Upgrading Proxmox VE with no valid license

By default, Proxmox VE cannot be upgraded via web UI unless you have the valid subscription license. The license is not that expensive and it is actually recommended if you are using this in a production environment.

If you see the Figure 1 banner when you log in, then you do not have a valid subscription going.

Screen Shot 2018-01-27 at 3.02.18 PM

Figure 1

Now, I am using my PVE in a lab environment and does not need a support in case of disaster happens. Your use case could be different than mine. Anyways to do this, you would need to have access to the shell or SSH into the PVE.

We need to disable the enterprise repository. Navigate to /etc/apt/sources.list.d/ and nano the file name pve-enterprise.list. And commenting out the line deb https://enterprise.proxmox.com/debian/pve stretch pve-enterprise. Basically, just add the sign # at the beginning of the line.

cd /etc/apt/sources.list.d/ 
nano pve-enterprise.list

#deb https://enterprise.proxmox.com/debian/pve stretch pve-enterprise

Once done, we need to add the No-Subscription repository so that we can update our Proxmox VE server. To do so, navigate to /etc/apt/ then edit the source.list.

Add paste these lines:

deb http://ftp.us.debian.org/debian stretch main contrib

# security updates
deb http://security.debian.org stretch/updates main contrib

# no subscription update
deb http://download.proxmox.com/debian stretch pve-no-subscription

This is it. You should be able to update your PVE server with no valid subscription license.

Donations are always appreciated.

BTC: 14wVPFBWNAKmfNsgUrPpw8EytkXFLjxYoU
ETH: 0x8528793dF77a57186f5B15dA6DC1eaA3c5e92c4a
LTC: LMpW2rGYnYdUwvnHA4huB6TGcPEEc1JzXw
NAV: NM7c5u8Vius5UJWtCdTdQxgKT9F3PpTXbK
Any ERC-20 (tokens/coins): 0x9f337F9e0796eD3af5ccF0332674fD1eaDfA03BC

Thanks

Advertisements
Posted in Misc., Proxmox, server, troubleshoot | Tagged , , , , , , , , | Leave a comment

Digoo NVR – update

Happy 2018 everyone! A couple of weeks ago, I posted unRaid and Surveillance Station. I just want to update about what I said about the Digoo NVR. After messing with my Digoo NVR, I realized that I can download and play the recorded videos via the Windows (Internet Explorer with ActiveX) and XMEye IOS and Android app. I can configure the NVR via xmeye.net

To tell you the truth, I am starting to like this NVR for a number of reasons.

  • It is cheap
  • Small profile
  • Supports up to 4TB HDD
  • ONVIF

The downside that I can see with this is the ActiveX and Internet Explorer requirements. I just wish that there is a native app for OSX and Linux. Who uses IE anymore these days?

Anyways, I am using this NVR as a headless NVR. I was configuring it via the xmeye.net, I think it is easier that way. The only thing I did was set-up an account at xmeye and configured the IP address of the box. Once the box is online, I configured it via xmeye.net.

Cheers!!!

Donations are always appreciated:

BTC: 14wVPFBWNAKmfNsgUrPpw8EytkXFLjxYoU
ETH: 0x8528793dF77a57186f5B15dA6DC1eaA3c5e92c4a
LTC: LMpW2rGYnYdUwvnHA4huB6TGcPEEc1JzXw
NAV: NM7c5u8Vius5UJWtCdTdQxgKT9F3PpTXbK
Any ERC-20 (tokens/coins): 0x9f337F9e0796eD3af5ccF0332674fD1eaDfA03BC

Thanks

Posted in Misc. | Tagged , , , , , , , , , | Leave a comment

unRaid UniFi Docker container – STUN Communication Failed error

Here is the summary. If you are getting this STUN Communication Failed error, you can easily fix this by allowing 3478/udp inbound to your controller.

Sounds easy, does it? Well, there are two things needs to be done here.

  1. Allow the port 3478/udp from the UniFi AP to UniFi controller
  2. Open the ports on the controller to receive 3478/udp

Before we start, the version of the Docker container that I have is 5.6.26. At the time of this writing, I am using the latest version and my APs are at 3.9.15.8011 which is the latest version as well. At this point, the Docker container available for unRaid has not added this update yet by default.

