Author: dk

Clamping Down HARD on DHCPd MACs…

Posted on by dk

There is an eight year old issue (at the point of writing this) with pfSense DHCPd that somehow did not restrict DHCPd IP “handouts” despite the chosen setting to “Deny unknown clients”… Which, after some digging, turns out more to be of a misunderstanding than what the “common people” would think.

Despite the “Deny unknown clients” setting, certain clients requesting an IP from a pool/interface that does not explicitly list its MAC address will still get an IP address. It turns out that said client is considered “known” if the MAC is listed anywhere else (i.e. in some other MAC address list)…

Anyway, I got fed up with this seemingly insecure behaviour and managed to hack a fix… some 8+ months ago… Just that I never got around to posting the details for people willing to hack their own pfSense fix (unlike my other SSHd configuration fix which was documented in full)…

Well, to cut the long story short, the pull request (merged with another upstream fix) has now been accepted and merged (actual changes)… You will see this fix some-time-soon-now in some upcoming pfSense release… Enjoy!

2021/02/28 Update: A year later and only now is the DHCPd fixes released with a new stable release (2.5.0), instead of the expected 2.4.x! Well, it’s “finally out there”…

2021/06/01 Update: As of time of writing, it appears that 2.5.0 and 2.5.1 are, unfortunately, bugged and I do not recommend upgrading to 2.5.0/2.5.1…

2021/07/07 Update: pfSense 2.5.2 is now released… YMMV…

Exporting Clips Off A Dahua NVR Part Deux…

Posted on by dk

So, another day, another kid, another requirement to pull video off the DVR…

I totally forgot about my previous post and attempted to use the in-built NVR software (which requires ye ‘old Internet Explorer because it’s an ActiveX plugin) and, to my amazement, discovered that the video extraction actually works (although you still need to manually convert .dav video to something else that’s, you know, a known standard that is universally playable)… I am not sure how I missed this the last time, but oh well…

Anyway, as per usual, the quick instructions are here for posterity and future reference…

Continue reading

Playing and Converting Dahua NVR’s .dav H264 Videos…

Posted on by dk

Well, as if fighting the NVR in attempting to export video clips ain’t enough. There’s a need to convert stuff just to play ’em back…

I tried a solution using VideoLAN’s VLC Media Player, but that was a hit-or-miss affair (i.e. sometimes it worked, other times, not).

Enter FFMPEG

Continue reading

Exporting Clips Off A Dahua NVR…

Posted on by dk

I recently had an unfortunate episode requiring the exporting of a clip off a Dahua NVR, but I needed someone else to do it… (and no, I was not in jail, trying to instruct someone else to pull exonerating evidence off some CCTV, if that was what you were thinking)…

My original method of using the in-built web UI off the NVR, manual streaming conversion via VLC Player (after fiddling with it for a temporal configuration change to “enable” playback of .dav files) was just not going to “cut it”…

So, once I had the time, I waded into the battle of the forever-changing, forever-beta nature of Dahua firmware, software and hodge-podge end-user solutions…

SmartPSS

There happened to be a “new” version of the SmartPSS software (v2.002.0000008.0.T.190801); which was supposedly released a month ago (2019/08/01, as of writing this). This software was “supposed” to have had some (old) “enforced 1 hour video export” bug fixed. However, I was pulling my hair out as to why I could not seem to limit the video clip I chose to export. I finally found my clue and therefore am posting this here for posterity (actually, to enable other people to follow the same instructions to do this).

Continue reading

Forcing dhcpd On pfSense To Forget…

Posted on by dk

So I was playing around with 2 new TP-Link HS110 units I bought from Amazon, and I was attempting to swap the two with two other existing units (which had older firmware), having the two new units take the identity (name/ID and pfSense dhcpd statically defined IP addresses) of the “older” units… Review of that device aside, I was pulling my hair out because the old units kept getting their old IPs, as did the new units!

Funnily enough, the units appear to “take turns” “phoning home” – such that in the Kasa control application, there were duplicates of the old unit name/IDs shown, and it “flip-flopped” on showing the availability (and also the recorded energy consumption).

I figured it must be the DHCP service/daemon, since I kept seeing the DHCPDISCOVER and DHCPOFFER in the dhcpd logs.

