Author: geolaw

Wireguard VPN to my home network

I recently upgraded (or downgraded?) my home wifi router to an eero device.

Form factor on the router is great, very small, but for wired ethernet devices, it requires seperate switches to connect ethernet devices.

Previous routers had openvpn built in which allowed me to get into my home network if I were on the road for work or just away from home in general. Helpful to keep my plex library going if I’m away from home. Happy Wife, Happy Life and all that 😉

Anyway, the eero does not have a VPN option.  There is a paid feature in the iphone app for VPN, however it does not allow you to create a VPN connection to your home network, just a VPN on your mobile device for accessing the internet. I already have a PIA VPN account that’s paid for several years, so I don’t need the eero one (or the extra $99 a year).

My home network is all running Fedora Linux. Instead of Docker, Fedora uses podman.

Asking around for recommendations, Wireguard was typically the answer to ‘what home vpn do i need’, so I started with Wireguard.

Running inside a container, the syntax I went with is here . Replacing ‘docker’ with ‘podman’, first time around, the container logs threw an error on iptables

iptables v1.8.10 (legacy): can’t initialize iptables table `filter’: Permission denied (you must be root)

This lead me to github and to this tweak.   I’ve got firewalld disabled and the ip_tables module wireguard uses was not loaded.   I created the file /etc/modprobes-load.d/iptable_raw.conf, rebooted, and confirmed  lsmod shows it was loaded

$ sudo lsmod |grep iptable
iptable_nat 12288 1
iptable_filter 12288 1
nf_nat 65536 4 xt_nat,nft_chain_nat,iptable_nat,xt_MASQUERADE
iptable_raw 12288 0
ip_tables 28672 3 iptable_filter,iptable_raw,iptable_nat

Still getting ‘Permission denied’ error after restarting the container – the final answer here was to add ‘–privileged’ to my podman command and binjo, VPN.

My final ‘docker run’ command :

$ cat run
sudo podman rm -f wireguard
sudo podman run -d \
–name=wireguard –privileged \
–cap-add=NET_ADMIN \
–cap-add=SYS_MODULE \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Etc/UTC \
-e PEERS=1 `#optional` \
-e PEERDNS=auto `#optional` \
-e INTERNAL_SUBNET=10.13.13.0 \
-e ALLOWEDIPS=0.0.0.0/0 \
-e LOG_CONFS=true \
-p 51820:51820/udp \
-v /local/docker_data/wireguard/config:/config \
-v /lib/modules:/lib/modules \
–sysctl=”net.ipv4.conf.all.src_valid_mark=1″ \
–restart unless-stopped \
lscr.io/linuxserver/wireguard:latest

I loaded the wireguard app onto my iphone, used it to scan in the QR code generated by the container (accessible via ‘podman logs -f wireguard’).  I am behind an ATT router which blocks many incoming ports but I was able to find an open port.  From the ATT router, i port forwarded that port to the eero  and then in the eero app, I could create a port forward to my fedora container machine and the default wireguard port ‘51280’.

Finally, I modified the entry in the wireguard app with the open att port and saved it.  I dropped my iphone all wifi and hit connect in the wireguard app and   bingo, via terminus (a ssh app on iphone), I could connect to my internal machines.  I checked with Lunasea   that I use to access my other home entertainment containers and that also let me connect via wireguard without wifi

 

 

 

Using your iTunes xml file with Linux PlexMediaServer

My home network setup consists of a Linux box (running Linux Mint), a “Hackintosh” (a hp compaq 6000 pro small form factor pc running macos sierra), a mac mini (macos sierra also hacked to install on a 2009 mac mini), and then a laptop running RHEL6.  I also have a 2 disk buffalo NAS and a 2 disk lenovo NAS with a 4 bay SATA enclosure with 2x2TB disks hanging off it.

My Linux server runs several different background services for my primary source of streaming video to my roku – these consist of sabnzbd+, sonarr, and plexmediaserver.  On my buffalo NAS I have almost 18000 mp3s which are mounted as /Volumes/Music and added to my itunes library on the mac mini. This same NAS share is mounted as /Music on the Linux Mint machine.

Here’s how I got them into the iTunes channel in plex.