Let’s get started. I am using Juniper SRX for my home firewall, yours is probably different, but the concept should be the same. Basically, we just need to allow port 3478/udp from the AP to the controller. In my case, I have a security policy in place already to allow my AP and controller to communicate with each other. Therefore, I added port 3478/udp to the existing security policy.

Now, since the unRaid Docker container has not added this port, we would have to open this ourselves. To do so, navigate to Docker tab and open the UniFi settings then scroll down to the bottom and click on + Add another Path, Port or Variable

Then copy the settings shown in Figure 1

 

Screen Shot 2017-12-23 at 7.19.43 AM

Figure 1

 

Click Save then Apply

The UniFi container will reboot. This is it. To verify, wait for a few seconds for the container to fully loaded then login to the web UI. Navigate to Devices and under the Status column, the warning icon should be gone.

Cheers!!!

Donations are always appreciated:

BTC: 14wVPFBWNAKmfNsgUrPpw8EytkXFLjxYoU
ETH: 0x8528793dF77a57186f5B15dA6DC1eaA3c5e92c4a
LTC: LMpW2rGYnYdUwvnHA4huB6TGcPEEc1JzXw
NAV: NM7c5u8Vius5UJWtCdTdQxgKT9F3PpTXbK
Any ERC-20 (tokens/coins): 0x9f337F9e0796eD3af5ccF0332674fD1eaDfA03BC

Thanks

Posted in Docker, Misc., UniFi, unraid, virtualization | Tagged , , , , , , , , , , , , | Leave a comment

unRaid and Surveillance Station

Synology and QNAP both have surveillance station, which is great because it is available in their app stores, you just need to buy the license for the camera if you have more IP cameras than the free license that came with the NAS.

However, unRaid does not have a fancy surveillance station of Synology or QNAP, but unRaid has a docker container for Zoneminder. The problem that I have with Zoneminder is I could not get it to work with my IP cameras.

This is not the applications fault. I am pretty sure it is just me, but I really don’t want to tinker around and just want my IP cameras unRaid surveillance station working.

I have Reolink IP cameras. I like them because they are affordable, really great build quality, support onvif, rstp and other protocols, (they just don’t work well with Zoneminder – based on my experience), available for desktop, mobile devices for remote view and on-demand recordings, the resolution goes up to 4MP, and pretty good microphone.

I am NOT a CCTV expert or CCTV guy at all. The paragraph above this one is just solely my own opinion about the product and what I think about it.

Anyways this post is not to review the IP camera, but what I have done to get my setup up and running.

Let’s start with what I have:

  • unRaid server
  • Reolink IP cameras
  • 4TB of storage

My goal is to access the recorded videos through the network anytime I wanted.

My unRaid server is not really a high-end server. It is an Intel Atom SoC machine, but it can do VMs which is a good enough for me.

As I mentioned earlier, there is a Zoneminder container, but for the life of me, I could not get it to work with Reolink IP cameras. On the positive side, there are several reports that they got it to work.

The list below are the various methods (or options) I have tried to get this working:

FTP

So, I tried to use the FTP feature of each camera, and got it working. All I have done was, create a share and have all the cameras to upload the recorded videos to the shared directory. The downside with this method is there is no way for me to set a quota for the shared folder. I don’t want to keep my IP cameras to take all my storage space. Also, the cameras dump all the recorded videos to the shared folder. No organization, so the FTP was a no go for me. I am sure there is a script can be used, but it is not really my forte, maybe in the future. Also, the FTP method has a 30-second pause before it would start motion recording again.

Onvif NVR

I’m sure as hell don’t want to spend another $300+ for an NVR, so I bought this Digoo NVR off Amazon. I mean it works and it supports eight IP cameras at 1080P and 4TB HDD. I just realized that in order for me to see the recorded videos, I would have to transfer the recorded videos via USB thumb drive which is very inconvenient, and the only way for me to navigate to NVR is via a USB mouse that is directly connected to the NVR and an LCD monitor that is also connected to the NVR. Going with NVR is not that I wanted, but I kept the NVR for my other means of storing the IP cameras videos.

The Digoo NVR can be accessed via web UI or mobile app.

