I do work for multiple organizations and got tired of having to disconnect/reconnect VPN tunnels each time.

Solution: Raspberry Pi. It’s got a single Ethernet port on it which makes it perfect. I used Openconnect since it was compatible with Cisco and PulseSecure (at the time). When you establish a tunnel, the routes come in as “kernel routes” assuming you have a split tunnel. I configured IPTables to NAT masquerade out each interface and I set up Quagga, a routing daemon to talk to my main gateway and redistributed my kernel routes into OSPF. That way, any of my devices can now access any networks they need. I did also have to configure my own DNS server since I needed to resolve the different private networks.

Yes, it’s perfectly safe. Keep it patched, use strong ciphers, use key authentication, and set up an IDS like Fail2Ban or CrowdSec.

I use Jellyfin which is similar to Plex. I have it on a Raspberry Pi 4 8 GB. It’s perfectly fine if I’m sending H264 but most modern browsers do not support H265 so it forces the server to transcode. That will consume almost all processing power if it’s CPU-only and is a very slow process.

I think you need a \ in front of the ;

i.e.: find . -type f -exec md5sum {} \; >> /tmp/foo

Yup. I do the same thing and just use the Jellyfin app to access for instances where H265 transcoding is needed. For mine, I just have a USB 1 TB HD connected

I worked support for an ISP before.

If we didn’t provide the router, then we can’t support it. There are way too many variables with third-party routers for us to actually do that. In those instances, we would provide one and if it still can’t deliver the bandwidth, then we will continue to troubleshoot.

That said, to rule this out, plug your computer directly into their modem or handoff. That’s the best way to rule out router problems.

Side note: as someone who loved dd-wrt, I stopped using it because it was slow. Third party firmware is awesome since they add a ton of functionality but you lose a lot in performance when you do that.

I think you actually want some sort of intrusion detection where it will log recognized attacks. Logging every single packet coming in, while doable, generally requires a lot of resources and storage.

I use >!.cunt!< for my local TLD. Stands for Can’t Use New Technologies from IT Crowd.

It makes it comnical when I let friends onto my wifi.

Set up a reverse tunnel to the outside box that you want to get in from.

For example, from the inside machine:

ssh outsidemachine -R 2222:localhost:22

Then on your outsidemachine:

ssh -p 2222 localhost

Maybe run top or something just to keep traffic going across so that firewalls don’t drop your connection.

For billing purposes, I’ve been using invoiceninja by adding the mileage rate as a line item and adding the number of miles for quantity. I haven’t been able to figure out a better way to do mileage on there.

I’m doing something similar except now I’m running out of space on my 1 TB volume. Now I need to upgrade and/or figure out a long term solution to convert to H265. Some of my files have file size differences on the scale of 400 MB vs 2 GB.

I’m using a raspberry pi 4 8 GB. It’s not a problem until someone transcodes, and that usually happens with H265 HEVC media when the person is on a browser that doesn’t support it which is most browsers these days. If the person is doing directplay (click the gear during play and click on Playback Info). If it’s forced to transcode, it will tell you why.

Direct-play in native resolution and codec should give you perfect performance and consume almost no resources since it’s essentially just a file transfer. I find performance works best when I use the Jellyfin Media Player app on my computer or the Android app.

If you can’t turn your secondary router into an AP, you can connect the LAN side of your secondary router to the main router so that they can be in a single network. also turn off any DHCP servers on there. Don’t connect the WAN. That’s the simplest fix.

I have fail2ban for SSH but I haven’t tuned it for nginx yet. I’ve worked with OSSEC which has a fork called Wazuh which I’ve been wanting to set up.

You’ll be fine. It’s exactly what I do. Just keep any exposed services up to date. NPM also has a very rudimentary blocker that mostly relies on UA and bad strings getting passed through. You can turn that on. Open up only services that need to be exposed e.g. don’t expose sonarr/radarr unless there’s a good reason for it. Make sure anything you expose that doesn’t have any sort of authentication can have it implemented in nginx or you can use an SSO solution.

I expose strictly needed services while everything else is just internal. Exposed services include jellyfin, jellyseer (jellyfin version of overseerr), and nextcloud.