Bulletoverload
-
Posts
23 -
Joined
-
Last visited
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by Bulletoverload
-
-
On 7/24/2022 at 3:36 PM, Kilrah said:
I got rid of Appdata Backup and just do it myself in a daily scheduled user script.
echo "Flash backup..." cd /boot datestring=$(date '+%Y-%m-%d_%H-%M-%S') zip -qr "/mnt/user/backups/flash/flash-$datestring.zip" * find /mnt/user/backups/flash -mtime +7 -type f -delete # Keep 7 days
This is for USB backup? I might just steal it then.
-
Does the USB backup within CA Appdata backup still work? I would like to have USB dated/versioned USB backups, instead of just 1 backup on unraid.net. Is this possible or another way of doing this?
-
You saved my ass here. This loop was driving me absolutely crazy, I was about ready to nuke the whole system. Thanks so much and nice job figuring it out!
So this pops up for more people who might be searching for the issue:
Unraid server docker container was stuck in a loop rebuilding because its network was set such that it was dependent on another docker that no longer existed. Simply editing the Docker attempting to rebuilt itself and changing the network solved the problem!
-
1
-
-
On 7/17/2022 at 6:28 PM, Bulletoverload said:
@ich777Hi. I am having trouble swapping from the deprecated OpenVPN dperson version to yours. I didn't change anything at all, appdata folders lined up but for some reason I am getting
"2022-07-17 18:17:14 sitnl_send: rtnl: generic error (-101): Network is unreachable"
while trying to connect to PIA. I downloaded new ovpn files and confirmed my credentials in auth.vpn were correct. I even wiped the appdata folder and image and completely fresh installed. No luck. Any idea what is going on here? It looks like it is talking to and logging into the vpn server I have selected but something is failing. Appreciate any insight. Thanks!
Edit: I'd like to add that PIA includes (requires?) a .crt and a .pem file.
Not sure what either of them do and/or if they are necessary for this setup, but I didn't see how to handle these extra files within the documentation. I have them both in /vpn/ but no change.I've since figured out they are just separate files that contain what is already in the .ovpn. I did not do anything special within the dperson package so it must not have been using those files, as far as I can tell. I attempted to call these files in both the .ovpn and a .config file based on the instructions in the documentation but I still couldn't get anything to happen. This is way more than I did with the dperson package so I am assuming it is unecssary and I am just missing something rudimentary.
2022-07-17 18:07:16 Initialization Sequence Completed ---Checking for optional scripts--- ---No optional script found, continuing--- ---Taking ownership of data...--- ---Starting...--- Error: ipv4: FIB table does not exist. Dump terminated + exec sg vpn -c 'openvpn --cd /vpn --config /vpn/vpn.ovpn --script-security 2 --redirect-gateway def1 --auth-user-pass /vpn/vpn.auth ' 2022-07-17 18:17:14 DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-128-cbc' to --data-ciphers or change --cipher 'aes-128-cbc' to --data-ciphers-fallback 'aes-128-cbc' to silence this warning. 2022-07-17 18:17:14 WARNING: file '/vpn/vpn.auth' is group or others accessible 2022-07-17 18:17:14 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021 2022-07-17 18:17:14 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10 2022-07-17 18:17:14 CRL: loaded 1 CRLs from file -----BEGIN X509 CRL----- REDACTED -----END X509 CRL----- 2022-07-17 18:17:14 TCP/UDP: Preserving recently used remote address: [AF_INET]140.228.24.198:1198 2022-07-17 18:17:14 UDP link local: (not bound) 2022-07-17 18:17:14 UDP link remote: [AF_INET]140.228.24.198:1198 2022-07-17 18:17:14 [montreal430] Peer Connection Initiated with [AF_INET]140.228.24.198:1198 2022-07-17 18:17:14 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results 2022-07-17 18:17:14 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-07-17 18:17:14 TUN/TAP device tun0 opened 2022-07-17 18:17:14 net_iface_mtu_set: mtu 1500 for tun0 2022-07-17 18:17:14 net_iface_up: set tun0 up 2022-07-17 18:17:14 net_addr_v4_add: 10.9.112.64/24 dev tun0 2022-07-17 18:17:14 WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun0, therefore the route installation may fail or may not work as expected. 2022-07-17 18:17:14 add_route_ipv6(2000::/3 -> :: metric -1) dev tun0 2022-07-17 18:17:14 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2022-07-17 18:17:14 Initialization Sequence Completed
@ich777 Sorry to spam you. When you get a chance, do you have any idea what is going on here? Thanks!
