So you downloaded a git repo, then built the project, and are you running the compiled build from that location?

@JaredBusch said in FreePBX - forward the main phone number when desired:

from Peru (Country Code 51).

lol nice.

@NerdyDad

You can use Loopback Processing also.

https://blogs.technet.microsoft.com/askds/2013/02/08/circle-back-to-loopback/

The FreePBX wiki article had a few optional settings that can be used with either version of the Trunk PEER Details I showed above.

qualifyfreqok=25000 transfer=no trunk=yes

The default qualifyfreqok is 60000. This just makes it qualify more often. This is usually less important on a trunk than an endpoint that uses IAX2.
If you are setting up an IAX2 trunk, you already have tested your internet connection and know it is stable. If not, call me.. I'm more than happy to consult...

The transfer=no is the same as the SIP allow reinvite that hands off a SIP call letting the endpoints not pass the call through the PBX any longer. Not applicable to an interoffice trunk.

The trunk=yes will shave a few Kbps off of each call after the first going over the trunk as it reduces IP header information. You can read all the gory details here. Basically it is not enough to worry about.

@Jason said in One way audio on an IAX2 trunk:

Also did you add the network for the remote site in asterisk?

Found this topic again after checking the IAX2 tag.

Thought I would update with the answer.

This was the problem

@Pete-S said in Local Encryption Scenarios:

@DustinB3403 said in Local Encryption Scenarios:

@Pete-S said in Local Encryption Scenarios:

@DustinB3403 said in Local Encryption Scenarios:

@Pete-S said in Local Encryption Scenarios:

Anyway, in the case of the CPA we are talking about material that is not really sensitive at all.

The data files could be secured the same way as any paper records. Locked in a safe when not in use.

That would be the same as being encrypted, since the lock on a safe = encryption and the physical key = the passphrase to decrypt the drive or data.

Well, in principle only. You can walk away with the encrypted computer but it would be harder with the safe.

In most cases physical security is about delaying. You can smash and grab a laptop from the office window but it would require a lot more time to break in properly and then open a safe before someone shows up.

You have those examples a bit mixed up.

The comparable scenario would be "getting to the data" The physical medium housing that data doesn't matter.

You break the lock, you get the data. If you break the encryption key you get the data.

But a physical lock is likely easier to break and get into whatever than it would to decrypt a encrypted volume.

Reminds me of this classic:
alt text

there is ALWAYS a relevant xkcd

Is there a console port on the back? Might be easiest to connect to that and figure out what the IP address is.

I couldn't find anything about the DVX-8000, but here is a manual for a DVX-1000.
ftp://ftp2.dlink.com/PRODUCTS/DVX-1000/REVA/DVX-1000_MANUAL_1.01_EN.PDF

@bnrstnr said in Pi-hole server involved in a 'DNS Amplification' DDOS Attack:

@DustinB3403 didn't you say the method above would only work for devices on the Pi-Hole's LAN?

The method linked by someone else would, yes. As it's impractical to try to do said linked approach for the open internet.

Again, it's what you would do, but isn't practical because of your scale.

Post 18.

@DustinB3403 said in Pi-hole server involved in a 'DNS Amplification' DDOS Attack:

But the reported issue is that these request appear to come from your devices. IE they are spoofed or are legitimately coming from your trusted network.

Can you setup ingress filtering for this?

This is the approach proposed by Curtis.

@Curtis said in Pi-hole server involved in a 'DNS Amplification' DDOS Attack:

https://freek.ws/2017/03/18/blocking-dns-amplification-attacks-using-iptables/

I used to use a barracuda 300 (for about 6 years) in conjunction with their cloud filtering for our on-prem Exchange 2010 server. I think there were 2 times that they had some sort of issue where they let a crap-ton of spam through, unfiltered.

I have moved to Office 365 and am exclusively using their filtering. I think barracuda was better at filtering. Especially, when it comes to phishing messages that pretend to be from Microsoft's services. You'd think that Microsoft would be able to catch those better than anyone. Not in my experience.

@scottalanmiller said in Should I bother to learn Windows Storage Spaces and what about Glances export?:

@PhlipElder said in Should I bother to learn Windows Storage Spaces and what about Glances export?:

@scottalanmiller said in Should I bother to learn Windows Storage Spaces and what about Glances export?:

@PhlipElder said in Should I bother to learn Windows Storage Spaces and what about Glances export?:

HCI or disaggregate with Hyper-V and SOFS S2D are they way we're deploying now. So, the whole conversation is essentially moot.

Not really HCI as described with the DataOn. That's just a software RAID version of the non-HC model.

HC has always meant physical convergence.

I believe I referred to the DataON setup as "Converged" or sometimes "Asymmetric" not Hyper-Converged which is what Storage Spaces Direct is when running with both Storage Spaces and Hyper-V on the nodes.

