Query status information from Huawei’s HiLink 3G/LTE modems

While Huawei provides status information for its HiLink modems via a web page, this is hardly useful when using the modem on a headless Linux server. I just published a small Python-based command-line tool on Github which displays some useful information about the modem’s status. root@wopr~#: python ./hstatus.py Huawei E3372 LTE Modem (IMEI: 121032526613216) Hardware […]

How to receive Cymru’s IPv6 Bogon list using Quagga

The provided BGP sample configuration for Quagga on Cymru’s web site didn’t work for me. Since my AS is IPv6-only, I’m only interested in the IPv6 Bogon feed. Here’s an excerpt from my Quagga bgpd.conf: router bgp aut-num bgp router-id id bgp log-neighbor-changes no bgp default ipv4-unicast neighbor cymru-bogon peer-group neighbor cymru-bogon remote-as 65332 neighbor […]

Setting up a Huawei E3276-150 4G/LTE USB modem on Ubuntu Server/Desktop

I just received an unlocked Huawei E3276s-150 4G/LTE USB modem/surfstick I bought on eBay the other day. I went for the E3276s-150 because the 150 seemed to be the most compatible option for European 4G mobile networks. There are even cheaper Huawei E3276 models like the E3276-920 which you can buy for less than 20 bucks. However, […]

Dockerflix: Docker-based SNI proxy for watching U.S. Netflix, Hulu, MTV, Vevo, Crackle, ABC, NBC, PBS…

Recently, I published a new project on Github called Dockerflix. Instead of HAProxy, Dockerflix uses sniproxy. To make the installation a breeze, I boxed the proxy into a Docker container and wrote a small, Python-based Dnsmasq configuration generator. And voilà: DNS-unblocking as a service (DAAS) ;-) Thanks to sniproxy’s ability to proxy requests based on a […]

Free multi-domain SSL certificates from WoSign and HAProxy OCSP stapling

Since everyone now can get free 2-year multi-domain certificates from WoSign, I grabbed one for one of my web sites. However, WoSign’s OCSP server is located in China which may, depending on your and your server’s location, increase latency once the web browser is verifying the certificate’s revocation status. In my case from Europe: PING […]

How to install CoreOS on an OVH Kimsufi low-end dedicated server

Wouldn’t it be cool to build a bare-metal high availability cluster using CoreOS and a handful of DDoS-protected, €5/month Kimsufi servers from OVH? Here’s how to install CoreOS on a Kimsufi server. At the time of this writing, OVH is not providing a CoreOS installation template for the Kimsufi servers. Since there is no virtual KVM console available for […]

strongSwan 5 based IPSec VPN, Ubuntu 14.04 LTS and PSK/XAUTH

I prefer strongSwan over Openswan because it’s still in active development, easier to setup and doesn’t require a L2TP daemon. I prefer a simple IKEv1 setup using PSK and XAUTH over certificates. If you plan to share your VPN server with your friends it’s also a lot easier to setup for them without certificates. I […]

LXC 1.0 Web Panel for Ubuntu 14.04

LXC is awesome! You can create and start your own virtual container with just 3 commands in Ubuntu 14.04. apt-get install lxc debootstrap lxc-templates lxc-create -t ubuntu -n demo lxc-start -n demo -d It doesn’t get any easier than this. There’s even a Boostrap-based fronted available: LXC Web Panel. Unfortunately, LXC Web Panel doesn’t work […]

DNS unblocking setup tester

This may help setting up your own DNS unblocking solution: https://trick77.com/dns-unblocking-setup-tester/ Once everything has been set up properly, all ticks should be green like in this screenshot: I just pushed another update to GitHub, please make sure to use a configuration generated with the latest generator version or the tester will fail. My main motivation […]

Tomcat freezes while starting in Ubuntu 14.04 LTS

After upgrading one of my KVMs to Ubuntu Server 14.04 LTS, Tomcat 7 started to freeze while starting up with: INFO: Deploying configuration descriptor /etc/tomcat7/Catalina/localhost/ROOT.xml Only after several minutes, Tomcat generates the following message and starts accepting requests: INFO: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [295,490] milliseconds. INFO: Server startup […]

Supermicro NTP DDoS Vulnerability

I received a notification that one of my dedicated servers was taking part in a NTP based DDoS reflection attack. At first I was like “No way!” since I don’t use NTP on any servers. Closer inspection of the source IP address revealed that the attack was coming from my Supermicro server’s built in IPMI […]

DNS-unblocking configuration for CBS’s iOS app

I love watching the Late Late Show with Craig Ferguson. Here’s what’s needed to watch CBS content on iPad outside the U.S. using my DNS-unblocking config generator. { “name”: “cbs-akamai-ipad”, “dest_addr”: “ipad-streaming.cbs.com”, “modes”: [ { “port”: 80, “mode”: “http” }, { “port”: 443, “mode”: “https” } ], “catchall”: true, “enabled”: true } Add this to […]

Fulltext search for Tiny Tiny RSS (TTRSS) with Sphinx and MySQL in Debian/Ubuntu

I haven’t found a working tutorial on setting up Sphinx fulltext search for the awesome Tiny Tiny RSS Reader (TTRSS) and MySQL in Debian/Ubuntu. So, without further ado, here it is: apt-get install sphinxsearch Create /etc/sphinxsearch/sphinx.conf: Create the indices using indexer –all Set START=yes in /etc/default/sphinxsearch and start Sphinx using service sphinxsearch start The last […]