Categories
Hardware Linux Software

Synology “Operation Failed” manually updating package

Resilio Sync released an update last week and on Synology these package don’t auto update. Time to manually update the packages again.

On my DS1515 (more RAM, more CPU) the manual update goes by fine (stop service, manual update, browse for file, upload, start service) but my DS216j, not so much.

Attempting to upload the file instantly fails with the useful error “Operation Failed”.

I tried to re-download the file (was it corrupt)… Nop. Did I select the right architecture? Yep. Decided to give it a go via via the command line. Perhaps a reboot? Nop.

First, make sure SSH is enabled and you can SSH. Oh and pro tip: add your SSH key.

Something along these lines should get you started:

# Transfer the file to the NAS
scp *.spk NAS-IP:
# Connect to the device
ssh [email protected]
# Install it as root using sudo. It'll ask for your psw
sudo synopkg install *.spk
[password]
# resiliosync_armada38x_DSM6_2.7.0.1366-1.spk install successfully
# All good? Then remove the installer
rm *.spk

Somehow this worked… 🤷‍♂️ Not sure what caused the error in the first place. I am guessing the device is a bit low on RAM.

Categories
Hardware Misc

Air purifier

I live in Singapore. And haze is a thing. Thanks Indonesia and burning rain forests to create palm plantations. Needless to say, so far 2019 and 2020 haven’t been great.

Anyhow I got myself a Novita air purifier ~2 years ago, and I stole received a Xiaomi purifier from Liyun.

The Novita is pretty dumb (the PM sensor goes randomly nuts and it needs to be quite polluted before it really kicks in. It also needs to be turned off/on again every so often for it to keep on standby — if not it goes into some sleep mode).

The manual says you should consider cleaning (aka remove dust and cat hair) every 3 or so months, and replace the filter every 6 months. It’ll show a warning when the timer hits zero.

Selling new filters is how they make money I guess.

Buy a new filter (or don’t and use the same filter), reset the timer and things are back to normal.

For the Xiaomi it’s a bit harder. The “smart filter” is really just a HEPA filter with an NFC tag. It’ll calculate how often the purifier runs and calculate a % based on that. I’ve now hit 0% left on my filter after a haze season (September 2019) and ~8 months of normal usage (as it’s in the bedroom, it starts filtering around 21h00, and then runs in the quiet night mode until 9am next morning and then shuts off).

While the purifier still runs at 0%, it gives a big red warning both in the app and on the device itself and urges you to replace the filter.

You can tape off the NFC tag with some tinfoil, but that’ll just change the big red warning from “used and old filter, please replace” to “fake filter, please replace”.

Now I am not against replacing HEPA filters when they are used and are not actually filtering the air anymore. But I am also against uselessly replacing things for the sake of handing money to $BigCorp and ruining the planet with it.

Running a few tests with a relatively precise PM sensor (use this assembled kit if you are not into DIY) shows that for both my purifiers, the exhuast air is 0 PM1.0, 0 PM2.5 and 0 PM10. So that shows me that both are still working and cleaning the air just fine (further away in the room, the PM heads up to 10-20 on haze-free days).

PM Sensor

Am I missing something here? Why throw away something that still works?

Categories
Hardware Linux Networking Software

Resilio Sync on Synology stuck?

The Resilio Sync package that’s provided on a Synology NAS’ Packager Center is out of date (2.6.2) and has a bug that causes big files to fail to sync (and that causes a loop of endless retries).

The solution is to manually update the package from 2.6.2 to 2.6.4. Find your NAS architecture and then download (bottom of the page) the right binary and manually install it.

Note that you need to stop the Resilio Sync service running (manually stop it via Package Center) before uploading the package and installing it.

Once done, don’t forget to manually start the service again.

Resilio Sync GUI will be at <NAS IP>:28888/gui/.

The howto guide to manually update the package can be found here.

Categories
Hardware

Where to fly your drone

Now that I own a DJI Spark

Singapore: flywhere.sg.

World (not very detailed): foxnomad.com/2017/07/25/map-shows-drone-laws-every-country-world-updated-regularly

And also embedded here:

Categories
Hardware Linux Networking

Edgerouter IPsec tunnel to Fritzbox

So, I have an EdgeRouter Lite in Singapore (Starhub) and a FritzBox in Belgium (EDPnet).

