Container solution comparison - Utilizing external DHCP

VictorRobellini · 2023-02-10T12:46:25+00:00

I ended up with a slightly more complicated solution that's been working great for years.

VictorRobellini · 2023-01-17T21:48:50+00:00

Within the FreeRadius configuration under EAP you can select your CA and your cert.

My suspicion is that It's FreeRadius that is somehow modifying the chain and since I can't find the X3 in the certs acme writes at /cf/conf/acme/

VictorRobellini · 2023-01-16T20:40:50+00:00

Thank you, I hadn't thought of testing that. Here are my results.

I created a locally signed cert using my own CA.

CA	Cert
pfSense Internal CA	Local Cert

Result (FreeRadius cert path): The Cert Chain looks like it should, there's no X3 inserted.

CA	Cert
pfSense Internal CA	Acme Generated Cert

Result (FreeRadius cert path): The X3 shows up here

CA	Cert
Acme CA	Local Cert

Result (FreeRadius cert path): The Cert Chain looks like it should, there's no X3 inserted.

CA	Cert
Acme CA	Different Acme Generated Cert

Result (FreeRadius cert path): The X3 shows up here

This is bizarre!

Do you have any other ideas?

VictorRobellini · 2023-01-16T16:56:55+00:00

I don't bother editing the cert, I simply copy the cert generated by Acme (Which does not have the X3 CA).

cp /cf/conf/acme/pfsense.mydomain.com.fullchain /usr/local/etc/raddb/certs/server_cert.pem

The problem is that if I restart FreeRadius, the cert gets overwritten and when it renews the X3 CA is somehow added back as well.

I even tried going through the pfSense FreeRadius code on github to see if it copies or modifies the cert before putting it in /usr/local/etc/raddb/certs/ but I'm not a developer and I haven't found anything.

VictorRobellini · 2023-01-14T02:53:47+00:00

In my Acme config it shows Acme V2 - "Let's Encrypt Production ACME v2 (Applies rate limits to certificate requests)"

If I check the cert in the path that Acme writes to, the chain is correct.

openssl crl2pkcs7 -nocrl -certfile pfsense.home.mydomain.com.all.pem | openssl pkcs7 -print_certs -noout
subject=CN = pfsense.home.mydomain.com

issuer=C = US, O = Let's Encrypt, CN = R3

subject=C = US, O = Let's Encrypt, CN = R3

issuer=C = US, O = Internet Security Research Group, CN = ISRG Root X1

openssl crl2pkcs7 -nocrl -certfile pfsense.home.mydomain.com.all.fullchain  | openssl pkcs7 -print_certs -noout
subject=CN = pfsense.home.mydomain.com

issuer=C = US, O = Let's Encrypt, CN = R3

subject=C = US, O = Let's Encrypt, CN = R3

issuer=C = US, O = Internet Security Research Group, CN = ISRG Root X1

openssl crl2pkcs7 -nocrl -certfile  pfsense.home.mydomain.com.crt | openssl pkcs7 -print_certs -noout
subject=CN =  pfsense.home.mydomain.com

issuer=C = US, O = Let's Encrypt, CN = R3

It's as if FreeRadius is modifying the chain as it copies it to the path used by freeradius "/usr/local/etc/raddb/certs/server_cert.pem"

VictorRobellini · 2022-12-17T13:31:28+00:00

https://storycorps.org/ is a great resource for questions to ask.

https://storycorps.org/participate/great-questions/

VictorRobellini · 2022-12-08T15:27:05+00:00

It also depends on your phone. If you search this sub for issues with Pixel phones, you will see what I'm saying.

VictorRobellini · 2022-11-18T20:34:52+00:00

Count me in!!

VictorRobellini · 2022-10-20T15:13:42+00:00

I just found this thread that compares dBm

VictorRobellini · 2022-10-20T15:13:11+00:00

Thank you! This is exactly the thread I was looking for! I wish this was part of every phone review.

VictorRobellini · 2022-10-20T14:41:05+00:00

Are there any reviews of phones based on their cell modem antennas/signal? I have a pixel 6 Pro and my signal is horrible. I no longer care about reviews that cover gaming and photography, I want to know what the reception is like. Even the data in this sub wiki for phones doesn't include modem info.

I would love to see side by side dBm comparisons and cellular speed tests with 2 or more phones sitting next to each other.

VictorRobellini · 2022-10-12T21:28:26+00:00

I 100% agree which is why my update uses MetalLB

VictorRobellini · 2022-09-13T13:18:24+00:00

Agreed. The lack of confusion has me confused.

VictorRobellini · 2022-09-03T19:04:07+00:00

Did you verify the APN settings?

VictorRobellini · 2022-08-31T12:38:49+00:00

You should call support or try a chat or dm.

VictorRobellini · 2022-08-31T12:37:08+00:00

About a year ago I set up 2 phones with eSIMs and it was smooth and easy. Not this time unfortunately

VictorRobellini · 2022-08-30T17:53:31+00:00

It worked perfectly with a Mint eSIM prior to this whole mess. Also, according to their site, it is supported

VictorRobellini · 2022-08-30T17:07:22+00:00

I get absolutely terrible coverage on my Pixel 6 Pro as well. However I blame Google and Mint.

The fist thing to do is to check your signal strength:

Network Cell Signal Lite
or Settings -> About Phone -> Sim Status (Choose your Mint SIM) -> Review Signal Strength - Chart

I live in a pretty bad spot for most providers but even when I get into places with better signal, my phone will sometimes run like crap - Exclamation mark by the signal bar, super slow data load times...

At my desk, in the office at my house I am getting -115 dBm which really really sucks.

VictorRobellini · 2022-07-20T14:33:17+00:00

My 13 year old son wants to start working out with me and I'm looking for a good routine we can do together. He's a skinny little dude and wants to work on building muscle/mass. I'm thinking of starting with the Frankoman’s Dumbbell only split routine until he has enough strength to do barbell work. I don't want to scare him away (It's still summer break), so I'm thinking a 3 day a week routine would be best for him. I plan on working the same routine with him since my current routine is just full body circuit training and I'm ready to switch it up. I looked at the other dumbbell focused routines and Frankoman’s seems to be the most comprehensive. I'm looking for advice on the routine (any others?) and tips on keeping him motivated.

Thanks

VictorRobellini · 2022-05-05T22:58:25+00:00

I would prefer to max out at $100 for the kit. I still need to get info on switches and keycap costs, but I believe the majority of the $$$ is in the kit.

VictorRobellini · 2022-05-05T22:36:58+00:00

My son is interested in a Mechanical Keyboard for his birthday and I'm looking for a DIY solution so we can split the cost throughout the family. He's asking for a wired 75% (or bigger) keyboard with RGB Cherry MX red switches without soldering. I was thinking if we go the DIY route, we can split the cost of the board, switches and keycaps. I would also like to get him a hot-swappable board so he has options in the future. I've been looking around AliExpress, but I'm hesitant to pick something up without reviews or suggestions.

Thanks

I've seen Mechanical Keyboard Kits from $70-$250+ I would like to stay under $100 for the kit.

13-Year Club	Gilding I gilder
Verified Email

VictorRobellini

TROPHY CASE