FreeNas, Transmission and Corrupted Files – Part 2

This is continuation of FreeNas, Transmission and Corrupted Files – Part 1

When corruption started to hit it was bad… few of seeded torrent were crying about error, and each time I did Verify local files they end up cleaning them to 0%. It was very annoying, because after verification it want to redownload same file over and over again.

I started thinking… Could it be because of someone abusing tracker? I read multiply time about poisoning tracker and sending corrupted segments, but the more I read about that possibility the less it looked to be even possible, because of all those checksum inside bittorrent clients and microTP (uTP). It was more and more strange… I even reach out to mod of that tracker, but that didn’t yell any more information – but I did notice same IP sending same file so I reported that IPs as possible culprit – just in case because It would be faster and simpler for them to check if those few IPs are getting strange upload stats for less popular torrents (very rare Linux distributions)

I updated transmission by hand because I wanted to be sure its not a software issue – that did not helped.

I wanted to exclude possibility of external process modifying those files – I used AuditD…. and it was horror… It was horror because this is not suite for processes that run as deamons, its designed the way you could audit living/automated login into shell and then interrogate aka audit users/accounts.

Gladly someone said ‘I WANT TO USE IT THAT WAY’ and made a wrapper setaudit and it was a godsend. As Transmission is running inside Jail setaudit overcome any issue I had with auditd.

Running auditd gave me confirmation that the transmission indeed is overwriting files that I already had (basically nuke them).

It was time to check for hardware failure – but the strange thing was that always the same files got corrupted. But we live in strange times … anything is possible if you believe hard enough.

And after many-many hours and many-many tests later nothing came up from them I was still in middle of nowhere…

Then It hit me like a track… I tweak the jail because I was trying to overcome the issue with network and bypass limits of that container that In the end were not container fault, but I did not reverse those tweaks because they didn’t harm anyone, right?

Maybe it was cosmic radiation, maybe it was a lucky guess or conflict with upgraded version but after removing allow.raw_sockets=trueand rebooting I never had those corruptions issue ever again.

Facebooktwittergoogle_plusreddit

FreeNas, Transmission and Corrupted Files – Part 1

After many years of just ‘taking’ I mature and upgraded my setup to be able to give community back what I took.

I setup RAID 6 FreeNas machine. Thanks to playing with those I understood why everybody in FreeNas community hate Realtek and why people just say to throw it away and get something that works (FreeNas: Realtek 8111F and re0: Watchdog Timeout Error  and FreeNas: Realtek 8111F and “re0: Watchdog Timeout Error” – universal solution). In the end I join the ‘hate club’ and bought Intel PRO 1000 PT Dual Port NIC. Fun part is that Linux handle Realtek with ease but I been with Linux when It didn’t like most of hardware that Windows support so I can understand that there are still hardware issues with FreeBSD.

Cool, FreeNAS install without any issues.

If you unfamiliar with FreeNAS it comes with ‘plugins’ that are basically jails with pre-configured application that ‘just works’.

I slap that Install button and almost instantaneous I had working Transmission 2.93 (FreeNAS should work about pushing updates to plugins faster but yeah, nothing to complicate that we cannot fix ourself if needed)

I mounted needed directories, slap few torrent files that I already had there and enjoyed how transmission is handling all those sweet, sweet files out there.

And Tranmission was working and it was doing good. But after many, many torrent more that join the seeding happy farm not many people did connect to share the love from me. I started tweaking Transmission. Setting by setting I scope documentation looking for holy grail, some magic setting that would boost simultaneous connections. I found few. So I created new config file, and it was good. Not the best but I notice some connection increase. But I was thinking that maybe its because the application is inside jail aka virtual network interface. Few threads on popular forums, many many blog post later I saw the solution allow.raw_sockets=true. Great I saw a big improvement with connections – but who know if that was really all this tweaking doing or just someone join the swarm.

Few days later I notice big (I could even say tremendous) packet drop from/in my network. What was happening ? Router that is used between NAS and WAN have working QoS rules so it shouldn’t be a problem with using to much of bandwidth… So what was it ?

