Keepalived and libvirt MACVTAP network interfaces

Keepalived is a routing software written in C that can be used to setup load balancing and high availiability for Linux machines. NOTE 1: For the sake of simplicity, in this exampe we will consider a cluster of two CentOS Stream virtual machines with firewalld and iptables disabled. NOTE 2: virtualization host is Fedora 33 server with libvirt and qemu/kvm. CentOS Stream Install keepalived: $ dnf install keepalived Add nginx repo to the system: repo. …

Posted on

Wireguard VPN Linux and IOS setup guide

Wireguard is an open source software and communication protocol which aims to provide a simpler and safer alternative to OpenVPN. Compared to OpenVPN both client and server configuration are much simpler and mantaining a PKI is also not required. Performance wise Wireguard is also faster than OpenVPN. SERVER: Debian 10 (Codename Buster) As of today Wireguard is not included in Debian 10 stable repos, so it is required to enable backports to install it: …

Posted on

LUKS encrypted TGT ISCSI target and initiator

After the CentOS fiasco (good job Redhat/IBM) and since we are more or less in lockdown I decided to invest a couple of days to migrate my home infra from CentOS 7 to Debian 10. One of my physical machines, which was also CentOS 7 based, is used as ISCSI target. Debian 10 - Server A.K.A. Target Install the required packages: $ sudo apt-get install tgt dkms Create a device backstore: …

Posted on

OPENWRT first run configuration guide

OpenWRT is a free open source Linux based operating system aimed at networking hardware. Every time the system is upgraded to a newer version using the so called Sysupgrade BIN image every package the user manually installed gets lost; this makes the upgrade process very tedious especially if one does not properly write down all the customization he has made. I don’t use many custom packages but QoS, DNS-over-HTTPS, USB support and vnstat are must have. …

Posted on

Remotely unlock a full disk encrypted Fedora 33 server

Last year I blogged on how to remotely unlock a full disk encrypted Fedora/CentOS server. The software I used, dracut-crypt-ssh, is not supported anymore and stopped working for me on Fedora 32 and 33. A quick DDG search pointed me in the right direction and made me find a similar software that accomplishes the same task: dracut-sshd. $ sudo dnf install dracut dracut-network openssh libblkid-devel gcc $ git clone https://github.com/gsauthof/dracut-sshd.git $ cd dracut-sshd $ sudo cp -ri 46sshd /usr/lib/dracut/modules. …

Posted on

Siemens IOT2050

A few weeks ago Siemens released a very much needed upgrade of the IOT2000 platform; the newcomer is called IOT2050 and is a huge step forward compared to the very very underpowered IOT2040. I have had one for a few days laying on my desk but I just found the time to play with it today. Other than the new hardware, the officially supported operating system also changed from Yocto Linux to Debian Buster (kudos for dropping Yocto). …

Posted on

XMPP audio and video calls

Ejabberd has supported STUN/TURN for quite some time now, this in conjunction with client support can be used to implement one on one audio and video calls. Since version 2.8.0 Conversations Android client added audio and video call functionality by leveraging on STUN/TURN and XEP-0215. The rest of the XMPP world is following the route opened by them, so I expect to see IOS and regular computer XMPP clients to finally implement these new features too in the upcoming months. …

Posted on

Microsoft Teams on Fedora and Wayland with screenshare

Since the whole COVID19 pandemic hoax started a couple of months ago, working from home has become the new hip thing every company brags about on every social media known to humankind. The first step to be able to call yourself a proper COVID19 ready(tm) company is the ability to bother every employees with just a few mouse clicks. So here we are, with Microsoft Teams(tm) and a lot of other not very secure and massively bloated software elected as the center of the office life. …

Posted on