  1. First you need to set the option in iTunes to share its library via an XML file.
  2. This will put a file called iTunes Music Library.xml in your “Music” folder.
  3. via cron or something, set up a process to copy this file over to the /Music share on the linux server and post process it to change the Location tag  – /Volumes/Music/Music needs to become just /Music/Music :
    # scp mini2:Music/iTunes*.xml /Music/itunes_temp.xml
    # cat /Music/itunes_temp.xml | sed ‘s%/Volumes%%’ > /Music/iTunes\ Music\ Library.xml
  4. In the server settings for Plex Media Server, there is option under Server -> Channels (click “Advanced”) and you can enable the iTunes channel.  Enter /Music/iTunes Music Library.xml in the box “
  5. Restart plexmediaserver :
    # sudo systemctl restart plexmediaserver.service

Enjoy your itunes music in plex.  Now just to figure out how to get Alexa to play it back 🙂

 

Updating your firmware without Windoze

I am running a HP 6000 Pro small form factor PC – no windows (excepted virtualized).  I recently updated my bios, trying to enable VT-x for virtualization.

https://support.hp.com/us-en/drivers/selfservice/closure/hp-compaq-6000-pro-small-form-factor-pc/4024462

The BIOS softpack from HP downloaded as an file named sp73556.exe – I made sure to download the file for freedos, but epic #FAIL by HP.  You need Windows to unpack that exe before you can get at the freedos files.

Enter wine 🙂 . I launched

# wine sp73556.exe

This launches the installer which unpacks the files as follows under my .wine directory :

glaw@fedora ~/.wine/drive_c/swsetup/SP73556 $ ls -lart
total 2020
-rw-rw-r– 1 glaw glaw   14894 Jun 22  2012 logo.bmp
-rw-rw-r– 1 glaw glaw 1974206 Oct 22  2015 786G2.cab
-rw-rw-r– 1 glaw glaw   13487 Nov  5  2015 license.txt
-rw-rw-r– 1 glaw glaw    2122 Nov  6  2015 How to Use.txt
-rw-rw-r– 1 glaw glaw    6324 Nov  9  2015 History.txt
-rw-rw-r– 1 glaw glaw   21719 Nov 12  2015 Bios Flash.htm
-rw-rw-r– 1 glaw glaw    2321 Nov 12  2015 SP73556.cva
-rw-rw-r– 1 glaw glaw    2538 Nov 12  2015 SP73556.txt
drwxrwxr-x 2 glaw glaw    4096 Dec  7 12:28 DOS Flash
drwxrwxr-x 2 glaw glaw    4096 Dec  7 12:28 HPQFlash

From there, it was use a matter of following this other guide :

https://feeding.cloud.geek.nz/posts/creating-freedos-bootable-usb-stick-to/

and copying the files within  “DOS Flash” over to the fs-root directory.

 

Reboot the HP machine with the thumb drive and bam, you’re flashing

 

Linux data recovery with photorec

A friend recently gave me an old computer to try to recover  photos off

I pulled the drive from the computer – which had a nice Windows ME sticker on the side 🙂

20GB Western Digital drive.  Plugged it in to my debian linux machine using a USB adapter like this one :AGPtek SATA/PATA/IDE Drive to USB

Then I made sure to install the testdisk package which provides a program called photorec

root@fedora:~# sudo apt-get install testdisk

Plugged the drive in, and using the dmesg command I can see the drive was recognized by the kernel as /dev/sdb

root@fedora:~# dmesg|tail

[ 310.582814] sd 7:0:0:0: Attached scsi generic sg2 type 0
 [ 310.583761] sd 7:0:0:0: [sdb] 39102336 512-byte logical blocks: (20.0 GB/18.6 GiB)
 [ 310.584632] sd 7:0:0:0: [sdb] Write Protect is off
 [ 310.584639] sd 7:0:0:0: [sdb] Mode Sense: 00 38 00 00
 [ 310.585518] sd 7:0:0:0: [sdb] Asking for cache data failed
 [ 310.585525] sd 7:0:0:0: [sdb] Assuming drive cache: write through
 [ 310.615912] sdb: sdb1
 [ 310.619622] sd 7:0:0:0: [sdb] Attached SCSI disk
 [ 316.129542] FAT-fs (sdb1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.

using fdisk, I can see the drive contains a 2GB partition (/dev/sdb1) but that is all – not a whole lot of disk space to search for photos:

root@fedora:~# fdisk /dev/sdb
 Welcome to fdisk (util-linux 2.29.2).
 Changes will remain in memory only, until you decide to write them.
 Be careful before using the write command.

