Secured connection to network (Android + OpenVPN)

Maybe you are using free wifi hotspots in your favorite cafe, restaurant or on airport.

Maybe your GSM Carrier is tracking your traffic in internet, of course for profiling/ad cause (I’m looking at you T-Mobile, I remember that you inject your internet plans ads in Twitter app)

Security wise there is a lot more of danger waiting at you at those ‘free’ hotspots.

So what to do?

What if I told you that you can still can use those bad but free hotspot while having somekind of protection? That you could hide some of that sweet-sweet traffic for yourself…

The solution that I want to introduce to you is a VPN

 

You don’t have to root your android phone to use vpn.

“OpenVPN fo Android” will work with payed service as self-hosted one (this is how you can setup one)

 

Advanced settings that will save your battery:

To protect your connection VPN need to be connected all the time – vpn don’t know when your application will get push notification, or when your friend will make a wificall to you. So it can drain battery a bit more than without using it. But you don’t have to sacrifice your battery life that much. We can tweak some settings to make it less battery hungry.

Edit two options in your vpn server config file /etc/openvpn/server.conf:

Allow new TCP port to accept connection:

Now change one setting on your android openvpn client config:

Remember to restart/reload your openvpn server so the new config will be used.

 

small Warning: TCP Protocol wasn’t meant to be used with VPN connection, with unstable internet connection you can fell a bit discomfort, but still the battery drain will be significant lower than with UDP setting.

Facebooktwittergoogle_plusreddit

Make Firefox forget cache/redirections

This one is really tricky. You can spam CTRL + F5 all day but firefox will still remember Redirection 301.

You CTRL + H aka History Bar, look for page you want to forget of, Right-Click and pick “Forget about this page” which in Polish is “Usuń całą witrynę” which is “Remove whole site”. This is why I “love” translations.

If this fails because you where redirected to error page or something you can try:

Facebooktwittergoogle_plusreddit

Washed out black in OBS

From time to time we can have issues with colors after recording session in OBS. Colors are pale, washed out almost colorless. You can try to tweak those this way:

In OBS go to Settings > Advanced > YUV Color Range and switch it.

Im using Color Format: NV12, YUV Color Space: 601, YUV Color Range: Partial and it made huge difference for my setup. Others use Full.

If you using NVIDIA drivers there is also one more trick ti fix it. Go to NVIDIA Control Panel > Video > Adjust Video Color Settings > With the NVIDIA Settings > Advanced > Dynamic Range: Full (0-255).

I tried to tweak those and reboot OBS or even PC to be sure that new settings are used. It is a hit or miss but once you happy with results you don’t have to touch this setting ever again.

The best way to check it is to put static image in OBS Scene with Black and Colors and compare the recording in high bitrates to original image.

Facebooktwittergoogle_plusreddit

When ln -s is not an option, aka webdav shares

Sometime ago I tried to make a webdav share that was symlink to directory, but no matter what, webdav refused to work with symbolic link. But there is a workaround with it.

If you mount a filesystem with --bind, you create a second mountpoint for a device or filesystem. This solve the need to use ln -s while ln dont work with directories.

Facebooktwittergoogle_plusreddit

Debugging bind zones and config files

While maintaining zones and config files by hand sometimes you can make typo. Nothing to worry. Let us start with basics:

First command check named.conf (if you use that one) for errors. Second check if everything is ok with given zone files for given domain. Third and last one show what bind output to log file that he didn’t like.

Common mistake is to update zones files manually while using signed dns. But there is an easy fix for that.

Facebooktwittergoogle_plusreddit

Migrating/copy WordPress site to new sub/domain by hand

From time to there is need to migrate or make a working copy of site that works on wordpress. There are many plugins for that but I will show you the manual way if you want to do it without 3rd party help.

I assume that you are able to connect to mysql via cli or with myphpadmin, and you are able to tell which database you use for you wordpress (wp_config.php). So lets get started

Just remember if you want to copy db and use new updated one edit wp-config.php to reflect those changes:


Facebooktwittergoogle_plusreddit

FreeNas, Transmission and Corrupted Files – Part 1

After many years of just ‘taking’ I mature and upgraded my setup to be able to give community back what I took.

