News items for tag homeserver - Koos van den Hout

2017-07-28 Already doing a casemod on the new home server 1 month ago
The new homeserver 2017 has arrived and I'm working on installing it. But first I had to do my first 'casemod' which was just rerouting a few cables. The case comes with a fan control, but I want all fan control to come from the mainboard and monitor the fans from the operating system. So I disconnected the fans from the case fan control and reconnected them to fan connectors on the mainboard that allow for voltage based fan control and monitoring.

The case is a bit overkill, but looks really good and offers lots of routes for airflow. New to me was that the case has cableguides which allow it to look really nice internally and have really good airflow. So I used those cableguides when I rerouted the fan cables and even tie-wrapped the cables to keep them looking nice.

Tags: ,
2017-04-19 En nu is de MTU wel naar 1500 van de VDSL PPPoE sessie 5 months ago
Recent postte 'Coen' in xs4all.adsl een stappenplan om onder Ubuntu 12.04 de MTU van de PPP verbinding naar 1500 bytes te krijgen. Alle lof dus naar Coen, want met zijn stappenplan is het me wel gelukt en is alles nu doorgaand MTU 1500, wat minder issues zou moeten geven.
Na een gezellig avondje stoeien is het gelukt om dit met terugwerkende
kracht voor Ubuntu 12.04 op te lossen met een nieuwe pppd en pppoe versie.

Voor wie durft en bovendien wat Linux ervaring heeft hier de te volgen

Nieuwe pppd builden:

mkdir ppp
cd ppp
apt-get source ppp
cd ppp-2.4.5/
wget -O debian/patches/zz_pppoe1500
dch -i
dpkg-buildpackage -us -uc

[[ppp en ppp-dev installeren]]

Nieuwe pppoe builden:

mkdir pppoe
cd pppoe
wget -4
tar -xzvf rp-pppoe_3.11.orig.tar.gz
cd rp-pppoe-3.11/
tar -xf ../rp-pppoe_3.11-0ubuntu1.debian.tar.xz
dch -i
dpkg-buildpackage -us -uc

[[pppoe installeren]]

Mtu op 1500 zetten: klaar!
Vanaf een losse client leek toch nog MTU 1492 gebruikt te worden, dus heb ik /etc/radvd.conf aangepast om expliciet MTU 1500 mee te geven:
interface eth0.3
   AdvSendAdvert on;
   AdvLinkMTU 1500;
En dan de verdere opties. En dan werkt het inderdaad:
koos@kernighan:~$ tracepath6
 1?: [LOCALHOST]                        0.018ms pmtu 1500
 1:                                     1.983ms 
 1:                                     1.858ms 
 2:                              17.910ms 
 3:                           17.957ms 
 4:  no reply

Tags: , , ,
2017-02-06 Squeezing a bit more powersaving from Linux 7 months ago
The c't magazine this month had a few tips on linux powersaving. I tried them on the homeserver and saw indeed a very slight reduction in power use as logged by the UPS.

For powersaving in sound card(s):
# echo 1 > /sys/module/snd_hda_intel/parameters/power_save
This can cause plopping sounds on some sound cards.

For powersaving in disk communication:
# cd /sys/class/scsi_host/
# for i in host*/link_power_management_policy; do echo min_power > "$i"; done

Tags: , ,
2017-01-23 Ontbrekende stukje grotere MTU met VDSL op DrayTek Vigor 130 en Ubuntu 8 months ago
Ongeveer een jaar geleden ging ik over op het Draytek Vigor 130 VDSL modem om weer een configuratie te krijgen waar ik maximale controle heb.

Het nog openstaande punt is dat ik de ppp configuratie graag naar een MTU van 1500 bytes wil. En dat dat toen niet lukte in Vigor VDSL modem in gebruik en Xs4all VDSL met DrayTek Vigor 130 VDSL modem en PPP eindpunt op Linux (ubuntu) server.

Wat ik al goed had was de MTU van de ethernet interfaces hoger en het vinkje op de Draytek aangepast. Maar als ik de mtu/mru hoger forceerde in de ppp opties ging het mis.

Nu kwam voorbij in xs4all.general over dit onderwerp:
> 1500 wordt ondersteund door Xs4all en je test eerst bij 1492 welk pakket
> via ping erdoor gaat zonder in stukken gebroken te worden.
> Daarna zet je de MTU naar 1500 en kijkt of je inderdaad 8 bits meer door
> router kunt drukken zonder dat die gebroken wordt.

