Quick and easy way to have a home DNS server via Pi-hole – part 2

Pi-hole as your local DHCP server. This is very easy. It does not matter what method you would use to login to the Pi as long as you can access and edit the /etc/hosts file, you are golden. In this guide, I will be using CLI.

Make a backup of the hosts file just in case.

sudo cp /etc/hosts /etc/hosts.bk

Once you are logged in, open the /etc/hosts via sudo.

sudo nano /etc/hosts

You will see something like in Figure 1.

Screen Shot 2017-12-02 at 9.49.36 AM

Figure 1

You can add more IP to name mappings at the bottom

GNU nano 2.7.4 File: /etc/hosts

127.0.0.1     localhost
::1           localhost ip6-localhost ip6-loopback
ff02::1       ip6-allnodes
ff02::2       ip6-allrouters

127.0.1.1     pivpn

# netshinobi nodes
10.0.17.12     nextcloud
10.0.17.12     emby
10.0.17.12     unifi
10.0.17.12     resilio
10.0.17.23     pve
10.0.17.16     obihai
10.0.19.11     pivpn
10.0.19.11     pidns
10.0.19.12     pivpn-users

Once done, press CTRL + X then press then Enter to overwrite the existing hosts file. Now, you would need to restart the dnsmasq

sudo service dnsmasq restart

At this point, you are good to go. All you need to do is enter the name and Pi-hole will resolve the IP.

Cheers!!!

Donations are always appreciated:

BTC: 14wVPFBWNAKmfNsgUrPpw8EytkXFLjxYoU
ETH: 0x8528793dF77a57186f5B15dA6DC1eaA3c5e92c4a
LTC: LMpW2rGYnYdUwvnHA4huB6TGcPEEc1JzXw
NAV: NM7c5u8Vius5UJWtCdTdQxgKT9F3PpTXbK
Any ERC-20 (tokens/coins): 0x9f337F9e0796eD3af5ccF0332674fD1eaDfA03BC

Thanks

Advertisements
Posted in Misc., Linux, server, raspberry pi | Tagged , , , , , , , , , | Leave a comment

Quick and easy way to have a home DNS server via Pi-hole – part 1

Don’t you want to block those pesky Internet ads and pop-ups ads? Pi-hole is the answer.

If you do not know what a pi-hole is, here is an extract from the pi-hole GitHub page.

Block ads for all your devices without the need to install client-side software. The Pi-hole™ blocks ads at the DNS-level, so all your devices are protected.

  • Web Browsers
  • Cell Phones
  • Smart TV’s
  • Internet-connected home automation
  • Anything that communicates with the Internet

The installation was a breeze. All you have to make sure that your Raspberry Pi has Internet access. Also, I am running this on Rasbian Stretch which is the latest Rasbian at the time of this writing.

The list below is what you basically need:

  • Raspberry Pi with Rasbian installed
  • Internet access
  • Router/firewall

Ensure that your Pi has Internet access. Assuming you have your Pi ready, open the terminal and install the pihole by entering the following:

curl -sSL https://install.pi-hole.net | bash

Follow the prompts until you finish the installation wizard.

Once the Pi-hole has been installed, you have two options. First, you can point all your end hosts to the IP address of your Pi. This can be done by changing the settings of your DHCP server – most likely it is your router – then renew the lease all of your end-hosts. Secondly, If you don’t want to bother updating your DHCP server, you can point your router to pull DNS request from the Pihole instead of your default (Google DNS or your ISP.)

I opted for the second option because I have several subnets and I didn’t want to wait for the lease to expire, and it is easier to just point my layer3 device to my Pihole.

At this point, you are good to go. You can login to the web UI via http://<pihole-ip-addr>/admin

See part two how I configured Pi-hole to be my local DNS server.

Cheers!!!

