L2TP VPN fails after january 11, 2022 update

Microsoft January 11, 2022 update breaks L2TP VPN [solution]

Microsoft update KB5009543 breaks L2TP VPN functionality causing error message “The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer“. Investigating the log shows error 789 for rasclient.

A temporary solution is to uninstall KB50009543. Run cmd as administrator and enter:

wusa /uninstall /kb:5009543

After reboot VPN will work again.

See also this article.

How can I use a PC to recover data when my Synology NAS malfunctions?

Purpose

This article will guide you to recover data on your PC when Synology NAS malfunctions.

Notes:

The drives may not be able to mount the volume again after being migrated to a new NAS.

Environment

  • Available on DSM version 6.2.x and above.
  • Only applicable to ext4 or Btrfs file system.
  • Ubuntu version should be 18.04 and above.

Resolution

  1. Make sure your PC has sufficient drive slots for drive installation.
  2. Remove the drives from your Synology NAS and install them in your PC. For RAID or SHR configurations, you must install all the drives (excluding hot spare drives) in your PC at the same time.
  3. Prepare an Ubuntu environment by following the instructions in this tutorial.
  4. Go to the Files on the left bar and select Home.
  5. Right-click and select New Folder, and create one or more folders as mount points for accessing data.1
  6. Right-click on the new folder(s), click Properties, the parent folder with folder name is ${mount_point}.
    Example: If the parent folder is /home/ubuntu/ and the folder name is Test, the mount point will be /home/ubuntu/Test/.
  7. Go to Show Application in the lower-left corner > Type to search….
  8. Enter Terminal in the search bar and select Terminal.
  9. Enter the following command to obtain the root privileges.

sudo -i

  1. Enter the following commands to install mdadm and lvm2, both of which are RAID management tools. lvm2 must be installed or vgchange will not work.

apt-get update
apt-get install -y mdadm lvm2

  1. Enter the following command to assemble all the drives removed from your Synology NAS. The results may differ according to the storage pool configurations on your Synology NAS.

mdadm -Asf && vgchange -ay

  1. Enter the following command to get the information of ${device_path}.

cat /proc/mdstat
lvs

According to the output of pvs/vgs/lvs, the device paths are as follows:

${device_path}
No lvs output/dev/${md}2
With lvs output/dev/${VG}/${LV}3

Below are the samples of md status corresponding to its RAID and volume type:

Device PathsClassic RAID with single volume
cat /proc/mdstatroot@ubuntu:~# cat /proc/mdstat Personalities : [raid1] md4 : active raid1 sdc3[0] 73328704 blocks super 1.2 [1/1] [U] unused devices:<none>
lvsNo output
${device_path}/dev/md4
Device PathsSHR with single volume
cat /proc/mdstatroot@ubuntu:~# cat /proc/mdstat Personalities : [raid1] md3 : active raid1 sda5[0] 73319616 blocks super 1.2 [1/1] [U] unused devices:<none>
lvsroot@ubuntu:~# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert lv vg1000 -wi-a—– 69.92g
${device_path}/dev/vg1000/lv
Device PathsClassic RAID/SHR with multiple volume
cat /proc/mdstatPersonalities : [raid1] md3 : active raid1 sdc3[0] sdd3[1] 73328704 blocks super 1.2 [2/2] [UU] unused devices:<none>
lvsroot@ubuntu:~# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy% Sync Convert syno_vg_reserved_area vg1 -wi-a—– 12.00m volume_1 vg1 -wi-a—– 30.00g volume_3 vg1 -wi-a—– 30.00g
${device_path}/dev/vg1/volume_1
/dev/vg1/volume_3
  1. Enter the following commands to mount all the drives as read-only to access your data. Enter your device path (according to RAID and volume type in Step 12) in ${device_path} and mount point (created in Step 6)in ${mount_point}. Your data will be placed under the mount point.

$ mount ${device_path} ${mount_point} -o ro

  1. Check the data in Files > Home > the folders you created in Step 5.

If you still cannot recover the data through the above steps, refrain from trying any other methods to repair because it may cause more damage to your data. As your last option, please seek the help of a local data rescue company. Kindly understand that data retrieval is still not guaranteed.

