Server Consolidation

I spend a fairly large amount of time browsing /r/homelab because I, at one point, had a rudimentary “home lab” set up. It wasn’t anything fancy, mostly because back in 2003 or 2004 server virtualization wasn’t a big thing, as far as I can tell. It was mostly a firewall and single whitebox server with a couple of other desktops or laptops. Certainly not anything to really be super proud of, but it was my local server, so it was cool.

Fast forward a decade or so and I learned that people were buying or building servers to run the free version of VMware ESXi with which they’d build a mini datacenter. I started musing on the feasibility of setting one of these up. At that point, I didn’t really have any suitable hardware, so I shelved the idea temporarily but kept reading /r/homelab because the idea fascinated me.

A former coworker of mine gifted me with a Supermicro X8DTL-iF motherboard last October, and in the time since I replaced the CPUs it had with a pair of Xeon E5620s and upgraded it to 48GB of RAM. Right now the machine runs FreeBSD and serves as little more than a fileserver with two VMs running in bhyve: a VPN-connected downloader, and a CrashPlan host. It serves its purpose but isn’t nearly using all the available resources. Enter my mind. I picked up a IBM ServeRAID M1015 SAS RAID card, crossflashed it to be a LSI 9211-8i SAS HBA, and have the necessary breakout cables on the way, along with 4 SSDs and a mobile rack for those.

The plan is to back up /home from the current FreeBSD install, destroy the ZFS array, and migrate the 6 500GB drives to the LSI controller, attach two of the four SSDs to the LSI controller as well, and attach the other two to the onboard SATA ports, with ESXi booting off a USB drive plugged into the connector on the motherboard. Once this is done, I’ll pass the LSI controller through to a FreeNAS VM like Ben Bryan did. Thanks for the great guide, Ben!

After that’s done, I’ll migrate my ham radio machine along with the aforementioned bhyve VMs to VMware, likely having to rebuild these from scratch, which isn’t a big deal at all, just time consuming.

This should be a ton of fun and give me a good platform to build from as I have 8 hyperthreaded cores and quite a bit of RAM!

We’re Back! With Radio Fun!

Hi there! This is a landmark first post in almost four years here on!

Today we’re diving into the realm of amateur (ham) radio and Linux, specifically how to set Arch Linux up as both an APRS I-Gate and a dual-band D-STAR hotspot using the G4KLX software compiled from source.

Assuming you don’t have Arch installed, take a look at their spectacular Beginners’ Guide. Once you have the machine set up, head back over here.

You will need to add a non-root user to complete this task. Once that’s done, it’s time to do some fun things.

In order to add software you have to be logged in as root, so use that to get the framework built up by inputting the following command on one single line:

# pacman -S git tigervnc sudo openssh wxgtk portaudio libusb webkitgtk webkitgtk2

After this use visudo to add your user to the sudo permissions by adding a line similar to the following:

<user> ALL=(ALL) ALL

which will require password entry to execute the command. If you wish for passwordless sudo change the final “ALL” to “NOPASSWD:ALL”. Once this is complete, log out from root and log into the user account.

The first order of business is to get XASTIR installed for APRS. Issue the following commands to prepare the environment:

git clone
git clone
git clone

I added the OpenDV github repository to the end there to prepare for the next step.

To complete the installation of XASTIR, type cd libax25 then type makepkg -sri to install the AX.25 library, which is a dependency of XASTIR. After that, type cd ../xastir to enter XASTIR’s folder. Repeat makepkg -sri to install XASTIR.

Now it’s time for D-STAR. If you are still in the “xastir” directory, type cd ../OpenDV/ to enter the OpenDV repository clone. The first piece of this software suite you should install is ircDDBGateway, so type cd ircDDBGateway and follow it up with ./configure && make and sudo make install once it’s finished building. After installation, type cd ../DStarRepeater and repeat ./configure && make and sudo make install.