Donations are always appreciated:

BTC: 14wVPFBWNAKmfNsgUrPpw8EytkXFLjxYoU
ETH: 0x8528793dF77a57186f5B15dA6DC1eaA3c5e92c4a
LTC: LMpW2rGYnYdUwvnHA4huB6TGcPEEc1JzXw
NAV: NM7c5u8Vius5UJWtCdTdQxgKT9F3PpTXbK
Any ERC-20 (tokens/coins): 0x9f337F9e0796eD3af5ccF0332674fD1eaDfA03BC

Thanks

Posted in Misc., Sec, server | Tagged , , , , , , , , , | Leave a comment

OpenVPN and Raspberry Pi 3 – update

See original post here : https://networkshinobi.wordpress.com/2017/02/22/openvpn-and-raspberry-pi-3-part-1/

I wrote that post several months ago, and I would like to update it since I visited my issues I was having with it and now things seem to be working.

I don’t know how much of an issue is this but the PiVPN stated that the scripts are written for Jessie. I am using Stretch on my pi3. Anyways, once you installed Jessie or Stretch, enable ssh right away by going to :

MenuPreferences > Raspberry Pi Configuration > Interfaces tab > toggle Enable 

At this point, after enabling the pi’s ssh, the pi can be now a headless server for OpenVPN.

I have my Pi hard-wired to my switch. Therefore, I do not need the Bluetooth or the wireless interfaces at all. To disable the Bluetooth and wireless NIC permanently, edit the /etc/modprobe.d/raspi-blacklist.conf:

sudo nano /etc/modprobe.d/raspi-blacklist.conf

This should be blank, so add the following:

#wifi
blacklist brcmfmac
blacklist brcmutil
#bt
blacklist btbcm
blacklist hci_uart

After this, change the hostname and the default password of the Pi:

passwd

Then enter your current password which is raspberry then enter the new password

To change the hostname:

sudo nano /etc/hostname

Then change the default raspberry to your desire hostname

Then edit the /etc/hosts file:

sudo nano /etc/hosts

Then replace the raspberry to your desire hostname:

127.0.0.1        localhost
::1              localhost ip6-localhost ip6-loopback
ff02::1          ip6-allnodes
ff02::2          ip6-allrouters

127.0.1.1        raspberry

Then reboot the Pi to apply the changes.

Now, update the Pi via apt-get:

sudo apt-get update && sudo apt-get dist-upgrade -y &&

Once done, install the PiVPN via the script. Just paste that command below to your terminal:

curl -L https://install.pivpn.io | bash

Before, I had to mess around with iptables, but with this one. I don’t have to. I just ran the script and followed the installation wizard and I was up and running.

Just a caveat about the port number. Some organizations’ firewall will block the OpenVPN 1194/udp port. If you want to have access to your vpn whenever you go, you may want to change this port to something you know that is going to be allowed by the firewall.

Cheers!!!

Donations are always appreciated:

BTC: 14wVPFBWNAKmfNsgUrPpw8EytkXFLjxYoU
ETH: 0x8528793dF77a57186f5B15dA6DC1eaA3c5e92c4a
LTC: LMpW2rGYnYdUwvnHA4huB6TGcPEEc1JzXw
NAV: NM7c5u8Vius5UJWtCdTdQxgKT9F3PpTXbK
Any ERC-20 (tokens/coins): 0x9f337F9e0796eD3af5ccF0332674fD1eaDfA03BC

Thanks

Posted in Misc., Security, vpn | Tagged , , , , , , | Leave a comment

Bad Experience with Google Pixel XL (Android Oreo) and Google Support

I don’t know what I was thinking when I decided to switch from iPhone to Android. Right now, I am regretting it.

When I switched to Android Google Pixel XL in June, everything was working as expected. Battery life was not the best, but it was working and pretty snappy.

I got the Oreo upgrade three weeks ago and the experience was really awful since the upgrade. These are the issues that I am having:

1. The Pixel XL phone become really laggy
2. The wifi is now broken. I could not connect to any guest network that has captive portal
3. The Bluetooth is completely broken. When the phone decides to connect to Bluetooth, the metadata is not showing up anymore. Also, when someone calls me and I make a phone call, I have to use the speakerphone because Oreo decided to not to send the call to the car’s speaker system.

