@krisleslie not going to second guess hat you recommended, but on the point of this thread, I do like the simplicity of the Synology NAS for clients. because I know it is easier to hand off to someone else.

@CCWTech said in Client VPN - Openswan / Strongswan:

I have a Ubiquiti USG that I have the Remote User VPN setup on (LT2P with PSK).

Can Openswan / Strongswan connect to that? I haven't found a walk through on the internet.

Background: I am using a Raspberry Pi running Raspbian that I am using to connect to the USG.

That is IPSEC. It is different settings, so not with your L2TP. But yes.

@VoIP_n00b said in IPsec Site-to-Site:

Is using a IPsec Site-to-Site VPN safe?

Using a site-to-site VPN is not safe in the first place. It completely bridges two disparate networks. Allowing an attacker on one network to attack the other network, without anything blocking it.

If you are fully prepared to trust everything on both networks, then sure, use it.

Yes, you need to use only known good ciphers. That is no different than any encrypted communications.

@NashBrydges said in FreePBX Random Trunk Disconnect:

I thought it was just me. I've had the exact same issue with the "wrong password" entry in the log when I know this not to be true. If I reload the console it reconnects. Voip.ms told me to connect to a different server but that just feels like they're avoiding having to solve the issue. It happens every few days.

In order to try and prove them wrong, you need to get a pcap of this when it happens.

@Dashrender said in FreePBX Random Trunk Disconnect:

I don't know what to call it.

Relationship

@Obsolesce said in encrypted email options?:

that takes you to a portal to decrypt it.

No it does not. It makes you log in before showing you the data within a webpage. There is never anything sent encrypted.

@openit said in Install Zabbix on CentOS 7:

I'm about setup Zabbix with above script on CentOS 8.

Do I just need to update the link below, to get latest Zabbix version? all remains same?
http://repo.zabbix.com/zabbix/5.0/rhel/8/x86_64/zabbix-release-5.0-1.el8.noarch.rpm

@JaredBusch

This is a 4 year old guide, no guarantees.

But yes, it will likely be that easy.

Sounds like the printer is in the KVM. It should not be.

@Dashrender said in Web filtering for SMB:

@JaredBusch said in Web filtering for SMB:

@black3dynamite said in Web filtering for SMB:

@dbeato said in Web filtering for SMB:

I have continued to use Untangle, Pi-Hole and Yes NGFW as well. So it depends what you want to use, if DNS you know people can circumvent them outright but it is all up to you.

Wouldn’t you just deny at the firewall from using any dns except for pi-hole?

This will only work for another year or so. Most browsers are going to default to DNS over HTTPS soon.

This is over rideable. So for business it something you can’t overcome.
And MS is also working to update their DNS to be DNS over HTTPS... just need PI Hope to follow suit... then the browser will stick with the DHCP provided DNS.

Can you edit that to English?

@IRJ said in Vultr Mobile App:

You aren't asking the right questions. You are saying "How do I specfically do X?" not "What is the best way to achieve my desired results?."

Managing instances from a mobile is just a bad idea, I understand you are out and about and you may need to run a remote command or two on your mobile. Managing the console does nothing to help you. What you really need is SSH. There are apps that let you save SSH commands so if you needed to restart your database service you could save the command and it do it with a single click. You can automate updates that way or you can use something like unattended-upgrades to automatically do that for you.

In no scenario do I see having an app for Vultr being beneficial. Let us know what problem you are actually trying to solve.

You are missing the point. He was managing the instances. Not the server running in the instances.

Open sngrep on the PBX and look at the packets. You will likely are the traffic heading for the 10.

Enable NAT everywhere.

@scottalanmiller said in How to Connect Power Disable SATA Drive to Dell Inspiron 5676:

@pmoncho said in How to Connect Power Disable SATA Drive to Dell Inspiron 5676:

@scottalanmiller said in How to Connect Power Disable SATA Drive to Dell Inspiron 5676:

@Pete-S said in How to Connect Power Disable SATA Drive to Dell Inspiron 5676:

@scottalanmiller said in How to Connect Power Disable SATA Drive to Dell Inspiron 5676:

Confirmed, snipping the orange wire (I needed help as I can't see orange) did the job, drive showed up immediately.

Congrats! I wasn't sure you'd be up for the task. A lot of people are afraid to make permanent changes to their equipment.

You can't believe how much pushback I got from @Dominica and @pchiodo about snipping a simple cable on a $2 SATA extension part! For me, it was a no brainer once knowing what it was. But they were up for spending hundreds of dollars to avoid snipping that wire. And it isn't even hard wired to the power supply or anything it's literally just a SATA extension piece! lol Like $2 tops if you don't shop around.

I would have been with @Dominica and @pchiodo on this. Electric scares me. I would think snipping the wire would cause a spark while I wasn't home and come home to a few burning cinders.

That was mentioned as a concern. lol

FFS people need to just STFU if they don’t know how electricity works.

@scottalanmiller said in What backend for NodeBB in 2020:

PostgreSQL might be coming. Julien is considering it. That was like the last three days I spoke to him about it.

I saw you were active over there lately

Jared's Guide to CID

Never pay your carrier for the CID lookup. Math is math. All carriers charge a lookup fee per call. This is a stupid thing to pay for.
Pay a service like OpenCNAM instead. This way yo only make CID looups (and pay for them) when you need to.