The OpenDV suite does something a bit odd now with log files and configuration. Both are put with a prefix of /usr/local, so it is necessary to create folders and change ownership. Use sudo su - to become root and execute the following commands:

mkdir /usr/local/etc/opendv
chown <user>:<user> /usr/local/etc/opendv
mkdir /usr/local/var
mkdir /usr/local/var/log
mkdir /usr/local/var/log/opendv
chown <user>:<user> /usr/local/var/log/opendv

This will set appropriate permissions for the installed software. Why the team did this change I have no idea.

With this, it’s time to select a window manager or desktop environment. I personally like the tiling window manager i3, though there are many many choices. A second choice would be LXDE. Both are available in Arch’s repository. I won’t cover installation of these as this is personal preference and covered quite well by the ArchWiki.

My personal recommendation for a relatively inexperienced user is to use LXDE as it resembles Windows in many ways. Use the “Run” command to start ircddbgatewayconfig to configure ircDDBGateway and dstarrepeaterconfig to configure DStarRepeater. If you have more than one DVAP or GMSK Board, you can use the configuration as dstarrepeaterconfig B for example.

Now the base system for D-STAR is built, and you can launch the software. Run ircddbgateway and dstarrepeater however many times you need to, and enjoy D-STAR!

Moving right along to XASTIR. It is far simpler: simply launch xastir from “Run” and configure it. It is reasonably straightforward.

That is it! While it’s not as “easy” as getting a Raspberry Pi image for D-STAR or installing XASTIR from Ubuntu’s repositories, it is very much more fun in my opinion. For one thing, the system is not nearly as heavily laden with “unnecessary” packages, so it needs far less memory to run. Secondly, as it is built from the most recent sources, it will usually have more features than a premade image. Finally, as it’s not a premade image, it will have a (hopefully) unique login and password for the account running the software. This is especially vital if used on any sort of public network, cellular included.

Photoblog 2


Looks like autumn to me!

Photoblog Post #1

NS 7083 backing up!

Scaling Back

Every year I’ve looked at Anime Weekend Atlanta as more than a chance to hang out with friends from out of town because of the rather unique situation having several laptop wielders in the same hotel room can present. Therefore, I come up with all sorts of hair-brained network schemes to get everyone online from the same connection, be it the wired connection in the hotel room or using a Yagi antenna to grab free WiFi from the lobby thru skylights or the floor. Last year’s was probably the most amusing: a Clear WiMax USB card plugged into a Cradlepoint router, connected to a normal wireless router with a Yagi antenna pointed downstairs to con ops where another router with a high-gain vertical antenna received the signal which was then repeated by a fourth router with an even higher-gain vertical. It was as insane as you can imagine!

This year, however, I’ve decided to just be “normal” and scale everything back to a reasonable level: I’ll use my T-Mobile 3.75G card with the aforementioned Cradlepoint for the precious little time I plan to spend in the hotel room.

It’s fortunate, as it saves a lot of room because I won’t be dragging a 16x16x10 or 20x20x12 box with stuff in it with me.

Guess I’m getting old. ;)

The AWA Post, Ver.XVI

It’s been a week since I returned from Anime Weekend Atlanta 16, so I figure it’s time to make the yearly post about the con.

Play-by-play begins here↓

Thursday, September 16:

I woke up a lot earlier this year than the previous years, excepting the two years I worked on Thursday, mostly because I needed to track down our air compressor to insure my tires were inflated full. Only one of them needed it, so I departed the house around 11:00 to run by Micro Center to grab yet another USB IDE enclosure (because one can never have too many) before grabbing lunch and heading to the airport. I hit the Chick-fil-A on US 78 that some of my high school classmates used to work at around noon then proceeded onwards to Hartsfield-Jackson Atlanta International Airport to pick up my friends who were flying in.

We arrived in Cobb around 3 and checked into the Embassy Suites Galleria Atlanta, our chosen hotel for the weekend. I set up the aircard then headed over to conspace to assist with the setup of communications. Once the majority had been done, the three of us meandered over to Cumberland Mall for dinner, then on the way back to the room, I stopped by registration and got my con bag, as I had used the Early Start service to get my badge ahead of time.

