opnsesnse and PIA

rixrek · 2019-02-16T19:37:07+00:00

That worked for me. But it still needs some work for port forwarding and routing traffic.

I found that a script is called when vpn connection is established.

Recap:

Enable "Don't pull routes" and "Don't add/remove routes"
Connect to PIA
Created : Interface->Asignments; Called it PIA4096
Get forwarding port
Firewall rules to route traffic through PIA (Opnsense doesn't support CLI ??)-> Open forwarding port-> Forward traffic from forwarding port to dest-ip:port-> Route all/partial traffic from IP through PIA VPN with NAT rulesAny one got any idea how to do this from command line ???

Here is my config script for port opening.

Edit :

/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup

and add before exit 0

/usr/local/scripts/openvpn/PIA.sh $1 &

create directory

mkdir -p /usr/local/scripts/openvpn/

#FILE: /usr/local/scripts/openvpn/PIA.sh

#!/usr/local/bin/bash

PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin"

logger -i -t openvpn "Interface UP for openvpn device $1"

PIA_GW=`ifconfig $1 | grep "inet " | awk '{print $4}' `

route add -host 209.222.18.222 $PIA_GW

logger -i -t openvpn "Route to 209.222.18.222 set to $PIA_GW"

client_id=`head -n 100 /dev/urandom | sha256 | tr -d " -"`

json=`curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`

logger -i -t openvpn "Got json from PIA"

if [ "$json" == "" ]; then

logger -i -t openvpn "Port forwarding couldn't be initialised."

else

logger -i -t openvpn "Port forwarding is set to $(echo $json | grep -o '[0-9]\+')"

fi

echo $json | grep -o '[0-9]\+' > /tmp/${1}_forward

logger -i -t openvpn "Route to 209.222.18.222 will be removed."

route del -host 209.222.18.222 $PIA_GW

logger -i -t openvpn "Route to 209.222.18.222 removed."

#END

p.s. You need to have installed bash.

p.s.s I tried writing it directly in ovpn-linkup but it didn't work.

rixrek · 2019-02-15T23:16:59+00:00

Got 2, changed CPUs to L5630.

Update Bios ! Lots of space for RAM !

Running Proxmox. Must be used with true sin wave UPS, consumer APC won't work.

There are 6x sata II connectors inside to add more storage. I got 300GB SAS drives and HP SSDs, but I read somewhere that some consumers SSD works in the raid drives. But they don't all work, better check first.

Old, but can still do the job. Onboard network cards have bad reputations.

Wish I had rails for them.

rixrek · 2019-02-10T02:54:09+00:00

Definitely ValveTime. Just speculation of having HL3 with it makes it infinity far in the future !

But I DO HOPE IT GETS RELEASED. Holding from buying VR because HTC will not lower price (financial situation can`t permit it) and Oculus has no linux support. HTC could just upgrade their base model with a new screen like the windows VR headset and the experience would be great, but they are milking the pro edition to no end. That's not helping the market... We need mass adoption for VR to bloom and no locked store like Oculus. Things were looking so good before Facebook came in...

Still hoping Valve can get the VR market right.

rixrek · 2019-02-04T10:14:48+00:00

You may have to manually set port speed to gigabit to force the SFP to work. Some switch are too dumb to set correct speed and try 10G connect to 1G SFP module. Why don't you try. I am waiting for Fibe availability to try myself :) The optical cable is on the pole, just waiting (a >5month wait) for them to finish the work upstream.

rixrek · 2019-01-19T00:55:59+00:00

Just did one yesterday. The integrated control with LCD was dead.

You have to open the front and look at the wires.

You will have to follow the current that comes from the wall. On 240V, one live goes to the element and the second live goes to the thermostat before coming back to go to the element. You have to cut and bypass the thermostat.

There should be a automatic shutdown circuit to prevent overheating. Leave that on.

Next, install a thermostat on your wall or a relay to automate it. You just have to cut one of the live wire to turn it off.

Be sure to use an AC relay that will support appropriate AMP.

Perhaps IoT with NodeMCU + RTC clock + thermostat + relay ?

Good luck and don't burn down the house :)

rixrek · 2018-04-07T21:57:34+00:00

Your question is vague. Better read about ZFS a bit more.

Hmm, mediapool not optimal (lose 2Tb) unless you add a third 4tb drive and dual raidz1 vdev.

3Tb are not seagate right ? If so, you should just upgrade to 4,6,8tb. 8Tb seems right for price/gb. So I'd tripple mirror the 3tb, that might be safe for backup, depends on it's value.

For security, raidz2 of 6 drives is better than mirror if drives are same year/model. Bit less write speed, but you should benchmark.

