VirtualBox: boot from USB image

Projects like OPNsense.org provide you with an .img file that you would dd to a USB device to boot from. This is not obvious how to use from VirtualBox. You need to convert that into a VMDK file. Basically, the command I used was:

vboxmanage convertfromraw OPNsense-19.7-OpenSSL-serial-amd64.img /tank/VMs/4544-opnsense-19-freebsd/opensense-19.7-usb.vmdk –format vmdk

Then attach that VMDK file to your virtual SATA controller and when you boot really quick! Hit F12 and choose option 2. That’s your USB device.

 

OpenVPN easy-rsa notes

Get the recent easy-rsa scripts:

# git clone openvpn/easy-rsa
git checkout v3.0.6
# copy easy-rsa directory to /etc/openvpn/server
cd /etc/openvpn/server/easy-rsa
./easyrsa init-pki
./easyrsa build-ca # this will need a password
./easyrsa gen-dh
./easyrsa gen-req servername.com nopass
./easyrsa sign-req server servername.com # requires ca passwd from above

Now you can edit your server/server.conf file and fire it up with

systemctl enable openvpn@server
systemctl start openvpn@server

and watch journalctl while you do that.

Generating a client:

./easyrsa gen-req clientname.com nopass
./easyrsa sign-req client clientname.com #requires ca passwd

Example conf file looks like:

client
proto udp
dev tun
remote support.foo.net 1194
keepaliave 10 120
keysize 256
cipher AES-256-CBC
 verb 3
compress lz4-v2
key ...
cert ...
ca ...

Ubuntu 18.04 Netplan!

This was unexpected, but I think I’m coping well. These are my notes on configuring netplan networking on my Ubuntu 18.04 server.

  1. systemctl disable NetworkManager.service NetworkManager-wait-online.service
  2. systemctl mask NetworkManager-wait-online.service
  3. systemctl daemon-reload
  4. apt install bridge-utils -y
  5. edit /etc/udev/rules.d/70-net.rules
    SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{dev_id}=="0x0", ATTR{type}=="1", ATTR{address}=="c8:70:00:9f:d7:72", NAME="eth0"
    SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{dev_id}=="0x0", ATTR{type}=="1", ATTR{address}=="00:e2:ed:17:09:60", NAME="eth1"
    SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{dev_id}=="0x0", ATTR{type}=="1", ATTR{address}=="00:e2:ed:17:09:61", NAME="eth2"
    SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{dev_id}=="0x0", ATTR{type}=="1", ATTR{address}=="00:e2:ed:17:09:62", NAME="eth3"
    SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{dev_id}=="0x0", ATTR{type}=="1", ATTR{address}=="00:e2:ed:17:09:63", NAME="eth4"
  6. edit /etc/netplan/01-netcfg.yaml
      version: 2
      renderer: networkd
      ethernets:
        eth0:
          dhcp4: no
          dhcp6: no
        eth1:
          dhcp4: no
          dhcp6: no
        eth2:
          dhcp4: no
          dhcp6: no
        eth3:
          dhcp4: no
          dhcp6: no
        eth4:
          dhcp4: no
          dhcp6: no
      bridges:
        br0:
          dhcp4: yes
          dhcp6: no
          interfaces:
             - eth0
          routes:
             -  to: 192.168.100.0/24
                via: 192.168.45.3
                on-link: true
        br1:
          dhcp4: no
          dhcp6: no
          addresses: [10.45.0.1/24]
          interfaces:
             - eth1
        br2:
          dhcp4: no
          dhcp6: no
          addresses: [10.45.1.1/24]
          interfaces:
             - eth2
        br3:
          dhcp4: no
          dhcp6: no
          addresses: [10.45.2.1/24]
          interfaces:
             - eth3
        br4:
          dhcp4: no
          dhcp6: no
          addresses: [10.45.3.1/24]
          interfaces:
             - eth4
    
  7. sudo netplan generate
  8. sudo netplan apply
  9. reboot

Without my eth1-eth4 devices plugged into a switch, rebooting takes forever.