-
@ich777Hi. I am having trouble swapping from the deprecated OpenVPN dperson version to yours. I didn't change anything at all, appdata folders lined up but for some reason I am getting
"2022-07-17 18:17:14 sitnl_send: rtnl: generic error (-101): Network is unreachable"
while trying to connect to PIA. I downloaded new ovpn files and confirmed my credentials in auth.vpn were correct. I even wiped the appdata folder and image and completely fresh installed. No luck. Any idea what is going on here? It looks like it is talking to and logging into the vpn server I have selected but something is failing. Appreciate any insight. Thanks!
Edit: I'd like to add that PIA includes (requires?) a .crt and a .pem file.
Not sure what either of them do and/or if they are necessary for this setup, but I didn't see how to handle these extra files within the documentation. I have them both in /vpn/ but no change.I've since figured out they are just separate files that contain what is already in the .ovpn. I did not do anything special within the dperson package so it must not have been using those files, as far as I can tell. I attempted to call these files in both the .ovpn and a .config file based on the instructions in the documentation but I still couldn't get anything to happen. This is way more than I did with the dperson package so I am assuming it is unecssary and I am just missing something rudimentary.
2022-07-17 18:07:16 Initialization Sequence Completed ---Checking for optional scripts--- ---No optional script found, continuing--- ---Taking ownership of data...--- ---Starting...--- Error: ipv4: FIB table does not exist. Dump terminated + exec sg vpn -c 'openvpn --cd /vpn --config /vpn/vpn.ovpn --script-security 2 --redirect-gateway def1 --auth-user-pass /vpn/vpn.auth ' 2022-07-17 18:17:14 DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-128-cbc' to --data-ciphers or change --cipher 'aes-128-cbc' to --data-ciphers-fallback 'aes-128-cbc' to silence this warning. 2022-07-17 18:17:14 WARNING: file '/vpn/vpn.auth' is group or others accessible 2022-07-17 18:17:14 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021 2022-07-17 18:17:14 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10 2022-07-17 18:17:14 CRL: loaded 1 CRLs from file -----BEGIN X509 CRL----- REDACTED -----END X509 CRL----- 2022-07-17 18:17:14 TCP/UDP: Preserving recently used remote address: [AF_INET]140.228.24.198:1198 2022-07-17 18:17:14 UDP link local: (not bound) 2022-07-17 18:17:14 UDP link remote: [AF_INET]140.228.24.198:1198 2022-07-17 18:17:14 [montreal430] Peer Connection Initiated with [AF_INET]140.228.24.198:1198 2022-07-17 18:17:14 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results 2022-07-17 18:17:14 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-07-17 18:17:14 TUN/TAP device tun0 opened 2022-07-17 18:17:14 net_iface_mtu_set: mtu 1500 for tun0 2022-07-17 18:17:14 net_iface_up: set tun0 up 2022-07-17 18:17:14 net_addr_v4_add: 10.9.112.64/24 dev tun0 2022-07-17 18:17:14 WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun0, therefore the route installation may fail or may not work as expected. 2022-07-17 18:17:14 add_route_ipv6(2000::/3 -> :: metric -1) dev tun0 2022-07-17 18:17:14 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2022-07-17 18:17:14 Initialization Sequence Completed
-
On 3/28/2022 at 1:49 PM, Squid said:
The assumption the plugin makes is that everything is a bash script (because most people would store it on the flash drive), so it executes it as /bin/bash
Create another script (.sh) that then calls it
(Or if that is a typo (ph), then make sure you're using Linux style line endings and not dos - Config File Editor / Notepad++ will be able to convert for you
Oh wow, that was stupid of me. Ya I just made it a bash script and it worked. Thanks!
