() {
    echo
    echo TO DEC
    echo
    while :
    do
        read -p "bin> " i
        echo "ibase=2; $i" | bc
        echo
    done
}
d2b() {
    echo
    echo TO BIN, ctrl+c to end
    echo
    while :
    do
        read -p "dec> " i
        echo "obase=2; $i" | bc 
        echo
    done
}

Put these into your ~/.bashrc.

Enjoy.

highlevel overview how to change partition sizes
posted on 2016-11-18 18:54

These are some rough notes for colleague of mine, on how to make more swapspace available and resizing partitions in general. The workflow highly depends on the previously existing layout. Here's a shot on a manual on how to approach this.

disclaimer

This is mostly written from memory, so bear with me if you stumble upon errors. No guarantees for nothing below this line.

do you use XFS? or do you REALLY need another swap partition, when you don't have unpartitioned space?

In case you need to resize a partition, as you do not have unpartitioned space available, you cannot enlarge the swap partition or add a second one, if you cannot shrink the filesystem (i know that's the case with XFS) on the partition which you want to shrink. Shrinking partitions is more like deleting the currently available partition and recreating it, only smaller. (Linux lets you do that, even if you make the partition smaller then the filesystem that should be in there, rendering the system unbootable in case you do this. Don't worry, it can be fixed by recreating the old partition schema, so you better backup the information good.)

If the stuff above is the case, you need to create a swapfile and use that. Of course you need enough free space on the filesystem. There should not be a speed difference from what I heard (and honestly I am too lazy to test that), if you have enough free space in your filesystem, create the file with dd, do mkswap it and fix /etc/fstab.

Enough tutorials are on google, this approach is the easiest, hands down.

But let's go on.

how does the system boot: does it use BIOS or UEFI?

  • BIOS -> can work with either a MBR or a GPT
  • UEFI -> needs a GPT, using a MBR won't work

Also UEFI needs a bios boot partition. Basically:

  • first partition is like 300m in size
  • with a fat32 file system
  • has boot and esp flags (sometimes also called bios boot partition)
  • is mounted likely to /boot/efi in your linux installation

The rest is as usual, like you can have a separate boot partition housing the /boot mountpoint, or just using another large partition for / and everything else directly.

how is the partitioning info saved

  • MBR -> 4 primary partitions are maximum, or use the 4th one as an extended partition, which points to further partitioning info somewhere else.

That's also the reason why you might have /dev/sda1, /dev/sda2, /dev/sda5 after a fresh install.

  • sda1 = primary partition
  • sda2 = primary used as extended partition
  • sda5 = first logical partition

The MBR is located on the first sector of a harddisk and 512k in size. During the boot process the executed boot code from the BIOS scans all disk in hope of finding a MBR or GPT. Due to the MBR's structure it can only store the information for four partition entries. Information for partitions of type 'primary' is stored directly in the MBR. Partitions cannot be larger then 2t, if you need that you either have to use a GPT instead or build a logical volume via LVM out of several MBR partitions. (Ok, in that case go for GPT...)

An extended partition points to another partitioning table in a VBR. That's like a MBR, but without boot code and located in the first sector of a partition depicted in the MBR.

  • GPT -> all partitions are created equal (haha), but you need a bios boot partition (see above) so it can work.

You can delete the partitions as you please, and it's autmatically backupped to the end of the disk. Its 33 logical blocks in size (like 33 * 512b or 33 * 4k in disk size, depending on block size), and uses the first 33 and the last 33 blocks of the disk. (In comparison to the MBR, which uses only the first block on a disk.)

Maximum size are about 8 zebibytes or 9 zettabytes, which should do rather fine for the storage needs you have with five nines of probability.

Keep that in mind when you want to use a sofware raid and the raid superblock shall be stored at the end of the disk, depending on the version of the software raid metadata.

backup your partitioning info!!!

Resizing partitions is more or less just deleting a partition and recreating it with a different size. This can fail, rendering the system unbootable when the partition is smaller then the filesystem it shall contain. This can be fixed by deleting the partitioning info for the partition in question, and recreating it bigger again.

Nothing is destroyed here, unless you start recreating filesystems on your newly created partitions, keep that in mind prior to panicking.

Partition info's are just pointers to start and end of a partition, so the kernel knows where to look for filesystems relative to its start.

Also the absolute sizes are important. Best in sectors, bytes do work, too.

Copy the output of the commands below into a text editor and save it somewhere (when working over ssh) or use your smartphone camera to make a picture. Of course pen and paper work, too, but don't do anything without this information backed up. SERIOUSLY!

These will give the partition boundaries in sectors or bytes. I prefer sectors.

parted /dev/sdX u s p

and

parted /dev/sdX u b p

Don't read on unless you did this. If you still do and fuck up, you can try testdisk, but this will not work with more complex setups. From my experience, testdisk only works with like a 60% chance.

highlevel overview for the general approach, the shrink and resize operations

You can only use continuous space for creating new partitions.

I.e. if you have like a 1g swap partition which you want to enlarge, followed by a 100g root partition, you can shrink the root partition, but the new unallocated space will be located at the end of the disk.

If you cannot do that, you need to use LVM.

  • Create new partition in the unallocated space.
  • Create physical volumes on the first partition and the newly-created one.
  • Add both to a volume group.
  • Create a new logical volume using the fully available space in that volume group.
  • Use the new LV as swap.

shrink

This would be the work without LVM being used:

  • Reset, and boot from a livedisk like grml
  • To shrink, start with the innermost part, the filesystem.
  • Shrink filesystem via resize2fs. Either to a particular size, or with the -m flag to the minimum size. This may take time.
  • Delete partition of filesystem you re sized.
  • Recreate partition, but larger than the filesystem. To be on the safe side, create it like 1g bigger than the filesystem, calculating that is annoying due to 1000 vs. 1024 base discrepancies.
  • You may also delete partitions you still don't need anymore. If you do that, fix the /etc/fstab, else no boot for you.
  • Reboot and see if the system still works as you need it to.
  • If it doesn't, look up your backup information from above, and recreate the boot and/or root partitions properly.
  • If it does, create your other partition(s)/logical volume(s) and work on.

In case you have LVM in use:

  • From inner parts to outside, too.
  • First shrink filesystem.
  • Then shrink the logical volume where the filesystem lays on, but not smaller than the filesystem was.
  • Resize the physical volume, too, in case you want to create a new volume group for whatever reason.
  • Adjust partition size if you need to for your desired layout.

Remember, if your system does not boot because you made partition(s) or logical volume(s) too small, that is fixable. But only as long as you did not kill any data on disk, i.e. by creating file systems.

enlarge

  • From outside to inside, basically the reverse from above.
  • Enlarge existing partition.
  • Enlarge physical volume if lvm was used, so also the volume group gets bigger. (pvresize /dev/sdXy will use all available space.)
  • Enlarge logical volumn, if lvm was used. (lvextend -l +100%FREE /dev/mapper/<vg-lv-name> is what you want to use all available space.)
  • Enlarge filesystem. (resize2fs /path/to/device, so either /dev/sdXy without lvm, or /dev/mapper/<vg-lv-name>, to use all available space.)

changing partitions via parted

For editing partitions parted does work quite good, both for MBR/GPT partition tables. fdisk/gdisk also still do exist, if you want something with a fancy curses gui go with cfdisk/cgdisk. Also there are are sfdisk/sgdisk for the hacker types, according to the manpage.

  • "f" -> edit MBR's
  • "g" -> edit GPT's

parted commands cause immediate changes, whereas the others let you view your changes, but won't change anything until you write the changes to disk.

I really prefer using parted non-interactively nowadays, though I cannot explain why.

All commands in as short as possible:

# show help
parted /dev/sdX h
# show help on particular command, may help greatly
parted /dev/sda h <parted_command>

# drop partition info
parted /dev/sdX u s p       # "unit sector print"
parted /dev/sdX u s p free  # "unit sector print free"
parted /dev/sdX u b p       # "unit byte print"

# create new disklabel, read: MBR or GPT.
# if you do this you basically delete the complete partitioning table
# do only if you need to, and backupped the 'print' output above!
parted /dev/sdX mkl msdos  ## create MBR
parted /dev/sdX mkl gpt    ## create GPT

# delete partition
parted /dev/sdX rm <ID>  # 1 or 2 or 3, depending which partition you want to edit

# create partition
# -a opt can be used with all commands listed here, but only has impact here
# units can be mixedly used, like 2048s, 10GiB, 10GB, 100%
parted -a opt /dev/sdX mkp  # mkpart, -a opt is essential for optimal alignment!

# show options
parted /dev/sdX h set
# enable/disable options (like boot flag)
parted /dev/sdX set <ID> <OPTION> on   # enable
parted /dev/sdX set <ID> <OPTION> off  # disable

swap

If you can still boot, and have a shiny new partition (or logical volume) which you can use, finish:

  • mkswap /path/to/device
  • fix /etc/fstab, i.e. create an entry so the system knows about the swapspace

This should be everything one may encounter. Good luck.

yet another megacli cheatsheet
posted on 2016-11-17 12:15
## convienience alias
alias asdf=/path/to/MegaCLI/file

## quick overview
asdf showsummary aall                                                    # SHOW STATUS
asdf -AdpEventLog -GetLatest 4000 -f events.log -aALL                    # SHOW ERRORS


## FW version
asdf version cli aall

## controller config status
asdf adpallinfo aall | less

## logical disks status
asdf ldinfo lall aall | less

## physical disks status
asdf pdlist aall | less
asdf pdlist aall | grep -i -e 'enc.*dev' -e slot                         # GET ENCLOSURES/SLOT

## rebuildrate & autorebuild
asdf adpgetprop rebuildrate aall                                         # SPEED STATUS
asdf adpsetprop rebuildrate 40 aall                                      # SET SPEED TO 40%

asdf adpautorbld dsply aall                                              # STATUS AUTOREBUILD
asdf adpautorbld dsbl aall                                               # DISABLE
asdf adpautorbld enbl aall                                               # ENABLE

## rebuild in progress?
asdf pdlist aall | grep -i -e 'enc.*dev' -e slot                         # GET ENCLOSURES/SLOTS
for i in {4..7}; do asdf pdrbld showprog physdrv \[252:$i\]  aall; done  # SHOW REBUILDS, DEPENDS ON ENCLOSURES/SLOTS

## manual rebuild
asdf pdlist aall | grep -i -e 'enc.*id' -e slot -e state                 # UNCONFIGURED(BAD) ODER OFFLINE DRIVES EXIST?
asdf pdmakegood physdrv "[252:4]" aall                                   # MAKE GOOD

asdf cfgforeign scan aall                                                # SCAN DRIVES FOR FOREIGN LSI RAID CONFIGS
asdf cfgforeign clear aall                                               # DELETE FOREIGN CONFIGS

asdf cfgdsply aall                                                       # FIND MISSING SLOT, i.e. [252:4], and adapter (see top)
asdf pdgetmissing aall                                                   # GET ARRAY/ROW NUMBERS, i.e. 1 and 0
asdf pdreplacemissing physdrv "[252:4]" array 1 row 0 a0                 # ADD DRIVE TO RAID
asdf pdlist aall | grep -i -e 'enc.*id' -e slot -e state                 # UNCONFIGURED(BAD) ODER OFFLINE DRIVES EXIST?
for i in {4..7}; do asdf pdrbld showprog physdrv \[252:$i\]  aall; done  # SHOW REBUILDS, DEPENDS ON ENCLOSURES/SLOTS
asdf pdrbld start physdrv "[252:4]" a0                                   # START REBUILD

Some links that helped:

  • https://wiki.hetzner.de/index.php/LSI_RAID_Controller
  • https://wiki.hetzner.de/index.php/LSI_RAID_Controller/en
  • https://www.thomas-krenn.com/de/wiki/MegaRAID_Controller_mit_MegaCLI_verwalten#Controller_Status_und_Config
  • https://calomel.org/megacli_lsi_commands.html
  • https://supportforums.cisco.com/document/62901/megacli-common-commands-and-procedures
apache rewrite non www to www
posted on 2016-11-16 16:20

For https hosts:

RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

While trying out the settings above, you should use a 302 instead of a 301.

imap via linux shell
posted on 2016-11-09 23:52

Connect to server:

# IMAP
nc SERVERNAME-OR-IP 143
# IMAPS
openssl s_client -connect SERVERNAME-OR-IP:993

IMAP commands:

  • enumerate/prefix commands with arbitrary labels or simply a '.'
  • login USERNAME "PASSWORD" # login
  • list "" "*" # show all mailboxes
  • status [mailbox]
  • select "MAILBOX" # switch to mailbox
  • fetch FIRST:LAST FLAGS
  • fetch MAILID BODY[HEADER]
  • fetch MAILID BODY[TEXT]
  • uid search all
  • uid store MAILID +flags (\Deleted) # mark as deleted
  • expunge # actual delete
  • logout # logout
Next

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 14.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apachebench, apple, arcconf, arch, architecture, areca, arping, asa, asdm, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, cluster, coleslaw, colorscheme, common lisp, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factoryreset, fail2ban, fbsd, fedora, file, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, github, gitolite, gnutls, gradle, grep, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, inodes, intel, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, juniper, junit, kali, kde, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, lmctfy, loadbalancing, locale, log, logrotate, looback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pdf, performance, pfsense, php, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plesk, plugin, posix, postfix, postgres, postgresql, poudriere, preview, profiling, prompt, promxox, proxmox, ps, puppet, pv, pvresize, python, qemu, qemu-img, qm, qmrestore, quicklisp, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, udev, uefi, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh

View posts from 2016-12, 2016-11, 2016-10, 2016-09, 2016-08, 2016-07, 2016-06, 2016-05, 2016-04, 2016-03, 2016-02, 2016-01, 2015-12, 2015-11, 2015-10, 2015-09, 2015-08, 2015-07, 2015-06, 2015-05, 2015-04, 2015-03, 2015-02, 2015-01, 2014-12, 2014-11, 2014-10, 2014-09, 2014-08, 2014-07, 2014-06, 2014-05, 2014-04, 2014-03, 2014-01, 2013-12, 2013-11, 2013-10


Unless otherwise credited all material Creative Commons License by sjas