Posts
-
Advice on configuring Cockpit to work reliably over the Cloudflare Zero Trust (Access) network.
-
I’ve noticed that the my Intel Xeon E3-1230 v2 CPU runs at the maximum frequency on my TrueNAS Core, even at negligible load. This post describes how to configure the
powerddaemon to shave off a few watts of idle power by allowin the frequencies to scale. -
Cloudflare Zero Trust tunnel client does not support FreeBSD out of the box and Cloudflare does not provide FreeBSD binaries either. This means that we need to either fetch the package or build the binary ourselves, and then configure tunnel in a roundabout way: automatic tunnel setup does not work. Lastly, we want to enable it in a way to survive the TrueNAS OS upgrades, let alone reboots.
-
These are my notes about configuring services with Podman on RHEL and related OSes with SELinux enabled, using compute instance in the Oracle Cloud with Oracle Linux 8. Information presented below is readily available elsewhere – see references – however, intent of this opus is to condense all of that into palatable chunks to serve as a somewhat quick answer to the question “How do I get this container running on my instance?” without needing to spend hours reading pages and pages of documentation.
-
If you are trying to debug mDNS/Avahi on TrueNAS Core and stumble on this misleading
Failed to create client object: Daemon not running, and web search leads nowhere? -
This is a short description of how to host services, using STORJ node as an example, on a host behind CG-NAT, or otherwise restrictive firewall, by forwarding packets through WireGuard endpoint on a relatively fast nearby VPS. This is not specific to Storj, and can be adopted to hosting other services.
-
If during Intel Rapid Storage RAID migration or verification on Windows, the disk activity ceases in a few minutes and the Event Log contains messages similar to
Reset to device, \Device\RaidPort0, was issuedcheck if you have VMWare Workstation or Player installed. I did not have time to dig into details, but uninstalling the VMWare removed this issue. -
Time Machine backup to windows host over SMB is not supported. This post describes configuration of netatalk in WSL to facilitate backup over AFP. -
One can connect to the Xfinity modem configured in bridge mode directly with a cable as described in the support article or configure static route on the third party gateway and avoid running around with cables. This post is a confirmation that this approach works. -
Addressing stability of Google Drive rclone mount on macOS with macFUSE -
Move to self-hosted discourse for blog comments to avoid user tracking by unrelated third parties. -
This post explains how to configure Duplicacy on macOS with SIP enabled to backup all users and limit CPU utilization. -
How to backup with Duplicacy to Google Workspace with Service Account -
Ubiquiti APs stay off the channel for a strange amount of time but can be nudged back to the DFS channel manually. -
Duplicacy is a self-contained executable and as such, it can be run natively on a Synology disk station, without docker. -
Sophos XG blocks UniFi communication by implicit rule 0. This post describes how to bypass a stateful firewall for the specific hosts. -
Updated cloud storage pricing as of March 2019 -
This post explains how to come up with a list of all IP ranges used by the company or service to configure your firewall and web filter exceptions. -
Optimizing performance of Code42 CrashPlan engine for resource constrained hosts. (Does not apply to client version 7.7.0 and likely newer) -
How to add Self-Signed CA and Server SSL certificate to Synology DSM and configure it to be used with services. Two poorly documented pitfalls I stumbled upon. -
Could not find the guide that worked. Had to figure stuff out on my own. -
This is a somewhat tutorial-ish guide about creating a self-signed Certificate Authority suitable for issuing SSL certificates to be used for various servers, services, and devices to ensure "green lock" in the browsers and happy users using macOS GUI tools. -
Ever wanted to have an always-on VPN on an iOS device? IKEv2 is the answer; unfortunately, it is not properly supported by any appliances commonly laying around the house - so we'll improvise. This post is about the setup and configuration of an IKEv2 VPN server based on Strongswan running inside of the Alpine Linux instance in the virtual machine hosted on Synology Diskstation. Pitfalls and challenges making split-tunnel work seamlessly. And don't have your hopes up too high -- while both full tunnel and split tunnel work just fine on a routing level it is not currently possible to make split-DNS work seamlessly enough, without client-side configuration. See closing notes for details. You might as well jump to the OpenVPN article if that is important. -
Setting up an L2TP VPN server on Synology DiskStation, forwarded ports
500,4500,1701but the handshake fails for an obscure reason; something along the lines of “fatal payload-malformed notify message, phase 1 should be deleted”. What do to? Check the PSK length. It shall not be longer than 64 characters. UI will accept longer string however doing so will result in failures setting up the tunnel. -
I have a fairly old but great laser multifunction Canon MF4150 that never really supported scanning from anything but windows and whose MacOS printing drivers lag behind OS releases by a large margin causing frustration after each new release. Still, it has been over 10 years and it works great and I’m absolutely happy with its performance.
-
Looking for a CrashPlan alternative: Comparing cost of cloud storage. -
Exhaustive guide on configuring Synology's built-in OpenVPN server and further configuration of the .ovpn files to set up split-tunnel VPN home, emphasizing one-click client configuration, including macOS, iOS, and Windows clients. -
What do you do when your favorite backup provider decides to focus on corporate customers and discontinues the home edition of its cloud backup software? You start testing replacements and soon come with an alternative that in retrospect happens to be more robust, flexible, and resilient. This post will provide supplemental information for setting up unattended periodic Duplicacy backup on a macOS. The main goal is to provide meaningful configuration files to save time re-inventing the wheel.