-
12 hours ago, Kulisch said:
root@NotUnraid:~ $ nmap 209.222.82.253 -p 25 -Pn Starting Nmap 7.80 ( https://nmap.org ) at 2022-05-23 08:17 CEST Nmap scan report for mail.ess.barracuda.com (209.222.82.253) Host is up (0.12s latency). PORT STATE SERVICE 25/tcp open smtp Nmap done: 1 IP address (1 host up) scanned in 5.90 seconds root@NotUnraid:~ $ nc 209.222.82.253 25 220 mail.ess.barracuda.com ESMTP (mx-inbound20-134.us-east-2b.ess.aws)
It is best to try the same commands (vm, live linux, raspi, etc) as I did above. If this does not work for several target mail servers, then a blockage would not be impossible. Maybe it is also blocked at the router. If not, ask your provider.
If 25 SMTP works, or partially, check if you can send mail to other addresses like gmail, microsoft, protonmail etc.
Otherwise check again if you are forwarding all ports correctly and you are using the right ports on the client (SSL/TLS).
If necessary check your domain at DNSBWL as mentioned in previous post.
Ran what you suggested:
PORT STATE SERVICE
25/tcp open smtp
53/tcp open domain
80/tcp open http
143/tcp open imap
443/tcp open https
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
4567/tcp open tramEverything is open. These are just checking for inbound ports, no? My concern is that I think my ISP is blocking outbound 25. Does mail-server only use 25 for outgoing mail or can I swap/select something else? Not talking about mail client -> server but server actually sending out the mail. So far, I have tried emailing like 5 different emails, all various hosters, and nothing can get through.
-
On 5/21/2022 at 9:46 AM, Kulisch said:
That is correct.
The requests to the reverse proxy are HTTP/HTTPS (80/443) requests only. Since SMTP IMAP etc. does not belong to this category, no communication can take place. Therefore the error messages you mentioned shows that the SMTP requests are invalid.
As described, the router must forward these ports directly to the mail server. As soon as this should be enabled, SSL should definitely be configured.
Thanks a ton for your help here and your info above. I've been able to get everything working 95%, including SSL via NGINX. I can receive email, but cannot send. Below are some logs and my settings. Currently I am using ports 993 and 465, but all are port-forwarded currently for testing purposes. Are these the two I should be using? None are working for submission, so...appreciate any insights!
Incoming:
*username*
*password*
*server IP*:993
SSL/TLS
SPA Off
Outgoing:
*Server IP*:465
SSL/TLS
Outgoing SMTP requires Authentication: On and using same credentials as incoming
--UPDATE--
Unless you have any ideas, I think the problem is that Verizon blocks outbound:25 by default. I may be out of luck...
-
14 hours ago, Kulisch said:
I'm not sure if I just understood this correctly, but if you are trying to use the NGINX reverse proxy to forward the communication to the email server then this is not possible.
The port forwardings like SMTP 25 143 465 587 etc... should not be forwarded to the reverse proxy but must be forwarded to the mail server (192.168.1.3) directly. The mail server itself does not have a web interface via port 80 or 443. For this an additional container like Roundcube would have to be installed to have a WebUI. But this is another topic and should only be addressed when the mailserver itself is working.
Make sure you have a static IP address and not a dynamic one. Because dynamic addresses are declared as spam and for mailing this is practically useless.
First of all I would try the following to make sure the mailserver is configured correctly.
The server is running without SSL for now, which is fine for local connections. If the mail server is in your local network (not on the internet) you can try to connect directly to it with a mail client (Thunderbird for example). First create two accounts ([email protected] & [email protected] for example). As SMTP Host and Outgoing Server you use your IP address 192.168.1.3. Accordingly you use [email protected] and [email protected] as username and password which you have choosen. If the server allows connections (even if over non SSL for now) and you can send and receive mails to another account on the same server, that means the server itself is working.
