In today’s digitally connected world, amateur radio isn’t just about radios and antennas — it’s also about the secure, smart use of modern networking tools. One tool that’s gaining popularity among hams is WireGuard, a next-generation VPN protocol. While VPNs are often associated with corporate IT or privacy tools, they have practical and exciting use cases for amateur radio operators too.

Let’s explore what WireGuard is and how it can empower your ham radio setup — from remote control to repeater networking.

What is WireGuard?

WireGuard is an open-source, modern VPN (Virtual Private Network) that’s fast, lightweight, and secure. Think of it as a secure tunnel between two or more devices, no matter where they are in the world. It uses cutting-edge cryptography like ChaCha20 and Curve25519 and is designed to be extremely simple to set up and manage.

Some key features:

• Blazing fast performance, even on low-powered devices like Raspberry Pi.
• Built into the Linux kernel (also works on Windows, macOS, iOS, Android).
• Minimal configuration with easy-to-read config files.
• Highly secure with modern encryption standards.

Why Should Hams Care?

You might be wondering — “What does a VPN have to do with amateur radio?”

Well, WireGuard isn’t just for IT professionals. It can be incredibly useful for amateur radio in a variety of modern applications:

1. Remote Station Access

Operate your station remotely — securely. Use WireGuard to connect to:

• Your home radio via web interface (e.g., Hamlib, WebSDR, OpenWebRX).
• Digital modes like FT8, even when you’re away from home.
• Control rotators, power switches, and more — all over a private network.

No need to open public ports or worry about hacking attempts.

2. Linking Repeaters or Nodes

Running AllStarLink, EchoLink, or DMR nodes? WireGuard is perfect for:

• Securely linking multiple nodes.
• Simplifying firewall and NAT traversal.
• Avoiding reliance on port forwarding or dynamic DNS.

With WireGuard, repeaters in different locations can talk to each other over encrypted tunnels.

3. Emergency Communications (EMCOMM)

In emergency situations, you may deploy AREDN mesh networks, Raspberry Pis, and LTE routers. WireGuard lets you:

• Quickly set up a secure, private network between team members.
• Share sensitive data, maps, or status pages — safely.
• Connect mobile and fixed stations over WiFi, LTE, or satellite links.

WireGuard is lightweight enough to run on solar-powered mesh nodes and Pi devices in the field.

Legal Note for Hams

It’s important to point out:

Encryption is NOT allowed over amateur radio frequencies in most countries (including Malaysia and the U.S.).

This means you cannot run WireGuard over RF links on ham bands. But here’s where you can:

• Private home or field networks using WiFi, cellular, or fiber.
• Between club servers or repeaters connected via the internet.

Always follow your country’s amateur radio regulations.

Easy Setup with WG-Easy

Want to get started without headaches? The easiest way to install and manage WireGuard is with WG-Easy — a simple web interface for WireGuard.

Install WG-Easy (Docker)

If you’re familiar with Docker, just run:

docker run -d \
  --name=wg-easy \
  -e WG_HOST=your.domain.com \
  -e PASSWORD=your_password \
  -v ~/.wg-easy:/etc/wireguard \
  -p 51820:51820/udp \
  -p 51821:51821/tcp \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  --sysctl="net.ipv4.ip_forward=1" \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
  --restart unless-stopped \
  weejewel/wg-easy

Then visit http://your-server-ip:51821 to manage your VPN through a friendly web UI. Generate keys, scan QR codes for your phone or field devices, and connect in minutes.

Works beautifully with Android/iOS WireGuard apps — great for mobile operators.

Summary: Why Hams Should Use WireGuard

Final Thoughts

WireGuard is more than just a tool for techies — it’s a game-changer for the modern amateur radio operator. Whether you’re running a club repeater, experimenting with remote stations, or preparing for field communications, adding a secure layer like WireGuard is smart, responsible, and powerful.

The post How Amateur Radio Operators Can Use WireGuard for Secure Networking appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

I recently installed a SriHome SH025 IP camera and wanted to monitor the live stream from my Arch Linux desktop (CachyOS in my case). While the official app works, I prefer using local tools — no cloud, no mobile app, just clean video over my LAN.

After some digging, I got the RTSP stream working beautifully with mpv, and I even created a launcher icon for quick access.

Here’s exactly how I did it — plus how to find the right RTSP port using nmap.

My Setup Goals

• Watch the SriHome SH025 stream on my Linux desktop
• Skip the cloud and use direct RTSP
• Get working video (and ideally audio)
• Add a clickable desktop launcher
• Find the RTSP port if undocumented

Finding the RTSP Port with Nmap

SriHome cameras often don’t use the default RTSP port (554) — mine used 8554. If you don’t know your camera’s port, use nmap to scan for open ones:

1. Install nmap (if you don’t already have it):

sudo pacman -S nmap

2. Scan for common video streaming ports:

nmap -p 554,8554,10554,7070,6688 192.168.0.11

Replace 192.168.0.11 with your camera’s actual IP address.

Example output:

PORT      STATE  SERVICE
554/tcp   closed rtsp
8554/tcp  open   rtsp-alt
10554/tcp closed unknown
6688/tcp  open   unknown

In my case, port 8554 was open, which matched what ffplay and mpv needed.

Testing the Stream with ffplay

Before setting up anything fancy, I tested the RTSP stream with:

ffplay rtsp://admin:888888@192.168.0.11:8554/profile0

It worked! Full 1080p video and even audio came through. This confirmed the camera was broadcasting fine over RTSP.

Daily Viewing with MPV

After confirming the stream worked, I switched to mpv for daily use. It’s lightweight and integrates better with my desktop.

mpv rtsp://admin:888888@192.168.0.11:8554/profile0

Create a Desktop Shortcut

To make launching the camera easy from my app launcher, I made a .desktop file.

