Devolo Magic 2 wifi
Stefan Helander

Stable powerline connection on Devolo Magic 2 wifi mesh

/0 Comments/in /by

Devolo Magic 2 wifi is a series of products made to create a mesh wifi network in your home with multiple wifi accesspoints connected to the router over the powerline network. It can sometimes be difficult to obtain a reliable, stable connection of the powerline as noise in the powerline can interfere.

This is how I make it as stable as possible.

  • Do not connect the powerline adapter via an extension cord. It should be connected directly to the outlet.
  • Try to find outlets as close to the fuse box as possible. Especially for the unit connected to the router, because this unit will need to communicate well with all other units on the network.
  • If possible, connect the units to outlets that belongs to the same phase. Even though connection over different phases should be possible, it gives lower throughput and more unreliable connection.
  • If possible, use grounded outlets only. This will make it possible for the device to use MIMO technology instead of instead of SISO. MIMO gives higher throughput and is more reliable. Screenshots: SISO mode (left) compared to MIMO mode (right).
    SISO mode MIMO mode
  • In the powerline configuration, deselecting Automatic compatibility mode (recommended) * and choosing VDSL 17a (default) seems to be most reliable for me. (In automatic mode the unit sometimes gets very poor connection and needs to be rebooted in my case.)
  • The kit came with one router unit and two client units. After a while I was moving things around and for a while I was only going to need coverage where one of the client units where located so I disconnected the other. Now, the wifi connection became very unstable for the clients, even though they were very close to the remaining unit. I just reconnected the disconnected Devolo unit and voila – the wifi connection became much more stable. Is it built into the design that there should be at least two Devolo units up and running?

Powerline ethernet and RFI

As an active radio amatuer (aka “ham”), I am very keen on using equipment that are not causing radio interference (RFI). The Devolo units seems to stay well out of amatuer radio shortwave bands, but on citizens band (CB, or 27 MHz), that is not the case. Heavy RFI can be heard on the 27 MHz band.

Powerline ethernet / home plug and amateur radio

The above statement concerns listingening on the shortwave. If you are a ham or radio amateur transmitting on the shortwave bands you probably should just forget powerline ethernet / home plug systems. My Devolo just died with a 100% packet loss when I was transmitting on 20, 40 or 80 meter bands. In my case, I had to get rid of the powerline ethernet system and installed a ethernet twisted pair network using shielded twisted pair cables (SFTP) grounding all ends of the cables. Well worth the trouble and the noise levels actually decreased overall when doing this.

Stefan Helander

Is multiple CAA DNS-records allowed? Yes!

/0 Comments/in /by

A client was about to renew one of their SSL certificates and the provider requested them to add a CAA DNS-record for the provider. The client already had one CAA DNS-record for another provider in their domain, becuase they where using different providers of SSL certificates for different purposes in their organization.

The CAA DNS-record for the provider in question was added but the provider said they couldn’t issue the certificate as long as there was another CAA DNS-record present. The provider claimed there can only be one CAA DNS-record present in the domain.

The provider might be correct in the sense of that the provider’s system can’t handle multiple CAA records but multiple CAA records is not a violation of the RFC! It is just the provider who can’t handle it and makes it the customers problem.

This might be a simple way of obstructing the client in using the provider’s competitors but the provider is not correct in their statement. According to RFC8659 there are no limitations in the number of CAA DNS-records in one domain. The provider should just look for their CAA DNS-record in the client domain DNS-records and ignore competitors records.

Erik Svensson

ERROR 1067 (42000) at line xxx: Invalid default value for ‘field’

/0 Comments/in , /by

This is beacuse mysql server 5.7 have changed the the date time default field 0000-00-00 00:00:00 options. You can only have one field with the value 0000-00-00 00:00:00. Where fore you have to change the default indata mask to.

datetime NOT NULL DEFAULT ‘1000-01-01 00:00:00’
or
timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP

exampel
ALTER TABLE testdate CHANGE datestart datestart DATETIME NOT NULL DEFAULT ‘1000-01-01 00:00:00’;

Stefan Helander

Joomla! module assignment list is broken

/0 Comments/in /by

If the module selection list in the module assignment is broken, i.e. the tool for select / deselect of sub menu items is missing and the layout is generally garbled, the cause can be a menu item in the menu above that is listed as a child item but has no parent.

Go the the menu items for the last menu that is working. A menu item which has a missing parent has one or more leading vertical bars before the menu item name (instead of the leading dash which is the normal indication of a child item).

