Everything posted by Opawesome
-
Parity check running when starting array every time
I have exactly the same issue (parity check after each normal reboot/shutdown via the WebGUI, syslog saying "unclean shutdown", etc.). This also started to happen right after i updated from 6.8.3 to 6.9.2. I will try the fix provided in this thread but I think @limetech could maybe consider a fix in the next version. Best, OP UPDATE 1: changing "Settings > disk settings > shutdown timeout" from 90 to 120 seems to have fixed the issue for me.
-
"OpenVPN Server" Where is the app in the Community Applications?
I wrote a tutorial on how to manually install an OpenVPN server on Unraid if anyone is interested: Best, OP
-
OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)
I wrote a tutorial on how to manually install an OpenVPN server on Unraid if anyone is interested: Best, OP
-
[Support] Linuxserver.io - OpenVPN AS
I wrote a tutorial on how to manually install an OpenVPN server on Unraid if anyone is interested: Best, OP
-
How to manually install an OpenVPN server (Unraid 6.8.3 - 6.12.8)
RESERVED
-
How to manually install an OpenVPN server (Unraid 6.8.3 - 6.12.8)
Hi, Since the OpenVPN Server plugin by @peter_sm, and the OpenVPN-AS docker container by @linuxserver.io are no longer available (as of august 2021), I thought it might be useful to some of you to know how to manually install an OpenVPN server on your Unraid machine. Using the Wireguard VPN which is now included in Unraid is of course an option but you may want to stick with OpenVPN for many reasons. The method below: was tested (and works) on Unraid 6.8.3, 6.9.2, 6.10.2, 6.10.3, 6.11.5, 6.12.4 and 6.12.8; assumes that you already have (or know how to setup) an openvpn .ovpn configuration file for your server (and clients); assumes that you already have (or know how to create) the SSL certification authority certificate, SSL server certificate, RSA keys and diffie hellman key which are required by your openvpn .ovpn configuration fileq; [Note: I personally use XCA to create and manage all my certificates and keys; tutorials on how to create the certificates and keys with XCA can be found here on YouTube for example.] assumes that you know how to setup your router to forward the ports required for you OpenVPN server to work; allows you to run OpenVPN even if the array is stopped (this is useful if your array is encrypted and does not automatically start on boot). STEP 1: ADD THE OPENVPN PACKAGE TO THE UNRAID BOOT DRIVE 1.1. Grab the openvpn-2.5.5-x86_64-1.txz package for Slackware here. Note: If you are using an older version of Unraid, you may need the openvpn-2.4.8-x86_64-1.txz package. I have not been able to find this older version on the Slackware website but I was able to grab that package from my previous install of the OpenVPN Server plugin. I have attached it to this post, but please share any link to an official download if you find one. 1.2. Copy it to the /boot/extra/ directory on the Unraid boot drive. Note: Packages in this folder are installed upon boot. STEP 2: ADD THE OPENVPN CONFIGURATION FILES AND ASSOCIATED CERTIFICATES, KEYS AND FILES TO THE UNRAID BOOT DRIVE 2. Copy your OpenVPN configuration file and associated certificates, keys and files to the /boot/config/user-files/openvpn/ directory on the Unraid boot drive. Note: These files include the following, depending on your configuration: server.ovpn or client.ovpn, dh.pem, ca.cert, server.crt, ta.key (if you use TLS for authentication), crl.pem (if you use a certificate revocation lists), ipp.txt (if you use manual IP assignment) STEP 3: EDIT THE "GO" FILE ON THE UNRAID BOOT DRIVE 3.1. Edit the /boot/config/go file on the Unraid boot drive by adding the following at the end of the file: # ############# # Start OpenVPN (beginning) # ############# # Start OpenVPN - 1. Set variables NETWORK="172.16.92.0" # OpenVPN server IP network CIDRSUFFIX="24" # OpenVPN server IP network CIDR suffix, without the "slash" OPENVPNCONFIGPATH="/boot/config/user-files/openvpn/" # Path to openvpn configuration files on USB drive, with the trailing "slash" # Start OpenVPN - 2. Copy OpenVPN configuration and cert files mkdir -p /etc/openvpn/ cp "${OPENVPNCONFIGPATH}server.ovpn" /etc/openvpn/ cp "${OPENVPNCONFIGPATH}dh.pem" /etc/openvpn/ cp "${OPENVPNCONFIGPATH}ca.crt" /etc/openvpn/ cp "${OPENVPNCONFIGPATH}server.crt" /etc/openvpn/ cp "${OPENVPNCONFIGPATH}server.key" /etc/openvpn/ cp "${OPENVPNCONFIGPATH}ta.key" /etc/openvpn/ cp "${OPENVPNCONFIGPATH}ipp.txt" /etc/openvpn/ # Start OpenVPN - 3. Create tun device mkdir -p /dev/net if [ ! -c /dev/net/tun ]; then mknod /dev/net/tun c 10 200 fi modprobe tun echo 1 > /proc/sys/net/ipv4/ip_forward # Start OpenVPN - 4. Run OpenVPN mkdir -p /var/run/openvpn/ sudo -H -u root openvpn --writepid /var/run/openvpn/openvpn.pid --config /etc/openvpn/server.ovpn --script-security 2 --daemon # Start OpenVPN - 5. Add IP tables NIC=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1) echo $NIC IPRULES1="iptables -t nat -A POSTROUTING -s $NETWORK/$CIDRSUFFIX -o $NIC -j MASQUERADE" eval $IPRULES1 iptables -t nat -L POSTROUTING -n -v --line-numbers | grep $NETWORK # ############# # Start OpenVPN (end) # ############# 3.2. Adjust the above to your own use case Note: For exemple, you will need to change the NETWORK and CIDR variables according to the IP address and network mask that are set in the server.ovpn configuration file. STEP 4: REBOOT AND CHECK THAT THE SERVER IS WORKING 4.1. Reboot your Unraid machine. 4.2. Check that OpenVPN is running by executing this command: ifconfig tun0 4.3. Try to connect to your OpenVPN server with a client. Note: I recommend adding the following lines to your .ovpn config file to help troubleshooting any potential issues: status /var/log/openvpn-status.log 5 log-append /var/log/openvpn.log I hope this helps. Best, Opawesome openvpn-2.4.8-x86_64-1.txz
-
Virt-Manager, Intel-GPU-Tools and more Dockers
This is some real bad news. The MotionEye and Virt-Manager docker containers are important to me. I am sorry that your work got screwed by DockerHub's new policy @dee31797.
-
all docker containers lists version “not available” under update
Likewise
-
OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)
Is this what you are looking for ? https://web.archive.org/web/20210127070720/https://raw.githubusercontent.com/petersm1/openvpn_client_x64/master/openvpn_client_x64.plg
-
OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)
Oh my. This is some really bad news as far as I am concerned. I heavily rely on the possibility to have en OpenVPN server running on Unraid (not the OpenVPN-server-AS docker container). Is there any way I can backup the plugin from my machine where it is already installed so that I can reinstall it in case I need to ?
-
Intel iGPU i915 driver crashing issues on various linux kernels
No, not yet. I am planning on doing another test when I upgrade to Unraid v6.9.x (I am currently running v 6.8.3), or when I change my CPU (I am planning to maybe upgrade to a Xeon E3 1275v6 or the like one of these mornings).
-
Is UnRaid OS RansomWare attack free?
You can also check out the no_ransom script by @binhex to add an extra layer of security on your files. If practicable with your use case, I also recommend accessing the files hosted by Unraid with a user having only "read-only" access, and using a user with read/write access only when you strictly need to.
-
Wipe free space
Well, as stated, I don't want to delete any file, I want to wipe the free space. So shred is not a solution. But thank you anyway. Op
-
Wipe free space
It turns out this little script seems to do the job: #!/bin/bash DISKNUMBER="1" # Set the disk number which free space should be wiped dd if=/dev/zero of=/mnt/disk"$DISKNUMBER"/zero.small.file bs=1024 count=102400 cat /dev/zero > /mnt/disk"$DISKNUMBER"/zero.large.file sync ; sleep 5 ; sync rm /mnt/disk"$DISKNUMBER"/zero.small.file rm /mnt/disk"$DISKNUMBER"/zero.large.file unset DISKNUMBER I have just tested it in a screen session. The disk filled up as expected and then the "zero.small.file" and "zero.large.file" were deleted to free up the space back. The point of having a small file is to avoid keeping the disk completely filled too long, as it can take time to delete the large file. I hope this helps. Any improvement or remark is obviously more than welcome. OP
-
Wipe free space
Can any of those be used to wipe free space and not files or entire disk?
-
Wipe free space
Hi all, I would like to wipe the free space on my array (not the actual files). Is the command is this post (dd if=/dev/random >/dev/disk??/big_file) still the best way to do so or is there a newer/better way? I understand that running this command creates a full-disk error condition and therefore a risk of cascading failures. Best, OP
-
Use USB webcam with MotionEye container
Same. I would love to know how to use a USB camera with the a Motioneye docker.