I called the support and after talking to the phone for about 45 minutes. I was told that Google would replace my phone, and since I bought the phone at the Google store, they would send the replacement phone first then I can send the faulty one to Google.

I got a call from their supervisor who’s name is Leo. That they tried to call me and since I missed the supervisor’s call, I would need to call back. Based on what the rep had explained to me, this call was supposed to verify the shipping information, etc

I called back and spoke with Jose and to make a long story short, after 30 minutes on the phone, I was told that Google would not send me a replacement unless I factory reset the phone. Well, the reason that the first rep told me that they would replace my phone since I was not willing to do a factory reset my phone because of Android lack of full backup. I have apps that have data on them. As far as I know, Google backup does not backup these app data, and text messages.

Right now, I was told that they would not help me to fix my Google Pixel XL phone.

As far as I can tell, Google just released an update that could potentially cause traffic accidents.

Posted in Misc., Wireless | Tagged , , , , , , , , , | Leave a comment

Nested virtualization on Proxmox VE

I am not an expert on this and still trying to learn to use Proxmox. If you are trying to run GNS3, EVE-NG or may be studying for VMware, you probably want to enable hardware virtualization. Meaning your PVE as your main hypervisor can host another hypervisor as a guest VM that can host its own VMs. This reminds me of the movie Inception.

Anyways this feature is disabled by default. You will need access either via console to your PVE or SSH to it.

To verify if nested virtualization is enabled used this command:

root@pve:~# cat /sys/module/kvm_intel/parameters/nested 
N

If the output says ‘N’, then it is disabled. To enable the nested virtualization:

For Intel CPU:

root@pve:~# echo "options kvm-intel nested=Y" > /etc/modprobe.d/kvm-intel.conf

After issuing the command above, we will need to reload the kernel module by using these commands:

root@pve:~# modprobe -r kvm_intel
root@pve:~# modprobe kvm_intel

At this point, if reloading fails, ensure that all your VMs are have been powered off then try it again.

Once the kernel module reload works, check it again if the nested virtualization is enabled:

root@pve:~# cat /sys/module/kvm_intel/parameters/nested 
Y

If it returns ‘Y’, then you are good to go.

When creating a new VM such as GNS3, EVE-NG or ESXi, make sure you select host under CPU type.

Screen Shot 2017-09-10 at 10.54.57 AM

Also, this should be enabled by default, but check it anyway. Once you created the VM, navigate to the VM and go to its Options. Make sure that the KVM hardware virtualization is set to Yes.

Screen Shot 2017-09-10 at 10.57.15 AM

 

This is it. Cheers!!!

Donations are always appreciated:

BTC: 14wVPFBWNAKmfNsgUrPpw8EytkXFLjxYoU
ETH: 0x8528793dF77a57186f5B15dA6DC1eaA3c5e92c4a
LTC: LMpW2rGYnYdUwvnHA4huB6TGcPEEc1JzXw
NAV: NM7c5u8Vius5UJWtCdTdQxgKT9F3PpTXbK
Any ERC-20 (tokens/coins): 0x9f337F9e0796eD3af5ccF0332674fD1eaDfA03BC

Thanks

Posted in Misc., Proxmox, virtualization, vmware | Tagged , , , , , , , , | Leave a comment

Plex server discovery from a different subnet

I am using unRaid server, but as far as I know, this can be done on any Plex app (QNAP or Synology) or containers. Okay, I am going to make this short. Installing Plex server on unRaid is pretty easy. The problem is if your unRaid is on a different subnet where the admin user is, you will never be able to discover the Plex server.

I am using bin-hex’ Plex container, but it should be the same with others too. What needs to be done is modifying the Preferences.xml file. The .xml file is in Plex Media Server folder. As long as you can find this folder, you will find the Preference.xml file. Since I am using bin-hex’ Plex container, the location is /mnt/cache/appdata/binhexplex/Plex Media Server/Preferences.xml. 