Notes:

  1. A mount point is equal to one volume. If you have multiple volumes that need to be recovered, please create the same number of folders as the number of volumes.
  2. The number of md (array) will be listed in the result of cat /proc/mdstat.
  3. syno_vg_reserved_area can be ignored, the number of volume_x is equal to the number of volumes.

Akeeba Backup restore problem restoring large backup file [Solution]

I had a rather large Akeeba Backup file (about 25 GB) which I tried to restore using Akeeba kickstart from the web browser. It took a long time unpacking the archive but never reached the point where database is being restored.

The Akeeba kickstart (version 5.0 or later) can be run from command line (shell) and this works better with really large backup files. Simply go to the directory where you have your JPA-file which should be the same directory where it should be restored and enter:

php kickstart.php archive.jpa

But of course replace archive.jpa whith your archive name. There are more command line options available.

After unpacking the archive, go with your browser to https://yourdomain.com/installation and complete the restore.

Reverse Beacon Network spots using my EFHW and QRP 6 watts

Why I love end fed half wave (EFHW) antennas

The antenna seems always to be a compromise between practical matters and performance. While not being the most high performance antenna, I find the end fed half wave (EFHW) a very practical antenna, especially during portable operations.

The EFHW doesn’t need to be straight. It can be bent in angles and be “abused” a lot.

In this video I have a temporary installation in a vacation home (time share) where I am not able to erect any masts, not being able to use trees or other houses as fixation points for my antenna. I used some zip ties only that can be removed without leaving any marks.

The antenna height is far from optimal and the antenna is bent several times. It is also close to the rain gutters made of metal. Still I have fine SWR levels on all bands (10/15/20/40 m) and can work all of Europe on my QRP rig (6 watts) (see the screenshot from Reverse Beacon Network).

pfSense port forward to a NAT:ed IP-address located on the other side of a ipsec tunnel

This is kind of a special scenario but actually occured for me. A port on the pfSense WAN should be NAT:ed to an IP-address located on a remote subnet via an ipsec tunnel. The problem here was the router on the other end of the tunnel did not route all it’s outgoing traffic over the tunnel. Only a few subnets behind the pfSense went through the tunnel. All other traffic was using the routers normal Internet connection.

In the image above, a port (123 in the example code below) on the pfSense (100.1.1.1) should be NAT:ed and port forwarded to 10.0.0.7. The result was the NAT:ed port forwarded packets reached the intended host (10.0.0.7) but replies probably went straight back on the internet, not going back through the tunnel.

I solved this by setting up a simple proxy on a server using iptables located on a machine in one of the subnets at the pfSense site which was reachable from 10.0.0.7 through the tunnel. See next image.

The proxy was made using iptables in a Ubuntu machine on 10.2.2.2. Both the proxy server on 10.2.2.2 and the host 10.0.0.7 could reach each other over the ipsec tunnel.

In pfSense I changed the NAT / port forward of port 123 from 10.0.0.7 to 10.2.2.2 (and deleted the existing states in pfsense from my previous tries, until I did that, this didn’t work).

The proxy server using IP-tables was set up like this (guide found here):

sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A PREROUTING -i ens160 -p udp --dport 123 -j DNAT --to 10.0.0.7
sudo iptables -t nat -A POSTROUTING -o ens160 -p udp --dport 123 -j SNAT --to-source 10.2.2.2
sudo iptables -t nat -A POSTROUTING -p udp --sport 123 -j SNAT --to-source 10.2.2.2

You will probably want to make sysctl ip_forward and iptables statements persistent over reboots.

Ispconfig3 monitor tab not opening when using non-english language [BUG – WORKAROUND]

This is caused by a bug when saving the translation file concerning the langauge key for “Let’s Encrypt log”.

When the translation file for the Monitor tab is saved, the necessary backslash before the ‘ in “Let’s” is not saved into the file. The problem is described in this bug report: https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5881 but for the moment not resolved.

To workaround this problem, manually edit the file /usr/local/ispconfig/interface/web/monitor/lib/lang/XX.lng (where XX is your language). Find the line beginning with:

$wb['Let's Encrypt log'] =

Insert a backslash like this:

$wb['Let\'s Encrypt log'] =

Save the file and your Monitor tab will work again. This must be repeated each time you edit the translations for monitor.

