jerwong

joined 1 year ago
[–] jerwong@alien.top 1 points 11 months ago

I do work for multiple organizations and got tired of having to disconnect/reconnect VPN tunnels each time.

Solution: Raspberry Pi. It's got a single Ethernet port on it which makes it perfect. I used Openconnect since it was compatible with Cisco and PulseSecure (at the time). When you establish a tunnel, the routes come in as "kernel routes" assuming you have a split tunnel. I configured IPTables to NAT masquerade out each interface and I set up Quagga, a routing daemon to talk to my main gateway and redistributed my kernel routes into OSPF. That way, any of my devices can now access any networks they need. I did also have to configure my own DNS server since I needed to resolve the different private networks.

[–] jerwong@alien.top 1 points 11 months ago

Yes, it's perfectly safe. Keep it patched, use strong ciphers, use key authentication, and set up an IDS like Fail2Ban or CrowdSec.

[–] jerwong@alien.top 1 points 11 months ago (2 children)

I use Jellyfin which is similar to Plex. I have it on a Raspberry Pi 4 8 GB. It's perfectly fine if I'm sending H264 but most modern browsers do not support H265 so it forces the server to transcode. That will consume almost all processing power if it's CPU-only and is a very slow process.

[–] jerwong@alien.top 1 points 11 months ago

I think you need a \ in front of the ;

i.e.: find . -type f -exec md5sum {} \; >> /tmp/foo

[–] jerwong@alien.top 1 points 11 months ago

Yup. I do the same thing and just use the Jellyfin app to access for instances where H265 transcoding is needed. For mine, I just have a USB 1 TB HD connected

[–] jerwong@alien.top 1 points 11 months ago

I use >!.cunt!< for my local TLD. Stands for Can't Use New Technologies from IT Crowd.

It makes it comnical when I let friends onto my wifi.

[–] jerwong@alien.top 2 points 1 year ago (1 children)

Set up a reverse tunnel to the outside box that you want to get in from.

For example, from the inside machine:

ssh outsidemachine -R 2222:localhost:22

Then on your outsidemachine:

ssh -p 2222 localhost

Maybe run top or something just to keep traffic going across so that firewalls don't drop your connection.

[–] jerwong@alien.top 1 points 1 year ago

For billing purposes, I've been using invoiceninja by adding the mileage rate as a line item and adding the number of miles for quantity. I haven't been able to figure out a better way to do mileage on there.

[–] jerwong@alien.top 1 points 1 year ago (2 children)

I'm doing something similar except now I'm running out of space on my 1 TB volume. Now I need to upgrade and/or figure out a long term solution to convert to H265. Some of my files have file size differences on the scale of 400 MB vs 2 GB.

[–] jerwong@alien.top 1 points 1 year ago (2 children)

I'm using a raspberry pi 4 8 GB. It's not a problem until someone transcodes, and that usually happens with H265 HEVC media when the person is on a browser that doesn't support it which is most browsers these days. If the person is doing directplay (click the gear during play and click on Playback Info). If it's forced to transcode, it will tell you why.

Direct-play in native resolution and codec should give you perfect performance and consume almost no resources since it's essentially just a file transfer. I find performance works best when I use the Jellyfin Media Player app on my computer or the Android app.

[–] jerwong@alien.top 2 points 1 year ago (1 children)

If you can't turn your secondary router into an AP, you can connect the LAN side of your secondary router to the main router so that they can be in a single network. also turn off any DHCP servers on there. Don't connect the WAN. That's the simplest fix.

[–] jerwong@alien.top 1 points 1 year ago

I have fail2ban for SSH but I haven't tuned it for nginx yet. I've worked with OSSEC which has a fork called Wazuh which I've been wanting to set up.

view more: next ›