This is mostly stuff that I have found from several articles, mostly from here.

ERL: eth0 is WAN, eth1 (10.60.111.0/24) and eth2 (unused, not VPN’ed) are LAN
FritzBoz: 192.168.1.0/24

This is the FritzBox config (go to VPN and them Import a config) fritzvpn.cfg:

vpncfg {
        connections {
                enabled = yes;
                conn_type = conntype_lan;
                name = "VPN Yeri";
                always_renew = yes;
                reject_not_encrypted = no;
                dont_filter_netbios = yes;
                localip = 0.0.0.0;
                local_virtualip = 0.0.0.0;
                remoteip = 0.0.0.0;
                remote_virtualip = 0.0.0.0;
                remotehostname = "erl.yeri.be";
                localid {
                        fqdn = "fritz.yeri.be";
                }
                remoteid {
                        fqdn = "erl.yeri.be";
                }
                mode = phase1_mode_idp;
                phase1ss = "all/all/all";
                keytype = connkeytype_pre_shared;
                key = "SOMEPASSWORD";
                cert_do_server_auth = no;
                use_nat_t = yes;
                use_xauth = no;
                use_cfgmode = no;
                phase2localid {
                        ipnet {
                                ipaddr = 192.168.1.0;
                                mask = 255.255.255.0;
                        }
                }
                phase2remoteid {
                        ipnet {
                                ipaddr = 10.60.111.0;
                                mask = 255.255.255.0;
                        }
                }
                phase2ss = "esp-all-all/ah-none/comp-all/pfs";
                accesslist = "permit ip any 10.60.111.0 255.255.255.0";
        }
        ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500", 
                            "udp 0.0.0.0:4500 0.0.0.0:4500";
}

Be sure to modify the password, local (Fritz) and remote (ERL) LAN and edit the local and remote fqdn.

This is the ERL config (via ssh, you’ll need to set this:

[email protected]# show vpn ipsec 
 auto-update 60
 auto-firewall-nat-exclude enable
 esp-group FOO0 {
     proposal 1 {
         encryption aes256
         hash sha1
     }
 }
 ike-group FOO0 {
     dead-peer-detection {
         action restart
         interval 60
         timeout 60
     }
     lifetime 3600
     proposal 1 {
         dh-group 2
         encryption aes256
         hash sha1
     }
 }
 ipsec-interfaces {
     interface eth0
 }
 nat-networks {
     allowed-network 0.0.0.0/0 {
     }
 }
 nat-traversal enable
 site-to-site {
     peer fritz.yeri.be {
         authentication {
             mode pre-shared-secret
             pre-shared-secret SOMEPASSWORD
         }
         connection-type initiate
         description "VPN to fritz.yeri.be"
         ike-group FOO0
         local-address erl.yeri.be
         tunnel 1 {
             esp-group FOO0
             local {
                 prefix 10.60.111.0/24
             }
             remote {
                 prefix 192.168.1.0/24
             }
         }
     }
 }

Status:

[email protected]:~$ show vpn ipsec status
IPSec Process Running PID: 20140

1 Active IPsec Tunnels

IPsec Interfaces :
        eth0    (no IP on interface statically configured as local-address for any VPN peer)
[email protected]:~$ show vpn ipsec sa
peer-be.yeri.be-tunnel-1: #9, ESTABLISHED, IKEv1, 85a2d010ada73113:ca439c40ac3bca06
  local  'erl.yeri.be' @ 116.87.x.y
  remote 'fritz.yeri.be' @ 109.236.x.y
  AES_CBC-256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
  established 1592s ago, reauth in 1333s
  peer-fritz.yeri.be-tunnel-1: #1, INSTALLED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA1_96/MODP_1024
    installed 1592 ago, rekeying in 1200s, expires in 2009s
    in  c0bb652e, 1038032 bytes, 10726 packets,     0s ago
    out 8d5df3f5, 532685 bytes,  6062 packets,     0s ago
    local  10.60.111.0/24
    remote 192.168.1.0/24

I haven’t really figured out what no IP on interface statically configured as local-address for any VPN peer means yet though.

Next up: VLANs