Thinkpad T480 firmware update in Linux using fwupd

For the most part I never cared much about upgrading firmware because if it works don’t mess with it is usually my rule. I also don’t care much about having installed the latest version of Intel “““NSA botnet””” Management Engine, it is a piece of trash anyway so I might as well not have the latest updates. But since I have some issues with the NVME drive (very slow reads, it is most definitely dying) I figured a system wide firmware upgrade wouldn’t be a bad thing. …

Posted on

Debian QEMU/KVM bridged networking and VLAN

By default on every Linux distro after installing QEMU and libvirt two kinds of networking are available: NAT: VM sits behind a NAT. MACVTAP: without going into much details it acts more or less like a bridged network, except not really. One of the most annoying limitations is that host to guest communication and vice versa are not really working well. Other important things might be broken as well, like for example VRRP. …

Posted on

Keepalived and libvirt MACVTAP network interfaces

Keepalived is a routing software written in C that can be used to setup load balancing and high availiability for Linux machines. NOTE: hypervisor is Debian 10 (Buster) with libvirt and qemu/kvm, virtual machines also are Debian 10 (Buster). Keepalived configuration Install keepalived: $ apt install keepalived Install nginx, it will be use to check that keepalived is actually working: $ apt install nginx $ systemctl enable --now nginx Configure keepalived: …

Posted on

Wireguard VPN Linux and IOS setup guide

Wireguard is an open source software and communication protocol which aims to provide a simpler and safer alternative to OpenVPN. Compared to OpenVPN both client and server configuration are much simpler and mantaining a PKI is also not required. Performance wise Wireguard is also faster than OpenVPN. SERVER: Debian 10 (Codename Buster) As of today Wireguard is not included in Debian 10 stable repos, so it is required to enable backports to install it: …

Posted on

LUKS encrypted TGT ISCSI target and initiator

After the CentOS fiasco (good job Redhat/IBM) and since we are more or less in lockdown I decided to invest a couple of days to migrate my home infra from CentOS 7 to Debian 10. One of my physical machines, which was also CentOS 7 based, is used as ISCSI target. Debian 10 - Server A.K.A. Target Install the required packages: $ sudo apt-get install tgt dkms Create a device backstore: …

Posted on

OPENWRT first run configuration guide

OpenWRT is a free open source Linux based operating system aimed at networking hardware. Every time the system is upgraded to a newer version using the so called Sysupgrade BIN image every package the user manually installed gets lost; this makes the upgrade process very tedious especially if one does not properly write down all the customization he has made. I don’t use many custom packages but QoS, DNS-over-HTTPS, USB support and vnstat are must have. …

Posted on

Remotely unlock a full disk encrypted Fedora 33 server

Last year I blogged on how to remotely unlock a full disk encrypted Fedora/CentOS server. The software I used, dracut-crypt-ssh, is not supported anymore and stopped working for me on Fedora 32 and 33. A quick DDG search pointed me in the right direction and made me find a similar software that accomplishes the same task: dracut-sshd. $ sudo dnf install dracut dracut-network openssh libblkid-devel gcc $ git clone https://github.com/gsauthof/dracut-sshd.git $ cd dracut-sshd $ sudo cp -ri 46sshd /usr/lib/dracut/modules. …

Posted on

Siemens IOT2050

A few weeks ago Siemens released a very much needed upgrade of the IOT2000 platform; the newcomer is called IOT2050 and is a huge step forward compared to the very very underpowered IOT2040. I have had one for a few days laying on my desk but I just found the time to play with it today. Other than the new hardware, the officially supported operating system also changed from Yocto Linux to Debian Buster (kudos for dropping Yocto). …

Posted on