1. Create the launcher:

nano ~/.local/share/applications/sricam-view.desktop

2. Paste this:

[Desktop Entry]
Name=SriHome SH025 Viewer
Comment=Open SriHome IP Camera Stream in MPV
Exec=mpv rtsp://admin:888888@192.168.0.11:8554/profile0
Icon=camera-video
Terminal=false
Type=Application
Categories=Video;AudioVideo;Utility;

3. Make it executable:

chmod +x ~/.local/share/applications/sricam-view.desktop

Wrap-up

SriHome doesn’t document these RTSP settings well, but with a little effort — and tools like nmap, ffplay, mpv, and ffmpeg — you can get full, local access to your camera stream.

The post Viewing SriHome SH025 IP Camera on Linux with MPV appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

In today’s interconnected world, wireless networks have become a critical part of our infrastructure. However, this ubiquity also creates security vulnerabilities that can be exploited. Understanding these vulnerabilities is essential for developing robust security measures. Let’s explore how a Raspberry Pi can be transformed into a wireless network security tool.

What is Wi-Fi Jamming?

Wi-Fi jamming is a technique that disrupts wireless networks by sending deauthentication packets to clients and access points. While this might sound malicious, it has legitimate applications in security testing, network management, and law enforcement.

The Raspberry Pi Advantage

The Raspberry Pi is an ideal platform for network security tools due to its:

• Low cost and high portability
• Open hardware architecture
• Flexibility through its System on a Chip (SoC) design
• Compatibility with various wireless adapters

How the Jamming Process Works

The process involves several technical steps:

1. Interface Selection: The system identifies the most powerful wireless interface and enables monitor mode.
2. Channel Hopping: It sequentially scans channels 1-11, spending about 1 second on each to identify access points and connected clients.
3. Deauthentication: After identifying targets, the system sends deauthentication packets that force clients to disconnect from their access points.
4. Targeted Jamming: The tool can be configured to target specific devices or all devices connected to a particular access point.

Applications in Security

This type of tool has several legitimate uses:

• Law Enforcement: Originally developed for law enforcement to interrupt criminal communications
• Security Testing: Organizations can test their network resilience against deauthentication attacks
• Network Management: Institutions can control which devices connect to their networks
• Emergency Situations: Can be used to prevent remote triggering of explosive devices

Creating a Captive Portal

Beyond jamming, a Raspberry Pi can also be configured to create a captive portal – a landing page that appears when users connect to a network. This has applications in:

• User authentication
• Displaying network terms of service
• Controlled internet access
• Marketing and advertisements

Ethical Considerations

It’s crucial to note that unauthorized network disruption is illegal in most jurisdictions. These tools should only be used:

• On networks you own or have permission to test
• For legitimate security testing purposes
• In accordance with local laws and regulations
• With proper authorization from relevant authorities

Technical Implementation

The implementation involves several components:

• Aircrack-ng: A suite of tools for wireless network assessment
• Nodogsplash: Software for creating and managing captive portals
• Python: For scripting the core functionality

The system can be further enhanced with features like bandwidth control, domain restrictions, and packet filtering to create a comprehensive network management solution.

Conclusion

Wi-Fi jamming using Raspberry Pi represents a powerful tool for understanding and securing wireless networks. While its capabilities could be misused, its primary value lies in helping network administrators identify vulnerabilities and improve security posture. As IoT devices continue to proliferate, with estimates suggesting 30 billion connected objects by 2020, understanding these network security principles becomes increasingly important.

Remember, the goal of security research is always to build more robust systems, not to compromise legitimate networks.

https://acadpubl.eu/hub/2018-118-22/articles/22b/32.pdf

The post Wi-Fi Jamming Using Raspberry Pi: Security Tools for Network Protection appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

In the world of amateur radio, efficient data storage and management are essential for various applications, including logging contacts, storing SDR recordings, and managing DXpedition logs. A Network Attached Storage (NAS) system provides a centralized solution for storing, accessing, and sharing data across multiple devices. In this blog post, we’ll explore the best open-source NAS solutions and how they can benefit amateur radio operators.

Why Amateur Radio Operators Need a NAS?

A NAS system can serve multiple purposes in the amateur radio community, including:

• DXpedition Log Storage: Securely store logs from remote operations and enable real-time syncing with cloud services.
• SDR Recordings: Save and manage large SDR (Software-Defined Radio) recordings without cluttering your main workstation.
• Call Sign Database Management: Store and retrieve updated call sign databases.
• Software & Firmware Repository: Maintain a repository of amateur radio software, firmware updates, and digital mode configurations.
• Remote Data Access: Access important radio logs and settings from anywhere in the world.
• Collaboration and Data Sharing: Share logs and resources with other operators and radio clubs.

By setting up an open-source NAS, you gain flexibility, security, and cost-effectiveness compared to proprietary cloud solutions.

Best Open-Source NAS Solutions

Here are some of the best open-source NAS solutions suitable for amateur radio operators:

1. TrueNAS (formerly FreeNAS)

• Based on: FreeBSD
• Features: ZFS file system, snapshots, data encryption, cloud sync, and RAID support.
• Why it’s great for hams: Reliable for storing large SDR files and DXpedition logs with built-in redundancy.

2. OpenMediaVault

• Based on: Debian Linux
• Features: Web-based UI, plugin support, NFS/Samba sharing, and RAID support.
• Why it’s great for hams: Easy to set up on Raspberry Pi for a lightweight logging storage solution.

3. Rockstor

• Based on: CentOS (migrating to OpenSUSE)
• Features: Btrfs file system, replication, and snapshot support.
• Why it’s great for hams: High resilience and data protection, perfect for SDR recordings and long-term storage.

4. XigmaNAS

• Based on: FreeBSD
• Features: ZFS, remote access, encryption, and RAID support.
• Why it’s great for hams: Supports running services like logging servers and backup utilities.

5. Nextcloud (with NAS Integration)

• Based on: Linux/PHP
• Features: Cloud-based file sharing with NAS integration.
• Why it’s great for hams: Ideal for remote access to DXpedition logs and sharing with team members.

Building Your Own NAS for Amateur Radio

1. Hardware Requirements

You don’t need an expensive setup to build an efficient NAS. Here are some hardware options:

• Low-power NAS: Raspberry Pi 4 with external USB storage (ideal for small-scale logs and personal use).
• Mid-range NAS: An old PC with at least 4GB RAM and multiple hard drives.
• High-end NAS: A custom-built server with multiple drive bays and RAID support.