Wel zorgen dat het apparaat waar je de PPPoE termineert RFC4638
Die moet dan in de PADI een extra tag plaatsen (PPP payload is 1500
bytes), en de BRAS zet dat ook weet in zijn PADO antwoord.
Zo maar een grotere MTU gebruiken gaat niet werken...
De PPPoE sessie komt bij mij vanaf de thuisserver met rp-pppoe. Even zoeken leverde mij op dat voor rp-pppoe met MaxPayload onderhandeling ik minstens 3.11 nodig heb, en bij de huidige ubuntu versie zit nog 3.8. Tijd om een nieuwere versie te testen.

Update: Daarvoor moeten zowel de pppoe binary als de plugin voor pppd bijgewerkt worden, en dat lukt me op dit moment even niet. Gelukkig had ik de oude pppoe binaries expres klaar staan en kon ik dus heel snel terug.
Read the rest of Ontbrekende stukje grotere MTU met VDSL op DrayTek Vigor 130 en Ubuntu

Tags: , , ,
2016-11-10 Backup to .. the cloud! 10 months ago
So I now have some cloudstorage space available also via webdav and I am working on using this for backups. The main idea is to have a daily backup to the cloud service and do the tape backups less often.

I still want incremental backups so I can go back to specific older versions of files. So I want to use amanda for backups. I installed the davfs2 package to be able to mount the webdav filesystem and access it from Linux. The first few clues come from Set Up Virtual Tapes - Amanda Howto but I had to switch to the chg-multi driver as described in Backup to Virtual Tapes on a non-UNIX Filesystem - Amanda Howto because the webdav filesystem does not support symlinks.

I/O performance during the backup isn't ideal and the vdsl uplink is completely full during the filetransfer. Maybe I need to slow down the backup process a bit and ratelimit the webdav transfer.

Tags: , ,
2016-10-26 Ok, allow-hotplug means some other process has to start the interface 11 months ago
Today I rebooted the homeserver greenblatt for kernel updates and noticed PPPoE over VDSL did not come up at all.

It turns out allow-hotplug in /etc/network/interfaces which I added after the previous boot to speed up boottime a bit means something else has to trigger the 'ifup' of the interface. So now there is a ifup pppdray & in /etc/rc.local.

Interesting datapoint is that all IPv6 bindings came up perfectly so I guess that IPv6 bug is triggered by some race condition in configurations of interfaces.

Tags: ,
2016-07-22 Not waiting for dynamic interfaces to come up during boot 1 year ago
I had to shutdown the homeserver greenblatt to allow for work on our electricity meter and I noticed during boot-up it complained:
waiting for network configuration
waiting an additional 60 seconds for network configuration
According to networking - "waiting for network configuration" Problem - Ask Ubuntu this is caused by some error in /etc/network/interfaces but I could not figure out which one until I read about the difference between the auto and allow-hotplug settings for an interface. What I had was:
auto pppdray
iface pppdray inet ppp
        provider dray-vdsl
Which caused the boot process to wait until the PPPoE over VDSL link was completely up and running (which was not going to happen at that time).

Solution, change it to:
# set to allow-hotplug: not needed to boot
allow-hotplug pppdray
iface pppdray inet ppp
        provider dray-vdsl
So the startup continues.

The problem noted at the previous boot Boot-time IPv6 on the homeserver not working was still happening and I had to reconfigure interfaces and restart services to get everything stable, so disabling duplicate address detection did not help.

Update 2016-10-26: Found out using allow-hotplug means I have to ifup that interface some other way: Ok, allow-hotplug means some other process has to start the interface. One learns in slow iterations if you don't want to reboot constantly.

Tags: ,
2016-01-14 Boot-time IPv6 on the homeserver not working 1 year ago
I shutdown and rebooted the homeserver to get an updated kernel and look at some other things. After booting up again I noticed the problem with IPv6 not active on interfaces that started early was happening again. No linklocal addresses configured, no global addresses configured. This affects all ethernet interfaces and ppp0 for the link to the outside world. I also noticed this problem after the upgrade, see Upgrading the homeserver to Ubuntu 12.04 but the problem remains even with an updated kernel (currently 3.2.0-97-generic).

I have no idea what causes this and how to fix it. It seems related to Debian bug #726569: haproxy doesn't start on boot due to missing IPv6 address on interface but in that case the address is configured but just not available to applications to bind to. Related Beware the IPv6 DAD Race Condition - Andrew Ayer suggests the same (duplicate address detection race condition) but has disabling duplicate address detection (DAD) as workaround.

