SeeJayEmm

joined 1 year ago
[–] [email protected] 1 points 4 months ago

I made the plunge about a year ago. Spectrum assigns me a prefix but routing was spotty at best. In the end after all the troubleshooting pointed to the problem being the ISP I gave up and stuck with what works, IPv4.

[–] [email protected] 1 points 5 months ago (1 children)

I mean, if you spent the kind of scratch on an android phone you would on an iPhone and then not fuck around with it, you'd have a similar experience on Android.

Years ago I used to flash roms and generally tinker until I decided I needed my phone to be stable and stopped. My Note 20 is polished and stable, no complaints.

My wife has always had iPhones. I've used both and find iOS frustrating. These days, unless you're scraping the bottom of the barrel, it's mostly about comfort and preference.

[–] [email protected] 1 points 5 months ago

I have nextcloud AIO running behind NPM just fine. There's a page in there docs on how to configure it.

[–] [email protected] 1 points 5 months ago

DDOS protection is going to depend on the VPS. But for most services you could spin up a pretty lean Debian vm running a proxy like nginx proxy manager and run that over the tunnel. Something like opnsense seems like overkill.

[–] [email protected] 1 points 5 months ago

Burnout Paradise is going to stay in my all time hall of fame till I die.

[–] [email protected] 16 points 5 months ago (1 children)

B2 is about $5/TB.

If you keep your eyes open for deals (LowEndBox) you could find an inexpensive storage VPS. I've got one now providing 2 TB for $5/mo.

[–] [email protected] 2 points 5 months ago (1 children)

Pretty good breakdown of the current science on the topic. Thanks.

[–] [email protected] 58 points 5 months ago (2 children)

The whole .zip TLD is really unfortunate.

[–] [email protected] 8 points 5 months ago

This is how I learn and half the reason my home lab exists. I need projects to get/stay motivated.

[–] [email protected] 0 points 5 months ago

I also have one of these old Google apps accounts. I wish they would accidentally delete it so I could get the last couple stragglers off and take my domain elsewhere.

[–] [email protected] 1 points 5 months ago

No. I have a monthly stipend but I don't really take calls outside of teams.

[–] [email protected] 1 points 5 months ago (2 children)

Not everyone has a desk phone (much less a desk).

26
Proxmox Disk Performance Problems (lemmy.procrastinati.org)
submitted 6 months ago* (last edited 6 months ago) by [email protected] to c/[email protected]
 

I've started encountering a problem that I should use some assistance troubleshooting. I've got a Proxmox system that hosts, primarily, my Opnsense router. I've had this specific setup for about a year.

Recently, I've been experiencing sluggishness and noticed that the IO wait is through the roof. Rebooting the Opnsense VM, which normally only takes a few minutes is now taking upwards of 15-20. The entire time my IO wait sits between 50-80%.

The system has 1 disk in it that is formatted ZFS. I've checked dmesg, and the syslog for indications of disk errors (this feels like a failing disk) and found none. I also checked the smart statistics and they all "PASSED".

Any pointers would be appreciated.

Example of my most recent host reboot.

Edit: I believe I've found the root cause of the change in performance and it was a bit of shooting myself in the foot. I've been experimenting with different tools for log collection and the most recent one is a SIEM tool called Wazuh. I didn't realize that upon reboot it runs an integrity check that generates a ton of disk I/O. So when I rebooted this proxmox server, that integrity check was running on proxmox, my pihole, and (I think) opnsense concurrently. All against a single consumer grade HDD.

Thanks to everyone who responded. I really appreciate all the performance tuning guidance. I've also made the following changes:

  1. Added a 2nd drive (I have several of these lying around, don't ask) converting the zfs pool into a mirror. This gives me both redundancy and should improve read performance.
  2. Configured a 2nd storage target on the same zpool with compression enabled and a 64k block size in proxmox. I then migrated the 2 VMs to that storage.
  3. Since I'm collecting logs in Wazuh I set Opnsense to use ram disks for /tmp and /var/log.

Rebooted Opensense and it was back up in 1:42 min.

22
Change tracking ideas (lemmy.procrastinati.org)
 

I'd like to start doing a better job of tracking the changes I made to my homelab environment. Hardware, software, network, etc. I'm just not sure what path I want to take and was hoping to get some recommendations. So far the thoughts I have are:

  • A change history sub-section of my wiki. (I'm not a fan of this idea.)
  • A ticketing system of some sort. (I tried this one and it was too heavy. I'd need to find a simple solution.)
  • A nextcloud task list.
  • Self-host a gitlab instance, make a project for changes and track with issues. Move what stuff I have in github to this instance and kill my github projects. (It's all private stuff.)