Here you will see the file Preferences.xml. I used nano to edit the file. Here are the steps:

  1. Stop the Plex server
  2. Navigate to the location of the Preferences.xml. In my case, is here /mnt/cache/appdata/binhex-plex/Plex Media Server/
  3. Before opening the file make a backup of the Preferences.xml
  4. Open the file using your text editor
  5. At the very end of the content before the /> add the following:
    1. allowedNetworks=”your-ip-subnet/netmask”
      1. For example:
      2. <Preferences OldestPreviousVersion=... ... ... allowedNetworks="172.16.0.0/255.240.0.0"/>
  6. Save the .xml and power on the Plex server
  7. GUI to the Plex server and you will see the UI will automatically find the Plex server

 

Cheers!

Donations are always appreciated:

BTC: 14wVPFBWNAKmfNsgUrPpw8EytkXFLjxYoU
ETH: 0x8528793dF77a57186f5B15dA6DC1eaA3c5e92c4a
LTC: LMpW2rGYnYdUwvnHA4huB6TGcPEEc1JzXw
NAV: NM7c5u8Vius5UJWtCdTdQxgKT9F3PpTXbK
Any ERC-20 (tokens/coins): 0x9f337F9e0796eD3af5ccF0332674fD1eaDfA03BC

Thanks

Posted in media, Misc. | Tagged , , , , , , | Leave a comment

Proxmox VE for my homelab

I finally spent and built a server for my home lab. I have the free ESXi 6.5 on my old server N54L, but it is very limited this server can do – does not enough power for real labbing and ESXi free is very limited and ESXi, in general, is really picky in regards to hardware. I don’t even know if my hardware that I bought from eBay recently is in WMWare HCL.

I have been looking for a free and stable hypervisor for my lab. For now my requirements are:

  • Widely supported – hardware wise
  • Will work with my hardware components
    • Intel Xeon E5-2650 v1
    • Supermicro X9SRL-F motherboard
    • Hynix HMT42GR7BFR4C-RD

  • Supports nested virtualization
  • Can be accessed by any device such as iPad/iPhone, Android, PC, Mac and Linux
  • Some enterprise features
  • Easy to use

After Google-ling for a while, I found XenServer, and Proxmox VE to be good candidates.

I tried XenServer at first since it is more use in Enterprise than Proxmox VE, and it is very VMware like. I would say if you are familiar with ESXi, you will get around with XenServer – just like if you are familiar with Cisco IOS you can configure Force10, Dell VRTX, etc.

I noticed some issues. The first problem that I have with the XenServer is, the XenCenter – it is similar to VMware’s vSphere thick client and it is only available for Windows. I know there is a Python version of the XenCenter which is called OpenXenManager. Again, it is still a desktop client. There is XenOrchestra a web based client, but it takes some more resources. The XenServer itself requires a lot of resources which I am very limited to for my Home lab. I thought may be I should try Proxmox. The good thing about the XenServer is it supports .ova files.

My gut feeling was telling to try Proxmox, so I went ahead and installed Proxmox VE 5.0. Some nice things about Proxmox VE:

  • I don’t need a third party VM for web UI. Proxmox supports it by default
    • I can access the server from any device
  • It does not require a lot of resources
  • It is Debian underneath, so if you are familiar with Debian or Debian based OS you are at home here. There is no need to learn a new syntax
  • Supports nested virtualization
    • So if you are studying for VMware certification, you can install it on a Proxmox server. I tested it.
  • Backup is built-in
  • Linux containers (LXC) supports by default
  • I am not going to list all the features here, but Proxmox VE gives you Enterprise feature for free
  • Supports is optional and it is available for a cheap

The only thing I do not like with Proxmox is the .ova file support. It does not support .ova. Therefore, if you have an .ova, you would need to convert that to .raw or .qcow2 after transferring it to Proxmox VE. I believe it supports .vmdk though, but not 100% sure.

Anyways, I am pretty happy with my Proxmox homelab. It met all my requirements in regards to access to the server and features. Actually, it offers more features than I need for my purposes. The only thing that it is missing is ova support, but converting it to raw or qcow2 is not difficult.

 

Cheers!

Posted in Linux, Misc., Proxmox, virtualization | Tagged , , , , , , , , , , , , | Leave a comment