For a while now I’ve been looking at travel routers, in order to have something small and portable I can bring with me wherever I go. After some research, I ended up purchasing a GL-iNet Opal (GL-SFT1200) Travel Router. The device seems to tick all the boxes for my requirements, including WireGuard VPN and DNS encryption
Back in 2018 I outlined My Pi-Hole Setup and while the setup is still mostly the same some things have naturally evolved from there. That being said, Pi-Hole has been rock solid for all these years, and is still my main go-to for blocking ads and trackers from my home network devices. Since that post from 2018, I have done a few changes.
Since baselines are deprecated in vSphere version 8 and baselines are restricted to only VMware-provided content after ESXi 7.0.3 Update P I helped one of my customers to move over to image based updating via vLCM. This has not gone by without any issues as mentioned in my previous post.
This time I was updating a 7.0.3 installation of ESXi to Update Q and got stuck on a driver issue that I had not seen before: “Downgrades of manually added component Mellanox Native OFED ConnectX-3 Drivers (3.19.70.1) in the desired ESXi version are not supported”.The content catalog for VMware Explore 2024 Barcelona is now live! Scheduling will open on the 24th of September 2024, but you can start favouriting sessions now for easy access.
I was updating one of my customer’s environment to vCenter 8.0 Update 3a today and was moving from the old vSphere Update Manager Baselines over to image based updating via vSphere Lifecycle Manager (vLCM), but the compliance check stopped at 30% for some reason.
Microsoft has caused some noise today with CVE-2024-37085, which explains a well known feature in vSphere. A feature that has been available since vSphere 5.1 came out in September 2012 (no, that is not a typo, it is in fact 12 years old!). The feature in question is that if an ESXi host is joined to an Active Directory domain, it will by default look for an AD security group called ESX Admins and grants every member of that security group root access to the host.
VMware by Broadcom recently published a blog post called Where did my VMware Security Advisories go? outlining the location changes for the VMware Security Advisories (VMSAs), making clear that from May 6th 2024, they are moved to the Broadcom Support Portal.
While this was anticipated as part of the content transition following the acquisition, it was not anticipated that the VMSAs would be moved into a walled garden that required a login. While it was free to create an account, and get access to the advisories, this was a move that caused some uproar and controversy.Thankfully VMware by Broadcom has reconsidered the login requirement, and the advisories are again easiliy accessible for everyoneIn a new blog post by Broadcom CEO Hock Tan VMware by Broadcom promises that they will continue to provide security updates for VMware vSphere and other products for all customers who are running the old perpetual licenses, even if those customers don’t transition to the new subscription based license model.
In my work lab environment, we have a need to share passwords and other login credentials among the team who uses it. Recently we decided to try out using Vaultwarden for this purpose. Linuxiac.com has a great guide on setting up Vaultwarden with Caddy, with Docker Compose, but this particular setup relies on Let’s Encrypt SSL certificates. Let’s Encrypt is great, but requires some online presence, which we don’t want for this environment. In addition that we have an internal Microsoft CA based PKI infrastructure that we wanted to use for this purpose.
It was finally time to replace my old UniFi Security Gateway (USG) 3P with it’s shiny new brother, the Gateway Lite (UXG-Lite). The USG 3P has served me well over the last 5 or so years, but as the new UXG-Lite promises better throughput especially when enabling IDS/IPS it was time to replace it. In addition to the routing performance improvements, the UXG-Lite also offers WireGuard VPN support out of the box, which will allow me to get rid of my old L2TP VPN setup.
This is how I migrated my entire home network from the USG-3P to a new UXG-Lite, with minimal downtime.
vNinja.net is the digital home of Christian Mohn and Stine Elise Larsen.
The primary focus is on IT architecture and data center technologies like virtualization and related topics, but other content also pops up from time to time.