Categories
Linux Networking Software

Allow ping from USG

Because I keep forgetting and it takes me far too much time to go through one of my million sites where I set this up and find the right config…

To allow a USG (Unifi Security Gateway) to reply to external (WAN) ping requests, do the following:

  • Head to the Unifi dashboard -> Settings -> Firewall & Security
  • Create a new rule
  • Type: Internet Local
  • Description: Allow Ping (Echo Request)
  • Rule Applied: Before Predefined Rules
  • Action: Accept
  • IPv4 Protocol: ICMP
  • IPv4 IMP Type Name: Echo Request
  • Apply Changes -> wait ~2 minutes

That’s it…

All this for Smokeping.

Categories
Errors Linux Software

NextDNS and NetworkManager

A while back, I wrote about installing NetworkManager if NextDNS activate fails to work.

Only… I realised that for some reason on Raspberry Pi (4), WiFi stopped working with the following errors:

Feb 17 11:55:02 tyr NetworkManager[449]: <info>  [1676631302.2204] device (wlan0): state change: config -> failed (reason 'ssid-not-found', sys-iface-state: 'managed')
Feb 17 11:55:02 tyr NetworkManager[449]: <info>  [1676631302.7525] device (wlan0): set-hw-addr: set MAC address to 92:F3:ED:C2:8F:9B (scanning)
Feb 17 11:55:02 tyr NetworkManager[449]: <warn>  [1676631302.7559] device (wlan0): Activation: failed for connection 'superuser.one'
Feb 17 11:55:02 tyr NetworkManager[449]: <info>  [1676631302.7562] device (wlan0): supplicant interface state: scanning -> disconnected
Feb 17 11:55:02 tyr NetworkManager[449]: <info>  [1676631302.7562] device (p2p-dev-wlan0): supplicant management interface state: scanning -> disconnected
Feb 17 11:55:02 tyr NetworkManager[449]: <info>  [1676631302.7577] device (wlan0): supplicant interface state: disconnected -> interface_disabled
Feb 17 11:55:02 tyr NetworkManager[449]: <info>  [1676631302.7578] device (p2p-dev-wlan0): supplicant management interface state: disconnected -> interface_disabled
Feb 17 11:55:02 tyr NetworkManager[449]: <info>  [1676631302.7579] device (wlan0): supplicant interface state: interface_disabled -> disconnected
Feb 17 11:55:02 tyr NetworkManager[449]: <info>  [1676631302.7579] device (p2p-dev-wlan0): supplicant management interface state: interface_disabled -> disconnected
Feb 17 11:55:02 tyr NetworkManager[449]: <info>  [1676631302.7585] device (wlan0): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')

The WiFi SSID and password (wpa_supplicant) never changed, so I wasn’t sure what it was. However, as most Pi’s are wired I didn’t pay much attention, until today.

As I had one RPi where nextdns activate worked fine, without NetworkManager installed, and where WiFi worked, I figured there was something evil about NetworkManager (= breaks my WiFi) and NextDNS not actually needing it…

I reverted my changed from my previous post (and removed some extra stuff that was not needed in my case, YMMV):

apt purge -y network-manager dnsmasq-base resolvconf modemmanager ppp ; apt install -y powermgmt-base openresolv ; apt autoremove -y
The powermgmt-base, and modemmanager, ppp parts are likely not needed, but this is just a copy and paste of what I did.

Reboot… And WiFi worked again. However, nextdns activate would still throw an error:

# nextdns activate
Error: NetworkManager resolver management: exit status 5

Going through the source code (yay for open-source) I noticed:

var networkManagerFile = "/etc/NetworkManager/conf.d/nextdns.conf"

That file indeed existed on both RPis that had the activate issue.

I ran the following command…

rm /etc/NetworkManager/conf.d/nextdns.conf

But that still gave the same error. But as I had purged the entire NetworkManager, I didn’t need its lingering config files… So, why not rid ourselves of everything:

rm -r /etc/NetworkManager

And tada… Now activate works fine:

tyr ~ # nextdns activate
tyr ~ #

Go figure ¯\_(ツ)_/¯

Categories
Errors Linux Software

Mounting a whole disk with partitions

I reinstalled one of my RPis (moving from 32 to 64 bit).