Command (m for help): p
 Disk /dev/sdb: 18.7 GiB, 20020396032 bytes, 39102336 sectors
 Units: sectors of 1 * 512 = 512 bytes
 Sector size (logical/physical): 512 bytes / 512 bytes
 I/O size (minimum/optimal): 512 bytes / 512 bytes
 Disklabel type: dos
 Disk identifier: 0x00000000

Device Boot Start End Sectors Size Id Type
 /dev/sdb1 * 63 4192964 4192902 2G e W95 FAT16 (LBA)

Command (m for help): q

my file manager window pops up with the automatically mounted drive and as I click through, there isn’t a whole lot there.  Makes me wonder if a reinstall of windows was done (and forgotten about).

So I start out by making a dd copy of the partition and then one of the full drive – potentially including 16-18GB of “empty” space, but better to be safe than sorry.

root@fedora:~# dd if=/dev/sdb1 of=/Downloads/backup/disk1.img bs=1024M
root@fedora:~# dd if=/dev/sdb of=/Downloads/backup/disk2.img bs=1024M

 

root@fedora:~# man photorec

PHOTOREC(8) Administration Tools PHOTOREC(8)

NAME

photorec - Recover lost files from harddisk, digital camera and cdrom

SYNOPSIS

photorec [/log] [/debug] [/d recup_dir] [device|image.dd|image.e01]

 

Looks easy enough, let it rip.

 

root@fedora:~# photorec /d /Downloads/backup/recovery disk2.img

First photorec screen, select the drive which we have already specified on the command line as disk2.img

 

Second screen, note we select “No partition” here, so it will scan the whole disk image, not just the partition

 

Screen 3 – this is a windows FAT drive so select that for the partition type so it knows how to scan the disk image.

 

Screen 4 – select “Whole” to scan the whole disk. This scans the disk image sector by sector looking for files.

 

Screen 5 – the scan starts, you can watch it increment the different file types (txt, jpg, gif, exe, etc …) as it finds them.

 

Screen 6 – nearing the end of the the first scan just of the windows partition, only took it about 20 minutes. Full scan of the whole disk takes much longer.

 

Screen 7 – summary of what it found. It will split the recovered files using the name supplied on the command line as the base name, so 500 files in recovery.1, 500 files in recovery.2, etc …

 

At the end of it all, I end up with several of the “recovery.1, recovery.2, … directories, each containing  500 files . This recovers EVERY file type, windows files (*.exe, *.dll, *.chm), text files (*.txt), as well as mp3, jpg, gif, bmp.  The thing about the images it recovers is that the basic windows interface is rendered using icons and smaller images, so there are just a ton of files to sift through at the end.

I ended up removing everything I knew was junk

# rm recovery.*/*.exe recovery.*/*.dll recovery.*/*.chm recovery.*/*.bmp

Afterwards I copied all of the recovery.* directories to a thumb drive for my friend to sift through and figure out which files he wanted.

 

 

 

Linux mint steam punk login screen

Using gvfs to access remote servers via FTP/SFTP

Using the Gnome virtual file system (gvfs) packages allows us to access remote servers from the linux userspace GUI environment via FTP/Obex/SSH/WebDAV/WebDAVS/Samba Read the Rest…

Canon MG2900 Wireless scanning on Ubuntu

I recently bought a new wireless printer/scanner combo.

Configuring the printing is normally fairly easy but the scanner was a little more difficult. After trying to use the standard sane based drivers and utilities, I had to fall back to the manufacturer and thankfully they support linux 🙂 Read the Rest…

Linux Networking

Tips and tricks on how to enable network features on Linux, such as network bonding, VPN, firewall, IPv4 vs. IPv6

Linux Logos

This category will try to give some historical background on some of the various Linux logos and mascots.

Linux Disk I/O Tips and Tricks

This category will be for various linux based disk tips and tricks such as making a block by block copy of your disk with dd, creating a bootable USB drive to test drive your next Linux flavor, troubleshooting, etc