I know that several of you are going to say "config as code" and I get it. But I'm not there yet and I want to track the changes I'm making today.

Thanks

14
Backblaze B2 Reporting (lemmy.procrastinati.org)
 

I can't seem to find anything so I was hoping someone here has run into this.

Does anyone know if there's a way to get reporting on a per application key basis or per bucket. I periodically get threshold alerts (usually the download cap) but that doesn't give me any idea of what utilization is triggering the alert. The reporting I can find is pretty rudimentary and account wide.

 

I'm experimenting with running NextCloud (AIO) on a VPS with a B2 bucket as the primary storage. I want to compare performance compared to running it on my home server (esp. when I'm remote) and get an idea of the kinds of costs I'd rack up doing it.

As part of the setup I have configured the built in borg backup but it has this caveat:

Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.

The primary storage is external but I'm not using the "external storage" app. So, I have 2 questions.

  1. Does it backup object storage if it's primary (my gut says no)?
  2. If no, what's a good way to backup the B2 bucket?

I've done some research on this topic and I'm kinda coming up empty. I would normally use restic but restic doesn't work in that direction (B2 -> local backup).

It looks like rclone can be used to mount a B2 bucket. One idea I had was to mount it, read-only, and let AIO/borg backup that path with the container backups.

Has anyone done this before? Any thoughts?

21
submitted 11 months ago* (last edited 11 months ago) by [email protected] to c/[email protected]
 

So, I'm experimenting with running a Mailu instance on my home server but proxying all of the relevant traffic through a WireGuard tunnel to my VPS. I'm currently using NGINX Proxy Manager streams to redirect the traffic and it all seems to be working.

The only problem is that, all connections appear to come from the VPS. It's really screwing with the spam filter. I'm trying to figure out if there's a way to retain the source IP while still tunneling the traffic.

The only idea I have, and I don't know if it's a bad one, is to us iptables to NAT the ports inbound on the VPS and on my home router (opnsense) route all outbound traffic from that IP back through the VPS instead of the default gateway. This way I shouldn't need to rewrite the destination port on the VPS side.

It sound a bit hacky tho, and I'm open to better suggestions.

Thanks

Edit: I think I need to clarify my post as there's some confusion in the comments. I would like the VPS to masquerade/nat for my mailu system accessible over a WG tunnel so that inbound traffic to the SMTP reports it's actual public IP instead of the IP of the VPS host that's currently proxying.

After giving that some thought I think the only way this could work would be if I treated the VPS as the upstream gateway for all traffic. My current setup is below:

[VPS] <-- wg --> [opnsense] <--eth-->[mailu]

I can source route all traffic from mailu to the VPS, via wg, but I don't know how to properly configure iptables to do the masquerading as I'd only want to masquerade that one IP. I'm not concerned about mailu not having internet access when wg is down, and frankly, I think I'd prefer it didn't.

Edit 2: I got the basic masquerading working. Can ping public IPs and traceroute verifies it's taking the correct path.

iptables -A FORWARD -i wg0 -s <mailu-ip> -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -s <mailu-ip> -j MASQUERADE

I think I got the port forwarding working.

iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 25 -j DNAT --to-destination <mailu-ip>
iptables -A FORWARD -p tcp -d <mailu-ip> --dport 25 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  • tcpdump on the VPS eth0 shows traffic in.
  • tcpdump on the VPS wg0 shows the natted traffic.
  • tcpdump on mailu shows both inbound and outbound traffic.
  • tcpdump on opnsense shows 2 way traffic on the vlan interface mailu is on.
  • tcpdump on opnsense only shows inbound, but not outbound traffic on the wg interface.

I think the problem is now in opnsense but I'm trying to suss out why. If I initiate traffic on mailu (i.e. a ping or a web request) I see it traversing the opnsense wg interface, but I do not see any of the return SMTP traffic.

Edit 3:

I found the missing packets. They're going out the WAN interface on the router, I do not know why. Traffic I initiate from the mailu box gets routed through the WG tunnel as expected but replies to traffic sourced from the internet and routed over the WG tunnel, are going out the WAN.

The opnsense rule is pretty basic. Source: , Dest: any, gateway: wg.

Edit 4:

I ran out of patience trying to figure out what was going on in opnsense and configured a direct tunnel between the mailu vm and the VPS. That immediately solved my problems although it's not the solution I was striving for.

It was pointed out to me in the comments that my source routing rule likely wasn't configured properly. I'll need to revisit that later. If I was misconfiguring it I'd like to know that.

27
submitted 11 months ago* (last edited 11 months ago) by [email protected] to c/[email protected]
 

I've hit a wall with a weird Wireguard issue. I'm trying to connect my phone (over cell) to my home router using wireguard and it will not connect.

