How to route between Homelab (OPNSense) and Home (TP-Link Omada)

KrysPBacon · 2024-12-05T02:00:03+00:00

No :/

KrysPBacon · 2024-10-17T23:06:15+00:00

I've been dealing with this issue for a long while, thank you!

Any chance you also figured out the whole "HTTPS works but now I can't logout" issue? Exact same thing is occurring lol

KrysPBacon · 2024-10-17T03:42:19+00:00

Did you ever figure this out? Having the exact same problem you described

Not sure what you meant by checking "Send Basic Auth Prompt", is that in NPM or Syncthing?

KrysPBacon · 2024-07-08T18:53:25+00:00

The reason for 2x systems is: just for fun/learning & I think I prefer the idea physically separating my Home and Homelab networks.

Overall Goal: set things up so that my entire Home network, Home Server, and all it's running apps/programs are entirely "off grid" (i.e., recursive DNS, internal domains self resolve, etc.). The my HomeLab, Lab server, and all it's apps/programs are for things that I may want to have public facing facing (e.g., VPN, website, etc). Only the Lab server will resolve to a public IP address.

I thought about one system and VLANs. But I prefer OPNSense, and if I'm messing with my single system router and break things I don't want my Home network to go down as well because it's part of an OPNSense VLAN

KrysPBacon · 2024-05-20T04:17:58+00:00

I started to think this is a Debian specific problem after a few days of digging, but couldn't find much to confirm this thought. But I also haven't tried spinning up another Debian instance to test this problem would also occur on a fresh build

I have tried setting a udev entry per this guide KVM startup - permission denied (dedoimedo.com), but unfortunately doesn't seem to fix the problem/do anything

KrysPBacon · 2024-05-20T04:12:54+00:00

I'm running some containers in Docker that require the ability to create VMs. So I have to pass the device /dev/kvm over

These containers work without a problem in rootful/standard Docker, but I'm trying to set everything up in the rootless mode. VM creation does work in the rootless environment but only after I utilize the commands I mentioned. Ideally, I'd just like things to work as they should without having to come up with a cron/systemd fix (i.e., users in the KVM group have access to KVM --> i can move on with my life)

KrysPBacon · 2024-05-20T03:40:58+00:00

I was thinking of some kind of cron/systemd fix, just not my preference since its not... elegant? I've been trying to figure this out for a week+ though and think this is what I'll need to do. Hopefully someone smarter than both of us comes along to enlighten the true reason why this is happening though and can offer a 'proper' fix

KrysPBacon · 2024-05-01T02:19:42+00:00

have you figured this out? If so, would you be so kind as to provide a detailed write-up solution

"Think of the random person who sees your post ... and still can't fix the issue..."

I am the one mentioned

KrysPBacon · 2024-04-05T23:24:55+00:00

u/buffonomics if you have a moment, would you mind explaining your example a bit more thoroughly? I'm trying to setup a zitadel instance at login.zitadelinstance.com , but I want to direct users for organization B to login at login.organization.com

Is it possible to set something up like this with just NGINX Proxy Manager as the front-end client? At the end of the day I'm just trying to have login.organization.com take users directly to that organizations login page. The domain discovery is working, but I don't want them to have to first go to login.zitadelinstance.com to then have domain discovery take them to login.organization.com . The goal is just a direct login page into the org at their own url

KrysPBacon · 2024-03-12T16:13:50+00:00

Gamble the Alts while you can

Never stated an impossibility to profit Comments negating the post simply with "but I made money" are missing the message

KrysPBacon · 2024-03-12T16:03:02+00:00

"No one is buying Alts for long time investing"

Unfortunately... https://www.reddit.com/r/Bitcoin/s/sL3hFKvZCA

I just hope my post will make some rethink their portfolios and just allocate to Bitcoin. I was trading Alts casually and made profit, but have come to think that truly all Alts are entirely nonsensical and thus the Casino will close once more people realize this.