Just open the menu item and save it.

Stefan Helander

FreePBX multiple time conditions

/0 Comments/in /by

The easiest way to get multiple time conditions in FreePBX is to daisy chain them. A common scenario is to have a standard time condition for normal opening hours and in addition to that, time conditions for holidays occuring on normal weekdays, like christmas and new year for example.

  • Create one time group for normal opening hours, for example monday to friday 08.00-17.00.
  • Create one time condition for the normal opening hours, using the above time group. If time matches, connect the destination to the open IVR or queue. If time doesn’t match, connect it to a closed IVR or a voice message saying you’re closed. This is going to be the last time condition in the chain.
  • Create time groups for each of the holidays. If time matches, connect the destination to a voice message saying you’re closed. If time condition doesn’t match connect it to the next time condition. Remember, the last time condition in the chain should be the one for normal opening hours.
  • Connect the inbound route to the first time condition in your chain.

Inbound route -> Time condition for holiday 1 -> Time condition for holiday 2 -> Time condition for normal opening hours

Erik Svensson

How to change mysql table engine MyISAM to InnoDB

/0 Comments/in /by

login to mysql shell as root.
locate the database where the tables are situated.
SET @DATABASE_NAME = ‘name_of_your_db’; // name_of_your_db = the database you want to change table engine.
SELECT CONCAT(‘ALTER TABLE ', table_name, ' ENGINE=InnoDB;’) AS sql_statements FROM information_schema.tables AS tb WHERE table_schema = @DATABASE_NAME AND ENGINE = ‘MyISAM’ AND TABLE_TYPE = ‘BASE TABLE’ ORDER BY table_name DESC;
The result will end up in a list of the tables that needs to be changed. Copy the list and do the following.
Shift to the database involved:

USE name_of_your_db
START TRANSACTION;
insert the copied list
COMMIT;
You have now changed the engine of the tables.

Erik Svensson

[ERROR] Fatal error: Can’t open and lock privilege tables: Table ‘mysql.user’ doesn’t exist

/0 Comments/in /by

This error ocurs then the database mysql is missing or corrupt.
Stop the mysql server “service mysql-server stop”
Make a backup of /var/db/mysql “mv /var/db/mysql /var/db/mysql.old”.
To rebuild the database execute “/usr/local/libexec/mysqld –initialize”
You will get a temporary password. Remember the password for later use.
Start the mysql server “service mysql-server start”
To start upp the new configuration “mysql_secure_installation”. Use the Password to start the configuration and step thru the wizzard.
Restore the mysql backup and the server is good as new.

Stefan Helander

“There has been a critical error on your website. Learn more about debugging in WordPress.” after updating to WordPress 5.7 (All in one WP security and firewall) [Solved]

/0 Comments/in /by

Investigating the error log reveals that the problem has to do with All in one WP security and firewall plugin:

Got error 'PHP message: PHP Fatal error:  Cannot redeclare retrieve_password() (previously declared in /www/wp-includes/user.php:2671) in /www/wp-content/plugins/all-in-one-wp-security-and-firewall/other-includes/wp-security-rename-login-feature.php on line 358'

The problem has been solved in All in one WP security and firewall plugin version 4.4.8, so it means your WordPress site was updated to 5.7 prior to updating the plugins.

To solve it, you need to update All in one WP security and firewall but not being able to login to your site you will need to solve this using FTP.

Using FTP, rename the folder wp-content/plugins/all-in-one-wp-security-and-firewall to something else. Now you can log into your site and reinstall All in one WP security and firewall. Make sure you get at least version 4.4.8.

Stefan Helander

ISPConfig3 localized ‘Welcome to your new email account’ mail not working [SOLUTION]

/0 Comments/in /by

I made a copy of the file welcome_email_en.txt from /usr/local/ispconfig/server/conf/mail to /usr/local/ispconfig/server/conf-custom/mail and named it welcome_email_se.txt and translated the content of the file, as I wanted my clients to be greeted to their new email account in Swedish. However, the client was still receiving the welcome email in English.

It turned out that the configuration file for ISPConfig has a parameter for language which controls what email templates to use. I thought it would use the country settings from the Client but it doesn’t.

In /usr/local/ispconfig/server/lib check if the file config.inc.local.php exists. If it doesn’t, create one (here is a template for it).

Add the line:

$conf['language'] = 'se';

By using config.inc.local.php and not directly editing config.inc.php you are making sure it doesn’t get overwritten in the next ISPConfig3 update.

