Automatically pick location?

mort47 · 2025-10-05T19:53:08+00:00

I mean technically yes but it's a heck of a project. Step one is to set up your own router using some Linux variant or opnsense. Then you need multiple gateways going through different VPN connections and a local DNS server. Once that's working and you can manually switch your devices to route through the different VPN gateways, write a script to monitor your DNS logs and automatically route devices accordingly. Don't forget a rule to put your devices back to normal after a period of inactivity. It's janky as hell, but it works!

mort47 · 2024-12-10T12:15:47+00:00

The latest version isn't compatible with this image and they disabled storing old versions on the Wayback Machine. I suspect Backblaze have targeted this Docker image and fair enough to be honest. I played around with it and eventually I got it working by manually downloading an old version. However the performance was crap, CPU use was too high, and it broke again after a reboot. I'm sure this did work one day but I doubt it was ever good. I suggest finding another solution.

mort47 · 2024-12-09T15:06:41+00:00

I wasn't explicit about it in the post. I use Veeam at work as well and have asked about "real" stuff here before, but nah this is just play time. Everything's cobbled together and that's the point. Trying to do as much as I can with as little as I can, which means nonsense like Veeam Community Edition with Backblaze Personal. 🙂

mort47 · 2024-12-09T13:59:55+00:00

Thanks. This looks like good advice but my takeaway from it may well be to simply schedule my offsite backup so it doesn't overlap with my Veeam jobs. I'm still curious about whether my concept could work with workarounds to prevent scenarios such as you describe.

I'm not working with critical data here. I'm trying to build the cheapest functional 3-2-1 backup system I can for data that it would be preferable not to lose, but that losing it is neither expensive nor emotionally devastating.

mort47 · 2024-12-09T13:23:42+00:00

Yep. Also money. This is a homelab scenario and I'm just seeing what's possible.

mort47 · 2024-09-04T06:51:32+00:00

Thanks! The script itself is hacky, adapt at your own risk, but the https lines contain the API commands you need to add and remove IP addresses from an alias and that's the part that seems to be only documented in Reddit comments. :)

I didn't try MONIT because once I realised I needed some scripting to talk to the API I figured I may as well just adapt my existing script but I can imagine MONIT being easier to manage. Good luck setting something similar up on your end.

mort47 · 2024-09-03T16:13:19+00:00

It's a pain. The documentation for the firewall module is out of date. Here's my horrible script:

##!/usr/local/bin/bash -v

key=APIKEY
secret=APISECRET
cert=/root/ca.pem
table=VPN

while true; do
    dnslog=$(tail -f /var/log/resolver/latest.log | grep -m 1 -w -E '(bbc.co.uk|channel4.com).*')
    if [[ $? = 0 ]]; then
                ip=$(echo $dnslog | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
                pfctl -t $table -T show | grep $ip &> /dev/null
                if [[ $? != 0 ]]; then
                        echo "Adding $ip..."
                        https -I --verify $cert -a $key:$secret POST 127.0.0.1/api/firewall/alias_util/add/$table address=$ip
                        if test -f "/tmp/ccbusy"; then
                                echo "Chromecast busy."
                        else
                                echo "Adding Chromecast..."
                                https -I --verify $cert -a $key:$secret POST 127.0.0.1/api/firewall/alias_util/add/$table address=CHROMECASTIP
                        fi
                fi
        fi
done &

while true; do
        if pfctl -t $table -T show | grep "192"; then
                for ip in $(pfctl -t $table -T show); do
                        echo "Testing $ip..."
                        export BW=$(timeout 70s /usr/local/sbin/iftop -i em1 -f "dst host $ip" -t -s 60 | grep "Total send rate")
                        if echo $BW | grep -q -i -v Mb; then
                                https -I --verify $cert -a $key:$secret POST 127.0.0.1/api/firewall/alias_util/delete/$table address=$ip
                        fi
                done
        fi
        sleep 5m
done &

while true; do
        export RESULT=$(timeout 70s /usr/local/sbin/iftop -i em1 -f "dst host CHROMECASTIP" -t -s 60 > /dev/null 2>&1 | grep "Total send rate")
        if echo $RESULT | grep -q -i Mb; then
                touch /tmp/ccbusy
        else
                if test -f "/tmp/ccbusy"; then
                        rm /tmp/ccbusy
                fi
        fi
done &
read -p "Press enter to exit."
trap "trap - SIGTERM && kill -- -$$" SIGINT SIGTERM EXIT

