Posts

  • Cloudflare Zero Trust tunnel client does not support FreeBSD out of the box and Cloudflare does not provide FreeBSD binaries either. This means that we need to build the binary ourselves, and configure tunnel in a roundabout way: automatic tunnel setup does not work either. Lastly, we want to enable it in a way to survive the TrueNAS OS upgrades, let alone reboots.

  • These are my notes about configuring services with Podman on RHEL and related OSes with SELinux enabled, using compute instance in the Oracle Cloud with Oracle Linux 8. Information presented below is readily available elsewhere – see references – however, intent of this opus is to condense all of that into palatable chunks to serve as a somewhat quick answer to the question “How do I get this container running on my instance?” without needing to spend hours reading pages and pages of documentation.

  • If you are trying to debug mDNS/Avahi on TrueNAS Core and stumble on this misleading Failed to create client object: Daemon not running, and web search leads nowhere?

  • This is a short description of how to host services, using STORJ node as an example, on a host behind GNAT, or otherwise restrictive firewall, by forwarding packets through WireGuard endpoint on a relatively fast nearby VPS. This is not specific to Storj, and can be adopted to hosting other services.

  • If during Intel Rapid Storage RAID migration or verification on Windows, the disk activity ceases in a few minutes and the Event Log contains messages similar to Reset to device, \Device\RaidPort0, was issued check if you have VMWare Workstation or Player installed. I did not have time to dig into details, but uninstalling the VMWare removed this issue.

  • Time Machine backup to windows host over SMB is not supported. This post describes configuration of netatalk in WSL to facilitate backup over AFP.
  • One can connect to the Xfinity modem configured in bridge mode directly with a cable as described in the support article or configure static route on the third party gateway and avoid running around with cables. This post is a confirmation that this approach works.
  • Addressing stability of Google Drive rclone mount on macOS with macFUSE
  • Move to self-hosted discourse for blog comments to avoid user tracking by unrelated third parties.
  • This post explains how to configure Duplicacy on macOS with SIP enabled to backup all users and limit CPU utilization.
  • How to backup with Duplicacy to Google Workspace with Service Account
  • Ubiquiti APs stay off the channel for a strange amount of time but can be nudged back to the DFS channel manually.
  • Duplicacy is a self-contained executable and as such, it can be run natively on a Synology disk station, without docker.
  • Sophos XG blocks UniFi communication by implicit rule 0. This post describes how to bypass a stateful firewall for the specific hosts.
  • Updated cloud storage pricing as of March 2019
  • This post explains how to come up with a list of all IP ranges used by the company or service to configure your firewall and web filter exceptions.
  • Optimizing performance of Code42 CrashPlan engine for resource constrained hosts. (Does not apply to client version 7.7.0 and likely newer)
  • How to add Self-Signed CA and Server SSL certificate to Synology DSM and configure it to be used with services. Two poorly documented pitfalls I stumbled upon.
  • Could not find the guide that worked. Had to figure stuff out on my own.
  • This is a somewhat tutorial-ish guide about creating a self-signed Certificate Authority suitable for issuing SSL certificates to be used for various servers, services, and devices to ensure "green lock" in the browsers and happy users using macOS GUI tools.
  • Ever wanted to have an always-on VPN on an iOS device? IKEv2 is the answer; unfortunately, it is not properly supported by any appliances commonly laying around the house - so we'll improvise. This post is about the setup and configuration of an IKEv2 VPN server based on Strongswan running inside of the Alpine Linux instance in the virtual machine hosted on Synology Diskstation. Pitfalls and challenges making split-tunnel work seamlessly. And don't have your hopes up too high -- while both full tunnel and split tunnel work just fine on a routing level it is not currently possible to make split-DNS work seamlessly enough, without client-side configuration. See closing notes for details. You might as well jump to the OpenVPN article if that is important.
  • Setting up an L2TP VPN server on Synology DiskStation, forwarded ports 500,4500,1701 but the handshake fails for an obscure reason; something along the lines of “fatal payload-malformed notify message, phase 1 should be deleted”. What do to? Check the PSK length. It shall not be longer than 64 characters. UI will accept longer string however doing so will result in failures setting up the tunnel.

  • I have a fairly old but great laser multifunction Canon MF4150 that never really supported scanning from anything but windows and whose MacOS printing drivers lag behind OS releases by a large margin causing frustration after each new release. Still, it has been over 10 years and it works great and I’m absolutely happy with its performance.

  • Looking for a CrashPlan alternative: Comparing cost of cloud storage.
  • Exhaustive guide on configuring Synology's built-in OpenVPN server and further configuration of the .ovpn files to set up split-tunnel VPN home, emphasizing one-click client configuration, including macOS, iOS, and Windows clients.
  • What do you do when your favorite backup provider decides to focus on corporate customers and discontinues the home edition of its cloud backup software? You start testing replacements and soon come with an alternative that in retrospect happens to be more robust, flexible, and resilient. This post will provide supplemental information for setting up unattended periodic Duplicacy backup on a macOS. The main goal is to provide meaningful configuration files to save time re-inventing the wheel.
  • You’ll find this post in your _posts directory. Go ahead and edit it and re-build the site to see your changes. You can rebuild the site in many different ways, but the most common way is to run jekyll serve, which launches a web server and auto-regenerates your site when a file is updated.

  • Lorem ipsum dolor sit amet, consectetur adipiscing elit. Fusce bibendum neque eget nunc mattis eu sollicitudin enim tincidunt. Vestibulum lacus tortor, ultricies id dignissim ac, bibendum in velit.

  • Lorem ipsum dolor sit amet, consectetur adipiscing elit. Fusce bibendum neque eget nunc mattis eu sollicitudin enim tincidunt. Vestibulum lacus tortor, ultricies id dignissim ac, bibendum in velit. Proin convallis mi ac felis pharetra aliquam. Curabitur dignissim accumsan rutrum. In arcu magna, aliquet vel pretium et, molestie et arcu. Mauris lobortis nulla et felis ullamcorper bibendum. Phasellus et hendrerit mauris. Proin eget nibh a massa vestibulum pretium. Suspendisse eu nisl a ante aliquet bibendum quis a nunc. Praesent varius interdum vehicula. Aenean risus libero, placerat at vestibulum eget, ultricies eu enim. Praesent nulla tortor, malesuada adipiscing adipiscing sollicitudin, adipiscing eget est.

  • Eos eu docendi tractatos sapientem, brute option menandri in vix, quando vivendo accommodare te ius. Nec melius fastidii constituam id, viderer theophrastus ad sit, hinc semper periculis cum id. Noluisse postulant assentior est in, no choro sadipscing repudiandae vix. Vis in euismod delenit dignissim. Ex quod nostrum sit, suas decore animal id ius, nobis solet detracto quo te.

  • Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.