Debian 12: KVM Guest using Bridged Network

I’ve been playing with KVM on Debian 12 as a candidate for moving away from VMware as a hypervisor on my home server. I’ve been testing by using Debian 12 as VM in ESXI set with hardware CPU/MMU enabled, and virtualisaion passthrough enabled.

I’d like the KVM guests to access the network in bridge mode of the host for direct access to the network. However I faced the following issue:

  • KVM host can ping gateway and internet.
  • KVM host can ping the guest.
  • Guest can ping the host.
  • Guest cannot ping gateway or anything outside of the host.
  • Guest is showing in router ARP table, with its IP address and own MAC

This one got me for more time than I wish to admit, and seems to have caught others out along the way, this is how I finally solved it…

Continue reading “Debian 12: KVM Guest using Bridged Network”

Draytek 2762 WAN2 Throughput

In a recent post the WAN2 throughput of a Draytek 2763/2765 was tested to see if it could live up to the quoted speeds on the spec sheet.

Now attention turns to its predecessor, the Draytek 2762. For many the 2762 may still be in use as a dependable unit and offers more or less the same feature set of the newer units. But, does it have enough grunt to support the higher speed profiles that full fibre internet offers, and will its hardware acceleration help boost its potential?

Continue reading “Draytek 2762 WAN2 Throughput”

Draytek 2763/2765 WAN2 Throughput

With more premises becoming Gigabit enabled, many opt for a 3rd party router over whats supplied from the provider to open up advanced routing and capability. So when maximum speeds aren’t what they’d expect it becomes it’s a choice of hardware or provider to point the blame at.

Draytek’ s current portfolio offers 950Mps NAT throughput on Ethernet WAN ports, let’s see if that is theoretical or expected.

Continue reading “Draytek 2763/2765 WAN2 Throughput”

Asterisk Monitoring Over SNMP

The aim of deploying Zabbix and adding SNMP to Gentoo was to gain better insight on how an Asterisk PBX was performing.

Last of the hurdles was to get data from Asterisk in order to send to Zabbix, however the traditional way of loading the res_snmp.so module in Asterisk was not available, as while the PBX in question utilises Asterisk, its buried under proprietary licensing and a non-standard api, therefore being unable to either add the SNMP module or to query it.

If you are experiencing a similar situation, here is how to extract some stats from Asterisk 16 using SNMP, but without the SNMP module…

Continue reading “Asterisk Monitoring Over SNMP”

Install MediaMTX on Raspbian Bookworm

For a number of years, I’ve been using MotionEyeOS on my CCTV cameras, exclusively for the “Fast Network Camera” mode that enables RTSP for low bandwidth ingress to the MotionEye (running on CentOS) while maintaining good image quality.

Finding more uses for these Pi’s necessitates moving to Raspbian with MotionEye as the OS version is very bare bones by. Moving from the OS also means losing the Fast Network Camera and streams on the network jump from 2 Mbps to 25 Mbps.

Over multiple camera’s this really adds up, so I need a way replicate the low bandwidth, high quality streams with the versatility of Raspbian. The solution found is to install MediaMTX (formally rtsp-simple-server) …

Continue reading “Install MediaMTX on Raspbian Bookworm”

Manually install net-snmpd on Gentoo

Recently we’ve moved from an aged Opsview instance to Zabbix for our system health monitoring, which in turn facilitated moving data collector agents from Nagios to snmp.

Many of our PBX’s were deployed from the vendors ISO and so run atop of Gentoo, and it has a couple of issues:

  1. We’ve been told not to “emerge” anything by the vendor, as the base OS on the image is not maintained.
  2. Portage (Gentoo’s package manager) has fallen out of date, meaning even if emerge is attempted, it’ll fail as all repository links are broke.

If faced with the same issue, this is how to install net-snmpd from source, add it a startup service and be able to monitor via snmp…

Continue reading “Manually install net-snmpd on Gentoo”

POE Cooling A POE Switch

For years I’ve been searching for a passively cooled 16-24 port L2 managed POE switch to replace a Cisco SG110-16HP unmanaged POE switch. Seemingly impossible, the need to play with VLANs made me give up on this search and ended up buying a Netgear GS324TP.

The main compromise in choosing this was that it offered “near silent” operation by only spinning the fans when needed, compared to other switches where fans are on permanently.

Trouble is, when the fans do spin on the GS324TP they are audibly intrusive, whether brand new or a few months in they sound like the bearings are failing with a knock that matches the RPM, deploying four of these units previously with the same harmonics suggest it’s not a one off.

This isn’t good news when I intend to work a few feet from the switch, but from testing before the latest deployment, there’s a couple of ways to keep the GS324TP near silent…

Continue reading “POE Cooling A POE Switch”

iDRAC 6: Remote Console

A few months ago a freshly retired Dell Poweredge T310 came back to the office, I plugged it into the network and left it off in the unlikely event it data was needed off it. It’s now I’m remote to the office, and need it’s data.

No problem I thought, use the iDrac to log into the ESXi console and set a new IP as it is statically assigned to a different subnet to the office…

Trouble is, the iDrac is so out of date I can’t get to its web interface on any browser available to my Windows 10 machine.

This is how to get access to an outdated iDrac 6 web interface and remote console…

Continue reading “iDRAC 6: Remote Console”

Yealink OpenVPN to Draytek Router

The firewalls in front of our PBX’s are configured to only allow SIP traffic from UK IP addresses, this reduces the attack surface and is usually not an issue as almost all legitimate traffic is from the UK.

As we expand there is greater need for international connections, this is fine if they have a static WAN IP or FQDN, but the more recent requirements are for “home” users with phones on their residential connections where dynamic IPs are the standard.

Changing the whitelisted IP every time their IP changes is not only tedious, but gives poor service, plus due to recent events (here and here) I’m not prepared to open access to another country for a single extension.

In my case, these internationals are satellites of a UK based office, so the idea is having the overseas phone route all voice traffic through the UK office where its free to connect to the PBX…

Continue reading “Yealink OpenVPN to Draytek Router”

WiFi: Draytek 2927ac WiFi vs Unifi NanoHD

A Draytek, be it a 2765, 2865, or 2927 based on WAN connectivity and LAN complexity is my go to device for a router. More than likely these are the ‘ac’ variants as WiFi provision is expected rather than featured.

In newer Draytek models the perceived performance of wireless as been lacking based on earlier models such as the rock solid 2860n/plus with reduced range and throughput speeds, in particular poor VoIP performance for my industry.

This could be down to the passage of time and how WiFI has become even more ubiquitous, in demand and ultimately a more congested radio band. Regardless an alternative solution needs to be explored.

Previous dabbling with deployment of Unifi access points have yielded trouble fee results, so this would be a quick win. Trouble is, the default AC-Pro and AC-LR are in serious supply shortages at present. Wifi 6 variants have better stock availability but also have a higher purchase cost.

The only Unifi AC product that is plentiful is the NanoHD, so in desperation lets see if it is a justifiable upgrade to the Draytek offering…

Continue reading “WiFi: Draytek 2927ac WiFi vs Unifi NanoHD”