OPNsense: OpenVPN automatic gateway creation

Note: The title is actually a little bit clickbait. On pfSense the config option is called “gateway creation”. This option is missing on OPNsense. I had to reimplement the functionality. The audience for this blogpost are advanced users. Knowledge you must have: How VPNs work, especially OpenVPN (inside vs outside tunnel, tunnel network) How IP routing works General configuration of OPNsense Connecting via ssh to your OPNsense and CLI basics (UNIX permissions, creating files, navigating the filesystem, etc) If you don’t have the required knowledge you may misconfigure something. Weiterlesen →

Using audio fingerprinting to find game SFX files

This post continues my journey to extract the Read Dead Redemption 2 Blackjack dealer and player sounds from the game files. Yesterday I’ve written down how I tried to use speech to text with a pre-trained/machine learned set to get a searchable text. That did not go so well. Please read the other post first, because I will pick up some references here. Otherwise you might not get what’s going on. Weiterlesen →

Using speech to text to find game SFX files

I bought Red Dead Redemption 2 a few weeks ago and got addicted to the Blackjack minigame. I’ve never played Blackjack before but it is an interesting game. Out of boredome and as a proof of concept I’ve developed a simple CLI version of it one evening. On the second evening I added computer controlled players, doubling and splitting. Then I decided I wanted to move the frontend to the browser so I could play with my friends. Weiterlesen →

OPNsense: Tayga NAT64/DNS64 installation

Have you ever dreamed of running a pure IPv6 only network? I have. But until the IPv4 defenders finally kick the bucket we have to rely on transition methods. In this case NAT64 in combination with DNS64 so IPv6 only hosts can talk to IPv4 legacy systems transparently. And here is how you can do it with OPNsense and the help of a recursive BIND resolver. With OPNsense 20.1.1 Michael (🖇️ 🔐) built a plugin for the NAT64 application tayga. Weiterlesen →

Subjectmilter: A postfix milter to reject bad words in a subject

TL;DR: SpamAssassing is an ancient, bloated software. I like go and wrote my own milter. Background story I’m running my own mailserver for a couple of years now and hardly received any e-mail spam. Of course it was quickly discovered and spammers tried to relay over it which is of course blocked. A year and a half ago I started to receive a few spam mails, because I posted my e-mail address unprotected on this blog. Weiterlesen →

Pi-hole: Returning NXDOMAIN is a bad idea

I’ve found that Amazons Fire TV is spamming my Pi-hole trying to resolve secure-eu.imrworldwide.com every three seconds. Here is how it looks like in the graphs: The blue spikes is the Fire TV which was not in use throughout the day and should be on silently on standby. However it tries very eager to reach a tracking service. Bad Fire TV! Shame! By default Pi-hole is returning or :: for blocked domains. Weiterlesen →

Arch: Primary script unknown after upgrade to 7.4.0

Do you know that? Everything is running fine, you update, reboot and it’s fucked up? Normally that doesn’t happen on Arch :-) But on a friday night it has to happen to me. What happened exactly? After the reboot I’ve found the following log message: *26 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream And of course the PHP application was not working anymore. Googling this error message leads to one solution: You have to set SCRIPT_FILENAME as FastCGI parameter. Weiterlesen →

WireGuard: "Error: Unknown device type" on Archlinux

Do you also have the following problem after installing wireguard-tools and wireguard-arch? [root@test ~]# ip link add dev wg0 type wireguard Error: Unknown device type. No, you didn’t do anything wrong! Yes, that’s the right way to install WireGuard on Arch! So why isn’t it working? The fix is pretty simple: Update your fucking system! [root@test ~]# pacman -Syu :: Synchronizing package databases... core is up to date extra is up to date community is up to date :: Starting full system upgrade. Weiterlesen →

RAID 0 with 3 disks: md/raid0: please set raid.default_layout to 1 or 2

Today was time for a backup. I’ve recently increased my RAID 0 with a third disk for more space. Adding the disk was already a pain in the ass and it seemed that I fucked up again. Last time I did a backup was round about a month ago. So today I attached the three disks again and the RAID would not build. A mdadm --detail gave me: [root@homeserver ~]# mdadm --detail /dev/md127 /dev/md127: Version : 1. Weiterlesen →

OPNsense: Route subnet over VPN

The piracy rate of movies and TV series dropped significantly after Netflix made its breakthrough. With one monthly subscription you had access to a huge amount of content just one click away. It has never been easier and comfortable. Congratulations to the publishers for stepping out of your comfort zones. Your loss of piracy was reduced quite a bit. But you greedy bastards are pushing your customers towards piracy again. You enforce geoblocking or don’t license your stuff to established streaming servives. Weiterlesen →