Use SNMP to monitor your home network by LibreNMS

Recently I spent some time tried different solution to monitor home network and systems. Initially, I tried Cacti on Raspberry Pi but not working really well together with Pi-Hole. So I moved Cacti into a docker container on Synology NAS. But Cacti eats up lot of NAS resources and itself is not that user-friendly. So many issues with poller, and the performance is not good.

Then finally, I found LibreNMS which surprised me with easy deployment and very nice look and feel. So go straight to the deployment guide of LibreNMS to monitor home network via SNMP.

Continue reading “Use SNMP to monitor your home network by LibreNMS”

Mikrotik RouterOS Dynamic Update Script for OpenDNS

There is a need to provide some level of parent control and kids safe Internet access at home. Using OpenDNS is a easy and cost free solution.

To customize the web security filtering policies for your own case, you need to update home Internet public IP to OpenDNS so that the customized your policy will be applied. In a dynamic IP situation, it is essential to keep telling OpenDNS the latest correct Internet IP. Instead of install OpenDNS updater client on MAC/WIN/LINUX, we can use Mikrotik RouterOS scripts to update the IP directly.

Continue reading “Mikrotik RouterOS Dynamic Update Script for OpenDNS”

Mikrotik RouterOS work with Cisco Aironet AP

Background:

I have a spare Cisco Aironet 3702i but I do not have Cisco Wireless Controller to manage it. But I do like its wireless capability and I want it to replace ASUS RT-AC68U as home main wireless access point.

I also have a Mikrotik hex POE 960PGS router to provide both connectivity and power to surveillance camera.

I want to fully utilize the gears I have and just use a cost effective solution to achieve secure home wireless network.

Target:

  • Multiple SSIDs with different VLANs, different encryption and authentication methods
  • Each SSID network needs to be segregated with others
  • One SSID needs to be in the same subnet of local wired network

Continue reading “Mikrotik RouterOS work with Cisco Aironet AP”

Synology Letsencrypt DNS-01 cert issue and install

Install the acme.sh Client

  • SSH to Synology DiskStation.
  • sudo -i to root login.
  • Install acme.sh manually.
    $ wget https://github.com/Neilpang/acme.sh/archive/master.tar.gz
    $ tar xvf master.tar.gz
    $ cd acme.sh-master/
    $ ./acme.sh --install --nocron --home /usr/local/sbin/acme.sh
    

Logout and login back again. so install is done :)

  • next step is to do the configuration:
    $ cd /usr/local/sbin/acme.sh
export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export CF_Email="[email protected]"
  • Issue and install the certs. The code below to reflect your own path and domain name.
./acme.sh  --issue -d YOURDOMAIN.TLD --dns dns_cf --certpath /usr/syno/etc/certificate/_archive/PATH/cert.pem --keypath /usr/syno/etc/certificate/_archive/PATH/privkey.pem --fullchainpath /usr/syno/etc/certificate/_archive/PATH/fullchain.pem --capath /usr/syno/etc/certificate/_archive/PATH/chain.pem --reloadcmd "/usr/syno/etc/rc.sysv/nginx.sh reload"
  • Configure Crontab for root
$ vi /etc/crontab 
Add the following line to the crontab. Remember to use tab for spacing.
0    10    2    *    *    root    root /usr/local/sbin/acme.sh/acme.sh --cron --home /usr/local/sbin/acme.sh/

Continue reading “Synology Letsencrypt DNS-01 cert issue and install”

Synology Cloudflare DDNS Script

Run commands in Synology

  1. Download cloudflareddns.sh from this repository to /usr/local/sbin/cloudflaredns.sh
wget https://raw.githubusercontent.com/joshuaavalon/SynologyCloudflareDDNS/master/cloudflareddns.sh -O /usr/local/sbin/cloudflaredns.sh

If you put the script in other name or path, make sure you use the right path.

  1. Give others execute permission
chmod +x /usr/local/sbin/cloudflaredns.sh
  1. Add cloudflareddns.sh to Synology
cat >> /etc.defaults/ddns_provider.conf << 'EOF'
[Cloudflare]
        modulepath=/usr/local/sbin/cloudflaredns.sh
        queryurl=https://www.cloudflare.com/
EOF

queryurl does not matter because we are going to use our script but it is needed.

