Posts by Shakesbeer

    As a beginner I recommend the Udemy Course for Python. It is often on sale (like today).

    https://www.udemy.com/course/c…eveloper-zero-to-mastery/


    Python is a good language to know, even if you do not work with it daily.


    For starting in the open source community you need some basic skills, that are easy to learn, besides the pure knowledge of a programming language.


    - Understand what the difference between open and closed source is from a licensing perspective. This is good to know if you want to contribute to some open source project, and you want to understand what might happen with your code and what rights and maybe obligations you as a developer have. This seems boring on the first glance, but there is sudden "Heureka!" moment when you understand the whole big picture. No need to know every license in every Detail. Just understand what the main differences are. It helps you to understand how this whole open source thing works. It is more than just "sharing code with others".


    - Learn about how git and github works. There are a lot of youtube videos and even a good udemy course for free (sry, I only found this german link, but there are plenty in english too.) https://www.udemy.com/course/github-tutorial-deutsch/

    You can write excellent code, but without understanding how git and github work, you will not be able to contribute to any project.


    - Start your own small project. Just get a github account and create your own repository. Chose a license and upload a simple script. Sit down and ask yourself what automation / script / small software you might want useful. If you do not have a good idea, program a small game or whatever. Even tic tac toe or whatever is fine. Start small and grow.

    By this you achieve all you need. You apply your coding skill and and you get practice in using github. You will reach a point in which you start more and more understanding the other github projects and that is the point where you can start contributing smaller code to other projects. For that you should focus on one project and do a deeep dive in their code at one specific place. No need to understand the whole project if you just want to add one small function in a very specific component.


    Congratulations. You became part of the open source developer community.

    This was very valuable information. So it was not docker or network bridge related, which helped a lot to narrow it down.


    Same problem with wireguard "outside docker".

    I cannot access LAN devices but only services on my NAS where is wireguard installed.


    Even though my idea with an issue with either iptables or bridge related configuration was wrong, finally we found the root cause on the way :-)


    My network interface is not eth0 but

    enx001e06367807.

    I see that eth0 is used in wg0.conf for PostUp and PostDown.

    Maybee is problem related with network interface naming?


    Soma Thanks for staying with this investigation for so long. Tough stamina :-)

    OMV / Debian sollten in der Lage sein, das zu handeln.

    Ja. Absolut. Was mir bei Debian gemangelt hat war, dass mehrere parellel laufende rsyncs die Performance dermaßen nach unten gezogen haben, dass das parallele ausführen der rsyncs viel länger gebraucht hat als das serielle ausführen. Das macht natürlich nur dann was aus wenn auch wirklich viele Daten gesynct werden. Bei relativ statischen Verzeichnissen fällt das weniger ins Gewicht.

    Viel mehr hat mich gestört, dass cron zu "dumm" ist um etwas wie "Führe XYZ in Mindestintervallen von 24 Std aus.", so dass XYZ ausgeführt wird wenn das System merkt dass die letzte Ausführung mehr als 24 Std her ist. Mein NAS läuft nicht 24/7, und alle Cronjobs die in festen Zyklen laufen bzw. zu festen Zeiten garantieren mir so nicht dass sie auch wirklich laufen. Wenn es blöd läuft passiert dann Wochenlang kein Backup, nur weil das System zur in Cron gesetzten Zeit nicht aktiv war.

    Ich habe also etwas gesucht was Cron und Rsync etwas besser "steuert", in meinem Sinne.


    Danke übrigens für den Hinweis mit HiDrive. Für SSH müsste man das Script noch um das SSH Kommando ergänzen. Aktuell zielt es auf Lokale Backups bzw. auf Backups auf USB Disks etc.

    And one thing more. If you do not use IPv6 at all, could you disable it?


    Disable IPv6 manually by creating /etc/sysctl.d/70-disable-ipv6.conf with the content: net.ipv6.conf.all.disable_ipv6 = 1 . Activate it and reboot.

    Check with ifconfig -a if there are still IPv6 entries.

