BitPirate

joined 1 year ago
sorted by: new top controversial old
pfsense: Who needs AES-NI? in c/[email protected]
[–] [email protected] 15 points 9 months ago

The company behind pfSense is shady as hell:

https://opnsense.org/opnsense-com/

Also the complete and utter clusterfuck of an attempt to bring Wireguard into the FreeBSD kernel:

https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/

FOSS Deep Packet Inspection software? in c/[email protected]
[–] [email protected] 2 points 10 months ago (2 children)

What kind of ISP are you dealing with?

How do you debug issues with WireGuard? Things usually go great but every now and then my subsonic server stops streaming (or my client stops getting the music) so his never happens on local network b in c/[email protected]
[–] [email protected] 4 points 10 months ago* (last edited 10 months ago)

And maybe PPPoE.

traceroute --mtu 1.1.1.1

Pick the lowest value displayed for F=xxxx like e.g F=1492 and subtract 80.

For my DSL connection the optimal value is 1412.

Good server OS for Jellyfin in c/[email protected]
[–] [email protected] 12 points 10 months ago

nonfree drivers accessible right away

Non-free firmware is included in the Debian installer since Bookworm.

*Permanently Deleted* in c/[email protected]
[–] [email protected] 6 points 11 months ago (3 children)

Do you really know how Wireguard works?

Updating without a reboot only works for wireguard-go. The default implementation runs in the kernel. An update to it would require kernel live patching.

Wireguard doesn't answer to unsigned packets. Using obscure ports or even port knocking is rather pointless. It's indistinguishable from a closed port.

I'd rather take Casaos out of the equation and target Ubuntus' Wireguard stack instead.

CGNAT blocking external access to NAS. Looking to address this plus more. in c/[email protected]
[–] [email protected] 1 points 11 months ago (1 children)

Jellyfin is completely free. I only used it shortly in my LAN environment so I can't give you any numbers. It should roughly be in the same ballpark as plex though.

CGNAT blocking external access to NAS. Looking to address this plus more. in c/[email protected]
[–] [email protected] 1 points 11 months ago (3 children)

You can skip fail2ban for SSH. I missed the important bit. Duh...

Never used Plex but had a good experience with Jellyfin.

CGNAT blocking external access to NAS. Looking to address this plus more. in c/[email protected]
[–] [email protected] 5 points 11 months ago (5 children)

Just a few thoughts:

  • don't cheap out. Building your whole stack on top of free or ultra budget providers is going to backfire eventually
  • check the traffic limits if you want to stream 4k content from your NAS
  • if latency and bandwidth is a concern, you need to select a VPS provider with good peering. This fully depends on your ISP.
  • i'd recommend setting things up with split DNS. Your DNS server would answer with local IPs for queries from within your LAN and with the IP of the VPS for external queries.
  • take a look at AdGuard Home
  • you can skip fail2ban if you go straight for ssh keys
  • 100% wireguard
What is Shizuku, and what can you do with it on your Android device? in c/[email protected]
[–] [email protected] 7 points 11 months ago (1 children)

Aren't auto updates a solved problem? It's only the official f-droid client that doesn't support this.

What are we all using for video chat in 2023? in c/[email protected]
[–] [email protected] 4 points 1 year ago (1 children)

you don't even need an account.

That's sadly not true anymore for their own hosted service:

https://jitsi.org/blog/authentication-on-meet-jit-si/

tl;dr: you need to login with a Google, Facebook or Github login to create a room

Forward IP headers in HAProxy to get the real IP of the client in c/[email protected]
Forward IP headers in HAProxy to get the real IP of the client in c/[email protected]
[–] [email protected] 2 points 1 year ago (3 children)

Why are you running two HAProxy instances? You should be able to forward the traffic on your VPS to your homeserver with a firewall rule.

If that's not an option, this should still be doable using the X-Forwarded-For header. Instead of setting it to single value, you need to append to it:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#syntax

view more: next ›