Desktop Client

I believe I found my best and cheapest solution using the what I have now plus a Windows 10 Pro VM running on unRaid’s KVM. Fortunately, Windows 10 Pro evaluation/trial will continue to work forever. Check the howtogeek page for a better explanation. This is perfect all I have to do is install the Reolink desktop client, which is free, and configure it to be an NVR. I’ve set up a user share on my unRaid server for the desktop client to save all its recording to this shared SMB folder. The good thing about this is the desktop client would automatically create a folder for each day. I can view all the recorded videos remotely via SMB.

Raspberry Pi

I installed Orchid on my Raspberry Pi 3B. It works but the storage was very limited. The storage is the Pi’s SD card. Also, the Pi could not handle more than two camera streams.

Conclusion

I kept the Digoo NVR for my backup recording. I removed the monitor and made it headless. The Windows 10 VM is my main NVR, and I can easily RDP to it, and easy access to my videos.

Cheers!!!

Donations are always appreciated:

BTC: 14wVPFBWNAKmfNsgUrPpw8EytkXFLjxYoU
ETH: 0x8528793dF77a57186f5B15dA6DC1eaA3c5e92c4a
LTC: LMpW2rGYnYdUwvnHA4huB6TGcPEEc1JzXw
NAV: NM7c5u8Vius5UJWtCdTdQxgKT9F3PpTXbK
Any ERC-20 (tokens/coins): 0x9f337F9e0796eD3af5ccF0332674fD1eaDfA03BC

Thanks

Posted in Misc., Security, server, unraid | Tagged , , , , , , , , , , , , , | 1 Comment

Quick and easy way to have a home DNS server via Pi-hole – part 2

Pi-hole as your local DHCP server. This is very easy. It does not matter what method you would use to login to the Pi as long as you can access and edit the /etc/hosts file, you are golden. In this guide, I will be using CLI.

Make a backup of the hosts file just in case.

sudo cp /etc/hosts /etc/hosts.bk

Once you are logged in, open the /etc/hosts via sudo.

sudo nano /etc/hosts

You will see something like in Figure 1.

Screen Shot 2017-12-02 at 9.49.36 AM

Figure 1

You can add more IP to name mappings at the bottom

GNU nano 2.7.4 File: /etc/hosts

127.0.0.1     localhost
::1           localhost ip6-localhost ip6-loopback
ff02::1       ip6-allnodes
ff02::2       ip6-allrouters

127.0.1.1     pivpn

# netshinobi nodes
10.0.17.12     nextcloud
10.0.17.12     emby
10.0.17.12     unifi
10.0.17.12     resilio
10.0.17.23     pve
10.0.17.16     obihai
10.0.19.11     pivpn
10.0.19.11     pidns
10.0.19.12     pivpn-users

Once done, press CTRL + X then press then Enter to overwrite the existing hosts file. Now, you would need to restart the dnsmasq

sudo service dnsmasq restart

At this point, you are good to go. All you need to do is enter the name and Pi-hole will resolve the IP.

Cheers!!!

Donations are always appreciated:

BTC: 14wVPFBWNAKmfNsgUrPpw8EytkXFLjxYoU
ETH: 0x8528793dF77a57186f5B15dA6DC1eaA3c5e92c4a
LTC: LMpW2rGYnYdUwvnHA4huB6TGcPEEc1JzXw
NAV: NM7c5u8Vius5UJWtCdTdQxgKT9F3PpTXbK
Any ERC-20 (tokens/coins): 0x9f337F9e0796eD3af5ccF0332674fD1eaDfA03BC

Thanks

Posted in Linux, Misc., raspberry pi, server | Tagged , , , , , , , , , | Leave a comment

Quick and easy way to have a home DNS server via Pi-hole – part 1

Don’t you want to block those pesky Internet ads and pop-ups ads? Pi-hole is the answer.

If you do not know what a pi-hole is, here is an extract from the pi-hole GitHub page.

Block ads for all your devices without the need to install client-side software. The Pi-hole™ blocks ads at the DNS-level, so all your devices are protected.

  • Web Browsers
  • Cell Phones
  • Smart TV’s
  • Internet-connected home automation
  • Anything that communicates with the Internet

The installation was a breeze. All you have to make sure that your Raspberry Pi has Internet access. Also, I am running this on Rasbian Stretch which is the latest Rasbian at the time of this writing.

The list below is what you basically need:

  • Raspberry Pi with Rasbian installed
  • Internet access
  • Router/firewall

Ensure that your Pi has Internet access. Assuming you have your Pi ready, open the terminal and install the pihole by entering the following:

curl -sSL https://install.pi-hole.net | bash

Follow the prompts until you finish the installation wizard.