2. Installing an Open-Source NAS OS

1. Download the ISO: Choose one of the NAS distributions listed above.
2. Create a Bootable USB: Use tools like Rufus (Windows) or dd (Linux/macOS) to create a bootable USB drive.
3. Boot & Install: Insert the USB into your NAS machine, boot from USB, and follow the installation wizard.
4. Configure Storage: Set up RAID, ZFS, or Btrfs as needed.
5. Enable File Sharing: Configure SMB, NFS, or FTP for accessing data.
6. Set Up Remote Access: Enable VPN, SSH, or Nextcloud integration.

3. Configuring NAS for Amateur Radio Use

• Logging & Backup: Sync logging software (like N1MM or WSJT-X) to the NAS for automatic backups.
• DXpedition File Sharing: Use Nextcloud to share logs with remote team members.
• SDR Storage: Save large IQ recordings for post-processing.
• Weather & APRS Data Storage: Store weather and APRS logs for analysis.

Final Thoughts

A NAS is a valuable tool for amateur radio operators, providing secure storage for DXpedition logs, SDR recordings, and digital mode settings. By leveraging open-source NAS solutions like TrueNAS, OpenMediaVault, or Nextcloud, you can build a powerful and cost-effective storage system tailored to your radio operations.

Whether you’re a casual radio hobbyist or an expedition leader logging thousands of contacts, a well-configured NAS can improve efficiency, enhance data security, and facilitate collaboration. With some basic hardware and open-source software, you can create a flexible and scalable storage system that serves your radio adventures for years to come.

Do you already use a NAS for your amateur radio activities? Share your setup in the comments below!

The post The Best Open-Source NAS Solutions for Amateur Radio Enthusiasts appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

As our data increasingly travels over the Internet, safeguarding it from prying eyes is crucial. DNS over TLS (DoT) and DNS over HTTPS (DoH) are two protocols designed to encrypt DNS requests, ensuring that your data remains secure. In this post, we’ll explore how these protocols enhance your privacy and how they differ from one another.

What is DNS, and Why Does It Need TLS or HTTPS?

The Domain Name System (DNS) is like the internet’s phone book, translating human-friendly domain names into IP addresses that computers use to communicate. However, standard DNS queries are not encrypted, leaving them vulnerable to interception. This can pose significant security risks. Encrypting DNS requests with TLS (Transport Layer Security) or HTTPS (Hypertext Transfer Protocol Secure) helps protect this data from unauthorized access and reduces the risk of data breaches. Essentially, these encryption protocols ensure that your DNS queries remain private and secure.

The Importance of Encrypting DNS Requests

Encrypting DNS requests is vital for maintaining data privacy and security. It prevents malicious actors from intercepting or tampering with the data, protecting users from potential threats such as DNS hijacking, where cybercriminals redirect your traffic to malicious sites. Encryption ensures that your browsing activity remains confidential and your data is shielded from prying eyes.

DNS over TLS (DoT) – What Is It?

DNS over TLS (DoT) is a protocol that enhances the security of DNS queries by encrypting them using TLS. This protocol adds a layer of encryption over the User Datagram Protocol (UDP), which is used for sending DNS queries. By establishing a secure TLS tunnel, DoT ensures that DNS requests and responses are encrypted and protected from unauthorized access. This is particularly beneficial when using public or shared networks, as it provides a safeguard against potential snooping.

What Is DNS over HTTPS (DoH)?

DNS over HTTPS (DoH) is another method for securing DNS queries, but it operates differently than DoT. DoH encrypts DNS traffic using HTTPS, which is the same protocol used for securing web traffic. This approach disguises DNS queries within regular HTTPS traffic, making it harder for third parties to monitor or block these queries. DoH also encrypts the entire DNS response, including the IP address, providing a higher level of privacy.

Comparing DNS over TLS and DNS over HTTPS

Both DoT and DoH offer encryption for DNS queries, but they differ in how they implement it:

• Encryption Protocol: DoT uses TLS to encrypt DNS queries over TCP, while DoH uses HTTPS.
• Ports: DoT operates on its own port (TCP 853), whereas DoH uses the standard HTTPS port (TCP 443).
• Encryption Complexity: DoH employs more complex encryption through HTTPS, including encrypting the entire DNS response. DoT adds a TLS layer over UDP, which is simpler but still effective.

Which Is Better, DoT or DoH?

The choice between DoT and DoH depends on specific needs:

• Network Security: DoT is often preferred for network security because it allows administrators to monitor and block DNS queries more easily.
• Privacy: DoH may be more suitable for privacy since it hides DNS traffic within regular HTTPS traffic, making it harder for ISPs and other entities to track.

The Role of Private DNS Servers

Private DNS servers resolve external DNS queries and benefit from DoT and DoH encryption. Using these protocols ensures that the data exchanged between private DNS servers and external servers is secure, preventing potential attacks and maintaining data integrity.

Challenges in Implementing DoT and DoH

• Compatibility: Some older systems and applications may not support DoT or DoH.
• Configuration: Setting up DoT or DoH can be complex, especially if existing security measures are in place.
• Mixed Content: Websites that use HTTPS but have DNS requests over unencrypted channels can pose challenges in enforcing DoT or DoH.

Setting Up DoT and DoH

To enhance your privacy and security, configure DoT or DoH on various operating systems:

• Windows: Use Network Settings or third-party applications to enable DoT/DoH.
• macOS: Configure DNS settings in Network Preferences or use apps to automate the process.
• Linux: Edit the resolv.conf file or use systemd-resolved for DoT/DoH configuration.
• Android: Specify a Private DNS provider in network settings for DoT.
• iOS: Use a DNS profile or third-party app for DoT/DoH, as iOS does not natively support these settings for cellular networks.

DoT/DoH vs. VPNs

While DoT and DoH secure DNS queries, VPNs provide comprehensive privacy by encrypting all internet traffic. VPNs create a secure tunnel between your device and a remote server, protecting all your online activities from interception.

