Martin – WirelessMoves

Macvtap is even Cooler than I Thought

Two years ago, I migrated a lot of my services running on virtual machines in the cloud to VMs on a bare metal server, which was also running in the cloud. The main reason: A significant cost reduction while at the same time having significantly more dedicated processing power and storage available. While I put most of those VMs behind a NAT and a single IP address, I had a BBB video conferencing server running in a VM that required it’s own IP address. Fortunately, my hoster could assign more than one IP address to a bare metal server. In the meantime, I have 3 VMs on that bare metal server that use their own public IP address.

For those VMs, I don’t use a NAT interface, but a macvtap interface. At the time, I thought that macvtap just maps a public IP address to a VM and that’s it. For the details have a look at my blog entry that describes the setup. However, it turned out that macvtap can do a bit more, which is particularly useful when a bare metal server hosts several VMs with their own public IP addresses. Read on for the details.

UPS Battery Replacement for My Cloud

The electricity system in Germany is quite reliable but I always like a plan B. Thus, I run my cloud infrastructure behind a battery backup. As my two small NUC servers, a Fritzbox VDSL / Wi-Fi hub, a Raspberry Pi, an external hard drive and a cellular modem for backup connectivity have a relatively low power consumption of around 40 Watts, I can live with a relatively small uninterruptible power supply. 10 years ago I bought an ‘APC Back UPS ES 700‘ and could get around an hour’s worth of autonomy out of it for my setup. But batteries do not last forever, and 5 years have passed again since I last replaced the battery. When recently running a battery test, it reached 11.5 volts after only about 20 minutes. 11.5 volts is the voltage after which the battery starts to suffer when further discharged. That leaves 20% of the capacity unused, but I think it’s a good point to stop. As 20 minutes is a bit short, and the battery was definitely not getting any better, it was time to exchange it.

Analyzing Packet Loss in Starlink

As I’ve already noticed last year, there is quite a bit of packet loss over Starlink connections that has a significant impact on TCP performance. Also, I was wondering if and how much packet loss occurs in cellular networks during a handover. Recently, I picked up this topic again and was looking for a way to detect, measure and analyze packet loss. One idea I came up with was to run a continuous iperf3 UDP stream at a relatively slow 1 Mbps and see what would happen. While iperf is running, it shows when and how many packets were lost, but I wanted to dig a bit deeper. So I used Wireshark / tcpdump to record the data transfers and then wrote a Python script to analyze the iperf packet counters to get more details. Here’s a link to the source code.

Fritzbox Brain Transplant

I like redundancy, so I have ‘cold standby’ devices for critical hardware. My Fritzbox 7590 DSL router is one such piece of equipment (yes, still no Fiber in Cologne…) and I recently put it to good use: Incredible, but true, I’ve been using my current Fritzbox 7590 since 2018, i.e. for 6 years! Despite its age, it’s still an incredibly cool device and gets frequent software updates. However, the box seems to be aging, as it recently started to emit a low volume but high pitched coil whine. So while it was still working, the sound was getting a bit on my nerves. So I decided to swap the active 7590 with my spare device and was hoping that the promised ‘easy’ configuration backup / restore would save me a lot of manual work.

Ikea Wi-Fi – Some Thoughts

Everybody loves going to Ikea on a Saturday. Right? Well, I guess the answer depends on whom you ask. Strangely enough, I can’t deny a certain affection for their stores, and when I was recently in one of them in Germany on a Saturday afternoon, I took the opportunity to have a look at their Wi-Fi. I normally, wouldn’t, but their buildings are mostly made of concrete, heat-insulated windows and a nice blue metal cap on top, so outside network coverage doesn’t go very far. So once you are inside and not close to a window, the store’s Wi-Fi is the only thing that connects you to the outside world to tell your friends about the joy of being there. Ok, so let’s be done with the slight sarcasm and have a look at how things work.

Starlink: Reactivation after 9 Months

After my Starlink excursions last year, I put my subscription on hold for a while, because I didn’t need the system over the winter. But summer is coming again and it was time to have a look if it is as easy as promised to wake up the system again. Interestingly enough, prices have changed, some for the better, some for the worse.

OnlyOffice, Nextcloud and Mobile Devices

Exactly one year ago, I gave OnlyOffice in combination with Nextcloud a try. The pressure to have an Online Office Suite for the household kept rising and Collabora Online Office just didn’t cut it for me. I immediately liked OnlyOffice, as it was just as quick in the browser as a locally installed Libreoffice and compatibility with that other office suite used by the majority is great. However, while the software is open source, it has one limitation: Document access on mobile devices such as tablets and smartphones is read-only. For full read/write capabilities on mobile devices, a subscription is required. At $149 for a year for 10 users, it is not the cheapest kid on the block, but it’s still open source and my files remain private on my own Nextcloud instance. I would have gone to the paid version sooner, as I like to support open source software development, but I wasn’t quite sure what it would take to change the server side. The OnlyOffice documentation is a bit opaque about this. So when I had a bit of time on my hands, I decided to find out. Turned out, it’s much easier than what I’d expected.

Reverse Proxy Password Protection

A few months ago, I had a blog post about how bad actors are using Certificate registration requests to immediately go to your new web site and try to hack it before it is fully up and properly protected. One of the fixes I suggested at the time was to protect the new site with Basic Web Authentication, i.e. a username and a password, before bringing it up for the first time. Recently, I revisited the topic because I wanted to password protect an Etherpad-lite instance to limit its use to authorized users. Etherpad-lite makes it really hard to have usernames and passwords, and I have to say, I gave up on finding out how it works. So let’s kill two birds with one stone and figure out how to use Basic Web Authentication directly on the Nginx reverse proxy I use on my cloud installation. It turned out it’s super simple to do:

What Happens in Vegas, Stays in Vegas – Fun with an Overlay Filesystem

Every now and then I would like to use the data on a backup drive with a program that modifies the data. Obviously I would not want the backup to be modified. The standard approach would be to copy the data from the backup drive to a temporary location, use the data, and, once done, delete it again. This works well for small amounts of data, but copying the files will take ages for a double digit gigabyte dataset. The solution: An Overlay File System!

Restoring a Clonezilla Backup in Virtualbox – Mind the EFI

In a previous post, I’ve described how to boot from a real, i.e. physical NVMe drive in a Virtualbox VM rather than using a virtual disk image. Once I figured out how to do this, I started to wonder what other useful crossings between physical and virtual machines would be possible. So here’s another one:

Every few months, I use Clonezilla to take a backup of the EFI- and system partitions of important PCs in my household, so I could restore a system quickly should something happen. So I wondered: Is it possible to restore a Clonezilla backup of a physical Linux installation inside a Virtualbox Guest VM on a virtual disk? The application: Test Ubuntu LTS system upgrades (e.g. from Ubuntu 20.04 to 22.04 to 24.04) on a system that is fully customized and in use, but in a virtual machine instead of on a real notebook?