Docker

I learned a couple days ago that my oldest daughter has been giving out the family SSID password to kids’ friends. I had to (re)explain why this is not allowed and why we have a GUEST network and SSID for GUESTS.

As a long-time zwave fan and with most of my home security and other items leveraging zwave, keeping my zwave network optimal is critical for family satisfaction. I was running into an issue where a couple of my further away devices were dying a bit quicker than anticipated and I wanted to get to the bottom of it. Initially, I added some mains powered devices, which also act as routers, to try to fill any potential dead spots, but after 6 months, this didn’t help. I finally decided to check firmwares. I was on 7.17.2 and the current version is 7.18.3, so I started looking at the changelogs/release notes that silicon labs published. I really didn’t see anything outstanding, but some enhancements to wake-up intervals got added, and potentially that could save battery life.

In a regular day on the linuxserver.io discord, we have a lot of people come in with weird vpn setups or just terrible network configurations. They inevitably want to know how to route their torrent client of choice through a vpn while still being able to access the web ui and have their other tools access the client, without also going through the VPN. I’ve always considered this to be relatively simple basic networking and have never given it additional thought. However, with the prompting of some friends/colleagues, I decided to give it a go and see how things went.

I’ve been using the linuxserver.io secure web access gateway (SWAG) coupled with Authelia as my identity provider for quite some time. It works extremely well and I’ve been very pleased not only with the application itself, but also with the support from the authelia devs. That said, there are some features I wish authelia had that they do not yet. The biggest feature is SAML support. As many of you know, I focus heavily on Cisco Unified Communications. Cisco UC supports SAML SSO and I haven’t had anything in my lab that would let me tinker with this. Authentik can do everything authelia does plus some extras, which include SAML. I will say that I am typing this as I wing setting it up and I can already see that authentik is not as simple to configure/deploy as authelia. As a note, since I am documenting this as I do it, I will include any mistakes and how i resolve those mistakes. This is my first time touching authentik and I am purely going off the documentation available at https://goauthentik.io/docs/.

It’s been quite a while since my last post, but I wanted to cover something I had tinkered with a few times and finally got to a state I’m ok with. IPv6 in docker containers. For my testing, I will be using linuxserver.io containers, as being part of the team allows me to easily fix anything that prevents full functionality. I guess to start, a big thing I found is most ipv6 guides, including the official documentation, tells you how to enable ipv6 for the default bridge. As we all know, the default bridge is trash, it doesnt work like a custom bridge and causes a number of issues. You may also see guides that lead you to setup nds proxy which works, but it introduces a HUGE amount of latency. When I tested the NDS proxy method, i couldn’t stand how slow it was and quickly reverted the change. So, let’s get into how I set it up, note that I am not claiming to have the best method, the most efficient method, the most secure method or anything of the sort. This is just how I set it up to get what I wanted working in a way I was OK with.