Water lock in floor drain

How to open and clean a water lock in a floor drain looking like this (see photo)

In a house in Denmark I needed to clean the water trap in a floor drain looking like the one in the photo. (For some weird reason, these kind of household tasks always end up on the male… But that is another discussion :).)

Water lock in a floor drain in Denmark

I wrongly made the assumption that I needed to unscrew the four screws. Bad decision! This made the upper and lower part of the water lock to separate and the lower part fell into to the waste water pipe. Fortunately there was a bend some 30 centimeters down so it stuck there and I only (!) hade to put my arm into the pipe, grab it and pull it out.

To get the water trap out was actually more simple than anticipated. This how it should have been done: just put your gloves on, stick two fingers in the big hole and a thumb at the edge and pull. When removed and safely away from the waste water pipe, the four screws can be unscrewed in order to separate the two parts of the water lock so it can be cleaned more easily.

Anytone AT-D578UV Toyota Prius installation

Anytone AT-D578UV stealth installation in Toyota Prius (2008)

I wanted to make a “stealth installation” of my Anytone AT-D578UV radio in my Toyota Prius (2008) so I don’t have to worry so much for burglars when parking the car. Below the FM-radio is a compartment, when removed, leaves a space big enough for the radio.

There is plenty of space behind the compartment. I was a bit worried about that issue becase the radio is longer than the depth of the compartment, but it turned out there is enough empty space behind it.

I installed the radio with the programming cable connected as it will be very hard to connect it after the radio is mounted in the car. The microphone is extended and connected using a flat straight ethernet cable and both cables are dropped downwards and pulled out from behind the panel. That way I can easily hide the microphone when parking the car.

When the compartment under the radio is removed (and saved to be reinstalled when selling the car), the space between the metal plates is to wide, so I took a 5 mm nylon cutting bord that I cut into pieces and glued them together to form a suitable spacer and drilled a hole for the mounting screw. I did not use the mounting screws that came with the radio, instead I used one M4x20 mm and one M4x40 mm. On the right side of the radio I used 2 nylon pieces and on the left side 5 or 6. The screws went into the rear holes on the radio and to get some support for the front I used zip tie straps around the radio through the holes in the metal plates.

The GPS was just tucked up behind the navitor screen, just to the right of the speaker.

For power, I routed two 6 mm2 wires directly from the battery (with a 30A fuse close to the battery) and routed them through the left trunk panel and inside the side panels below the doors to the front. The antenna cable went the same way and I didn’t want to drill a hole in the car so I used a trunk lid mount even though the performance for those are often not as good.

Useful videos

These are some useful tutorial videos as you need to uninstall and reinstall the stereo in order to install the Anytone AT-D578UV below it.

Car stereo removal

How to remove trunk interior, left side, for cable rerouting. Use parts of this video. You don’t have remove all interior as the video shows.
Car stereo removal, parts of this video is very useful
Anytone Talker Alias

How to enable Talker Alias on Anytone AT-D878UV / AT-D578UV

With the number of assigned DMR ID:s on radioid.net going over 200.000 we are over the limit of the capacity for the Contact List on the older Anytone models. Anytone:s under estimation in design is not the first in history. Remember Bill Gates saying that no-one, ever, is going to need more than 640 kB RAM?

So we need to select which regions of DMR ID:s to incluide in our contact lists in our Anytone radios.

In addition to that it is a good idea to enable Talker Alias to sort of increase the chance of just not seeing a DMR ID in the display. Not all repeaters supports it though.

  1. Make sure your own Radio ID Name is set in the form “CALLSIGN Name” (your callsign and first name separated with a space). Set your radio on a DMR channel, then MENU -> Settings -> Chan Set -> Radio ID -> select your ID -> Option -> Edit Name -> Confirm
  2. MENU -> Talk Group -> Talker Alias -> Alias Tx Set -> On
  3. MENU -> Talk Group -> Talker Alias -> Alias Rx Dis -> Contact First

Joomla! T3 Framework based template, module class suffix not working

The problem was that module class suffix was not working and the first solution was to make a tpl file override, placed in local/tpls/blocks and change style=”raw” to style=”xhtml” for the module in question. This solution had been working for years, but suddenly the client reported that their site was “looking weird” again.

It turned out the module class suffix had stopped working again.

The solution this time was quite simple. The site had been updated and the T3 system plugin was version 3.0.2. By updating it to 3.0.4 the problem was solved.