Time to roll up my sleeves and fix this…

Continue reading

A Weasel for WSL…

Posted on by dk

So I have been using Windows Subsystem for Linux (WSL) for a while now (specifically, the “Microsoft’ed” version of Ubuntu 18.04).

Recently, I have had to use my local desktop to handle some git stuff, and I decided to do so within WSL. First up, I ran headlong into access problems – I run PuTTY Pageant and did not want to explicitly run ssh-agent inside WSL, not to mention maintaining a duplicate of my private keys in the WSL environment(s).

Well, agent forwarding was made for a reason, so I immediately set off to find a solution.

Continue reading

GNU getopt Needs A Helper

Posted on by dk

So, recently at work, I found myself knee deep in… scripts…

Most of my scripts had ugly positional parameters/arguments (you know, $1 was the value for this, $2 was the input for that)… So, I dug up getopt… But then I quickly spiralled down the time-sucking rabbit hole of trying to automate some other bits, like being able to print the “usage” by “simply” plucking out all the options given to getopt in the first place…

Continue reading

sed Shennanigans…

Posted on by dk

Escaping…

For anyone familiar with regular expressions, the need to escape characters, that might otherwise be construed as some “special command”, is a regular affair…

sed posed a particular challenge for me when attempting to escape variables that are used as a replacement string. So, to cut the long story short, after 8 hours of trying, testing and re-testing, I finally got the solution…

In a bash shell, try the following:

TESTSTRING='\/12345678\90!@#$%^&*()-_=+{}[];:",.<>? `~abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
sed "s#\([^[:alnum:]]\)#\\\\\1#g"<<<$TEST

Otherwise, in a script, try the following:

TESTSTRING='\/12345678\90!@#$%^&*()-_=+{}[];:",.<>? `~abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
TESTSTRING=`echo $TESTSTRING|sed 's#\([^[:alnum:]]\)#\\\\\1#g'

WARNING: This does not work with intended backreferences (e.g. \1, \2, … \9, etc.) as the leading backslash will also be escaped (see the \9 in the tests above).

NOTE: The single-quote character was not part of the tests as I could not find a way to escape that as part of the variable assignment.

Adding 4G/LTE Back Up Internet Link to pfSense VM…

Posted on by dk

Updates Fartdates…

So, my Ubuntu LTS 18.04 decided to have a brain fart during a “routine” system update just past midnight on Saturday morning… Rebooted the modem, switches, VM, VM host… nada

Wither Thou Internet…

With the ‘net down, I could not seem to see the list of update details, nor try and roll anything back… Worst yet, I was actually doing work (which needs a ‘net connection)… So the troubleshooting ensued…

Troubleshooting using my work laptop via my handphone hotspot was no fun… So, four-and-a-half hours later, I retired, disgruntled at not solving the issue (and also having to do three rounds of laundry, get woken up a mere 15 minutes later by my young daughter who wet her bed, and get awakened again 30 minutes after that due to one inconsiderate neighbour’s noisy pet birds – but that’s a totally different story and I digress)…

Saving Grace…

Just a few days ago, I had applied for a free 12-month trial from TPG (Singapore’s fourth telco), so at 10AM in the morning, I dragged myself out of bed, went to church, and then picked up the TPG SIM card… All this to use in a Huawei E3372-607 USB LTE/4G modem (together with a high-gain indoor antenna) purchased nearly two years ago that was meant to fix this exact situation (i.e. be a back-up Internet link).

Continue reading

Unifi Controller vs. MongoDB Debacle

Posted on by dk

Ubiquiti’s Motto: If It Ain’t Broke, Don’t Won’t Fix It

After my upgrade of my Ubuntu LTS 16.04 to 18.04, I discovered some things had broken, including the Unifi Controller used for my UAP-HD. Apparently, the entire /usr/lib/unifi directory disappeared (alongside with MongoDB)!

Rooting around the Internet turned this thread up… And accordingly, there is a work-around, with some “clean-up” work.

The “official” fix is relatively useless, but that is another shouting match argument with another idiot person for a different time…

Anyway, on to the fix!

NOTE

The “fix” offerred below is not really one – it does not restore your data, although you could conceivably do so if you got creative in restoring some data files before re-installing MongoDB version 3.4 as per below…
Continue reading