Once we had returned to our hotel room, we did the usual playing of games and chilling until the early hours of the morning. Thus ended “Day 0.”

Friday, September 17:

Running theme of this convention: my waking up earlier than required. Realized I forgot my deodorant, and one of my friends needed to pick up a new hard drive, so we meandered up to the Marietta Micro Center for him to grab that, and as we had had some connectivity issues, I picked up a cheap wireless router to throw in line. After that we were going to get lunch at Umezono Japanese Restaurant, but they were not open yet, so we hit Walgreen’s, returned to the hotel so I could apply said destinkifier, and by the time we had returned up 41 to Umezono, they were open. Their menu is the same as Sushi Yoko’s, so I had my usual gyūdon (beef bowl). After lunch, we headed into the convention. We hit the dealer’s room, and upon discovering a distinct lack of Sasuga Books, who I later found out are closed, and one or two of the vendors with import games either not having what I was hunting or having crazy high prices, we meandered back to the other part of the con. One major find was Pokémon Black and White, Japanese edition of course, on release weekend in the US. But for $70, I opted against buying either. After just milling around for a while we returned to our hotel for the nightly Manager’s Reception. Not long after that two of my other friends joined us and the usual crew was assembled. Evening was rounded out with even more gaming and proceeding to decimate my aircard’s 5GB of 3.75G by transferring a 1.4GB video from my desktop, among other things. Oops. Good thing it’s overage free!

Saturday, September 18:

Woke up early yet again. What is wrong with me. Actually sat in on a screening today, catching the tail end of Royal Space Force: The Wings of Honneamise and the movie version of Gunbuster. After this we milled around the con again and did another few walkthroughs of the dealer’s room. I picked up the box sets of Hidamari Sketch and Hidamari Sketch x365. Rounded the day out with the reception and caught dinner afterwards.

Sunday, September 19:

Up early, but with good reason this time. Sat in on MX Media’s panel then caught lunch at the mall and made one final once-over of the convention before heading back to the room to hang out until the reception. Got dinner at the hotel’s restaurant then went back to the room to play horrible horrible horrible NES games for most of the night. We did try an all-white mage game of Final Fantasy but quickly gave up.

I crashed the earliest of us but woke up ill not too long afterwards. Apparently dinner and what I had to drink didn’t agree with me at all.

Monday, September 20:

I woke up waaay early today and spent a good bit of the early morning in the bathroom. Didn’t feel well at all, so upon departing the hotel around 11, I decided to just take my friends to the airport so I could get home and get some plain food into my system. I headed back to Gwinnett and stopped in at one of the other in-town friends to drop off the extra food we had and hang out for a little while. Discussed next year’s plans then I finally returned home, fixed some plain rice, and sat in my chair and took a power nap. I was better by the next day, but I definitely will be more careful with my intake of drinks next year.


1. When heat is in effect, waiting forever for an elevator or climbing lots of stairs > walking a quarter mile.
2. Drink less.
3. Get back in the Waverly if at all possible.

One funny tidbit: the escalators in the Waverly’s lobby worked all weekend. All of us were in extreme shock.

This year’s convention was underwhelming at best in terms of stuff to do at the convention proper, but as always, it was a good distraction from reality for a few days. I’m considering going ahead and preregistering for next year, but until the convention announces availability of rooms in the Waverly, I might just wait. I think I’ve got my group convinced to return to the Waverly, and I’m plotting some network tricks to try.

But hey, it’s a year away, and a lot can change between now and then, so we shall see.

The Importance of VPN Tunnels

DEF CON was this past weekend, and in usual fashion, the staff of the convention had projected onto a screen the “Wall of Sheep”: a list of usernames and obfuscated passwords that were transmitted in the clear on the convention’s wireless network. As DEF CON has doubtlessly the most hostile wireless network ever seen, ensuring that all transmissions are conducted in a secure fashion is paramount at this particular convention.

