My IT Adventures!

Making a bunch of IPv6 related changes brought on by updated in Docker v28.

I wanted to share how I have historically been handling backups. I have plans to try out things like restic at some point, but since everything is working, I haven’t put the time in to do so. I currently rely on bash scripts which leverage rclone to backup to gDrive, via cron.

I learned a couple days ago that my oldest daughter has been giving out the family SSID password to kids’ friends. I had to (re)explain why this is not allowed and why we have a GUEST network and SSID for GUESTS.

A work project required some compatible items that were not being used properly in some cases or just forgotten. This is my start of the project. I used YAML to present the data in a structured format (because I hate json).

As some of you may know from prior posts, I have a number of external security cameras (and internal) that show up on monitors throughout the house 24/7. To keep things efficient, these camera streams are multicast feeds the monitors subscribe to. Unfortunately, every so often, I need to check the streams on my PC which is in a different VLAN. I was having to access the unicast streams and I wanted to work out getting multicast to work across vlan boundaries in OPNsense. Usually, this would be something IGMP and PIM can handle in my world, but I have no Cisco gear in my network and while pfsense has igmp and pimd, OPNsense lacks pimd, so the research began.

As a long-time zwave fan and with most of my home security and other items leveraging zwave, keeping my zwave network optimal is critical for family satisfaction. I was running into an issue where a couple of my further away devices were dying a bit quicker than anticipated and I wanted to get to the bottom of it. Initially, I added some mains powered devices, which also act as routers, to try to fill any potential dead spots, but after 6 months, this didn’t help. I finally decided to check firmwares. I was on 7.17.2 and the current version is 7.18.3, so I started looking at the changelogs/release notes that silicon labs published. I really didn’t see anything outstanding, but some enhancements to wake-up intervals got added, and potentially that could save battery life.

In a regular day on the linuxserver.io discord, we have a lot of people come in with weird vpn setups or just terrible network configurations. They inevitably want to know how to route their torrent client of choice through a vpn while still being able to access the web ui and have their other tools access the client, without also going through the VPN. I’ve always considered this to be relatively simple basic networking and have never given it additional thought. However, with the prompting of some friends/colleagues, I decided to give it a go and see how things went.

Recently, I posted about swapping to 2G service which would move me from alt-optic gpon to xgs-pon and then allow me to fully bypass the ATT ont and not even use 802.11x configuration. I thought it was pretty detailed, but I was asked about some of the outputs during the setup. Fortunately, I kept the notes in my notepad instance and can expand on things. This is an addendum to the original article here.

I’ve been planning on doing this transition for a bit, but I wanted to get things in place and ensure I had a solid plan before executing. I’ll discuss what I had, my plan, and what I moved to here a bit. If any of you have read my previous post, [AT&T Uverse RG Bypass][1], then you know I am a big fan of bypassing the ATT provided RG to use my own equipment. With my 1000/1000 service, the fiber (alt optic unfortunately) came into the ATT ONT, directly to my router (initially ERL3, later ER4) which then went to my core switch to my access switches. The plan initially began to form because rather than faking the 802.1x on my router, I could instead use my own ONT and fully bypass everything ATT had in my home. Some people can do this with GPON 1G or less service, but in the former bellsouth areas, we had alt optic which uses a 1550nm wavelength rather than 1490nm wavelength, so the GPON bypass wasn’t possible for me. My plan was to get a 2.5G+ capable router with sufficient disk, memory, and cpu to handle routing at whatever speed I went with. I ordered two devices: A GW-R86S-G2, and an N6005/4xi226-V

I’ve been using the linuxserver.io secure web access gateway (SWAG) coupled with Authelia as my identity provider for quite some time. It works extremely well and I’ve been very pleased not only with the application itself, but also with the support from the authelia devs. That said, there are some features I wish authelia had that they do not yet. The biggest feature is SAML support. As many of you know, I focus heavily on Cisco Unified Communications. Cisco UC supports SAML SSO and I haven’t had anything in my lab that would let me tinker with this. Authentik can do everything authelia does plus some extras, which include SAML. I will say that I am typing this as I wing setting it up and I can already see that authentik is not as simple to configure/deploy as authelia. As a note, since I am documenting this as I do it, I will include any mistakes and how i resolve those mistakes. This is my first time touching authentik and I am purely going off the documentation available at https://goauthentik.io/docs/.