Once the Pi-hole has been installed, you have two options. First, you can point all your end hosts to the IP address of your Pi. This can be done by changing the settings of your DHCP server – most likely it is your router – then renew the lease all of your end-hosts. Secondly, If you don’t want to bother updating your DHCP server, you can point your router to pull DNS request from the Pihole instead of your default (Google DNS or your ISP.)

I opted for the second option because I have several subnets and I didn’t want to wait for the lease to expire, and it is easier to just point my layer3 device to my Pihole.

At this point, you are good to go. You can login to the web UI via http://<pihole-ip-addr>/admin

See part two how I configured Pi-hole to be my local DNS server.

Cheers!!!

Donations are always appreciated:

BTC: 14wVPFBWNAKmfNsgUrPpw8EytkXFLjxYoU
ETH: 0x8528793dF77a57186f5B15dA6DC1eaA3c5e92c4a
LTC: LMpW2rGYnYdUwvnHA4huB6TGcPEEc1JzXw
NAV: NM7c5u8Vius5UJWtCdTdQxgKT9F3PpTXbK
Any ERC-20 (tokens/coins): 0x9f337F9e0796eD3af5ccF0332674fD1eaDfA03BC

Thanks

Posted in Misc., Sec, server | Tagged , , , , , , , , , | Leave a comment

OpenVPN and Raspberry Pi 3 – update

See original post here : https://networkshinobi.wordpress.com/2017/02/22/openvpn-and-raspberry-pi-3-part-1/

I wrote that post several months ago, and I would like to update it since I visited my issues I was having with it and now things seem to be working.

I don’t know how much of an issue is this but the PiVPN stated that the scripts are written for Jessie. I am using Stretch on my pi3. Anyways, once you installed Jessie or Stretch, enable ssh right away by going to :

MenuPreferences > Raspberry Pi Configuration > Interfaces tab > toggle Enable 

At this point, after enabling the pi’s ssh, the pi can be now a headless server for OpenVPN.

I have my Pi hard-wired to my switch. Therefore, I do not need the Bluetooth or the wireless interfaces at all. To disable the Bluetooth and wireless NIC permanently, edit the /etc/modprobe.d/raspi-blacklist.conf:

sudo nano /etc/modprobe.d/raspi-blacklist.conf

This should be blank, so add the following:

#wifi
blacklist brcmfmac
blacklist brcmutil
#bt
blacklist btbcm
blacklist hci_uart

After this, change the hostname and the default password of the Pi:

passwd

Then enter your current password which is raspberry then enter the new password

To change the hostname:

sudo nano /etc/hostname

Then change the default raspberry to your desire hostname

Then edit the /etc/hosts file:

sudo nano /etc/hosts

Then replace the raspberry to your desire hostname:

127.0.0.1        localhost
::1              localhost ip6-localhost ip6-loopback
ff02::1          ip6-allnodes
ff02::2          ip6-allrouters

127.0.1.1        raspberry

Then reboot the Pi to apply the changes.

Now, update the Pi via apt-get:

sudo apt-get update && sudo apt-get dist-upgrade -y &&

Once done, install the PiVPN via the script. Just paste that command below to your terminal:

curl -L https://install.pivpn.io | bash

Before, I had to mess around with iptables, but with this one. I don’t have to. I just ran the script and followed the installation wizard and I was up and running.

Just a caveat about the port number. Some organizations’ firewall will block the OpenVPN 1194/udp port. If you want to have access to your vpn whenever you go, you may want to change this port to something you know that is going to be allowed by the firewall.

Cheers!!!

Donations are always appreciated:

BTC: 14wVPFBWNAKmfNsgUrPpw8EytkXFLjxYoU
ETH: 0x8528793dF77a57186f5B15dA6DC1eaA3c5e92c4a
LTC: LMpW2rGYnYdUwvnHA4huB6TGcPEEc1JzXw
NAV: NM7c5u8Vius5UJWtCdTdQxgKT9F3PpTXbK
Any ERC-20 (tokens/coins): 0x9f337F9e0796eD3af5ccF0332674fD1eaDfA03BC

Thanks

Posted in Misc., Security, vpn | Tagged , , , , , , | Leave a comment