I see. Asymmetric is a decent term. What about it is converged, though? It seems "unconverged", if you will. Other than the software RAID running on the storage nodes.

"Converged" in this case refers to both Hyper-V and Storage Spaces running on the nodes to provide virtual machine and storage cluster based arbitration.

As with many things in Linux... the simple answer makes sense. Windows introduces all kinds of risk and complexity to keep you from simply copying a VM. Linux just keeps it simple.

That put 4.19.13 back and now it boots

[jbusch@naggaroth ~]$ sudo dnf upgrade --refresh [sudo] password for jbusch: Last metadata expiration check: 0:00:01 ago on Mon 07 Jan 2019 11:31:06 AM CST. Dependencies resolved. ================================================================================================================================== Package Arch Version Repository Size ================================================================================================================================== Installing dependencies: kernel x86_64 4.19.13-200.fc28 updates 102 k kernel-core x86_64 4.19.13-200.fc28 updates 24 M kernel-modules x86_64 4.19.13-200.fc28 updates 28 M Transaction Summary ================================================================================================================================== Install 3 Packages

c8f5c09a-b49c-480f-943f-1faf6c8aed5e-image.png

@scottalanmiller lol

Different scenarios will use this differently. In places where the batteries get run all the way down regularly, Lithium Ion are likely to hold up really well, the same places that kill Lead Acids. but places that basically never have that happen, I bet that they wear out quickly.

https://mangolassi.it/topic/18677/windows-server-2003-cluster-dead/

@JaredBusch said in Metered SIP calling:

@DustinB3403 said in Metered SIP calling:

@JaredBusch said in Metered SIP calling:

@DustinB3403 said in Metered SIP calling:

@JaredBusch just taking this with a grain of salt, but the usage isn't including what they had to pay for the service. Correct?

So their total would be closer to ~$500/month, right?

WTF are you talking about?

Per site the average spend prior to this was ~$500, correct? And now they are spending ~$200 so it's a $300/month savings.

No?

Doesn’t work that way. There were two bills totaling $1,000. Now there is a single bill averaging $200.

Oh!! I completely misunderstood. So that's a much larger savings.

Don't have that keyboard/mouse. But I have not experienced anything like that.

@gjacobse said in Edgemax VPN - Followup.:

set vpn l2tp remote-access idle 1800

Is this needed? Does this 'time out' and auto-log off the user?

It should time-out the user if no traffic for 1800 seconds (1 hour)

set vpn l2tp remote-access ipsec-settings ike-lifetime 3600 set vpn l2tp remote-access ipsec-settings lifetime 3600

These are IPSEC timeouts for renegotiation.

@JaredBusch said in MeshCentral - Unable to update:

@scottalanmiller said in MeshCentral - Unable to update:

@DustinB3403 said in MeshCentral - Unable to update:

@scottalanmiller said in MeshCentral - Unable to update:

Non-MongoDB install here. Update went smoothly.

Didn't mongoDB just change their license too, to something so practically insane that using MongoDB for even free and open source projects makes it worthless to consider?

Nope. They just made it only make sense for open source projects.

Yes, they fucked it all up. But as long as everything is open source, it seems to still be ok to use.

Yeah. For open source, it works fine. The physical product is good, but just not the license.

Have to say, we've been testing Atlas, their "paid" service and it is unstable. So even their paid for product, if you pay to make it okay for non-open source projects, isn't viable. Like seriously unstable. We've had more outages in three weeks of testing with Atlas on Amazon AWS, then we've had with our in house MongoDB on Linode in five years!

FFS, so much stupid going all left, right, and center..

What are the WAN speeds involved. Ubiquiti sells nice gear, but there are potential speed limits depending on router configuration. UTM at home? WTF is the point of such a complicated setup. There is no good free UTM anyway. WTF are you doing for backups that is not already encrypted before going over the wire? You don't need a VPN for back ups. You have an old Ubiquiti router but didn't say shit about the model. As mentioned it is a ROUTER, if you hated it because it didn't massage your dick, then that is your fault for not knowing WTF you bought. There is not a single model of Ubiquiti router that cannot be upgraded to the current firmware. Software routers are silly things that burn power and time.

So what should you do?

Depending on your WAN speed needs, buy a Ubiquiti or Mikrotik router that will handle the needed speeds. I personally recommend the Ubiquiti ER-X for "technical" home use first, then the Ubiquiti ER-4 if you need more speed with the QoS enabled.

For normal home use, I recommend the Ubiquiti Amplifi Instant Mesh System for $179.

Buy a RaspberryPi 3 kit with case and card for $50 someplace and install Pi-Hole. Setup your Router to send all DNS to the Pi-Hole.

Setup MeshCentral for remote support

Setup ZeroTier for any point to point "vpn style" needs you may have.