jerwong

I do work for multiple organizations and got tired of having to disconnect/reconnect VPN tunnels each time.

Solution: Raspberry Pi. It's got a single Ethernet port on it which makes it perfect. I used Openconnect since it was compatible with Cisco and PulseSecure (at the time). When you establish a tunnel, the routes come in as "kernel routes" assuming you have a split tunnel. I configured IPTables to NAT masquerade out each interface and I set up Quagga, a routing daemon to talk to my main gateway and redistributed my kernel routes into OSPF. That way, any of my devices can now access any networks they need. I did also have to configure my own DNS server since I needed to resolve the different private networks.

Yes, it's perfectly safe. Keep it patched, use strong ciphers, use key authentication, and set up an IDS like Fail2Ban or CrowdSec.

I use Jellyfin which is similar to Plex. I have it on a Raspberry Pi 4 8 GB. It's perfectly fine if I'm sending H264 but most modern browsers do not support H265 so it forces the server to transcode. That will consume almost all processing power if it's CPU-only and is a very slow process.

I think you need a \ in front of the ;

i.e.: find . -type f -exec md5sum {} \; >> /tmp/foo

Yup. I do the same thing and just use the Jellyfin app to access for instances where H265 transcoding is needed. For mine, I just have a USB 1 TB HD connected

I worked support for an ISP before.

If we didn't provide the router, then we can't support it. There are way too many variables with third-party routers for us to actually do that. In those instances, we would provide one and if it still can't deliver the bandwidth, then we will continue to troubleshoot.

That said, to rule this out, plug your computer directly into their modem or handoff. That's the best way to rule out router problems.

Side note: as someone who loved dd-wrt, I stopped using it because it was slow. Third party firmware is awesome since they add a ton of functionality but you lose a lot in performance when you do that.

I think you actually want some sort of intrusion detection where it will log recognized attacks. Logging every single packet coming in, while doable, generally requires a lot of resources and storage.

I use >!.cunt!< for my local TLD. Stands for Can't Use New Technologies from IT Crowd.

It makes it comnical when I let friends onto my wifi.

Check the sync speed on the interfaces and look for any errors incrementing. You might have a bad port or a bad cable somewhere causing it to sync at 100Mbps.

Set up a reverse tunnel to the outside box that you want to get in from.

For example, from the inside machine:

ssh outsidemachine -R 2222:localhost:22

Then on your outsidemachine:

ssh -p 2222 localhost

Maybe run top or something just to keep traffic going across so that firewalls don't drop your connection.

For billing purposes, I've been using invoiceninja by adding the mileage rate as a line item and adding the number of miles for quantity. I haven't been able to figure out a better way to do mileage on there.

I'm doing something similar except now I'm running out of space on my 1 TB volume. Now I need to upgrade and/or figure out a long term solution to convert to H265. Some of my files have file size differences on the scale of 400 MB vs 2 GB.