The connections from outside I would just check by making sure that the ports 25 143 etc. are forwarded to your mail server 192.168.1.3. There are certain websites that check if the connection to the mail server can be established, if and how secure the connection itself is. Or use a smartphone mail client outside your WIFI to check if a connection can be established.
Also make sure that the duckdns MX records are set correctly. These are also important. If the connection works outside and you can send an address from bob (sender) to max (receiver), most things will work.
But after that you should definitely configure SSL because unencrypted connections should definitely be avoided for production use cases.
If your mails to GMail, iCloud, or other providers are declaring your mails as spam, I would check if your domain appears in the DNSBL. If so, you can make a request that this can be taken out.
I hope that this big amount of information does not overwhelm you. I hope I could help you.
Thanks a ton for such an informational response.
Ya, I had a lapse in understanding. I was thinking I could use NGINX to direct all of my web traffic and never open ports on my router again, but NGINX is specifically only listening on ports 80 and 443, meaning there is no way the SMTP requests would have gone anywhere. Am I understanding that correctly?
-
I am new to some of these things and may need some help, if you dont mind.
I have the server running and I added my user/password. No issues there. I have SSL off for now until I can get the basic functionality working. Logs aren't really showing any issues.
Through NGINX proxy manager and duckdns, I have two domains; mailin.duckdns.org and mailout.duckdns.org. Both are forwarding to the appropriate internal addresses, 192.168.1.3:143 and 192.168.1.3:25, respectively. I have NGINX working with many other projects so I don't think that is the issue.
When I attempt to connect to the server via SMTP (No SSL) using those domains, I cannot get through. Any ideas?
UPDATE:
When I attempt to go to these domains through a web-browser, I get non-smtp command errors, which proves the domains/NGINX are configured correctly. I still just cannot login. I tried outlook and one other mail client but no luck.
So far I've gotten
"* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Debian) ready. GET BAD Error in IMAP command received by server. Host: BAD Error in IMAP command received by server. * BYE Too many invalid IMAP commands."
and
"220-mail.REDACTED.org ESMTP 521 5.7.0 Error: I can break rules, too. Goodbye."
-
The program will not lunch my startup script, location "/mnt/user/Dir/Scripts/Onedrive_Appdata_Sync.ph". Am I doing something wrong? it's just a simple rclone command to sync the new backup.
-
CA Backup/Restore Appdata does not see my script at /boot/config/plugins/user.scripts/scripts/. How can I path to custom start script in this use case? Do I need to save the script somewhere else the plugin can see?
-
6 hours ago, ChatNoir said:
As a side note, it is NOT recommended.
Say one of your data drive is actually acting up. Writing the correction to parity will write the wrong information to your parity drive(s).
It is better to assess the situation, then decide what to do. Trust parity or write the correction.
I appreciate this. Will change this setting. Thanks!
-
6 hours ago, ChatNoir said:
Your diagnostics disagree.
It says dual rank, 2 of 4 bank used, so 2400.
2400 it is then. Much appreciated thanks very much!
-
I have 2 slots filled with single rank, so I think my max is 2933, which is still lower than what I have set, so this must be my issue then I assume.
-
16 minutes ago, JonathanM said:
Yes. The RAM isn't the limiting factor, it's the CPU / chipset. Most RAM is rated for way higher speeds than the CPU can stably drive.
And you would expect that to be causing the parity errors?
My CPU and Motherboard officially support 3200mhz ram, which is what I'm running at, so I'm surprised there would be issues.
-
Just now, JonathanM said:
Servers and overclock don't mix.