  • The keys are all correct.
  • The IPs are all correct.
  • The ports are open on the firewall.
  • My router has a public IP, no CGNAT.

The router is opnsense, I have a tcpdump session going and when I attempt a connection from the phone I see 0 packets on that port. I am able to ping the router and reach the web server sitting behind it from the phone.

I have a VPS that I configured WG on and the phone connects fine to that. I also tested configuring the VPS to connect to my home router and that also works fine.

I'm really at a loss as to where to go next.

Edit 2: I completely blew out the config on both sides and rebuilt it from scratch, using a different UDP port, and it all appears to be working now. Thanks for everyone's help in tracking this down.

Edit: It was requested I provide my configs.

opnsense:

####################################################
# Interface settings, not used by `wg`             #
# Only used for reference and detection of changes #
# in the configuration                             #
####################################################
# Address =  172.31.254.1/24
# DNS =
# MTU =
# disableroutes = 0
# gateway =

[Interface]
PrivateKey = 
ListenPort = 51821

[Peer]
# friendly_name = note20
PublicKey = 
AllowedIPs = 172.31.254.100/32

Android:

[Interface]
Address = 172.31.254.100/32
PrivateKey = 

[Peer]
AllowedIPs = 0.0.0.0/32
Endpoint = :51821
PublicKey = 
 

Since switching to Proxmox I've noticed an issue with intermittent network connectivity on my VMs. I've narrowed it down to the realtek based PCI NIC (Rosewill RNG-407-Dualv2) I currently have installed. Basically when I see a ton of these in my syslog:

Dec 14 13:55:37 server kernel: r8169 0000:09:00.0 enp9s0: rtl_rxtx_empty_cond == 0 (loop: 42, delay: 100).

It means it's time to reboot. I did some digging on it and it appears to be a kernel driver issue. Unless someone in this community has encountered this and knows of a good fix (other than rebooting) I'd rather just ditch Realtek and replace the NIC.

Can anyone recommend a 2 port PCIe (x1) card that has good driver support under Linux and (hopefully) won't cost me a small fortune? Bonus points if it's 2.5GbE capable.

 

I'm going to start off but saying I know that self-hosting email can be a bad idea. That being said, I'm trying to de-googlfy my life and would like to experiment.

I have a VPS and a domain that doesn't get used for much at the moment. I'd like to try configuring a full mail suite on that domain and see if I can make it work. I've been looking into the various options on this list and was hoping for some feed back on options that people have used. If this works out it would be fairly low volume.

Ideally I'd like a full solution that includes web administration if at all possible. I think I'm leaning towards mailcow but it might be overkill.

I'd appreciate any input on what has or hasn't worked for people. Thanks.

 

I'm not sure where to start with to troubleshoot this. I segregated my network into a few different VLANs (servers, workstations, wifi, etc...). I have VMs and LxC containers running in Proxmox, routing is handled by Opnsense, and I have a couple tplink managed switches. All of this is working fine except for 1 problem.

I have a couple systems (VM and LxC) that have interfaces on multiple VLANs. If I SSH to one of these systems, on the IP that's on the same VLAN as the client, it works fine. If I SSH to one of the other IPs it'll initially connect and work but within a minute or so the connection hangs and times out.

I tried running ssh in verbose mode and got this, which seems fairly generic:

debug3: recv - from CB ERROR:10060, io:00000210BBFC6810
debug3: send packet: type 1
debug3: send - WSASend() ERROR:10054, io:00000210BBFC6810
client_loop: send disconnect: Connection reset
debug3: Successfully set console output code page from 65001 to 65001
debug3: Successfully set console input code page from 65001 to 65001 

I realize the simple solution is to just use the IP on the same subnet, but my current DNS setup doesn't allow for me to provide responses based on client subnet. I'd also like to better understand (and potentially) solve this problem.

Thanks

1
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

My home lab has a mild amount of complexity and I'd like practice some good habits about documenting it. Stuff like, what each system does, the OS, any notable software installed and, most importantly, any documentation around configuration or troubleshooting.

i.e. I have an internal SMTP relay that uses a letsencrypt SSL cert that I need to use the DNS challenge to renew. I've got the steps around that sitting in a Google Doc. I've got a couple more google docs like that.

I don't want to get super complicated but I'd like something a bit more structured than a folder full of google docs. I'd also like to pull it in-house.

Thanks

Edit: I appreciate all the feedback I've gotten on this post so far. There have been a lot of tools suggested and some great discussion about methods. This will probably be my weekend now.

 

According to the documentation to change the Portainer address and Edge agent talks to, you have to redeploy the Edge agent. If I understand properly this is going to assign the agent a new ID and will blow away the configuration.

Does anyone know how to do this while retaining the stack configurations?

view more: next ›