Get Cloudflare parameters

  1. Go to your domain overview page and get the Zone ID.
  2. Go to your account setting page and get API Key.
  3. Get record id using Cloudflare API.
curl -s GET "https://api.cloudflare.com/client/v4/zones/[Zone ID]/dns_records" \
	-H "X-Auth-Email: [Email]" \
	-H "X-Auth-Key: [API Key" \
	-H "Content-Type: application/json" \
	| jq '.result[] | {name, id, zone_id, zone_name, content, type}'

You need to replace with [] with your parameter. Then, you get the id in result which is you Record ID.

Setup DDNS

  1. Enter the parameters to the cloudflareddns.sh.
  2. Login to your DSM
  3. Go to Control Panel > External Access > DDNS > Add
  4. Select Cloudflare as service provider. Enter your domain as hostname, your Cloudflare account as Username/Email, and API key as Password/Key

Customize Namecheap DDNS script for Synology

sudo -i
wget https://www.xfelix.com/wp-content/uploads/2017/06/namecheap.zip
unzip namecheap.zip
Extract and move namecheap.php to /usr/syno/bin/ddns/

Grant privilege
sudo chmod 755 /usr/syno/bin/ddns/namecheap.php

Edit DDNS Provider list
sudo vi /etc.defaults/ddns_provider.conf
Insert
[Namecheap]
modulepath=/usr/syno/bin/ddns/namecheap.php
queryurl=https://dynamicdns.park-your-domain.com/

In the DSM web interface, open the DDNS menu
Hostname: example.com
Username/Email: www
Password: nameCheap DDNS passkey

 

Add TransmissionBT task from iOS devices

Till now, there is no official iOS app to add/manage torrent tasks of TransmissionBT. The only working application is iControlbits which is available to Jailbroken iOS users.
So there is not much choice left for non-jailbroken users to manage Tranmission tasks. We can use Safari web browser to view and delete the downloading task but no way to add torrent file as iOS has a very strictly privilege control on file dealing. It is impossible to download a torrent file and upload it via Safari browser.
Continue reading “Add TransmissionBT task from iOS devices”

Disable Adobe Reader Sign In when open a PDF

I do not remember since when Adobe Reader mandatory requires user to login their Adobe ID once open a PDF file. It is quite annoying. Especially, if you are on a slow Internet environment, you have to wait for login page to be fully loaded. And during that time, you cannot scroll down to browse the PDF content. How to get rid of this silly online function? Here is the solution.

Continue reading “Disable Adobe Reader Sign In when open a PDF”

奇葩的ebay

话说前不久为了在ebay上买一台mint拖地机,新注册了个美国ebay的账号。和其他美国购物网站一样,地址、电话当然写的是转运公司的仓储地址。然后就是绑定已经用了很久很久的paypal付钱,收货。卖家很不错,还给了好评。没想到刚买第二天商品就跌价,发了封站内信给卖家,卖家二话不说就把差价打到我paypal了。非常愉快的购物经历。

过了一周,货还没到转运公司呢,却收到了ebay的邮件,MC999,我的ebay账号因为安全原因被无限制禁止了。 Continue reading “奇葩的ebay”

RAID是否适合家用?

随着家庭网络带宽的提速,硬盘容量的剧增,家庭数据量也成倍增加。如今的数字化家庭生活,对网络存储(NAS)的需求也不断增强。

家庭数据无外乎电影、音乐、照片以及一些重要文档。这些数据虽不及企业的数据那么关键和重要,但是珍贵的照片、文档等数据一旦丢失,还是非常的心痛的。于是乎,家庭数据的安全性也逐渐被人们重视。人们想到了企业常用的RAID技术来武装家庭的NAS系统。有用RAID0来提升读写速度、有用RAID1来增加数据的可靠性,也有人用多块硬盘做RAID5或RAID10来确保数据的可用性。提到RAID,人们总是说,现在的硬盘啊,质量参差不齐,纯粹拼人品,建了RAID后,如果不幸哪块硬盘坏了,也不影响数据的完整性,只要再买一块硬盘顶上就行了。但是这仅仅是RAID的好处,大家却忽视的RAID的一些隐患。我的观点是,个人家庭用户不建议使用RAID! Continue reading “RAID是否适合家用?”