Ya I was thinking that but its just XMP. Is it even technically overclocking if the RAM is rated for that speed? But ya, I mentioned that b/c somewhere in the back of my head I've heard complaints of RAM OC and unraid
-
Hello,
I have been dealing with parity errors that won't seem to go away, and now the number appears to be climbing (up to 157 now). I can't seem to get them to to go away. None of my drives seem to be showing any issues and everything is working correctly, but I hate seeing errors. Can someone suggest next steps or where my issues might be? I have attached diagnostics.
Potentially helpful info;
I run parity checks monthly and keep write correction on (not sure if his is good practice). Last few parity checks have thrown errors.
My RAM is non-ECC and running at rated overclock of 3200MHZ (maybe I should try no/lower OC?).
Server has been restarted and multiple parity checks with write correction, errors always remain (though not always the same number of errors)
Current uptime of this diag. is almost 25 days so it should be enough info.
Please let me know if there are any questions that would shed extra light. Appreciate any help!
-
Hi @Squid/Community,
I have a few questions regarding both CA Update and CA Backup. Apologies if these are answered elsewhere;
For CA Update, how does the delay work? If I have the "check" set to every Monday morning at 4am, and a delay of, lets say 3 days, does it then update Thursday morning at 4am? Would that mean that if I wanted everything to stay 1 week behind, I would set the delay to 7? Meaning every Monday at 4am, it installs last weeks updates that were delayed by 7 days?
I know that CA Backup can tell CA Update to run after a backup. If I only want to update my Dockers after a backup, would I look to disable "update check frequency" within docker update settings? Or will this disable the plugin entirely? What about for plugin updates? If I have the delay set but "update check frequency" disabled, does that mean that it will check for updates ONLY after set in motion by CA Backup, and delay accordingly?
When does "Delete backups if they are this many days old" occur? If I have it set to 30 days, does it delete as soon as the age of the file hits 30 days, or does it delete the next time CA Backup runs and sees the file is 30 days or older?
My end goal here is that I would like CA Backup to run every Monday morning at 4am. After the backup, I want plugins to update the 7 day delayed updates from last week, and want all dockers updated. Does this make sense and am I understanding everything correctly?
Thanks for your help!
-Ryan
-
On 9/11/2021 at 8:25 PM, Bulletoverload said:
I am having an issue where my android phone is working fine, but my windows laptop is not.
Both are configured identically, see picture. My android phone does everything. I can access my shares and web GUIs.
My laptop can access shares but cannot access ANY webGUIs (unraid, dockers, gateway) OR use RDP. My laptop can successfully ping my gateway/local DNS server, as well as the computer I am trying to RDP with. Unraid server can ping my laptop. The local computer I am trying to RDP onto cannot ping my laptop, however.
Phone and laptop are on identical wifi as of testing and I have already tried opening the firewalls. My laptop can only succesfully ping using IP address, not hostname, but NSLOOKUP shows correct entries coming from my local DNS/Gatewat.
Any thoughts?
Anything @ljm42?
Edit: Nevermind! I just got the wireguard update and its working now. weird.
-
I am having an issue where my android phone is working fine, but my windows laptop is not.
Both are configured identically, see picture. My android phone does everything. I can access my shares and web GUIs.
My laptop can access shares but cannot access ANY webGUIs (unraid, dockers, gateway) OR use RDP. My laptop can successfully ping my gateway/local DNS server, as well as the computer I am trying to RDP with. Unraid server can ping my laptop. The local computer I am trying to RDP onto cannot ping my laptop, however.
Phone and laptop are on identical wifi as of testing and I have already tried opening the firewalls. My laptop can only succesfully ping using IP address, not hostname, but NSLOOKUP shows correct entries coming from my local DNS/Gatewat.
Any thoughts?
[Support] A75G Repo
in Docker Containers
Posted
Hello,
Regarding Kiwix-Serve
Does anyone know of a way or process I could use to add a cron expression for redownloading an updated wiki dump?
As it is right now by design, the docker redownloads the file every time it is restarted. I know I can disable this by removing the download link or download parameter but I would much rather somehow automate it to download, say, once a month. Any ideas?