Docker

Making a bunch of IPv6 related changes brought on by updated in Docker v28.

I wanted to share how I have historically been handling backups. I have plans to try out things like restic at some point, but since everything is working, I haven’t put the time in to do so. I currently rely on bash scripts which leverage rclone to backup to gDrive, via cron.

I learned a couple days ago that my oldest daughter has been giving out the family SSID password to kids’ friends. I had to (re)explain why this is not allowed and why we have a GUEST network and SSID for GUESTS.

As some of you may know from prior posts, I have a number of external security cameras (and internal) that show up on monitors throughout the house 24/7. To keep things efficient, these camera streams are multicast feeds the monitors subscribe to. Unfortunately, every so often, I need to check the streams on my PC which is in a different VLAN. I was having to access the unicast streams and I wanted to work out getting multicast to work across vlan boundaries in OPNsense. Usually, this would be something IGMP and PIM can handle in my world, but I have no Cisco gear in my network and while pfsense has igmp and pimd, OPNsense lacks pimd, so the research began.

As a long-time zwave fan and with most of my home security and other items leveraging zwave, keeping my zwave network optimal is critical for family satisfaction. I was running into an issue where a couple of my further away devices were dying a bit quicker than anticipated and I wanted to get to the bottom of it. Initially, I added some mains powered devices, which also act as routers, to try to fill any potential dead spots, but after 6 months, this didn’t help. I finally decided to check firmwares. I was on 7.17.2 and the current version is 7.18.3, so I started looking at the changelogs/release notes that silicon labs published. I really didn’t see anything outstanding, but some enhancements to wake-up intervals got added, and potentially that could save battery life.

In a regular day on the linuxserver.io discord, we have a lot of people come in with weird vpn setups or just terrible network configurations. They inevitably want to know how to route their torrent client of choice through a vpn while still being able to access the web ui and have their other tools access the client, without also going through the VPN. I’ve always considered this to be relatively simple basic networking and have never given it additional thought. However, with the prompting of some friends/colleagues, I decided to give it a go and see how things went.

I’ve been using the linuxserver.io secure web access gateway (SWAG) coupled with Authelia as my identity provider for quite some time. It works extremely well and I’ve been very pleased not only with the application itself, but also with the support from the authelia devs. That said, there are some features I wish authelia had that they do not yet. The biggest feature is SAML support. As many of you know, I focus heavily on Cisco Unified Communications. Cisco UC supports SAML SSO and I haven’t had anything in my lab that would let me tinker with this. Authentik can do everything authelia does plus some extras, which include SAML. I will say that I am typing this as I wing setting it up and I can already see that authentik is not as simple to configure/deploy as authelia. As a note, since I am documenting this as I do it, I will include any mistakes and how i resolve those mistakes. This is my first time touching authentik and I am purely going off the documentation available at https://goauthentik.io/docs/.

It’s been quite a while since my last post, but I wanted to cover something I had tinkered with a few times and finally got to a state I’m ok with. IPv6 in docker containers. For my testing, I will be using linuxserver.io containers, as being part of the team allows me to easily fix anything that prevents full functionality. I guess to start, a big thing I found is most ipv6 guides, including the official documentation, tells you how to enable ipv6 for the default bridge. As we all know, the default bridge is trash, it doesnt work like a custom bridge and causes a number of issues. You may also see guides that lead you to setup nds proxy which works, but it introduces a HUGE amount of latency. When I tested the NDS proxy method, i couldn’t stand how slow it was and quickly reverted the change. So, let’s get into how I set it up, note that I am not claiming to have the best method, the most efficient method, the most secure method or anything of the sort. This is just how I set it up to get what I wanted working in a way I was OK with.