Conclusion

With increasing concerns about data privacy and the need for faster browsing, DoT and DoH offer essential security and performance benefits. Adopting these protocols can help make your internet experience safer and more secure.

The post Understanding DNS over TLS (DoT) and DNS over HTTPS (DoH) appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

In the realm of computer networking, tunnels play a crucial role in facilitating secure communication, enabling interoperability between disparate networks, and enhancing privacy and anonymity. From the early days of the internet to modern cybersecurity practices, tunnels have evolved to become indispensable tools in the hands of both legitimate users and malicious actors. In this comprehensive article, we delve into the history of tunnels, their diverse applications, notable tunneling protocols, and the unfortunate misuse that has led to criminal activities and security concerns.

History of Network Tunnels

The concept of tunneling traces back to the early days of computer networking, where the need to bridge incompatible networks and ensure secure communication gave rise to innovative solutions. One of the earliest tunneling protocols, Generic Routing Encapsulation (GRE), emerged in the 1990s to carry non-IP traffic over IP networks. As the internet grew and security became a paramount concern, protocols like IPSec and SSL/TLS were developed to establish secure tunnels for VPNs and encrypted communication.

Usages and Applications

Tunnels serve a myriad of purposes across various domains of networking and cybersecurity:

1. Virtual Private Networks (VPNs): VPN tunnels enable remote users to securely access private networks over public networks like the internet. They provide encryption, authentication, and confidentiality, making them invaluable for remote work, secure browsing, and protecting sensitive data.
2. IPv6 Transition: With the exhaustion of IPv4 addresses, tunneling is used to facilitate the transition to IPv6. Tunneling protocols like 6to4, Teredo, and ISATAP encapsulate IPv6 packets within IPv4 packets, allowing them to traverse IPv4 networks.
3. Secure Shell (SSH) Tunnels: SSH tunnels create encrypted connections between a local and remote host, forwarding network traffic through the encrypted tunnel. They are commonly used for secure remote access, port forwarding, and bypassing network restrictions.
4. Protocol Translation: Tunnels facilitate communication between networks that use different protocols. For instance, GRE tunnels carry non-IP traffic over IP networks, while L2TP tunnels encapsulate multiprotocol traffic for VPNs.
5. Anonymity and Privacy: Tunnels can be used to enhance anonymity and privacy online. Tools like Tor (The Onion Router) create encrypted tunnels through a network of relays, concealing users’ identities and online activities.

Top Tunneling Protocols and Applications

1. IPSec: Internet Protocol Security (IPSec) is a suite of protocols used to secure communication over IP networks. It provides authentication, integrity, and confidentiality through tunnel and transport modes, making it ideal for VPNs and secure communications.
2. SSL/TLS: Secure Socket Layer (SSL) and its successor Transport Layer Security (TLS) create encrypted tunnels between clients and servers over the internet. They are widely used to secure web traffic (HTTPS), email (SMTPS, IMAPS), and other network protocols.
3. SSH: Secure Shell (SSH) tunnels enable encrypted connections between hosts for secure remote access and data transfer. They are commonly used by administrators to manage remote servers and by users for secure browsing and file transfer.
4. L2TP/IPSec: Layer 2 Tunneling Protocol (L2TP) is often used in conjunction with IPSec to create VPN connections. L2TP provides tunneling capabilities for carrying multiprotocol traffic over IP networks, while IPSec adds encryption and authentication for secure communication.

Misuse and Security Concerns

While tunnels offer numerous benefits, they can also be exploited for malicious purposes:

1. Criminal Activities: Cybercriminals often misuse tunnels to conceal their activities and evade detection. VPNs and anonymization services may be used to hide the origin of malicious traffic, making it difficult for authorities to trace and attribute attacks.
2. Data Exfiltration: Tunnels can be used to exfiltrate sensitive data from compromised networks to external servers controlled by attackers. Encrypted tunnels may bypass traditional security measures, allowing attackers to steal data without detection.
3. Bypassing Restrictions: Tunnels are sometimes used to bypass network restrictions and censorship imposed by governments or organizations. While this may serve legitimate purposes, it can also enable access to illicit content and illegal activities.
4. Botnet Command and Control: Botnets may use encrypted tunnels to establish communication channels between infected devices and command-and-control servers. This makes it challenging for security professionals to detect and mitigate botnet activities.

Conclusion

Network tunnels have revolutionized the way we communicate, collaborate, and secure our digital assets. From enabling remote work and protecting sensitive data to facilitating the transition to IPv6 and enhancing privacy online, tunnels have become indispensable in today’s interconnected world. However, their widespread adoption has also given rise to security concerns and misuse by malicious actors. As technology continues to evolve, it is imperative for organizations and individuals alike to strike a balance between harnessing the benefits of tunnels and mitigating the associated risks. By understanding the history, applications, and security implications of network tunnels, we can navigate the digital landscape with greater awareness and resilience.

The post Exploring Network Tunnels: History, Usage, Applications, and Misuse appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

Introduction

Network Attached Storage (NAS) has become an essential component for both home and business networks, providing centralized data storage and access over a network. While commercial NAS devices offer robust features, open source NAS solutions present a flexible, cost-effective alternative. This blog post delves into the history, usage, and various open source NAS software options, providing a comprehensive overview for anyone interested in setting up their own NAS system.

History of Network Attached Storage

The concept of Network Attached Storage has evolved significantly over the past few decades. Initially, data storage solutions were directly attached to individual computers, limiting accessibility and scalability. As networks grew and the need for shared storage became apparent, NAS emerged as a solution to centralize storage, making it accessible from any device on the network.

1. Early NAS Development: The first NAS devices appeared in the 1980s, primarily used by enterprises to manage large amounts of data. These early systems were expensive and complex, often requiring specialized hardware and software.
2. Growth and Standardization: In the 1990s and 2000s, NAS technology matured, becoming more affordable and user-friendly. Standardization of networking protocols, such as SMB (Server Message Block) and NFS (Network File System), facilitated broader adoption.
3. Open Source Movement: With the rise of the open source movement, community-driven NAS solutions began to emerge, offering cost-effective and customizable alternatives to proprietary systems.