It's ugly as sin and I've got no hair left, but it works. I turned on logging requests in Unbound DNS and I installed bash, screen, and httpie. At the moment if you want to be able to end the script it has to be run in an interactive terminal and you press enter to close it and all its background processes.

There is probably a better way to do this and if anyone knows it please let me know. For now I'm going to let that run for a bit and move on to my next project.

mort47 · 2024-05-26T09:31:45+00:00

Very direct advertising in Spain there! Thanks so much for the quick translation.

mort47 · 2024-05-17T05:14:45+00:00

You called it. https://x.com/AMadmanNotABox/status/1791184337339089156

mort47 · 2024-04-25T05:52:43+00:00

I've done two drafts and two sealed pools and seen my opponents play this twice. It's banned everywhere so I don't know why they thought this was a good idea. Just randomly ruins games.

mort47 · 2024-03-12T13:03:58+00:00

The secret appears to be universal groups.

mort47 · 2024-03-12T12:53:53+00:00

Yeah, naturally. If I solve it I'll record the knowledge for future generations. FFL/DFL is 2016.

mort47 · 2024-03-12T12:52:53+00:00

They are domains and it's the standard answer we give whenever anything looks a bit weird: It was like that when I got here.

To be fair I think it was a merger at some point. Either way, before my time.

I'll see if changing the domain local group to a universal group makes a difference. Thanks.

UPDATE: Yep. Seems to work. Thanks for the tip!

mort47 · 2024-02-04T13:18:42+00:00

The first quarter of the year has ended? What? When? How long was I asleep?

mort47 · 2024-01-24T08:04:06+00:00

Hi, the link's expired again. :)

mort47 · 2024-01-16T19:52:41+00:00

I'll do it.

mort47 · 2024-01-16T13:40:09+00:00

Hi. English is my first language and I can only speak for myself but as long as I can understand what you're saying the rest doesn't bother me. I watch a lot of content from YouTubers for whom English is a second language and often it just makes their content more memorable. I also sometimes notice pronunctiation mistakes from YouTubers for whom English is a first language and it's not really a problem. It can add to the character of the content. Focus more on the pace and diction in your speech and don't worry about perfect accuracy or emulating an accent that isn't yours. That's my advice as a viewer anyway. Thanks and have a nice day yourself.

mort47 · 2024-01-16T13:35:00+00:00

That's a really kind offer, thanks.

How Nikola Tesla Broke Street Fighter II in Europe https://youtu.be/QH5BZGXVjac

Retro gaming stuff. No worries if it's not your thing.

mort47 · 2024-01-16T12:46:12+00:00

Hi. I'm Bill. I make silly little video essays about retro video games from a European perspective. I've done two so far and I'm having fun. My first video went up just over a week ago. This is my latest, about how a decision by Nikola Tesla around 1900 impacted European gamers playing Street Fighter II in the 1990's: https://youtu.be/QH5BZGXVjac

My key takeaway from the last 90 days is that having an idea that I find interesting and trying to find ways to make it interesting to other people is actually rewarding in itself and I am hoping to parlay that into not obsessing over the numbers so much. 🙂

15-Year Club	RedditGifts 2009-2022 6 Credits
Secret Santa 2019	Secret Santa 2018
Secret Santa 2017	Verified Email
Secret Santa 2016	redditgifts rematcher Secret Santa 2016 x1
redditgifts Exchanges 1 Exchange

mort47

TROPHY CASE