I’m using OpenVPN on my Synology DiskStation with certificates instead of Preshared Keys. A few days ago I’ve wanted to login to my VPN and it wasn’t working. After checking the log file I’ve seen that there were some issues with the used configuration file for OpenVPN.
Tue Nov 20 23:04:27 2018 Cipher algorithm 'TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CB' not found
Tue Nov 20 23:04:27 2018 Exiting due to fatal error
How can this be? The configuration worked for months without problems? I’ve started to remember that I’ve started to increase the security of my OpenVPN configuration using a few parameters. The Cipher algorithm is one of them. This page describes some of the changes I’ve made (unfortunately only in German).
I’ve added the tls-cipher and tls-auth options as last parameter lines to my configuration file. The synology web UI tried to parse those parameters as cipher and auth parameter when it shows those values as part of the DSM UI.
I’ve reorderded the tls-auth and tls-cipher parameter to be above the auth and cipher parameters and the DSM UI is now able to show those values correct. This will enable you to restart the OpenVPN service from the WebUI without the need to login via SSH.
How do you get supported values for auth, cipher and tls-cipher you might wonder? Just execute
to get the supported tls-cipher you might line up with a : separated.
shows you the allowed values for auth and
will show the allowed values for cipher. However, cipher and auth can also be preselected from the DSM UI.
Don’t forget to use the same values in your OpenVPN configuration on your VPN client as well, otherwise the connection won’t work.
Inspired by a friend I’ve decided to install InfluxDB and Grafana on my Raspberry Pi 3. InfluxDB is a database optimized for storing time related data like measurements of my recently installed particle sensor. Grafana is used to create beautiful graphs to display the stored data.
The InfluxDB installation can be done in a few simple steps:
This will install the InfluxDB without a user and any rights. You can read up further on that topic. Ideally you should setup an user for authentication but since some IoT devices do not support this I’m not going to explain it here.
The Grafana installation is similar simple:
Please make sure that you’ll get the most current version from github and replace it in the wget command:
If you use the AVM FritzBox you’ll now about this dreaded DNS suffix „fritz.box“ which every device will get in your network, if you decide to use the DNS server of the FritzBox. I wanted to have something different which doesn’t collide with domains on the internet, e.g. „stuff.local“. As I already use pihole as adblocker on DNS level I needed a solution to configure it in pihole. The following info is based on the pihole forum.
Create a file called lan.list in /etc/pihole and fill it with content in the following format:
<ip-address> <hostname>.stuff.local <hostname>
Create a second dnsmasq config file which references the file we’ve just created:
echo "addn-hosts=/etc/pihole/lan.list" | sudo tee /etc/dnsmasq.d/02-lan.conf
Restart the dns services in pihole:
sudo pihole restartdns
You should now be able to lookup your stuff.local hostnames on your pi with e.g.
I’ve tried to setup NFS on my old Raspberry Pi 1 with Raspbian Stretch. I assumed that I just need to add an entry to the /etc/fstab file and the NFS volume on my Synology NAS would be mounted automatically.
and thought I would be done. I’ve created the /mnt/databases folder with
and tried to mount everything with
and my volume showed up as mounted. After reboot the volume wasn’t mounted anymore and the service couldn’t find its data. So what shall we do? After some research I’ve found these options, which fixed the problem:
The NFS volume now shows up even after a reboot. I’ve also tried to change the configuration of Raspbian so that it waits for the network before any services start but that didn’t fix the problem. Interestingly the entry with only defaults seems to be working on a Raspberry Pi 3 B.
So Apple release the final version of macOS Mojave aka. 10.14. Before you start your update, you should check, if your important tools are 64bit compatible.
This version of macOS will annoy you with warnings about your apps being 32bit each time you start them. While you will still be able to execute 32bit apps in Mojave, I used the opportunity to get rid of a few 32bit apps.
How do you check, which apps are still 32bit? You can verify this from the system information app. Click on your Apple symbol in the menu line and select „About this Mac“. Click on „System Report“. Check now Software/Applications. You can filter the list by „64-bit (Intel)“. Each app marked with „No“ should produce the popup.
In my case I had these apps replaced by either updates or different tools: