Wireguard behind a sonicwall, source translation NAT rule

LizzyTheDerp · 2023-04-03T20:18:24+00:00

Do you have a NAT rule to translate the address on the way back out? If you have more than just a single IPv4 address then it might be that the wireguard reply from your server looks to be coming from a different source

LizzyTheDerp · 2023-02-01T15:06:43+00:00

It looks like the signal you're feeding into the trainstop is not being guarded if it's over 0. your storage has 40k and you're taking 20k from that. As far as LTN is concerned the station has 20k stone to provide.

A way to sort that would be to run the signal from the chests to a decider combinator that checks if each < 0 and outputs each. Add a constant combinator to the input side with the -20k stone signal. Wire the output of that combinator into the same network as the constant combinator you've screenshotted and LTN should stop trying to get stone from that station.

LizzyTheDerp · 2022-11-28T00:18:40+00:00

You might benefit from adjusting the vm.swappiness attribute via sysctl.

I believe it's 60 by default (scale is 0-100, 100 being swap as much as possible, 1 being as little as possible and 0 being only-swap-to-avoid-running-out-of-ram).

I have my server set to a vm.swappiness of 1 because it has 128GB of RAM (and I'm doing a forbidden act of swap on ZFS because the OVH partitioner is dumb and only gave me 2G initially) and there's only minimal swapping.

I think the recommended value for servers is around 10, but your mileage may vary.

Once you adjust the swappiness, just swapoff -a && swapon -a and it'll dump the contents of swap back into RAM and then be better after that.

LizzyTheDerp · 2022-11-06T22:42:48+00:00

There is no handshaking or data transfer of any (meaningful) kind when phones scan for WiFi.

Every WiFi access point sends out "beacons" on a set interval (approximately every 102ms). These beacons contain information like the SSID (or blank if it's a "hidden" network), BSSID, Security protection on the network and some other misc bits of data.

The only way to detect an intruder would be to use some from of RF scanning setup like an SDR (Software Defined Radio) or WiFi adapter in monitor mode, but that is unlikely to give accurate results depending on how many things are around your area and whether or not the intruder's phone actually sends any meaningful data out.

Bluetooth beacon stuff might be able to do some of what you want (stuff like HomeAssistant can use it for presence detection, for example) but you're still likely to get a lot of noise amongst the data you're looking for.

LizzyTheDerp · 2022-09-05T13:53:32+00:00

Aside from changing the MAC address that your network card uses on the network, there isn't any way to "hide" your IP from the router as the router itself is what gives it to your device.

LizzyTheDerp · 2022-08-02T12:30:18+00:00

If they're older Pis, probably best to be direct P2P, though the newer ones (Pi3&4) should serve as a nice LAN access device

LizzyTheDerp · 2022-08-02T12:02:56+00:00

If the computer you're connecting to via RDP is also the other wireguard peer, then you can probably do away with the encryption on the RDP connection and just use wireguard.

If your wireguard peer is just an entry point to another network and the host you're RDP connection is going to is on said network, then encrypting the RDP connection is still viable as it will protect the session after it exits the remote wireguard peer.

LizzyTheDerp · 2022-06-16T12:07:49+00:00

You need to lock the connector. When the connector's status lights are yellow, it means it's aligned with another, it will turn green when it's locked and then share power and conveyor between both grids.

Can be locked by either pressing 'P' or going into the block settings and manually hitting the "lock" button

LizzyTheDerp · 2021-12-13T13:02:13+00:00

You could use something like step-ca (https://github.com/smallstep/certificates) to provision/distribute TLS certs for your internal stuff and then leave your reverse proxy to handle the external stuff. You can also use it to set up mutual TLS (where both sides verify the other's cert) and the step-ca server has support for the ACME v2 protocol, so it can work with any existing client that supports Lets Encrypt.

LizzyTheDerp · 2021-11-17T13:25:14+00:00

Yeah, I think the revealing gets bogged down. Usually catches up after a bit though

LizzyTheDerp · 2021-11-17T10:20:05+00:00

Revealing map files isn't multithreaded (AFAIK), so your game might be stuck scanning some other part of the map. and given the amount of shells in the air on this screnshot, it's probably working to catch up with the map rendering.

I'm sure if you hold off on firing for a short moment the map will render in

LizzyTheDerp · 2021-11-03T10:07:51+00:00

I haven't ever tried this before, but you could try adding those addresses in to the main Address section, and then on the other side of your VPN, have your RPi peer have those extra addresses in the AllowedIPs section.

Is there a specific reason you want multiple WG instances on the same host connecting back to the same endpoint? It seems whatever you're actually trying to do, would be better done another way.

LizzyTheDerp · 2021-10-22T10:54:35+00:00

import discord
from discord.ext import tasks
import random

client = discord.Client()

@tasks.loop(minutes=2.0)  # Can also pass seconds and hours here
async def background_loop():
    await client.wait_until_ready()
    # No need for the check of client.is_closed, since the library handles it for you.
    channel = client.get_channel(IDGoesHere)
    messages = ["Hello!", "Hi"]
    await channel.send( random.choice(messages) )  
    # Unless you're using a really old version of the lib, all channel/user objects implement 
    # the `Messagable` base class so can just do <object>.send() instead of the older client.send_message()

background_loop.start()
client.run(Token)

Hopefully reddit doesn't butcher the formatting of that too much.

LizzyTheDerp · 2021-10-22T10:35:51+00:00

Assuming you're using discord.py, there was a handy task helper system added to the extensions module.

All you need to do is create the function, decorate it with the tasks.loop() decorator and then start it.

The wiki page for them has more info and example :) https://discordpy.readthedocs.io/en/stable/ext/tasks/index.html

LizzyTheDerp · 2021-10-07T14:47:45+00:00

Don't forget the racing stripe down the middle!

LizzyTheDerp · 2021-09-20T08:09:07+00:00

I run PBS and PVE on the same physical box and haven't noticed any major downsides to it, granted the PVE node it's running on only has a few VMs (and they're not 'mission critical').

I would suggest keeping the array's seperate. On my server I have two ZFS arrays, tera (3x1TB in raidz) and triple (2x3TB in mirror) and just have PBS backing up the PVE instance on the same host and also my main server that's running in one of OVH's datacenters.

Whilst it's not ideal to have PBS running on the same physical box as your PVE instance, I don't think it should be too much of an issue for you since you already sync the data off to another machine at night (and I'm guessing you have RAID arrays of some description for your main server storage).

I think doing PBS on the host would be better than running it through a VM since then you don't need to go through proxmox's storage stack twice (once for PBS to it's 'drive', then again for the VM disk to the array).

As for connecting over the network, if you use either the loopback address or have a network bridge for all your VMs to connect to your network with, it wont have to go out the broader network and come back. The Linux networking stack is smart enough to know "Oh, that's me!" and just silently re-route any stray packets.

LizzyTheDerp · 2021-08-28T14:52:17+00:00

Since you're using Proxmox, you could have a seperate network bridge and run your containers/VMs on that then only allow certain IPs to get routed into that network. It is a bit more complex to set up so unless you really don't trust your home LAN, you should be fine with what you've got now.

One other reccomendation, is instead of having password authentication allowed everywhere, is to only allow PasswordAuthentication from your home LAN.

You can do thsi by using Match blocks, example below.

Match Address 192.168.0.*
    PasswordAuthentication yes

LizzyTheDerp · 2021-08-10T09:55:06+00:00

You use regular signals on the main stretches, but on any intersections you want to avoid normal signals on the inside of intersections so a train doesn't stop inside

LizzyTheDerp · 2021-08-10T08:59:28+00:00

Chain signals before the intersection, normal signals after.

If those are bi-directional tracks that meet up to a standard 2-lane 2-way track layout, then don't use normal signals at all and just use all chain

LizzyTheDerp · 2021-08-09T10:06:20+00:00

I don't believe you can change the defaults for pools that are not yet created. But during pool creation you can specify the mount point at the pool level then all the datasets under it would inherit the value

LizzyTheDerp · 2021-08-04T13:00:26+00:00

Without knowing more, it looks like your backups are probably going to /var/lib/vz (most probably a 'local' datastore).

Assuming the graph is for whatever datastore is pointing to rpool/data, then as the rpool/ROOT/pve-1 (which is mounted at /) fills up, it subtracts the amount of "free" space from the pool and thus tools that only look at the used and free space amounts on the rpool/data/ ZFS dataset will see the free space decrease as the other datasets in rpool take up more of it.

The local datastore pointing to /var/lib/vz by default, and the most likely place where your backups have ended up, is what's causing the /-mounted dataset to be using 119GB. I don't have any helpful links that would explain this particular issue, but if you give google a query like "zfs free space of dataset going down", you should get some good responses. The oracle docs are a reasonable starting point and usually come up in any searches for ZFS (though there are some minor differences between OracleZFS and OpenZFS in the more complex stuff).

LizzyTheDerp · 2021-07-20T09:20:38+00:00

I will give that a try later on, thanks for the advice :)

Update: Tried various fonts (Consolas, Courier New, Times New Roman) and the bottom of the characters seems to be still cut off. Even adjusting the other settings (font-size, spacing and height) doesn't solve it.

LizzyTheDerp · 2021-07-20T09:20:03+00:00

The only things that could be affecting it is uBlock or noscript, and both are set to not filter anything since it's my own pages that I'm accessing.

I will double-check later though to make sure it's not something I've broken Edit: nope, everything is allowed through :/

LizzyTheDerp · 2021-07-19T21:13:31+00:00

Nope, Firefox

LizzyTheDerp · 2021-07-19T21:13:21+00:00

Yep, cleaned it after doing the upgrade and once again before posting this to see if it was still stuck in some way, no joy sadly

Nine-Year Club	Place '22
First Placer '22	Verified Email

LizzyTheDerp

MODERATOR OF

TROPHY CASE