Tags: , ,
2016-01-10 UBA PSK63 prefix contest 2016 results will wait a bit... 1 year ago
It seems there is some internal corruption in the fldigi program I use for amateur radio digital mode connections. Normally this shows as some strange artefacts on the screen, which means it is time to stop and start fldigi, and reset the outgoing serial number to the right number when I am busy in a contest. The more active use during a contest also seems to be a trigger.

Anyway, this internal corruption hit me hard today: right in the last minutes of the UBA PSK63 prefix contest 2016 the program hung during logging an entry, leaving me with a 0 byte logfile on disk, so all records of digimode contacts gone.

I can recover everything and still submit my results: restore the logbook.adif file from tape, add entries created after the last backup from cqrlog and add the serial numbers again to the fldigi contacts log from the fldigi text log since cqrlog copies the logentries from fldigi but without the 'contest' information. But that processing will have to wait a bit as other things take priority. The log has to be submitted before januari 17, 23:59 UTC.

Restoring the file from tape was extra interesting since I just got an error message
amrecover - can't talk to tape server: service amidxtaped: 
from amrecover. This turns out to be a known bug in amanda 3.3.0 in ubuntu 12.04 LTS: Bug #1074574 “known issue: amrecover - can't talk to tape server...” : Bugs : amanda package : Ubuntu and Bug #1077105 “amrecover - can't talk to tape server: service ami...” : Bugs : amanda package : Ubuntu. I applied the changes noted in the bugreports and after that I could restore the file.

Update: The rest of the restore operation was a matter of importing the right records back from cqrlog into fldigi and adding the serial numbers from the fldigi text log. This was just a lot of searching and typing.

Tags: , , , ,
2015-10-26 Warning for the next reboot 1 year ago
Interesting information in the message of the day:
*** /dev/sda1 will be checked for errors at next reboot ***
*** /dev/mapper/vgsw-camera will be checked for errors at next reboot ***
*** /dev/mapper/vgsw-scratch will be checked for errors at next reboot ***
*** /dev/sdc1 will be checked for errors at next reboot ***
*** /dev/sdc2 will be checked for errors at next reboot ***
*** /dev/sda6 will be checked for errors at next reboot ***
Which translates to 'your next system startup will take up to an hour' for me.

This explains why logging in sometimes takes a while: this check probably wakes the disks from sleep some of the time.

I'll go do some of those filesystem checks by hand: I don't want to be offline for up to an hour when I reboot.

Tags: , ,
2015-07-30 Saving a bit on power use: putting disks to sleep again 2 years ago
I noticed one of the harddisks in the home server greenblatt wasn't in standby mode when idle for a long time. This was noticeable since the UPS load value was a bit higher than I expect for a complete idle machine.

A few years ago I set up spindown to set the disks to standby on inactivity and this wasn't happening. A peek at the internal statistics turned out that since the two ubuntu upgrades in april this disk wasn't going into standby mode. It turned out that since the kernel upgrades it doesn't listen to sg_start --stop anymore so I had to change the relevant part of /etc/spindown.conf to:
[Disk 0]
id = ata-WDC_WD15EADS-...
spindown = 1
command = hdparm -y
And a few watts are saved again. The interesting part is that the sg_start --stop command still works fine for the WDC_WD10EADS disk.

Tags: , ,
2015-06-20 A fast-changing security world 2 years ago
At work I reviewed something about TLS security I wrote in May 2014 and noticed I had to make some serious adjustments for the May 2015 state. SSLv3 is no longer accepted, SHA1 is no longer an accepted hashing algorithm and other changes.

This week on the home server greenblatt I had two different impacts from the latest OpenSSL update: SSL communications with the Fritz!Box was failing and SSL in sendmail was failing, both due to the latest insights into the security of the Diffie-Hellman key exchange.

These insights are very very new: in April I did a course in the Certified Information Systems Security Professional (CISSP) common body of knowledge and I learned the default Diffie-Hellman parameters were safe. Now we learn to generate them for each individual system at the same strength as the private key. Knowledge of cryptographic quality ages fast at the moment.

Tags: , , , ,
2015-05-21 A Linux-related radio interference problem 2 years ago
Recently I noticed serious interference very visible on 14.070 MHz. Where it annoyed me a lot since that is the regular frequency for 20 meter PSK31 where I make most of my contacts at the moment. I also saw some interference at 28.120 MHz, the PSK31 frequency in the 10 meter band.