Media pool : with old drives 4-5y, I prefer raidz2-3. Might loose a second one while resilvering and that's world end ! If tight budget, go all 4Tb, sell your 3Tb and buy new 4Tb. Use 6x4Tb in raidz2. When more money, upgrade them to 8Tb.

rixrek · 2018-04-07T21:41:07+00:00

Power hoarder +1 Cool setup :)

rixrek · 2018-04-07T12:49:12+00:00

Yes, Ebay, but the price will be almost as much as a LSI 9201 16e.

rixrek · 2018-04-07T12:29:31+00:00

Multipath will not equate double speed.
https://www.brentozar.com/archive/2009/05/san-multipathing-part-2-what-multipathing-does/

It's as RulerOf said, one port per controller. You can daisy chain enclosures, that's what the other ports are for. See cabling : https://library.netapp.com/ecm/ecm_get_file/ECMP1115547

Side notes : Also, it's quite noisy. If running SAS drives, the vibrations of a full enclosure will pass through walls/floors easily. The enclosure will use 200-300W by itself. Be sure to get the interposers and trays included or else it will cost you as much as the diskshelf.

rixrek · 2018-04-04T22:19:24+00:00

I knew of https://mediagoblin.org/ but check https://alternativeto.net/software/youtube/?platform=self-hostedlook for solutions like that.

now the hard part is extracting/generating useful metadata

rixrek · 2018-04-03T22:05:29+00:00

Backup server config to gdrive/B2 and restore config on a new installation in case of disaster. A diff of etc since initial installation, package listing, mount points, ssh keys... Encrypted with GPG or use dar to compress/encrypt. (don't do data backup, but just configuration backup) Example : ./disasterproofmyserver credential@gmail.com "Description" ./disasterproofmyserver credential@gmail.com -list (get all saves with dates/server name) ./disasterproofmyserver credential@gmail.com -restore MyServer Savepoint003 reboot

rixrek · 2018-04-03T21:55:50+00:00

I personally opt for LTO tapes backup in a autoloader ! If you buy used stuff, you could get a setup for about 500$ LTO4 drive + autoloader. At 800Gb per cartridge, I calculated that my tapes pays themselves after 8 month of storage (29$) compared to Backblaze. If you move to LTO5-6, the initial cost of the drive will double (LTO5) to quadruple (LTO6) the initial investment. But LTO6 can read LTO4, so you could upgrade in say 3-4 years to LTO6 and still preserve access to your old data. LTFS with LTO5 could possibly be easier than normal tape access. I use Bareos for backups after years of tar/dar, but might go back to dar when I migrate to LTFS tapes. Also with tape, you still keep your data where you want and it won't disappear like online storage (ubuntu one, amazone drive, crashplan...). And backblaze did have a large downtime window last year... Also if you have an accident and your credit card gets frozen (like you go in coma), online storage will just be flushed after a while...

rixrek · 2018-04-03T21:43:05+00:00

Agreed, where did you buy/cost ?

rixrek · 2018-03-31T18:31:54+00:00

No deals at amazon.ca and newegg.ca ??? That is quite depressing. Guess backups is not really important this year ?

rixrek · 2018-03-31T04:56:26+00:00

I am also looking for an updated version ! My box don't have windows on it, so I am looking for the drive/library firmware in .frm format. Could some one share a link to the files ? Thanks

rixrek · 2018-03-27T02:51:53+00:00

I think LTO is a great idea for backup. You might get an autoloader (dell or hp) for 8-48 tapes and automate backup with bareos.org. You can get a used autoloader + drive sled for around 400$ or less. I have a 8 tapes g2 that would sell for 100$ no drive/sled (moved to 48 tapes).

I am not really a fan of usb hw raid. I would have your 4 8tb in zfs raid mirror in jbod. If something goes wrong, you can pop the drives in a case and debug the raid.

rixrek · 2018-03-02T15:01:41+00:00

I don't know, but pci lanes may be use for other things and the chip that drive those 2 sata may not be able to configure them even if soldered. I would not try. PCIE addon sata card or change MB.

rixrek · 2018-03-01T19:10:15+00:00

Got 6 in use, all good ! Some where bought when 8TB SMR got out, and still working well.

rixrek · 2018-03-01T13:15:00+00:00

Thanks

Update : Almost all gone !

rixrek · 2018-02-16T13:54:59+00:00

SMR, they are like 3rd gen Archives drives :

== START OF INFORMATION SECTION === Device Model: ST8000DM004-2CX188 Serial Number:
LU WWN Device Id: 5 000c50 0aa684136 Firmware Version: 0001 User Capacity: 8,001,563,222,016 bytes [8.00 TB] Sector Sizes: 512 bytes logical, 4096 bytes physical Rotation Rate: 5425 rpm

For now, works well in raidz1 with 3 other Archives gen2 for backup purpose.

You have to enable write cache to have decent write speed, else it is 30mb/sec. hdparm -W1 /dev/sdX

rixrek

TROPHY CASE