Welcome to the nerdy land of Key
The simple one line command below will enable the EPEL repository on CentOS 7
rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm
Once ran you will see confirmation that it has been installed successfully, that’s it!
A previous project of mine used several live video streams served by an Icecast server at different mount points which works great, but I found there was no real solution to simply display how many viewers were actually watching the live streams.
I put together a basic PHP code that reads the Icecast XML stats file and retrieves the current overall viewers (or listeners as its officially known) of all available mount points.
// get the stats xml file //
$output = file_get_contents('http://admin:[email protected]:8000/admin/stats');
// explode to make the magic happen //
$listeners = explode('',$output);
$listeners = explode('',$listeners[1]);
// output to the world //
echo "Currently $listeners[0] people are watching the live stream!";
Once you have amended the admin password, server name and port the code above will then connect to your server and read the /admin/stats XML file. From here it will literally pick out the content shown between the <listeners></listeners> tags and that then becomes the $listeners[0] variable, simply place this wherever you want to display the amount of current viewers.
Virtualmin is constantly being developed and gaining ever useful features, and for a while now has featured two-factor authentication which is great, although what happens if you get locked out of your system? As long as you have SSH or console access then you can follow the steps below to easily get back in.
... root:x::::::::0:0::: #root:x::::::::0:0:totp:ZZZZZZZZZZZZZZZZ: ...
Any good web host will secure the contents of website directories which don’t have an index page by not allowing the files or folders to be listed, instead you’ll get a 403 error page saying access is forbidden. Whilst this is good in practice, sometimes you might actually need to list the contents – and its simple to enable on an Apache web server – add one line to your .htaccess file and you’re done!
Options +Indexes
I used to be a customer of popular cloud backup service Livedrive. The upload and download speeds were nothing to shout about and one annoyance was having to pay extra to add a NAS drive to your account, but there is a workaround!
All you need to do is add a symbolic link to your NAS drive from your computer. Think of a symbolic link as a fancy shortcut, the only difference being it masks the destination instead of taking you straight there – you’ll see what I mean when you read on.
Imagine you have a Windows computer with your NAS drive with the root of the drive already mapped to Z:, you have a folder on your NAS called MyFiles and would be able to browse to Z:\MyFiles to see whatever is stored there. Next imagine we have a folder called C:\Backup which is already uploading to your Livedrive account, using the following command we will make C:\Backup\MyFiles lead to your NAS and in turn be included with your Livedrive backup.
mklink /d "C:\Backup\MyFiles" "Z:\MyFiles"
For me, this worked absolutely fine and I had a couple of TB uploaded without ever being caught out. I’ve since jumped ship to Amazon Drive, whilst it is more expensive per year I’ve got it running from multiple computers and the upload and download speed always tops out my connection, so I can’t complain!
The following commands can be used to install Webmin 1.610 on CentOS 5.8. Make sure you’re logged in as root and then follow the steps below.
Select a temporary directory to save the download to. We will only use the downloaded file once so it’s pointless keeping it.. free up space and put it in /tmp!
cd /tmp
Begin the download of Webmin using wget:
wget http://prdownloads.sourceforge.net/webadmin/webmin-1.610-1.noarch.rpm
Install Webmin by unpacking the archive:
rpm -Uvh webmin-1.610-1.noarch.rpm
Done! You can now login to your fresh installation of Webmin by heading to http://hostname-or-ipaddress:10000 using the root username and password.
I recently retired my Draytek 2830 following a serious security flaw I discovered (that’s another post, stay tuned!) and took the plunge with a rather impressive looking Ubiquiti EdgeRouter Lite.
The other option was a rack mountable TP-Link TL-ER6020 although the maximum NAT throughput was only 180Mbps and it only had 128MB DDR2 memory and no clear CPU specs, also the web interface looked tired and very restricted. Pound for pound the EdgeRouter was cheaper and has a better spec of anywhere up to and over 600Mbps, 512MB DDR2 memory and Dual‑Core 500 MHz, although it wasn’t rack mountable it was a no brainer with its modern web interface, also did I mention it can process 1 million packets per second?
The EdgeRouter also appeals to my inner nerd (you can no doubt tell) as you can program it via web interface, command line or console connection and you can remove features you don’t need to boost performance. For example, it may only have 3 gigabit ports, but you can do whatever you like with them! In my case I have it configured as 1 WAN port and the other 2 ports are linked to two seperate LAN’s. I will write a full review when I get chance, but for now just take my word that it is the best router I have ever owned.
Anyway, to business!
As before with the Draytek guide my home network is still double NAT’d but there isn’t a speed issue anymore. I do plan to eventually run everything via the EdgeRouter but first I need to install a few additional access points (I’m thinking a couple of airGateway-LR’s hidden in roof spaces will do, powered by PoE obviously!).
In the example below the home network subnet will be 192.168.100.x
and WAN address will be 1.2.3.4
The remote network is the same as before too – a pfSense machine sits at x.1 and deals with traffic to the local network.
In the example below the remote subnet will be 192.168.150.x and WAN address will be 5.6.7.8
The guide below lists only the parts you need to change, if the option isn’t listed then leave it as is. Anything to do with double NATing is in red, ignore this if your router is WAN facing.
Fairly straight forward, go to VPN > IPSec > Click Add P1
That’s your Phase 1 entry configured, now for Phase 2:
Go to VPN > IPSec > Click on Show Phase 2 Entries for Home
Finally, we need to create a firewall rule to allow traffic to pass over the VPN:
First of all make sure you are running the latest firmware otherwise options may be missing and this may not go smoothly! Currently (March 2017) I’m running EdgeRouter Lite v1.9.1.