Usage of NAS

NAS systems serve a variety of purposes, from simple file storage to complex data management and backup solutions. Key usages include:

1. File Sharing: NAS allows multiple users to access and share files over a network, facilitating collaboration and centralized data management.
2. Media Streaming: Many home users utilize NAS for storing and streaming media content, such as movies, music, and photos, to various devices in their network.
3. Backup Solutions: NAS provides a reliable solution for backing up important data from multiple devices, ensuring data integrity and disaster recovery.
4. Virtualization: In business environments, NAS is often used to store virtual machine images, supporting virtualization platforms like VMware and Hyper-V.
5. Surveillance Storage: NAS devices can be used to store footage from networked security cameras, offering scalable and secure storage for surveillance systems.

Open Source NAS Software

Several open source NAS solutions are available, each with its own set of features and capabilities. Here is a list of some of the most popular open source NAS software options:

1. FreeNAS/TrueNAS:
   • Overview: FreeNAS, recently rebranded as TrueNAS CORE, is one of the most popular open source NAS solutions. It is based on FreeBSD and uses the ZFS file system for data integrity and advanced storage features.
   • Features: Includes data snapshots, replication, encryption, and a web-based management interface. It supports a wide range of plugins and virtual machine hosting.
   • Use Cases: Ideal for both home users and enterprises looking for a robust and scalable NAS solution.
2. OpenMediaVault:
   • Overview: OpenMediaVault (OMV) is a Debian-based NAS solution designed for home and small office environments.
   • Features: Provides a simple web-based interface, support for various file systems, RAID management, and extensive plugin support.
   • Use Cases: Best suited for users looking for an easy-to-use, yet powerful NAS solution for home or small business use.
3. XigmaNAS:
   • Overview: Formerly known as NAS4Free, XigmaNAS is a free and open source NAS solution based on FreeBSD.
   • Features: Offers support for ZFS, UFS, and other file systems, along with a web-based interface, advanced network services, and virtualization support.
   • Use Cases: Suitable for users needing a versatile and reliable NAS system with comprehensive network services.
4. Rockstor:
   • Overview: Rockstor is a Linux-based NAS solution that uses the Btrfs file system for advanced storage capabilities.
   • Features: Includes a web-based interface, snapshot management, replication, and a robust plugin system.
   • Use Cases: Ideal for users who prefer a Linux-based solution with the advanced features of Btrfs.
5. Amahi:
   • Overview: Amahi is a home server solution that can also function as a NAS. It is based on Fedora and focuses on ease of use.
   • Features: Provides file sharing, media streaming, VPN, and backup services, all manageable through a simple web interface.
   • Use Cases: Perfect for home users looking for a multi-purpose server that includes NAS functionality.
6. Openfiler:
   • Overview: Openfiler is a Linux-based NAS and SAN (Storage Area Network) solution designed for enterprise environments.
   • Features: Offers support for various file systems, iSCSI target capabilities, high availability, and advanced networking features.
   • Use Cases: Suitable for businesses requiring a robust and scalable storage solution.
7. Nextcloud:
   • Overview: While primarily known as a self-hosted cloud storage solution, Nextcloud can also function as a NAS.
   • Features: Provides file synchronization, sharing, and collaboration tools, along with extensive plugins for added functionality.
   • Use Cases: Ideal for users looking for a cloud-like experience with the benefits of local storage.

Setting Up an Open Source NAS

Setting up an open source NAS typically involves the following steps:

1. Hardware Selection: Choose suitable hardware based on your storage and performance needs. This can range from repurposing an old PC to purchasing a dedicated server.
2. Software Installation: Download and install your chosen NAS software on the hardware. Most open source NAS solutions provide ISO images that can be used to create bootable installation media.
3. Configuration: Follow the setup wizard or manual configuration steps to set up network settings, storage pools, and user accounts.
4. Service Setup: Configure additional services such as file sharing, media streaming, backup, and remote access as needed.
5. Regular Maintenance: Perform regular updates, backups, and monitoring to ensure the NAS operates smoothly and securely.

Conclusion

Open source NAS solutions offer a flexible and cost-effective alternative to commercial NAS devices, providing a wide range of features for both home and business users. With options like TrueNAS, OpenMediaVault, XigmaNAS, and others, users can find a solution that fits their specific needs. Whether you’re looking to set up a simple file server or a robust enterprise storage system, open source NAS software provides the tools to create a customized, scalable storage solution.

The post A Comprehensive Guide to Open Source Network Attached Storage (NAS) Solutions appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

In this guide, we will walk through the process of connecting a Cisco switch to a Microsoft Active Directory (AD) server for centralized authentication, authorization, and accounting (AAA). This setup leverages the RADIUS protocol to communicate between the switch and the AD server.

Prerequisites

• Cisco Switch: Ensure it is running an appropriate version of Cisco IOS.
• Microsoft Active Directory Server: Should be up and running.
• Network Connectivity: Ensure the switch and the AD server can communicate over the network.
• Administrative Access: Required for both the switch and the AD server.

Step-by-Step Configuration

1. Configure the Cisco Switch

Step 1: Enable AAA

First, we need to enable AAA on the Cisco switch. AAA stands for Authentication, Authorization, and Accounting, which is a framework for intelligently controlling access to computer resources.

enable
configure terminal
aaa new-model

Step 2: Configure the RADIUS Server

Next, add the AD server as a RADIUS server on the switch. You’ll need the IP address of the AD server and a shared secret key for secure communication.

radius server AD_RADIUS
 address ipv4 <AD_Server_IP> auth-port 1812 acct-port 1813
 key <shared_secret>

Replace <AD_Server_IP> with the IP address of your AD server and <shared_secret> with a secure shared secret key.

