Categories
HAproxy Linux Network VPN Wireguard

Wireguard over TCP: proxyguard (1.x) and haproxy

As shown in my last post using wireguard over TCP (with a little help of proxyguard) isn’t that hard (once you understood how things work). However most VPN solutions come with certain limitations: They often use their specific ports and protocols and therefore can be filtered by firewalls (either by choice or even sometime by […]

Categories
Linux Network VPN Wireguard

Wireguard over TCP (proxyguard 1.x)

Some time ago I tried to get eduvpn working with wireguard over TCP. As you might remember I wasn’t able to make it work reliably so I skipped that attempt for the time being. Now some time has passed and I decided to start over with a more basic approach to get a feeling about […]

Categories
BTRFS Filesystem License Linux ZFS

Introduction to BTRFS and ZFS

Last week I had a little chat with a very good friend of mine. We were talking about how to best configure his new home server. One of the topics was the choice of filesystems which resulted in a longer discussion with some other friends (all long term IT people and Linux enthusiasts). So I […]

Categories
Artificial Intelligence Docker GPU Graphics Card Large Language Model (LLM) Virtualization

Installing Nvidia drivers on Ubuntu for dockered ollama

For some tests with a large language model (LLM) I needed a test system with docker and a Nvidia card (for faster AI processing). Here’s what it takes to convert a basic Ubuntu 24.04.1 installation into a docker based LLM test machine: First let’s have a look at our hardware: Next: Install basic Nvidia drivers: […]

Categories
Filesystem ZFS

OpenZFS and the state of block cloning

What’s block cloning? Block cloning allows to copy files (or parts of it = blocks) without allocating extra space (besides the metadata required for filename, attributes, or the references to existing on disk blocks). Similar techniques are used to implement things like snapshots or deduplication in filesystems supporting them. In practice this feature is very […]

Categories
eduvpn Network VPN

eduvpn: Wireguard over TCP (proxyguard 1.x)

Wireguard is a very nice and fast VPN solution, however it comes with some drawbacks: Most of all it only supports UDP traffic. On an open network this is not a problem, however some networks may deny UDP traffic or may even allow only very specific traffic (like (TCP based) http(s)). So to increase the […]

Categories
Mail Rspamd Spam Spamassassin

Rspamd for spam filtering

Why rspamd and not spamassassin? I recently got more and more undetected spam mail, so I was looking around for improvements of my current spamassassin configuration. While doing so I found several articles about rspamd and its ease to set up. So instead of improving my spamassassin configuration I decided to give rspamd a try. […]

Categories
ACME Certbot Encryption Letsencrypt

Certbot different accounts and fingerprints

While trying to automate SSL certificate deployment for haproxy I had some trouble while doing test-runs (because for certbot –dry-run another account is being used). As I couldn’t find a direct way to list all accounts, here’s how to achieve that anyway (with some extra work). By default certbot show_account lists my official API account: […]

Categories
eduvpn Linux Network VPN

Install eduvpn on separate hosts (controller&vpn)

I’m planing to install eduvpn as a personal VPN solution. I also want to separate the VPN functionality (“vpn-daemon“, hostname “eduvpn-node“) from the management web frontend (controller or “vpn-user-portal“, hostname “eduvpn“). eduvpn-node eduvpn (portal) vpn-server-node vpn-user-portal vpn-daemon vpn-ca vpn-maint-scripts Software packages installed on the different hosts Adding software repository So we start by configuring the […]

Categories
ACME Certbot Letsencrypt

Letsencrypt certificate on EPSON ES-580W Scanner

While it gets more and more common to integrate letsencrypt certificates (and their automated roll-out) into products, there’s plenty of devices out there, that require manual installation of SSL certificates. As the time for valid certificates gets reduced more and more (and letsencrypt uses quite a short lifetime anyway) it’s nice to have some kind […]