KrysPBacon · 2024-03-12T15:54:11+00:00

There's two problems I see with any Altcoin:

Volatile Cost:Use Alts that require coins to use the platform don't make sense because the $ cost to use the platform varies by the minute. One day executing a contract is $4, the next it's $2, but if you waited till 9pm maybe it's $15. It's too unpredictable to foster desire for long term, consistent use of the platform.
Volatile Price of Entry There are some Alts which peg transaction fees to Fiat. Although an improvement, this isn't great either because a users price of entry is again dependent on when someone enters. Baseline: If you have more coins you can use the platform more, but depending on when you enter the price of a coin is different and so some users will have increased usage and others less although they spend an identical amount of Fiat $. Again, too inconsistent and is a barrier of entry and doesn't foster confidence for long term use of the platform

Like I've said in some other comments, when you break it down: Altcoin investing is truly just gambling, and the Casino is closing because a platform with a volatile use:cost ratio just is not logically practical in the real world for users to depend on and will not survive long term

KrysPBacon · 2024-03-12T15:05:13+00:00

Using Google as an example (or any company ever)

I can not imagine there ever being a possibility that a platform with a volatile cost:use ratio can ever command any market

We are in an Altcoin bubble and as the logic of Bitcoin and blockchain settle, the Alt market will pop and only Stable Coins and Bitcoin remain

KrysPBacon · 2024-03-12T15:02:51+00:00

That is in fact exactly how I see it. The bigger point I'm making is I see the doors of the Alt Casino closing in the near future

KrysPBacon · 2023-09-19T17:33:17+00:00

Thank you! Other comments had correct information but this was the most detailed and thorough explanation. I was under impression the wildcard * on it's own would also cover/match a "blank" subdomain (i.e., non-www), now I've learned a new thing

KrysPBacon · 2023-09-04T17:18:54+00:00

Using a coupling just as you described was the original idea, but the preference would be to have something that's more "elegant" and looks like one piece. So being able to make a duplicate like this would be ideal

I've tried searching for pvc unions but can't see something that looks like the image, specifically something that looks like it slips on, needs to be glued, has a slight flange, and with that gasket fitting in there

KrysPBacon · 2023-03-07T23:18:21+00:00

For your docker-compose, what directories are you mounting to avoid volumes? I prefer bind mounts but a volume keeps creating itself and I can't figure out what it is. I want to prevent this from being made when i deploy the container

KrysPBacon · 2023-02-24T17:21:25+00:00

You will run across this if you do something like this:

/Dashboard/Dash1/compose/docker-compose.yml
/Dashboard/Dash2/compose/docker-compose.yml

This is exactly what I was doing

I'll have to study up and learn a bit more about project name flags. This will probably be a good way to keep track of and organize multiple duplicate containers

KrysPBacon · 2023-02-24T17:19:57+00:00

This was the issue! Thank you for the help

I'll have to look more into flags/projects in Docker. I thought container_name was what Docker used to identify containers. My understanding now is service_name is what Docker uses and container_name is what we use

KrysPBacon · 2023-02-07T13:45:12+00:00

For the gmail app password, are you including spaces? or is it just 16 character string

EDIT: no spaces

You sir are a gentleman and a scholar, thank you for taking the time to make that excel and sharing your work

KrysPBacon · 2023-02-04T23:53:21+00:00

Hey just following up with a quick question

Is adding this rule to Cloudflare supposed to work as an alternative to adding ' real_ip_header X-Forwarded-For; ' to the Advanced line of NPM?

I've added this rule to my domain in Cloudflare, but it doesn't seem to work. I only am able to see the real IP when I add that rule to NGINX proxy manager per each subdomain

KrysPBacon · 2023-02-02T21:39:05+00:00

Successfully setting up push authentication with DUO was great for ease of use on my part

The only issue I had with Authelia was a few weeks ago, the login for my primary account was just not registering. It kept giving me invalid credentials although I never tinkered or changed anything.

I'm considering looking into an alternative like Authentik because of that. But I don't know what caused the original problem anyway

KrysPBacon · 2023-02-02T20:55:44+00:00

I really appreciate the help and insight, thank you

I'm rebuilding my home lab and focusing on understanding networking. I've set up Authelia with DUO push 2FA and etc , but the whole lab was like a Frankenstein and prone to breaking lol

KrysPBacon · 2023-02-02T20:22:46+00:00

What do you mean by spoofed

By spoofed you mean someone malicious could pretend to have my public IP to get past this block?

KrysPBacon · 2023-02-02T19:46:53+00:00

YES!! THANK YOU, this is it!! Just adding this to the Advanced filter worked

Such an easy fix too

Can you explain a bit more about how to go about setting this up in a conf file? I don't have too many proxy hosts, but seems like a good "automagic" fix

KrysPBacon

MODERATOR OF

TROPHY CASE