    Vielleicht hilft dir das hier weiter.


    Schau dir mal das multi Backup control script an, das hier liegt:

    https://github.com/OK-API/Manage-My-Server

    Da liegt auch eine Doku die beschreibt wie man es einsetzt.


    Es ist dazu gebaut um mehrere rsync Quellen und mehrere rsync Ziele in einem call zu bearbeiten ohne dass sie sich in Quere kommen. Durch die Reihenfolge kann man eine Priorisierung erreichen (z.B. Zuerst die Enkelfotos, zum Schluss die Pr0n Sammlung oder sowas.). Wenn man im NAS mehrere Disks mit mehreren Shares hat, und sichergehen will dass man mit rsync einmal alle 24 Stunden ein Backup auf verschiedene andere Disks schiebt, ohne dass sich die rsyncs gegenseitig stören, kann dir das weiter helfen. Funktioniert auch wenn das NAS mal länger ausgeschaltet war oder neu gebootet wird.

    Du kannst es in OMV als cron job einrichten der z.B. einmal die Stunde oder alle zwei Stunden läuft. Das Script erkennt selbst ob ein Backup Lauf mehr als 24 Std her ist, und fertigt nur dann ein Backup an wenn der letzte erfolgreiche Lauf länger her ist. Die Zeit kannst du im Script in einer variable verändern.

    Das logging kannst du so einstellen dass du nur im Fehlerfall log Einträge bzw. stdout Nachrichten bekommst, so dass omv dir nur dann eine notification schickt (falls Konfiguriert).


    Schau es dir mal an. Ich fand es hilfreich für mein Setup, bei dem mein NAS nicht 24/7 läuft (eben weil es nur NAS ist, und keine weitere Dienste trägt.)

    Ok. Can you tell us a little bit more about your setup?

    You are trying to connect from an Android phone to the server 192.167.1.77 by ssh, by using a wireguard tunnel through 192.167.1.66.

    Wireguard is running in a docker network which is 10.13.13.2 and which is bridged to 172.17.0.1 on the same that has 192.168.1.66


    Where exactly do you get this error message when trying to ssh?

    Do you get this message from your android phone, when trying to ssh using some app?

    You can succesfully establish the wireguard session but you cannot tunnel ssh through the connection to another server, right?

    Code
    Faild to connect to /192.168.1.77 (port 22) from /:: (port 38358) connect failed: ETIMEDOUT (Connection timed out)

    `Which IP does your client have in this scenario? Also a local IP in the 192.168.1 network?


    Can you try to do a traceroute? (command: traceroute) to your server 192.168.1.66 ?


    The bridge looks ok. It binds to the 172 network. I want to find out where your ssh session fails, and find out about the exact traffic flow of incoming traffic through the container and the bridge to the 172 network. As your ssh target has a 192. adress, bur your docker bridge goes to a 172 adress, maybe there is something blocking the ssh session from locally going from the 172 bridge network to the 192 outgoing interface.


    Edit:

    And please show us the output of

    Code
    docker network inspect host
    docker network inspect faa520e3e10a

    Just gathering some information here to be used further. Can you please confirm if this is correct?


    by the way .... your container is running in a virtual network with the IP 10.13.13.2

    The docker engine itself uses 172.17.0.1

    And your system is 192.168.1.66


    Your listen port for wireguard is 51820 according to a previous post. From your netstat these two entries exist for this port.

    Code
    udp 0 0 0.0.0.0:51820 0.0.0.0:* 0 813603 18849/docker-proxy
    udp6 0 0 :::51820 :::* 0 814727 18857/docker-proxy


    So your wireguard container with the internal virtual IP hosts his service externally on the 172.17. network as well as the 192.168.1 network, (correct?), and all IPv6 networks.


    Question for you darkopi ... Do you use IPv6 at all, or is it just active, but you do not really use it?


    Can you please run :

    Code
    docker network inspect bridge

    ...to give us more information about the bridge configuration of your docker environment.