I setup RAID 6 FreeNas machine. Thanks to playing with those I understood why everybody in FreeNas community hate Realtek and why people just say to throw it away and get something that works (FreeNas: Realtek 8111F and re0: Watchdog Timeout Error  and FreeNas: Realtek 8111F and “re0: Watchdog Timeout Error” – universal solution). In the end I join the ‘hate club’ and bought Intel PRO 1000 PT Dual Port NIC. Fun part is that Linux handle Realtek with ease but I been with Linux when It didn’t like most of hardware that Windows support so I can understand that there are still hardware issues with FreeBSD.

Cool, FreeNAS install without any issues.

If you unfamiliar with FreeNAS it comes with ‘plugins’ that are basically jails with pre-configured application that ‘just works’.

I slap that Install button and almost instantaneous I had working Transmission 2.93 (FreeNAS should work about pushing updates to plugins faster but yeah, nothing to complicate that we cannot fix ourself if needed)

I mounted needed directories, slap few torrent files that I already had there and enjoyed how transmission is handling all those sweet, sweet files out there.

And Tranmission was working and it was doing good. But after many, many torrent more that join the seeding happy farm not many people did connect to share the love from me. I started tweaking Transmission. Setting by setting I scope documentation looking for holy grail, some magic setting that would boost simultaneous connections. I found few. So I created new config file, and it was good. Not the best but I notice some connection increase. But I was thinking that maybe its because the application is inside jail aka virtual network interface. Few threads on popular forums, many many blog post later I saw the solution allow.raw_sockets=true. Great I saw a big improvement with connections – but who know if that was really all this tweaking doing or just someone join the swarm.

Few days later I notice big (I could even say tremendous) packet drop from/in my network. What was happening ? Router that is used between NAS and WAN have working QoS rules so it shouldn’t be a problem with using to much of bandwidth… So what was it ?

Culprit here was the CPU inside the router – we need to remember that using fancy feature that make router even smarter use CPU. QoS, Firewall, VPN all of them take some of that sweet-sweet pie (CPU). But why its dropping packets you ask? Simple, there is less and less CPU power to handle all the traffic that is going to and from network so everything is super slow. But wait, didn’t it work before Transmission? Yes it did – and we could disable some functions but we can do better. Lets optimize some firewall rules, we can cut QoS from 10 types to 5 without big sacrifices. Is that enough? No, but we can tweak both Transmission and firewall rule for it. Let set ‘Max connections’ to smaller number and double that with same (or 1% more on firewall rule so we are double sure that anything that is marked as ‘new connection’ and is about our limit get dropped).

And this gave enough room for that sweet-sweet pie named CPU could handle ‘few’ packets more.

And it was good for months and months…

Until the corruption start to show !

(continue in part 2)Facebooktwittergoogle_plusreddit

Export or save Putty configuration

From time to time we need migrate our putty configuration/sessions that we saved (configurations, IPs etc).

Putty store those data inside system register and those are some methods to extract them and save to new pc:

We end up with putty.reg on our Desktop which we can execute on new computer and enjoy with same settings/sessions as before.Facebooktwittergoogle_plusreddit

FreeNas: Realtek 8111F and “re0: Watchdog Timeout Error” – universal solution

This is continuation from FreeNas: Realtek 8111F and re0: Watchdog Timeout Error

Last solution was only for FreeNas 9.1 which is now a bit outdated.

Below I will show you how to fix the issue (by compiling your own drivers that are dedicated for your os version):

In case the official link to tgz is down, here is mirror I made: 007-rtl_bsd_drv_v194.01.tgzFacebooktwittergoogle_plusreddit

Nagios – network/device configuration

If you don’t have working Nagios installation fell free to follow Nagios – New installation on Debian 9 link.

We will need to add folder structure (for better organization) to nagios config file:

Not everyone have luxury to always use smart switches around network – those make live a lot easier, but life is not a dream 🙂

Let us make a template for non-smart aka no-ping switches:

Now we can define few switches like this:

You can most variables put to template file so there will be even less writing

Most common type of templete is: linux-server (you can check others in /usr/local/nagios/etc/objects/templates.cfg )

After making few .cfg files inside our directory remamber to chown nagios:nagios -R /usr/local/nagios/etc/devices/ to avoid erros and restart nagiosFacebooktwittergoogle_plusreddit