Before doing the full reinstall, I took a dump (dd) of my disk.

Usually, I create one per partition, but this was the Christmas season, and I was half occupied with feasting and half occupied with entertaining Ila. So, mistakes were made.

I ran dd if=/dev/sdb of=backup.img — but this means I can’t mount the disk directly, as it’s not a partition:

# mount backup.img /tmp/disk
mount: /tmp/disk: wrong fs type, bad option, bad superblock on /dev/loop0, missing codepage or helper program, or other error.

I should’ve dd’d /dev/sdb2 instead of the entire disk.

All right, so let’s figure out what can be done… First, let’s look at the content of the image:

# fdisk -l backup.img
Disk backup.img: 111.8 GiB, 120040980480 bytes, 234455040 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x8297a463

Device          Boot  Start      End  Sectors  Size Id Type
backup.img1 *      8192   532479   524288  256M  c W95 FAT32 (LBA)
backup.img2      532480 34078199 33545720   16G 83 Linux

So, we can probably mount starting from sector 532480.

We can see that the sector size is 512 (which, I think, is the default for most). So, if we multiply 512 * 532480 we get 272629760.

Now we can mount the disk using the following command:

mount -o loop,offset=272629760 backup.img /tmp/disk

And that should do it.

The 2nd partition (the one with data) is now mounted and accessible under /tmp/disk.

If you need the first partition, the same can be done by running 512 * 8192 = 4194304; the following command mounts the boot partition:

mount -o loop,offset=4194304 backup.img /tmp/disk.
Categories
Errors Linux Software

NetworkManager exit status 1

Recently reinstalled NextDNS on a RPi4 64bit and came across this error:

# nextdns activate
Error: NetworkManager resolver management: exit status 1

It seems like NextDNS was actually running, but just throwing an error when running nextdns activate. Restarting did seem to work without throwing any error.

The logs showed the same error:

Dec 20 14:06:20 tyr nextdns[5753]: Starting NextDNS 1.38.0/linux on :53
Dec 20 14:06:20 tyr nextdns[5753]: Listening on TCP/:53
Dec 20 14:06:20 tyr nextdns[5753]: Starting mDNS discovery
Dec 20 14:06:20 tyr nextdns[5753]: Listening on UDP/:53
Dec 20 14:06:21 tyr nextdns[5753]: Connected 45.90.28.0:443 (con=13ms tls=58ms, TCP, TLS13)
Dec 20 14:06:21 tyr nextdns[5753]: Connected 185.18.148.91:443 (con=12ms tls=28ms, TCP, TLS13)
Dec 20 14:06:21 tyr nextdns[5753]: Switching endpoint: https://dns.nextdns.io#185.18.148.91,2a04:b80:1:30::2
Dec 20 14:06:25 tyr nextdns[5753]: Setting up router
Dec 20 14:06:25 tyr nextdns[5753]: Activating
Dec 20 14:06:25 tyr nextdns[5753]: Activate: NetworkManager resolver management: exit status 1

The solution was (as root):

apt install network-manager resolvconf -y
systemctl enable NetworkManager
systemctl start NetworkManager
nextdns activate

Looks like, instead of resolvconf, openresolv was installed.

First time I heard about openresolv; usually resolvconf is the default. Not entirely sure if this was the culprit (and NetworkManager not being started) but the errors are now gone.

Categories
Linux Software

Mastodon server: email

Always a hassle to get mail delivery to work.

Had a similar problem with a VoIP (Nexmo SMS/call forwarding) tool that just refused to work using local mail servers without a valid cert. Gave up and started using Mailgun. 

Long story short: use something like Mailgun or another provider.

Using localhost SMTP server support seems to be limited if you don’t have working certs. The documentation is also lacking as to what does what. Didn’t figure out how to have it ignore SSL.

This is what worked for me, using Mailgun server:

SMTP_SERVER=smtp.eu.mailgun.org
SMTP_PORT=465
[email protected]
SMTP_PASSWORD=some-password
[email protected]
SMTP_DELIVERY_METHOD=smtp
SMTP_SSL=true
SMTP_ENABLE_STARTTLS_AUTO=false
SMTP_AUTH_METHOD=plain
SMTP_OPENSSL_VERIFY_MODE=none

And it looks like I’m not the only one struggling.