    Edit:


    And please:

    Code
    docker network ls

    I tried to figure out what path your connection tries to take.

    The error message says it tries to connect to 192.168.1.77:22 from :: Port 38358 .

    I do not see anything related to Port 38358 , so at least it is no conflict with any server you have running there.


    I am still building my docker skill. Does anyone here know how to check the linux bridge configuration for docker thoroughly? I need to read in to this.


    My actual guess is, that there is something wrong with the bridge configuration or iptables, and either the traffic gets routed to the wrong bridge (e.g. into a non existing ipv6 network) or gets blocked by iptables.

    My guess is actually only based on the error message.


    I found the following article:

    https://docs.docker.com/network/bridge/


    which contains:



    As I mentioned I could use some support in digging in to the linux bridges configuration.

    How can I do that?

    On your client device open a command line and type traceroute <target IP Adress or Name>


    Example:

    If this does not work, you need to play around a bit with the -I and -T parameter.

    It is possible you need to install traceroute first, if you are on a linux system.


    If your client is an android phone, and you do not have such a nice command line, you can install one of many network analysis apps, which can also do traceroute from a more graphical interface.


    Traceroute tells you which path through the networks your data packages take. This way you can see whether your package goes through the wireguard tunnel, or from your phone in your phone network and does timeout because it simply is not routed in the tunnel.



    In addition to this, can you send the output of the following commands from your omv server:

    Code
    netstat -tulpen
    ifconfig -a


    Just to get a round picture of your environment. I am still confused about the :: in your error message.

    Quote

    Faild to connect to /192.168.1.77 (port 22) from /:: (port 38358)

    Guys ... can anyone tell me what this /:: in this message is about?

    Looks a bit like IPv6 :: ...

    Could it be there is something wrong that routes certain traffic from an IPv4 interface to an IPv6 interface, which then ends in nowhere?

    This confuses me a bit.

    Might be worth to enable notifications so that you get an email if an IP gets banned on the server.

    See "action" menu in fail2ban GUI in OMV.

    Thank you very much. This is a good hint.

    I will add this as well. In parallel I was thinking about some notification by a messenger. Maybe signal. I wrote an asynchronous interface for one of my servers (not reachable through the internet, only outgoing traffic allowed) by using signalcli. Maybe I will revive this.


    In parallel I am looking for a good epaper display that I can use to display basic information about my setups on a dashboard, which I can place somewhere nice, like a picture frame. Because I am a little fed up by all the notifications.


    But you are right. E-Mailing is the most basic notification and works when more sophisticated stuff fails. Will definitely add this.

    I am missing some details here. Maybe it is not a server issue, but a client issue?

    I understood that you can successfully connect to your OMV server using wireguard, but not to any other servers on the same network.


    Could you post the following information for us:

    - What network is your client on and which IP does it have?

    - When you have the connection established, can you do a traceroute to one of the other systems on the LAN? (Just to make sure that this is not a routing issue, and only the traffic to the OMV gets routed through the wireguard tunnel, and all other traffic uses your default gateway).

    - Then do a traceroute to the OMV server.


    Please post the output here (by using the </> code formatting).

    This sounds a bit like your system is under heavy load. Can you check your cpu / RAM / network load? Did you do an additional reboot after clearing up space?

    Is it also slow when using a keyboard and screen directly connected to the system?

    With the given information it is extremely hard to determine possible root causes. Please provide more information.

    Does your journalctl tell you anything?

    Nice. Would never remeber about the "fail2ban".

    You can make an exception on the "fail2ban" service to ignore LAN IPs to prevent this, ;)

    Yeah. I did not add my computer to the exception list, as I was a bit paranoid and wanted to protect the omv server against brute force even from local systems in my LAN, in case one of these systems gets infected. But maybe this was too paranoid, and finally it caused more harm than use :-)


    Thank you for pointing out the ignore option. I think I will add my regular desktop to this list now :-)


    This also gives me an idea about another thread, thank you

    Which one do you mean?