Culprit here was the CPU inside the router – we need to remember that using fancy feature that make router even smarter use CPU. QoS, Firewall, VPN all of them take some of that sweet-sweet pie (CPU). But why its dropping packets you ask? Simple, there is less and less CPU power to handle all the traffic that is going to and from network so everything is super slow. But wait, didn’t it work before Transmission? Yes it did – and we could disable some functions but we can do better. Lets optimize some firewall rules, we can cut QoS from 10 types to 5 without big sacrifices. Is that enough? No, but we can tweak both Transmission and firewall rule for it. Let set ‘Max connections’ to smaller number and double that with same (or 1% more on firewall rule so we are double sure that anything that is marked as ‘new connection’ and is about our limit get dropped).

And this gave enough room for that sweet-sweet pie named CPU could handle ‘few’ packets more.

And it was good for months and months…

Until the corruption start to show !

(continue in part 2)

Facebooktwittergoogle_plusreddit

Add second IP address

You can add address to any network adapter, but that change can be temporary or permanent

Temporary:

Permanently:

 

Facebooktwittergoogle_plusreddit

MySQL row size too large (>8126)

This is something to do with bad table design, where you are using multiply columns with Text values, the best solution would be redesign tables, but from time to time you need to patch it at-hoc without redesigning application that use that database.

Solution that usually works:

 

Facebooktwittergoogle_plusreddit

FreeNas: Realtek 8111F and “re0: Watchdog Timeout Error” – universal solution

This is continuation from FreeNas: Realtek 8111F and re0: Watchdog Timeout Error

Last solution was only for FreeNas 9.1 which is now a bit outdated.

Below I will show you how to fix the issue (by compiling your own drivers that are dedicated for your os version):

In case the official link to tgz is down, here is mirror I made: 007-rtl_bsd_drv_v194.01.tgz

Facebooktwittergoogle_plusreddit

Nagios – New installation on Debian 9

If you have to install a really great network those such as Nagios those will be steps needed:

1.Installing Apache2 + PHP (Skip if you already have one):

2.Installing Nagios core:

3.Installing Nagios Plugins (needed !)

4.Enable SSL for Nagios (and not only)

 

 

Facebooktwittergoogle_plusreddit

How to setup VPN with PPTP

In the past there was a Personal VPN Server (OpenVPN) which gave us more security than PPTP could give us.

Then why would you want PPTP ? Because its faster and have lower footprint on CPU than OpenVPN. That way you can pick which you prefer in your case scenario. Also there is build-in support for PPTP in most devices.

Install:

And restart service:

Check if pptpd is listening to 1723 port:

Now setup some network stuffs:

Next in terminal:

Thats all on server side.

 

Client configuration:

Create config file:

Now we can connect to server (using name of the config file – pptpserver):

 

Facebooktwittergoogle_plusreddit

Personal VPN Server (OpenVPN)

Internet providers are collecting more and more data about our internet activities, but what can we do about it ?

You want to have secure access to your home servers, nas, devices ?

Virtual Private Network aka VPN is a solution for your needs!

 

1.Instalation

2.openvpn configuration

3.some system tweaks

4.Instalation and configuration firewall tool (so you don’t need to be iptables ninja)

5.generate CA, certs and keys for server

Just now we prepeared system envirement to generate, sign and distribute our certs thanks to CA (Certificate Authority).

Lets finish the fun with certs:

Move created certs and keys created for server:

 

and check if openvpn still starts (if not be sure there is no typo in config file or you moved correct files to correct location):

 

6.Creating certs and keys for clients:

Attention: user/group setting is not compatible with Windows

Client config file is still missing the paths for cert/key combo 🙂 but we will overcome this with one of two ways:

 

7a. Unified config file (one file to rule them all)

7b. Maybe you dont want to include cert inside profile file then we need to add this and copy needed files:

 

Facebooktwittergoogle_plusreddit

Running a secure DDNS service with BIND

If you lack of static ip for your home machines but would like to have static address to access them there is a simple setup to make on your primary DNS server to achieve that.

On our client side let’s generate some keys:

This will results in creating Kkeyname.***.key and Kkeyname.***.private, we will need to copy key from *.private file which will look like this:

Now on server let us edit BIND configuration file (eg. named.conf or named.conf.local) and add:

From now on we can allow zone updates by editing zone declaration and adding allow-update:

Last thing that we need to do on server i restart BIND

 

On client side we would need to use something capable of updating dns records (eg. nsupdate)

 

Facebooktwittergoogle_plusreddit