Noise on 14.070 MHz
The noise in the fldigi waterfall, click for the full fldigi screen.
The interference showed as steady carriers about 58 Hz apart and sounded like a serious buzzing noise. The first conclusion was that one of the over the horizon radars decided to drop on that part of the 20 meter band.

But later on the interference stayed at exact the same frequency. And active over the horizon radar is also quite visible on the Utwente websdr as I noted before when I noticed interesting interference in the 10 meter amateur band. This specific interference wasn't visible there.

So I kept searching locally for the source. I was afraid a nearby neighbour was using a new interfering CFL or power supply which would make it hard to diagnose and fix.

My own equipment was also a serious suspect. One piece of hardware that recently changed near the antenna was the monitor for the server. The monitor changed from an old CRT to a less-old LCD screen. The power supply wasn't the culprit, but searching further it turned out the video signal to the monitor was! And then I saw what else changed: after upgrading the homeserver to Ubuntu 10.04 and upgrading the homeserver to Ubuntu 12.04 it started coming up in framebuffer mode. Which has a different video frequency from the 80x50 textmode I used earlier.

The problem goes away completely when I unplug the video cable from the computer. I had an extension cable without ferrite cores because an earlier monitor needed the extra length. Removing the extension cable makes the level of interference drop a lot but it's not away completely. So the solution is to unplug the monitor cable from the computer.

Then things are back to the 'normal' noise level on 20 meters and 10 meters. It's still a city environment.
Listen to audio attachment:
MP3 media: Noise on 14.070 MHz (rightclick, select save-as to download)

Tags: , , ,
2015-04-27 Upgrading the homeserver to Ubuntu 12.04 2 years ago
And to get to a version of Ubuntu with support available I kept doing and did 'do-release-upgrade' again today on the homeserver greenblatt.

Again the upgrade was running for a while. A big improvement is that the process now uses screen so I was able to attach to that running console from other sessions and answer questions.

After the upgrade the reboot came, and after the reboot I noticed resolving was broken. This was traced back to the ppp0 interface for the connection to the outside world and the internal interface for services having started completely without IPv6 support. Doing an ifdown and ifup helped, but this should all start correct automatically.

I noticed the new Postgresql 9.1 is already installed, but Postgresql 8.4 is the default version available over port 5432, so I can do the pg_upgradecluster when I have time for that.

Later I noticed some packages were held back. I traced this back to /etc/apt/preferences still being optimized for Ubuntu 8.04 hardy and hardy-backports. I emptied the preferences file and it all sorted itself out and now everything is up to date.

This was probably the reason Postgresql 8.4 was left installed and active. After the updates above apt-get autoremove was going to delete Postgresql 8.4.
Read the rest of Upgrading the homeserver to Ubuntu 12.04

Tags: , , ,
2015-04-26 Upgrading the homeserver to Ubuntu 10.04 2 years ago
This weekend was about the last weekend that I could have access to Ubuntu 10.04 LTS for upgrading my homeserver greenblatt from Ubuntu 8.04 to Ubuntu 10.04 which will run out of support this month, making it unavailable as an upgrade path. I postponed this for way too long because I expected a lot of work fixing things, especially asterisk which runs our home phone system.

The solution to asterisk was simple: I disabled it and reprogrammed a Gigaset C450IP base to deal with our VoIP provider directly. After all the upgrading is done I'll go fix things with the OpenVox ISDN card in a test machine and when all is stable again I will move things to production.

For the rest it was a matter of typing 'do-release-upgrade' and hope for the best. Reconfiguring packages took the longest and the biggest issue was that the upgrade from Postgres 8.3 to Postgres 8.4 wasn't done automatically but I had to do this myself using the hints from How tu [sic] upgrade Postgresql 8.3 database file to 8.4 - stackoverflow.

The documentation says to do this beforehand but Postgresql 8.4 isn't available before the upgrade and it took a bit of fiddling to have Postgresql 8.3 available after the upgrade. But then pg_upgradecluster ran. It complained about a few tables and the end result I noticed was that those tables were dropped out of the upgrade completely. I re-enabled Postgresql 8.3 and migrated those databases or tables using pg_dump. Not a complete smooth upgrade but I think it went ok.

Tags: , , ,
2015-02-24 More work on getting asterisk to work as an ISDN network terminator on the test server 2 years ago
I dug up all the tools needed to test the isdn setup in the test server: an old sitecom ISDN card with HFC-S chipset, an ISDN cross cable, a fritzbox with external S0 bus and an analog phone set.