Step 3: Create a RADIUS Group

Create a RADIUS server group and include the AD server in this group.

aaa group server radius AD_GROUP
 server name AD_RADIUS

Step 4: Define AAA Authentication and Authorization

Configure the switch to use the RADIUS server for user authentication and authorization.

aaa authentication login default group AD_GROUP local
aaa authorization exec default group AD_GROUP if-authenticated

Step 5: Apply AAA to Console and VTY Lines

Apply the AAA authentication methods to the console and VTY (Virtual Teletype) lines to control access through these lines.

line con 0
 login authentication default
line vty 0 15
 login authentication default

2. Configure the Microsoft Active Directory Server

Step 1: Install the Network Policy Server (NPS) Role

NPS is a role in Windows Server that acts as a RADIUS server. If it’s not already installed, follow these steps:

1. Open Server Manager.
2. Click on Add Roles and Features.
3. Follow the wizard and select Network Policy and Access Services.
4. Complete the installation.

Step 2: Configure NPS

1. Open Network Policy Server from the Administrative Tools.
2. Right-click on RADIUS Clients and select New.
3. Enter a friendly name for the client and the IP address of the Cisco switch.
4. Enter the shared secret key (same as used in the switch configuration).
5. Click OK to add the RADIUS client.

Step 3: Configure a Network Policy

1. In the NPS console, expand Policies and select Network Policies.
2. Right-click and choose New.
3. Provide a name for the policy and define conditions, such as the user group membership.
4. Configure authentication methods, ensuring MS-CHAP v2 is enabled.
5. Define access permissions appropriate for your environment.
6. Click Finish to create the policy.

3. Testing the Configuration

To ensure everything is set up correctly, test the configuration by attempting to log in to the Cisco switch using a domain user account.

• Successful Login: If the login is successful, the configuration is correct.
• Troubleshooting: If the login fails, verify the following:
• Shared Secret: Ensure the shared secret matches on both the switch and the AD server.
• Network Connectivity: Check that the switch and AD server can communicate over the network.
• NPS Logs: Review the NPS logs on the AD server for any authentication errors.
• User Account: Ensure the test user account is a member of the group defined in the NPS policy.

Troubleshooting Tips

• Shared Secret Mismatch: Double-check that the shared secret key configured on the switch matches the one on the AD server.
• Network Issues: Use tools like ping and traceroute to verify network connectivity between the switch and the AD server.
• NPS Configuration: Ensure the RADIUS client configuration on the NPS matches the IP address of the switch.
• NPS Logs: Check the NPS logs for detailed error messages and adjust configurations accordingly.

By following this comprehensive guide, you should be able to connect your Cisco switch to a Microsoft Active Directory server successfully, enabling centralized authentication and authorization for enhanced security and management.

Feel free to customize this guide based on your specific network environment and requirements.

The post Comprehensive Guide: Connecting a Cisco Switch to Microsoft Active Directory Server appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

In an era where online privacy is increasingly important, having robust cybersecurity measures in place is essential. One such tool gaining attention in this realm is Portmaster, a privacy-oriented firewall designed to give users greater control over their network traffic and protect their digital privacy.

Understanding Portmaster

Portmaster is a firewall solution developed with a focus on privacy and user control. Unlike traditional firewalls that may prioritize convenience or ease of use over privacy, Portmaster puts privacy front and center. It allows users to meticulously manage inbound and outbound traffic, block unwanted connections, and safeguard sensitive data from prying eyes.

Features and Capabilities

Granular Control:

• Portmaster offers granular control over network traffic, allowing users to define precise rules for incoming and outgoing connections based on port numbers, protocols, and IP addresses.

Privacy Protection:

• With its privacy-centric design, Portmaster helps users protect their personal information by preventing unauthorized access to their devices and data.

Customizable Rulesets:

• Users can create custom rulesets tailored to their specific privacy and security needs, ensuring that their firewall configuration aligns with their preferences.

Real-time Monitoring:

• Portmaster provides real-time monitoring of network activity, giving users visibility into which applications are accessing the internet and how data is being transmitted.

Open Source:

• As an open-source project, Portmaster fosters transparency and community collaboration, allowing users to inspect the code for potential vulnerabilities and contribute to its development.

How to Get Started with Portmaster

Getting started with Portmaster is straightforward:

Installation:

• Portmaster can be installed on various operating systems, including Linux distributions and BSD-based systems. Detailed installation instructions can be found on the official Portmaster website.

Configuration:

• Once installed, users can configure Portmaster according to their privacy preferences and security requirements. This may involve defining rulesets, specifying allowed and blocked connections, and fine-tuning other settings.

Testing and Optimization:

• After configuring Portmaster, it’s essential to test the firewall rules to ensure they function as intended. Users can monitor network activity and make adjustments as needed to optimize performance and privacy.

Conclusion

In an age where digital privacy is paramount, tools like Portmaster provide users with the means to take control of their online security. By offering granular control over network traffic and prioritizing privacy, Portmaster empowers individuals and organizations to safeguard their sensitive data and mitigate the risk of unauthorized access. Whether you’re a privacy-conscious individual or responsible for securing a network, Portmaster is worth considering as part of your cybersecurity arsenal.

Source: https://safing.io/

The post Exploring Portmaster: The Privacy-Oriented Firewall appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

What is Wazuh?

Wazuh is an open-source security monitoring platform that helps organizations detect threats, monitor integrity, and ensure compliance. It is a comprehensive and scalable solution that integrates with various tools to provide real-time security analytics. Wazuh is built on the OSSEC (Open Source Host-based Intrusion Detection System) framework and extends its capabilities, offering enhanced features for threat detection, log data analysis, and response to security incidents.

Key Features of Wazuh

1. Intrusion Detection

Wazuh provides real-time intrusion detection by monitoring and analyzing activities on endpoints. It detects anomalies, policy violations, and potential threats.

2. Log Data Analysis

It collects and analyzes log data from various sources, including firewalls, IDS/IPS systems, and applications. This helps in identifying suspicious activities and security breaches.

3. Vulnerability Detection

Wazuh scans systems for vulnerabilities, providing detailed reports on security issues and remediation steps.

4. Configuration Assessment

It ensures systems comply with security policies and best practices by performing configuration assessments and reporting deviations.

5. File Integrity Monitoring

Wazuh monitors file changes across the system, detecting unauthorized modifications to critical files.

6. Security Information and Event Management (SIEM)

Wazuh integrates with SIEM platforms, like Elasticsearch and Kibana, to offer comprehensive security monitoring and analytics.

