@scottalanmiller said in Linux Copy a Disk Over SSH with DD:
This is a really handy command when you need to get an image of a filesystem to a remote machine.
ssh [email protected] "dd if=/dev/sda" | dd of=mydisk.img
Going to use this today. Do you have to boot into "rescue" mode to do this? Or can you run this right from the live running system that you are copying from?
This one was interesting to get to the bottom of. @JaredBusch With the VPN tunnel enabled, the phone system was trying to send RTP to the phone on the internal IP. There is a setting in FreePBX on the extension level called "RTP Symmetric". Normally, this is set to yes. I changed it to no and the audio started flowing normally. However, I didn't like this solution. So, as a test, (and what I should have done from the beginning) I blocked all outbound traffic FROM my phone system, to any local network. (10.x, 172.16, 192.168, etc) This immediately solved the issue. I did not yet do a packet capture AFTER the fact to confirm, but I am assuming that blocking the PBX's ability to get to an internal private IP, forces the system to renegotiate and send the RTP to the correct public IP.
Definitely an odd issue.
@dbeato said in Site to Site VPN - not passing audio traffic properly:
@fuznutz04 what happens when you disable the routing? Does it work? If it does then you can pinpoint it to your routing making it all go through the other end of the VPN WAN.
Yep disabling the VPN (disabling the VTI interface on my office router ) immediately makes it work. So technically, I didn't disable the route, but I downed the VPN tunnel.
On the Edge router, is it possible to route just the SIP and RTP traffic out of the public interface and NOT have that specific traffic go through the tunnel?
So the title kind of sucks, but here it goes.
I have 2 sites. Office (Edge router) and COLO (Edge router). I have my PBX down at the COLO. I previously connected my phones at the Office to the PBX down at the COLO via public IP. (Meaning the phones connected to the public IP of the PBX) No NAT down at the COLO. Everything was working perfect.
I now setup a site to site VPN between the 2 sites. Now, whenever I have a phone call, I have 1 way audio.
The office network is a 10.0.0.x/24 network, and the only thing I can think of right now that would be causing this, is the static rule that I setup down at the COLO firewall that says anything destined for 10.0.0.x/24, route out interface VTI0. But why is the audio trying to be sent to the 10.0.0.x/24 network in the first place? Shouldn't Asterisk be sending the audio back to the public IP address:port at my office? I wouldn't think that it should be trying to send it through the VPN tunnel.
I have to do some packet captures at multiple points here to really pin point what is going on, but has anyone else ever experienced this?
**Side note: If I change my phone IP to 10.0.5.1/24 (different local subnet), the audio traffic works perfectly.
@travisdh1 said in Web filtering for SMB:
Easiest, fastest, use Cloudflare DNS
1.1.1.2 and 1.0.0.2 blocks known malware sites
1.1.1.3 and 1.0.0.3 blocks malware and porn sitesPiHole is good if you want an easy local solution.
That's great. I didn't know they came out with 1.1.1.3. That's awesome!
@DustinB3403 said in Web filtering for SMB:
Are you looking to block content, like online gambling, porn etc? PiHole does an amazing job out of the gate and makes it pretty easy to do this if you want something quick and simple to setup and maintain.
I use Pi-Hole at my house. Good idea. I'm looking to block accidental stuff. Want to do what I can to keep malware, etc out as much as possible.
Does anyone use Web filtering in the SMB space ? If so, what is recommended for a small (less than 10 person) office? A Ubiquiti Edge router is on the edge, but if you would want to then filter web traffic through a box that filters and also monitors, what are people using? I previously used untangle back in the day, but have not worked with any web filters since then. 100% not interested in a UTM.
@JaredBusch I use Zerotier every day, and I completely forgot about this. Thanks!
@Dashrender @notverypunny Good idea. I already changed the power settings on the home computer months ago, but if a recent Windows update changed them, I'll check that out too. Randomly change settings I specifically set...thanks Windows.
I have a friend that has a small business. (2 people) They have an office PC and a home PC. She needs to remote into her home PC from her office PC on a daily basis. Previously, up until last week, I had them connecting via AnyDesk. This was starting to have issues and would be super laggy and would disconnect occasionally. So, I installed Screen Connect as a test and installed an agent on the Home PC. Then from the office PC, I would connect to the home PC. This worked well during my 15 minute test session when I installed it.
However, They are telling me now that many times a day, they attempt to connect to the home PC running the agent and just get the message "Waiting for your guest." Does anyone else get this with screenconnect agents?
Is there a better alternative for basic, remote access? (preferably free)
OK, we have success!
Steps to resolve:
On the DC I was having issues with at the main site, I stopped the KDC Service (Kerberos Key Distribution Center Service)
Then I ran this:
NETDOM RESETPWD /Server: <Domain Controller Name> /UserD:<Domain Admin Username> /PasswordD:<Domain Admin Password>
After this, all of the strange event viewer errors in the DNS log, AD log, etc were gone. I can now successfully replicate across sites as well as join PCs to the domain. I'm not sure why this happened in the first place, but this fixed it.
Thanks for all the help!