With the proliferation of publicly accessible wireless networks, one must be certain to use caution when checking things such as email. Some email providers have SSL enabled, so that solves that problem, but what about unencrypted web page logins, like forums? How does one secure these?

My solution to secure all traffic uses OpenVPN, a freely available VPN solution that works on pretty much any operating system. I won’t go into excessive detail in this post, but it is actually fairly easy to set up. My first brush with it was when I ran IPCop on my router machine. The OpenVPN add-on for IPCop, ZERINA, generates configuration bundle zip files that make connecting simple. Setting up one from scratch isn’t much more difficult, but it can be time-consuming to set up properly.

OpenVPN works great for a temporary tunnel, but for something more permanent, IPsec is a better choice as it requires less CPU overhead. The configuration of IPsec is beyond the scope of this post, however.

I’ll write a follow-up to this in the next few days explaining my setup, but for now know that if you’re going to be using an open, unencrypted wireless network, be aware that passing cleartext passwords can be a very perilous mistake.

eeeRouter Online!

Well, I had pfSense working for a wired interface, but once I enabled the wireless interface and a client connected to it, the machine hardlocked. I am not one to be defeated by technology, so I dug out my IPCop install disc and attempted to load that on instead. Sadly IPCop 1.4 does not have support in the installer for the wired connection, so I gave the new beta a try. It works! I had to give the proper INIT string for the aircard and find a working version of WLAN-AP, but once all that was done, I was able to connect both wirelessly and wired.

I am all set to go for the not so distant future!

Netbooks as Routers

In my last post I talked about building an alternative to Cradlepoint’s routers, and as I’ve decided to use my Dell Mini 10v for my “carry” netbook, I’m looking at what to turn my Eee PC 901 into.

The most obvious choice I’m seeing is loading pfSense on it and using it as a prototype for the embedded router project. It meets the criteria for it: USB ports, a single ethernet port, and a supported wireless card. Having a keyboard and screen is a good benefit for configuring the interfaces.

This will make the transition to the embedded setup easier once I get the pieces for that as the netbook has the same concept as the embedded board, just with more RAM and a faster CPU. One other major boon is a battery for a rudimentary UPS. The 6-cell battery included with the Eee PC 901 offers about 6 hours of run time.

This all hinges on my aircard being supported by the current pfSense 2.0 betas. If it’s not, well, I’ll need to do manual configuration with FreeBSD 8.1-RELEASE. Either way, it should be quite fun!

Building a Better Cradlepoint

A random search of “T-Mobile Rocket Linux” on Google retrieved a post showing how to make the T-Mobile webConnnect Rocket Stick HSPA+ device work in Linux. This is relevant because as of June 17, the Atlanta metro area has HSPA+.

In my adventures with embedded computing, I’ve come across the PC Engines ALIX boards. These are slightly less expensive than Soekris’ and similarly capable. Their alix2d13 board has 3 LAN ports and 2 USB ports. pfSense 2.0 is currently in beta, and as it is based on FreeBSD 8-RELENG (future 8.1), it should have support for my UMG-181.

The article on making the Rocket Stick work in Linux showed its device ID: its device ID also exists in /src/sys/dev/usb/serial/u3g.c in FreeBSD 8-STABLE. As development on FreeBSD 8.1 continues, it may indeed be functional when 8.1-RELEASE is out.

Needless to say, I put a plan together. An alix2d13 equipped with a wireless card, loaded with pfSense 2.0 or similar, and paired with a USB aircard is the same concept of Cradlepoint’s WWAN routers. It also has the flexibility and extensibility of pfSense and the bonus of being open-source.

From the looks of things, the whole setup will run just under $200. I should be able to squeak this into my budget later on this year, maybe.

My tests of T-Mobile’s upgraded network with my UMG-181 have produced results as high as 4Mbps. My home DSL connection is 6Mbps for comparison. I do believe that I will have sufficiently fast access at this year’s hamfests and at conventions for sure. Now to implement this new project.