Installing and Configuring Wazuh on Ubuntu

Prerequisites

Before installing Wazuh, ensure that your Ubuntu system is updated:

sudo apt update
sudo apt upgrade

Step 1: Install Wazuh Manager

The Wazuh Manager is the core component responsible for processing data received from the agents.

1. Add the Wazuh repository:

curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | sudo apt-key add -
echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | sudo tee /etc/apt/sources.list.d/wazuh.list

2. Install the Wazuh Manager:

sudo apt update
sudo apt install wazuh-manager

3. Start and enable the Wazuh Manager service:

sudo systemctl start wazuh-manager
sudo systemctl enable wazuh-manager

Step 2: Install and Configure Elasticsearch

Elasticsearch is used to store and search the data collected by Wazuh.

1. Import the Elasticsearch PGP Key:

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

2. Add the Elasticsearch repository:

sudo sh -c 'echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" > /etc/apt/sources.list.d/elastic-7.x.list'

3. Install Elasticsearch:

sudo apt update
sudo apt install elasticsearch

4. Start and enable the Elasticsearch service:

sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch

5. Edit the Elasticsearch configuration file to enable cross-origin resource sharing (CORS):

sudo nano /etc/elasticsearch/elasticsearch.yml

Add the following lines:

network.host: 0.0.0.0
http.port: 9200
discovery.type: single-node

Step 3: Install and Configure Kibana

Kibana is used for visualizing the data stored in Elasticsearch.

1. Install Kibana:

sudo apt update
sudo apt install kibana

2. Start and enable the Kibana service:

sudo systemctl start kibana
sudo systemctl enable kibana

3. Edit the Kibana configuration file to enable access:

sudo nano /etc/kibana/kibana.yml

Add the following lines:

server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://localhost:9200"]

Step 4: Install Wazuh API

The Wazuh API allows interaction with the Wazuh Manager via RESTful web services.

1. Install Node.js and npm:

curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash -
sudo apt install nodejs

2. Install the Wazuh API:

sudo apt update
sudo apt install wazuh-api

3. Start and enable the Wazuh API service:

sudo systemctl start wazuh-api
sudo systemctl enable wazuh-api

Step 5: Install Wazuh Agent

The Wazuh Agent is installed on the endpoints to collect and send data to the Wazuh Manager.

1. Add the Wazuh repository on the endpoint machine:

curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | sudo apt-key add -
echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | sudo tee /etc/apt/sources.list.d/wazuh.list

2. Install the Wazuh Agent:

sudo apt update
sudo apt install wazuh-agent

3. Configure the Wazuh Agent to communicate with the Wazuh Manager:

sudo nano /var/ossec/etc/ossec.conf

Add or modify the <server> section:

<server>
  <address>IP_of_Wazuh_Manager</address>
</server>

4. Start and enable the Wazuh Agent service:

sudo systemctl start wazuh-agent
sudo systemctl enable wazuh-agent

Step 6: Accessing Wazuh Dashboard

1. Open your web browser and navigate to http://<your-server-ip>:5601.
2. Configure the Wazuh plugin in Kibana by navigating to the Wazuh app in the Kibana sidebar.

Interesting Packages and Extensions

1. Wazuh App for Splunk: Integrate Wazuh with Splunk for advanced data analysis.
2. Wazuh Docker: Run Wazuh in a containerized environment for ease of deployment and scalability.
3. Suricata: Use Suricata for network monitoring and integrate it with Wazuh for comprehensive security monitoring.
4. Grafana: Combine Grafana with Wazuh for enhanced visualization capabilities.

Conclusion

Wazuh is a powerful and flexible security monitoring platform that provides a wide range of features to enhance your organization’s security posture. By following this guide, you can install and configure Wazuh on Ubuntu, enabling you to detect threats, monitor system integrity, and ensure compliance effectively. Whether you’re a small business or a large enterprise, Wazuh offers the tools you need to protect your systems and data.

The post Understanding Wazuh: Installation and Configuration on Ubuntu appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

Creating your own Network Attached Storage (NAS) system at home using Ubuntu is an excellent way to store, manage, and share your data efficiently. This guide will walk you through the process step-by-step, from setting up the server to installing useful packages that can enhance your NAS experience.

Why Set Up a NAS?

A NAS system provides centralized storage for your home network, allowing multiple devices to access and share files seamlessly. It can be used for backups, media streaming, file sharing, and more, making it a versatile solution for your data needs.

Prerequisites

Before you start, ensure you have the following:

• A computer with Ubuntu installed (preferably the server edition for a minimal footprint).
• A stable home network.
• Storage drives (HDDs or SSDs) for data storage.
• Basic knowledge of using the terminal and Ubuntu commands.

Step-by-Step Guide to Setting Up Your NAS

1. Install Ubuntu Server

If you haven’t installed Ubuntu Server yet, download the latest version from the official website and follow the installation instructions. Ubuntu Server is recommended for NAS due to its lightweight and headless configuration.

2. Update Your System

Before setting up your NAS, ensure your system is up to date:

sudo apt update
sudo apt upgrade

3. Install and Configure Samba

Samba is a software suite that provides file and print services to SMB/CIFS clients. It is essential for creating a NAS that is accessible from Windows, macOS, and Linux systems.

Install Samba:

sudo apt install samba

Edit the Samba configuration file to set up your shares:

sudo nano /etc/samba/smb.conf

Add the following configuration at the end of the file:

[NAS]
   path = /path/to/your/share
   browsable = yes
   writable = yes
   guest ok = yes
   read only = no

Replace /path/to/your/share with the actual path to your storage directory. Save and exit the editor.

Create the shared directory and set permissions:

sudo mkdir -p /path/to/your/share
sudo chown -R nobody:nogroup /path/to/your/share
sudo chmod -R 0775 /path/to/your/share

Restart the Samba service:

sudo systemctl restart smbd

4. Install Webmin for Easy Management

Webmin is a web-based interface for system administration for Unix. It simplifies the process of managing your NAS.

