Mirrored Ports with Open vSwitch

After adding some new SSD storage to my home server I had purged a lot of the older VMs that I didn't use frequently in my previous 'Spring Cleaning' effort to make space. One of the VMs that I had purged but now wanted to get back online and running was a Security Onion VM. I won't go into much detail here about SecOnion, there is a lot of good documentation and tutorials already out there on how to set it up. Security Onion requires at least two network interfaces; one for administrative control, and at least one more that …

more ...

Access Git repo over SSH behind jumpbox

I recently ran accross the situation where I wanted to push changes to a repo that was stored on my personal Gitlab server. The issue was that I had recently restructured my homelab and the only way to get to the gitlab server via SSH was through a jumpbox. These were the steps I took to be able to use the normal git workflow while still keeping my network design / security choices intact.

On dev machine

First we will create a new SSH key for the hop from dev machine --> jumpbox.

ssh-keygen -t ed25519 -C "gitlab multihop" -f ~/.ssh/multihop …
more ...

Install RDP on Debian 10 (Buster)

Start off with a freshly updated system and install the requirements:

apt update
apt upgrade
apt install -y xrdp xfce4 xfce4-terminal gnome-icon-theme-full tango-icon-theme

Make xfce4 our default xsession:

echo xfce4-session >~/.xsession

Make xfce4 the default for by editting the following file: :::bash nano /etc/xrdp/startwm.sh

Replace what is in there with this:


if [ -r /etc/default/locale ]; then
  . /etc/default/locale


Restart xrdp for changes to be made effective.

service xrdp restart
more ...

Road Warrior VPN

This is a dead simple way to get an OpenVPN server up and going with individual client certificates.

# https://github.com/Nyr/openvpn-install
# Copyright (c) 2013 Nyr. Released under the MIT License.

# Detect Debian users running the script with "sh" instead of bash
if readlink /proc/$$/exe | grep -q "dash"; then
    echo "This script needs to be run with bash, not sh"

if [[ "$EUID" -ne 0 ]]; then
    echo "Sorry, you need to run this as root"

if [[ ! -e /dev/net/tun ]]; then
    echo "The TUN device is not available
You need to enable TUN …
more ...

Mesowx Real Time Weather Graphing

To start off this tutorial it is assumed that you have Weewx completely set up on another server with the weather station properly connected and reporting. This tutorial will be using a Master / Slave MYSQL database that is configured like my previous blog entry.

The purpose adding Mesowx into the mix was not to add another layer of complication into the mix, but to be able to dynamically display a dataset and to have the ability to focus in on a specific type of data or date. Mesowx allows for multiple ways to access the data and even a way …

more ...