Within FreePBX I always recommend the use of the CID Superfecta for this reason. It has an adjustable cache setting (in days). All inbound calls check the local Superfecta database first. If the number is fond and not stale, it returns the cached value and never does an external lookup.

This can save a significant amount of money over time.

@AshKetchum said in Dish Network Alternative:

So our Dish network is down and not sure when it will go back. We are outside US, our TV system diagram is like this --- DISH > Encoder (HDMI to IP) > Enseo System/IP network > STB > TV. SInce our source channel Dish is down, can i use roku as source channel? is there a roku channel that continuously going to play movies?

Let me make sure I understand the flow here...

Because you have DISH, that means you are paying a subscription fee. Well someone is. Whoever in the US has the DISH setup on their property.

You are then converting DISH to IP by taking the HDMI output from the DISH set top box?

Then you are puling that data down from wherever you are not in the US to another set top box?

That you then watch with your TV?

That sounds overly complicated, but sure, you can use anything you want as the source, as long as it outputs HDMI to connect to your encoder.

But if you go ROKU, why not just have it locally?

@beta said in Router/firewall recommendations for small branch office:

@Dashrender I actually haven't talked to my Shoretel guy yet ha. I just figured this would be best because then I could get some trunks for the branch office and they could have phone service/911 if the VPN was ever down.

If I run everything over VPN, how would you suggest handling 911?

If you network is down to outside factors you don’t get in trouble for 911 calls not completing. That has never been a thing. POTS goes down all the time.

@Dashrender said in Force Microsoft Store apps to update:

@Obsolesce said in Force Microsoft Store apps to update:

@JaredBusch said in Force Microsoft Store apps to update:

I've been hitting a bunch of machines lately that need updated and one thing I noted was that the Store apps were seeming to never update by themselves while I had the device.

I could manually log in and open the Store app, and then click through to the updates and then tell it to update. But man that is a pain..

A little searching and I found this gem. Execute this, it takes a while to return, and then the Store apps begin to update in the background immediately.

Get-CimInstance -Namespace "Root\cimv2\mdm\dmmap" -ClassName "MDM_EnterpriseModernAppManagement_AppManagement01" | Invoke-CimMethod -MethodName UpdateScanMethod

Why don't you just turn on the update apps automatically option?

There's also a policy setting.

I thought that was ON by default?

I assume it is. Because systems do eventually update. The key there is eventually....

@scottalanmiller said in Router/firewall recommendations for small branch office:

Moving from EdgeOS to UnifiOS

Having it be customized EdgeOS made the original USG a total piece of trash.

@Pete-S said in Is certbot the best way to handle Let's Encrypt certs?:

Is installing certbot the best way to handle setting up and renewing Let's Encrypt certs?

That depends. ACME is an open standard for requesting things. Certbot though is the most prolific solution.

Obviously you will need to renumber these rules and adjust IP addresses.
destination address 12.34.56.78 = your public IP if you have a dynamic IP from your ISP and use DDNS you can tell it to use the interface address like this destination group address-group ADDRv4_eth0

# enter config mode.
configure

# First you will need a firewall rule as there will not be a "magic" one from port forwarding.
set firewall name WAN_IN rule 40 description 'Allow HTTPS to Nextcloud'
set firewall name WAN_IN rule 40 destination address 192.168.1.100
set firewall name WAN_IN rule 40 destination port 443
set firewall name WAN_IN rule 40 log disable
set firewall name WAN_IN rule 40 protocol tcp
set firewall name WAN_IN rule 40 state established disable
set firewall name WAN_IN rule 40 state invalid disable
set firewall name WAN_IN rule 40 state new enable
set firewall name WAN_IN rule 40 state related disable

# set up the normal destinaiton port forward NAT rule for external traffic.
# there is no source rule, because that goes out with the standard masquerade.
set service nat rule 20 description 'Inbound HTTPS to Nextcloud'
set service nat rule 20 destination address 12.34.56.78
set service nat rule 20 destination port 443
set service nat rule 20 inbound-interface eth0
set service nat rule 20 inside-address address 192.168.1.100
set service nat rule 20 inside-address port 443
set service nat rule 20 log disable
set service nat rule 20 protocol tcp
set service nat rule 20 type destination

# now setup the hairpin port forward, note that it is both a destination and a source rule.
set service nat rule 1000 description 'Nextcloud Hairpin'
set service nat rule 1000 destination address 12.34.56.78
set service nat rule 1000 destination port 443
set service nat rule 1000 inbound-interface eth1
set service nat rule 1000 inside-address address 192.168.1.100
set service nat rule 1000 inside-address port 443
set service nat rule 1000 log disable
set service nat rule 1000 protocol tcp
set service nat rule 1000 type destination

set service nat rule 5011 description 'Nextcloud Hairpin'
set service nat rule 5011 destination address 192.168.1.100
set service nat rule 5011 destination port 443
set service nat rule 5011 log disable
set service nat rule 5011 outbound-interface eth1
set service nat rule 5011 protocol tcp
set service nat rule 5011 source address 192.168.1.0/24
set service nat rule 5011 type masquerade

# nuke all traces of port fowarding, the GUI sometimes leaves bits.
delete port-forward

# commit without saving. in case you fuck things up, this lets a reboot put it all back.
commit

# Assuming it works in testing save and exit config mode.
save;exit