Install Webmin:

sudo apt install wget
wget -qO- http://www.webmin.com/jcameron-key.asc | sudo apt-key add -
sudo add-apt-repository "deb http://download.webmin.com/download/repository sarge contrib"
sudo apt update
sudo apt install webmin

Access Webmin by navigating to https://<your-server-ip>:10000 in your web browser. Log in with your system credentials.

5. Install and Configure FTP Server

For additional file transfer capabilities, you can install an FTP server like vsftpd:

sudo apt install vsftpd

Edit the vsftpd configuration file:

sudo nano /etc/vsftpd.conf

Make the following changes to enable local user login and write permissions:

write_enable=YES
local_enable=YES

Restart the vsftpd service:

sudo systemctl restart vsftpd

6. Set Up Network File System (NFS)

NFS is another protocol that allows file sharing over a network. It is particularly useful for Linux systems.

Install the NFS server:

sudo apt install nfs-kernel-server

Edit the exports file to define the directories to be shared:

sudo nano /etc/exports

Add the following line:

/path/to/your/share *(rw,sync,no_subtree_check)

Apply the changes:

sudo exportfs -a
sudo systemctl restart nfs-kernel-server

7. Install Plex Media Server

For those interested in media streaming, Plex Media Server is a fantastic package that allows you to stream your media to various devices.

Install Plex Media Server:

wget https://downloads.plex.tv/plex-media-server-new/1.22.0.4163-8c9e2bfb3/debian/plexmediaserver_1.22.0.4163-8c9e2bfb3_amd64.deb
sudo dpkg -i plexmediaserver_1.22.0.4163-8c9e2bfb3_amd64.deb

Access Plex by navigating to http://<your-server-ip>:32400/web and follow the setup instructions.

8. Set Up Backup Solutions

To ensure your data is safe, set up regular backups using tools like rsync or duplicity. For instance, to back up your NAS data to an external drive using rsync:

rsync -av --delete /path/to/your/share /path/to/backup/location

Interesting Packages to Enhance Your NAS

1. Nextcloud: A self-hosted file sync and share platform.
2. Transmission: A BitTorrent client that you can use to download files directly to your NAS.
3. Docker: To run containerized applications on your NAS.
4. OpenVPN: For secure remote access to your NAS.

Conclusion

Setting up a NAS using Ubuntu at home is a rewarding project that provides you with centralized storage, media streaming, and easy file sharing capabilities. With tools like Samba, Webmin, Plex, and various other packages, you can customize your NAS to suit your needs. Follow this guide to transform your Ubuntu server into a powerful NAS solution, making your data management efficient and accessible.

The post Setting Up a Network Attached Storage (NAS) Using Ubuntu at Home appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

The Genesis of Flipper Zero

The Flipper Zero was conceptualized and brought to life by the talented minds at Flipper Devices, a team passionate about empowering users with tools for digital exploration and security auditing. From its inception, Flipper Zero aimed to be more than just a gadget; it was designed to be a hacker’s Swiss Army knife, combining numerous functions into a single, pocket-sized device.

Enter the Unleashed Firmware

While the stock firmware of the Flipper Zero provided users with a range of features, the true magic began when the community embraced the concept of custom firmware. The Unleashed Firmware, developed by a dedicated group of enthusiasts and led by visionary developers, opened up a world of possibilities for the Flipper Zero.

Advantages of Unleashed Firmware

1. Expanded Functionality: The Unleashed Firmware significantly expands the capabilities of the Flipper Zero, adding new tools and features that enhance its utility for both professionals and hobbyists. From advanced networking functions to additional security testing tools, the Unleashed Firmware transforms the Flipper Zero into a powerhouse of exploration.
2. Customization: One of the most significant advantages of the Unleashed Firmware is the ability to customize the device to suit specific needs and preferences. Users can tailor the functionality of their Flipper Zero to align with their unique requirements, whether they’re conducting penetration tests, reverse engineering hardware, or simply tinkering for fun.
3. Community Support: The development of the Unleashed Firmware has fostered a vibrant community of users and contributors, united by their passion for exploration and innovation. This community-driven approach ensures ongoing support and updates, keeping the Flipper Zero relevant and adaptable to emerging challenges in the cybersecurity landscape.
4. Educational Resource: Beyond its practical applications, the Flipper Zero with Unleashed Firmware serves as an invaluable educational resource for aspiring hackers and cybersecurity professionals. By providing access to powerful tools and a platform for experimentation, it empowers users to learn and grow their skills in a hands-on environment.

The Future of Flipper Zero

As the Flipper Zero continues to evolve and adapt to the ever-changing landscape of cybersecurity, one thing remains certain: its potential is only limited by the imagination of its users. With the Unleashed Firmware leading the charge, the Flipper Zero is poised to remain at the forefront of hardware hacking and security exploration for years to come.

In conclusion, the development of the Unleashed Firmware has transformed the Flipper Zero from a remarkable device into a true game-changer in the world of cybersecurity. By expanding its capabilities, fostering a vibrant community, and serving as an educational tool, the Flipper Zero with Unleashed Firmware embodies the spirit of innovation and exploration that defines the hacker culture.

The post Unleashing Potential: The Flipper Zero Firmware Revolution appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

#modprobe ip_conntrack

and put ip_conntrack on /etc/modules

The post Squid Proxy – clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) failed: (92) Protocol not available appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.

kern.ipc.maxsockbuf=4194304
kern.ipc.somaxconn=2048
kern.ipc.nmbclusters=2048
net.inet.tcp.rfc1323=1
net.inet.tcp.win_scale_factor=4
net.inet.tcp.sockthreshold=16
net.inet.tcp.sendspace=1042560
net.inet.tcp.recvspace=1042560
net.inet.tcp.mssdflt=1448
net.inet.tcp.msl=15000
net.inet.tcp.always_keepalive=0
net.inet.tcp.delayed_ack=3
net.inet.tcp.slowstart_flightsize=20
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
net.inet.icmp.icmplim=50

The post Mac OSX Network Stack Tweaks appeared on Hamradio.my - Amateur Radio, Tech Insights and Product Reviews by 9M2PJU.