Pulling 200 Feet of Cable

We wrapped five 200 foot segments of the direct burial line back onto the original spool so we could tape them all together. The paint cans are ballast to keep the spool from sliding around.

Our first pull attempt was thwarted by friction. We yanked it back and greased the nose of the cable and it went through well.

The cables then had to be completely un-spooled again, the opposite end taped, and then pushed through three more short conduit runs. It comes out of the wall in the sound room of the sanctuary.

Dinner Table Network Lab

Because I needed to document my Vlan setup, of course. Serial cable swapped between an OPNsense firewall and a Fedora box. Verified that I don’t have to set Vlans on the host ports to hand out multiple DHCP domains. It does hog switch ports, tho.

Made it Fit

This is a Digium card, clearly intended for a 1U or ATX case. One of my goals is to reduce the number of high speed fans in the lab, so I repurposed my Lanner chassis. Using a typical twist drill bit is a poor choice for the job of an end mill, but it came out ok when I put a rotary steel brush to the aluminum plate.

20180216_152343-asterisk1

Soldered new cabling

20180216_152355-asterisk2

Heat shrinked cable ends fit nicely

Thoughts on Media Hosting

If the recordings are licensed in the public domain, out of copyright, or creative commons, archive.org provides free audio hosting. http://archive.org/about/faqs.php#224

All of the services listed are not a substitute for an offline cold backup, just a reminder. Site content on Amazon or YouTube can disappear because of copyright dispute claims or policy conflicts like Terms of Service violation or other arbitrary policy changes.

Commercial podcast hosting appears to be tiered by upload amount per month; this is a comparison: https://www.thepodcasthost.com/websites-hosting/best-podcast-hosting/

The advantages of some podcast hosting services is that they might have automatically generated RSS feed services, and might provide integration with other podcast syndicators such as rdio.com or stitcher.com. No particular service is better than others at iTunes integration because iirc, iTunes plays by its own rules.

Moving podcast hosting often involves altering podcast feeds which can alter the subscribers content (like flood it with hundreds of ‘unread/new’ items), or make it appear to have stopped updating altogether. It definitely takes some homework to prepare for a move.

Hosting videos can also be done on vimeo.com or anything that hosts files. Video hosting services typically differentiate themselves by their online players (mobile friendly vs High Definition).

Live streaming services are available from both YouTube, vimeo.com, or other services like ScaleEngine.com or Twich. Converting a live stream to a hosted video takes forethought to record the video, sometimes on a separate device.

Robocopy Notes

Install cmder: It’s the nicest shell I’ve seen for windows. Run your console as Administrator. Otherwise you can’t use the /B backup switch. Also rember you need to do a net use command as administrator.

Before you robocopy stuff, setup a dedicated drive letter. The drive letter is only available to the logged in session. So if you have drive p: for Bob, and then you boost your console to Administrator–no more drive p: ! So dont use the users drive mappings: create admin drive mappings.

net use p: \\nas02\backup\ "secret" /user:bob /persistent:yes

Remember to type the password with “double quotes” and not ‘single quotes’. If you type single quotes you may as well be typing capital Xes: they become part of your password.

The net use command to see if you already have a drive share. Close any File Explorer windows open to that server becuase that’s equivalent of have a net use $d /user:anonymous open at the same time, and windows wont cooperate. Mount the directory

There are a lot of switches. We’ll assume a C:\Users directory.

C:\Users\bob> mkdir c:\temp
C:\Users\bob> cd C:\Users
C:\Users> robocopy bob P:\bu-bob\ /mir /ZB /FFT /XA:SH /W:5 /R:2 /dcopy:T ^
 /XJ /XD "Temp*" "cache2" "temporary internet files" "*cache*" /NFL

First try the command without the /LOG switch. The command goes faster with the LOG turned on, do that later. /XF is a pattern to exclude files. Example log option: /LOG:C:\temp\bu.txt. The /NFL will show directories. not files.

The /MT flag is useful, but it prohibits logging, not available on Vista. The /XJ flag should be default, but sadly–no. Juntion points create these really frustrating backup path loops. Use /XJ!