It took me a while to get all 3 channels in the ISDN card active in Asterisk, I 'missed' the fact that the oslec echo canceller wasn't loaded due to a module versioning problem. At first it showed:
root@metcalfe:~# lsdahdi
### Span  1: DAHDI_DUMMY/1 "DAHDI_DUMMY/1 (source: HRtimer) 1" (MASTER)
### Span  2: ZTHFC1 "HFC-S PCI A ISDN card 0 [NT] " AMI/CCS
  1 BRI        Clear       (In use)
  2 BRI
  3 BRI
The switch from oslec to mg2 fixed things:
root@metcalfe:~# lsdahdi
### Span  1: ZTHFC1 "HFC-S PCI A ISDN card 0 [NT] " AMI/CCS
  1 BRI        Clear       (In use) (EC: MG2 - INACTIVE)
  2 BRI        Clear       (In use) (EC: MG2 - INACTIVE)
  3 BRI        Hardware-assisted HDLC  (In use)
### Span  2: DAHDI_DUMMY/1 "DAHDI_DUMMY/1 (source: HRtimer) 1" (MASTER)
But whatever I tried: no dialtone. Time to also hook up a SIP phone to initiate calls the other way.
Read the rest of More work on getting asterisk to work as an ISDN network terminator on the test server

Tags: , ,
2015-02-23 Preparing for upgrades and testing speed improvements for my homepage 2 years ago
As part of a needed upgrade on my homeserver I will also have to deal with Apache 2.4 and the changes needed there. Because some other things will change completely like asterisk I used an old server with comparable packages to do the same upgrades and test the results.

As keen visitors to my page may have noticed I am interested in the performance. This test-setup also gives me room to experiment with some possible new methods. I have to establish a baseline on that server first since it has different hardware.
Read the rest of Preparing for upgrades and testing speed improvements for my homepage

Tags: , , , ,
2014-12-09 SSH attacks for accounts ftpuser, admin and D-Link 2 years ago
Loads of mail from fail2ban-SSH on two separate hosts showing random hosts doing ssh attempts for 3 accounts since 18:58 this evening. The pattern looks like:
Dec  9 18:58:04 greenblatt sshd[28304]: Invalid user ftpuser from
Dec  9 18:58:04 greenblatt sshd[28310]: Invalid user admin from
Dec  9 18:58:05 greenblatt sshd[28312]: Invalid user D-Link from
Dec  9 19:06:54 greenblatt sshd[29099]: Invalid user ftpuser from
Dec  9 19:06:55 greenblatt sshd[29101]: Invalid user admin from
Dec  9 19:06:55 greenblatt sshd[29103]: Invalid user D-Link from
And it goes on and on...
Read the rest of SSH attacks for accounts ftpuser, admin and D-Link

Tags: , ,
2014-09-05 Upgrade of the wireless network 3 years ago
I am used to new access-points showing up at home which make us change the channel from time to time, but after getting hickups in youtube video on a tablet for the second time in a week I decided it was time to go dual-band and higher speeds. Good advice was to look at the TP-Link TL-WDR4300 which is dual-radio dual-band with 802.11n support with mimo. The advertised 750 megabit is when you add 802.11n at 300 megabit on 2.4 GHz and 802.11n at 450 megabit on 5 GHz. I'm not setting up extra wide channels on 2.4 GHz since it is busy enough, so I won't be seeing 300 megabit on 2.4 GHz anyway. I set up the network SSID and security on 5 GHz exactly the same as on 2.4 GHz so devices can switch automatically.

Week of wifi signal statistics showing access-point upgrade The weather station computer in the shed also measures wifi signal strength, the difference is clear so the TP-Link also has a stronger signal on 2.4 GHz. The wireless card in the weather station computer can do 5 GHz, but its antenna is tuned for 2.4 GHz and there are multiple walls between the access-point and that antenna.

Tags: , ,
2014-05-07 (#) 3 years ago
Free unscheduled UPS test this morning courtesy of the local electricity company this morning. As logged by the UPS:
Wed May 07 08:47:09 CEST 2014  Power failure.
Wed May 07 08:47:15 CEST 2014  Running on UPS batteries.
Wed May 07 09:27:39 CEST 2014  Battery power exhausted.
Wed May 07 09:27:39 CEST 2014  Initiating system shutdown!
The weatherstation computer for Weather station Utrecht Overvecht doesn't power up automatically, so it's not available at the moment.

It's annoying that my websites are unreachable and Internet access is down. But no money is lost, so there is no reason to invest in backup links and resilient hosting.

Tags: , ,
  Older news items for tag homeserver ⇒
, reachable as PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews, Weather maps