-
[Script] Backup LUKS headers of encrypted devices
Thank you @jonathanm. Very relevant comment. I added a new section to the initial post: "3. WHEN?", in order to address this issue. Best, OP
-
Quick command to back up all LUKS headers
If anyone is interested, below is a link to the script I wrote and which performs a backup of LUKS headers:
-
[Script] Backup LUKS headers of encrypted devices
Hi all, In the .zip archive file attached to this post is a script I have written in order to backup LUKS headers of encrypted devices attached to Unraid. 1. WHY? Backing up LUKS headers is a paramount precautionary measure given the fact that data corruption in LUKS header may lead to losing all the data present on the device. Please note that in this scenario, knowing the passphrase (or having a copy of the key file used to store the passphrase) is irrelevant and will not help you recover the data. This is because the passphrase is not used in deriving the encryption master key, but only used in decrypting the encryption master key, the latter being randomly generated on each device upon initial creation of the LUKS header. 2. HOW? To backup your LUKS headers, just run the attached script as root. The script is not interactive, therefore you can use it with the wonderful User.Script plugin by @Squid (see: here). 3. WHEN? LUKS headers only need to be backed up upon a change in one of the headers. A change should occur upon events such as: any drive is formatted (or reformatted) as encrypted (this includes the addition of a new encrypted drive) a passphrase (or the key file used to store the passphrase) is added to, changed in or removed from any of the 8 different key slots provided by LUKS (the Unraid GUI allows you to create only one passphrase for the entire array, but the underlying kernel module does allow 8 different passphrases for each encrypted device) Therefore, there is no need to schedule the backup to any particular period. A scheduled backup should even be avoided if you elect to copy the backed up LUKS headers to the Unraid flash drive, as it is considered good practice to keep the read/write operations of the flash drive to a minimum. 4. HOW DO I RESTORE LUKS HEADERS FROM A PREVIOUS BACKUP? As of now, the safest way I have found to restore LUKS headers from a previous backup is to run the command below manually for each drive that needs to have its LUKS header restored (don't forget to replace the <path to relevant LUKS header backup> and <device / device partition> with the correct information for your use case): cryptsetup luksHeaderRestore --header-backup-file <path to relevant LUKS header backup> <device / device partition> IMPORTANT: if the <device / device partition> is assigned to an array protected by parity, ensure that you are pointing to the managed partition device, i.e.: "/dev/mdXp1" (start the array in maintenance mode first) and not to the actual "dev/sdY1" partition device. Indeed, writes to /dev/sdY1 will bypass parity but writes to /dev/mdXp1 do not. 5. WORK IN PROGRESS I am trying to write a command that would restore all LUKS header at once. However, I need to find a way to reconcile (in CLI) each "/dev/mdXp1" device (i.e.: the device that is created after starting the array and which needs to be written on for the restore operation in order to preserve parity) to the corresponding "/dev/sdY" device (i.e.: the actual device which contains the "ID_SERIAL" used to name the LUKS header backup .bin file for that disk). I asked the question here but never got an answer. The command would be something like (note that you should not run it as is because it is not working in its current state): # DO NOT USE / DO NOT USE / DO NOT USE #cd "/directory/where/the/backed/up/LUKS/headers/are/stored" && for i in {/dev/sd*,/dev/nvme*}; do if cryptsetup luksDump $i &>/dev/null; then cryptsetup luksHeaderRestore <WIP: '$i' cannot be used here because it would bypass parity> --header-backup-file "`udevadm info --query=all --name=$i | sed -n 's/.*ID_SERIAL=//p'`.bin"; fi; done # DO NOT USE / DO NOT USE / DO NOT USE 5. ANYTHING ELSE? Feel free to report any issues and make any suggestions. This script is based on exchanges from the following threads, which you can refer to: thread 1 thread 2 as well as on the official LUKS page : https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/FAQ.md#6-backup-and-data-recovery Best, OP unraid_backup-luks-headers-v0.2a.zip
-
[Script] binhex - no_ransom.sh
Why not share with everyone ?
-
unraid-newenckey: Change your drive encryption unlock key
Just in case one would like to take an extra precautionary step and backup all LUKS headers before altering them with key changes, the following thread may be useful:
-
unraid-newenckey: Change your drive encryption unlock key
Hi @doron Many thanks for your contribution. I am planning on testing your script (better do it before I need it). I have started reviewing the code and saw the following line: VALID_CHARS='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789~!@#$%^&*-=+ ' Yet, the cryptsetup gitlab (https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions#1-general-questions) states that: Those printable characters are listed here: https://en.wikipedia.org/wiki/ASCII#Printable_characters Are there any reasons why you excluded some of them? Like the underscore for example? Best, OP
-
Intel iGPU i915 driver crashing issues on various linux kernels
Oh, I see. Thanks !
-
Intel iGPU i915 driver crashing issues on various linux kernels
Thanks. And which CPU ?