Configuring the EdgeRouter is pretty straight forward, you don’t need to do anything via command line or console (unless you really want to, knock yourself out!) – Go to VPN > IPSec Site-to-Site
Once everything is saved, head over to the pfSense IPSec Status page and hit connect if it hasn’t already established and there you have it!
At this point you may be asking why did you uncheck the option to Automatically open firewall…, this is because I like to have greater control over what IP addresses are allowed access to my network.
To substitute this option I created a rule in the NAT section translating UDP port 4500 to the routers local IP address (192.168.100.1). In turn I set the Src Address Group of this rule to a list of predefined IP addresses, thus only allowing access to my networks and blocking the rest of the world.
Following Storm Doris back in February 2017, one of my cameras at the back of my house stopped working. Part of the roof had been blown off (only a plastic cover, thankfully nothing more serious) which exposed the cable and allowed things to get a little damp. On closer inspection the 3 far pins in the connector had corroded.
I’m presuming the corrosion had been going on some time and the storm was the icing on the cake. I tried a mixture of WD40 contact cleaner followed by a strong acid based electrical cleaner and the pins had cleaned up nicely but it still wasn’t working.
I was really trying to avoid was chopping the connector off completely as after all it is over £100 worth of camera, but it happened. For speed I opted for jelly crimps (scotch locks) as these are waterproof, the alternative was either a surface mounted punch-down box or RJ45 coupler both which would have corroded over time and eventually left me with a broken camera again.
After making sure everything was working I wrapped the jellys in a fair amount of electric tape followed by a healthy dose of vaseline.
It came as no suprise that the camera didn’t use standard 568B colours but here is the combination I used:
Key: 568B Standard Cable / TRENDnet Cable
I found the colours by refering to this guide here. I did manage to get the green and green white cables mixed up, however this hasn’t affected the camera in any way that I can tell. If it does ever cause a problem I will swap the cables around at the patch panel to avoid having to tamper any further!
Update – 05/07/2022
I’ve ditched most of my TRENDnet cameras now in favour of Hikvision, although corrosion is still a common problem it turns out. Luckily the wiring colours as the same and the above works fine for Hikvision cameras too.
For a while now I’ve used a cheap SunLuxy H.264 DVR as the heart of the CoopCam project and initially couldn’t get a direct link to the camera stream so had to screen captured the bog standard web interface using VLC and break the feed down into separate streams but recently after a fair bit of trial and error I discovered a much easier solution!
I had researched on and off for months, went through masses of trial and error with various software and ultimately found no solution but after being inspired again I headed to the DVR’s web interface to start from scratch. I stumbled across source code in a file called /js/view2.js that constructs an RTMP:// address to show live camera feeds through the web interfaces flash player – See snippet of code below:
dvr_viewer.ConnectRTMP(index, "rtmp://" + location.host, "ch" + index + "_" + (dvr_type=="main"?"0":"1") + ".264");
After removing the jargon the link came out as rtmp://dvraddress:port/ch#_#.264 with the first number being the channel you want to connect to (starting at 0) and the second being the stream (substream being 1 and main being 0)
I headed to VLC player, selected Open Network Stream and entered the following:
rtmp://192.168.0.100:81/ch0_0.264
Broken down you can see my DVR is on the local network as 192.168.0.100 at port 81 and that I wanted to view channel 1’s main stream, low and behold after a few seconds the camera started to play!
For a long time now I’ve managed several VMware ESXi servers and for easy management I’ve created a local area network on each making backups, monitoring and the usual sysad tasks a breeze.
The icing on the cake is that I recently swapped from m0n0walll to pfSense and went about setting up a lan to lan VPN tunnel to my home network, so now I can access everything locally as if I was on the same network.
My home network uses a Draytek 2830 connected to a Virgin Media Superhub. Unfortunatley the Draytek is getting on a little bit now and doesn’t have the processing power to deal with my 100mbit connection speed, so I’ve had to double NAT the network using the Superhub in router mode and then DMZ everything towards the Draytek.
This isn’t a bad thing though as all the “dumb” wireless devices (mobile phones, Roku’s, Nest thermostat, etc) connect direct to the Superhub whilst my home server and everything crucial connect via the Draytek. All in all I get 70mbit through the Draytek on average and there’s plenty of bandwidth left for the devices connected to the Superhub.
In the example below the home network subnet will be 192.168.100.x
The remote network is pretty simple, they are all setup the same apart from x is a different number based on the virtual host name – a pfSense machine sits at x.1 and deals with traffic to the local network.
In the example below the remote subnet will be 192.168.150.x
The guide below lists only the parts you need to change, if the option isn’t listed then leave it as is
Fairly straight forward, go to VPN > IPSec > Click Add P1
That’s your Phase 1 entry configured, now for Phase 2:
Go to VPN > IPSec > Click on Show Phase 2 Entries for Home
Finally, we need to create a firewall rule to allow traffic to pass over the VPN:
Now it is time to configure the Draytek – Go to VPN and Remote Access > LAN to LAN
For Common Settings:
For Dial-Out Settings:
For Dial-In Settings:
Under TCP/IP Netowrk Settings:
Hit OK at the very bottom to save the profile, leave it a few seconds and it should connect. If it doesn’t connect automatically, head to the IPSec Status page in pfSense and hit Connect manually