In a multiserver setup (master/slaves) this must be done on all the slaves as the ‘Welcome to your new email account’-email is being generated on the server where the new mailbox is located.

Stefan Helander

Automatic restart of IPSec VPN on Teltonika RUT-950 / RUT-240

/0 Comments/in /by

On one location where I am using a Teltonika RUT-950 / RUT-240 router, the IPSec VPN can only be connected in one direction which is outbound. Normally both ends can initiate the connection. The reason for this is that the router is connecting using 3G/4G and the provider only allows outbound traffic (i.e. “surf the Internet”). I need to buy an extra service for “fixed IP-address” in order to get their firewall removed from my service.

My IPSec VPN setup is based on hostname updated through dynamic DNS. If the router reboots, it will get a new IP-address and sometimes the router tries to connect the VPN before the dynamic DNS has been updated, causing the VPN connection to fail. The router gives up and does not try anymore to connect the VPN. A manual workaround is to remote control a computer on the LAN side of the router, login to the router, disable the VPN profile, save, enable it and save again. Now the VPN connects.

The Teltonika products are wonderful in many ways but I lack a way of restarting IPSec VPN via SMS. It is only possible to restart OpenVPN connections using SMS.

To avoid manual actions to get the VPN up in a case like this I have created a small script. It checks if an IP-address on the other side of the tunnel is ping:able, if not it restarts IPSec VPN and it normally resolves the problem.

  • Log in to the Teltonika RUT-950 / RUT-240 using CLI or SSH.
  • Create a script in /root/chk_vpn.sh with the following content, or you can dowload it with wget from CLI or SSH:
    wget http://heltech.se/filer/chk_vpn.sh

#!/bin/ash
# chmod +x chk_vpn.sh
# crontab -e -> */6 * * * * /root/chk_vpn.sh
HOST=10.0.0.1
LANIP=/sbin/ifconfig br-lan | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'
# Email settings
ROUTERNAME="MY ROUTER NAME"
EMAIL_SUBJECT="$ROUTERNAME: VPN restart"
EMAIL_BODY="$ROUTERNAME $LANIP: Ping $HOST failed, trying to restart VPN (date)"
EMAIL_FROM="senders.email@gmail.com"
EMAIL_TO="recipients.email@gmail.lt"
EMAIL_USER="senders.email@gmail.com"
EMAIL_PASS="MYEMAILACCOUNTPASSWORD"
EMAIL_SERVER="smtp.gmail.com"
EMAIL_PORT="587"
#
if ping -I $LANIP -c5 $HOST > /dev/null; then
  logger "chk_vpn.sh: $HOST responded; VPN is up!"
else
  logger "chk_vpn.sh: $HOST did not respond; trying to restart VPN"
echo -e "subject:$EMAIL_SUBJECT\nfrom:$EMAIL_FROM\n$EMAIL_BODY" | sendmail -v -H "exec openssl s_client -quiet -connect $EMAIL_SERVER:$EMAIL_PORT -tls1 -starttls smtp" -f $EMAIL_FROM -au"$EMAIL_USER" -ap"$EMAIL_PASS" $EMAIL_TO
  /usr/sbin/ipsec restart
fi

(The date in the code above should be in back aphostrophes but our WP editor removes it)

  • Edit the file chk_vpn.sh and replace the IP-adress on the HOST= line to an IP-address on the other side of the tunnel that you know should be up at all times and responds only when the IPSec VPN is up, for example the LAN interface of the other router.
    Change all lines regarding email to your email server’s settings and credentials.
  • chmod +x chk_vpn.sh
  • Check from the router’s CLI or SSH that you can ping the IP-address (if you mistakenly enter an IP-address that doesn’t respond to ping even thought IPSec VPN is up, your VPN will be disrupted 10 times per hour).
    You must use ping -I 192.168.0.1 10.0.0.1 where 192.168.0.1 should be replaced with your router’s LAN interface IP-address and 10.0.0.1 replaced with the ping:able IP-address on the other side of the tunnel.
  • Test the script by running it from CLI or SSH and verify that it can ping the host on the other side of the tunnel by entering the command: ./chk_vpn.sh and then go to System -> Administration -> Troubleshoot -> Show syslog and look for the chk_vpn.sh line (probably last row)
  • Edit the crontab by entering the command crontab -e and add the following line:

*/6 * * * * /root/chk_vpn.sh

  • Exit vi (ESC then :wq and enter)

This will check the VPN connection 10 times per hour and if necessary restart it.

Edit: 5 october 2022: Added LANIP as source