• 0 Posts
  • 15 Comments
Joined 1 year ago
cake
Cake day: October 1st, 2023

help-circle
  • I do work for multiple organizations and got tired of having to disconnect/reconnect VPN tunnels each time.

    Solution: Raspberry Pi. It’s got a single Ethernet port on it which makes it perfect. I used Openconnect since it was compatible with Cisco and PulseSecure (at the time). When you establish a tunnel, the routes come in as “kernel routes” assuming you have a split tunnel. I configured IPTables to NAT masquerade out each interface and I set up Quagga, a routing daemon to talk to my main gateway and redistributed my kernel routes into OSPF. That way, any of my devices can now access any networks they need. I did also have to configure my own DNS server since I needed to resolve the different private networks.






  • I worked support for an ISP before.

    If we didn’t provide the router, then we can’t support it. There are way too many variables with third-party routers for us to actually do that. In those instances, we would provide one and if it still can’t deliver the bandwidth, then we will continue to troubleshoot.

    That said, to rule this out, plug your computer directly into their modem or handoff. That’s the best way to rule out router problems.

    Side note: as someone who loved dd-wrt, I stopped using it because it was slow. Third party firmware is awesome since they add a ton of functionality but you lose a lot in performance when you do that.







  • I’m using a raspberry pi 4 8 GB. It’s not a problem until someone transcodes, and that usually happens with H265 HEVC media when the person is on a browser that doesn’t support it which is most browsers these days. If the person is doing directplay (click the gear during play and click on Playback Info). If it’s forced to transcode, it will tell you why.

    Direct-play in native resolution and codec should give you perfect performance and consume almost no resources since it’s essentially just a file transfer. I find performance works best when I use the Jellyfin Media Player app on my computer or the Android app.




  • You’ll be fine. It’s exactly what I do. Just keep any exposed services up to date. NPM also has a very rudimentary blocker that mostly relies on UA and bad strings getting passed through. You can turn that on. Open up only services that need to be exposed e.g. don’t expose sonarr/radarr unless there’s a good reason for it. Make sure anything you expose that doesn’t have any sort of authentication can have it implemented in nginx or you can use an SSO solution.

    I expose strictly needed services while everything else is just internal. Exposed services include jellyfin, jellyseer (jellyfin version of overseerr), and nextcloud.