My IT Adventures!

A work project required some compatible items that were not being used properly in some cases or just forgotten. This is my start of the project. I used YAML to present the data in a structured format (because I hate json).

As some of you may know from prior posts, I have a number of external security cameras (and internal) that show up on monitors throughout the house 24/7. To keep things efficient, these camera streams are multicast feeds the monitors subscribe to. Unfortunately, every so often, I need to check the streams on my PC which is in a different VLAN. I was having to access the unicast streams and I wanted to work out getting multicast to work across vlan boundaries in OPNsense. Usually, this would be something IGMP and PIM can handle in my world, but I have no Cisco gear in my network and while pfsense has igmp and pimd, OPNsense lacks pimd, so the research began.

As a long-time zwave fan and with most of my home security and other items leveraging zwave, keeping my zwave network optimal is critical for family satisfaction. I was running into an issue where a couple of my further away devices were dying a bit quicker than anticipated and I wanted to get to the bottom of it. Initially, I added some mains powered devices, which also act as routers, to try to fill any potential dead spots, but after 6 months, this didn’t help. I finally decided to check firmwares. I was on 7.17.2 and the current version is 7.18.3, so I started looking at the changelogs/release notes that silicon labs published. I really didn’t see anything outstanding, but some enhancements to wake-up intervals got added, and potentially that could save battery life.

In a regular day on the linuxserver.io discord, we have a lot of people come in with weird vpn setups or just terrible network configurations. They inevitably want to know how to route their torrent client of choice through a vpn while still being able to access the web ui and have their other tools access the client, without also going through the VPN. I’ve always considered this to be relatively simple basic networking and have never given it additional thought. However, with the prompting of some friends/colleagues, I decided to give it a go and see how things went.

Recently, I posted about swapping to 2G service which would move me from alt-optic gpon to xgs-pon and then allow me to fully bypass the ATT ont and not even use 802.11x configuration. I thought it was pretty detailed, but I was asked about some of the outputs during the setup. Fortunately, I kept the notes in my notepad instance and can expand on things. This is an addendum to the original article here.

I’ve been planning on doing this transition for a bit, but I wanted to get things in place and ensure I had a solid plan before executing. I’ll discuss what I had, my plan, and what I moved to here a bit. If any of you have read my previous post, [AT&T Uverse RG Bypass][1], then you know I am a big fan of bypassing the ATT provided RG to use my own equipment. With my 1000/1000 service, the fiber (alt optic unfortunately) came into the ATT ONT, directly to my router (initially ERL3, later ER4) which then went to my core switch to my access switches. The plan initially began to form because rather than faking the 802.1x on my router, I could instead use my own ONT and fully bypass everything ATT had in my home. Some people can do this with GPON 1G or less service, but in the former bellsouth areas, we had alt optic which uses a 1550nm wavelength rather than 1490nm wavelength, so the GPON bypass wasn’t possible for me. My plan was to get a 2.5G+ capable router with sufficient disk, memory, and cpu to handle routing at whatever speed I went with. I ordered two devices: A GW-R86S-G2, and an N6005/4xi226-V

I’ve been using the linuxserver.io secure web access gateway (SWAG) coupled with Authelia as my identity provider for quite some time. It works extremely well and I’ve been very pleased not only with the application itself, but also with the support from the authelia devs. That said, there are some features I wish authelia had that they do not yet. The biggest feature is SAML support. As many of you know, I focus heavily on Cisco Unified Communications. Cisco UC supports SAML SSO and I haven’t had anything in my lab that would let me tinker with this. Authentik can do everything authelia does plus some extras, which include SAML. I will say that I am typing this as I wing setting it up and I can already see that authentik is not as simple to configure/deploy as authelia. As a note, since I am documenting this as I do it, I will include any mistakes and how i resolve those mistakes. This is my first time touching authentik and I am purely going off the documentation available at https://goauthentik.io/docs/.

Well, it’s been quite some years since the original build and even the follow-up rebuild. The original build was when my oldest (turning 13) was 7 and my middle child (turning 10) was 4. They’ve had the same AMD R7 240 graphics cards since then. Unfortunately, the games they play which began as browser based games and minecraft, have upgraded to things like roblox, fortnite, and somehow minecraft’s blocks needs more juice. So here we are. Over labor day, my friend (thanks @ctark) pointed a sale at antonline out to me where they had RTX 2060’s in stock for 224$ each. First, I’ve not seen a graphics card in stock for a long time and second, while 224$ is well over what I might have planned to do for them, I thought it was worth it. Just looking at benchmarks, the new card is effectively almost 1500% better, so I decided to jump in.

It’s been quite a while since my last post, but I wanted to cover something I had tinkered with a few times and finally got to a state I’m ok with. IPv6 in docker containers. For my testing, I will be using linuxserver.io containers, as being part of the team allows me to easily fix anything that prevents full functionality. I guess to start, a big thing I found is most ipv6 guides, including the official documentation, tells you how to enable ipv6 for the default bridge. As we all know, the default bridge is trash, it doesnt work like a custom bridge and causes a number of issues. You may also see guides that lead you to setup nds proxy which works, but it introduces a HUGE amount of latency. When I tested the NDS proxy method, i couldn’t stand how slow it was and quickly reverted the change. So, let’s get into how I set it up, note that I am not claiming to have the best method, the most efficient method, the most secure method or anything of the sort. This is just how I set it up to get what I wanted working in a way I was OK with.

While working with a client this week, I encountered an undocumented bug with secure LDAP authentication. My client was doing an upgrade from CSR11.5 to CSR 12.5 and in conjunction with this upgrade, moving to a new domain and active directory. With these changes, I decided to assist by ensuring they were compliant with Microsoft’s recommendation that secure ldap is used.