Today I’m taking a deep dive into the Thread protocol! Based on IEEE 802.15.4, Thread is a mesh networking protocol designed to balance the needs of small, battery powered Internet-of-Things devices with the ability to communicate directly on The Internet. By leveraging IPv6 and 6LoWPAN, Thread is able to finally bring these automation networks into the land of the Internet Protocol, where interoperability thrives. I walk through the setup of an OpenThread Border Router, OpenThread daemon for end devices, and compile the OpenThread Radio Co-Processor for a Nordic Semiconductor NRF52840 dongle, one of the cheapest ways to get started with Thread.

Today I’m trying to understand if Wireguard really is over-hyped, if OpenVPN is really worth all the hassle to get the user-side features like client authentication and two factor, and if IPSec has any place in the modern VPN landscape. Specifically, looking at traditional ‘road warrior’ or client access VPNs, where all of your users are dialing in to your enterprise network, not the new-fangled mesh VPNs or zero trust setups.

One of the challenges of running Home Assistant in a virtualized environment is the access to hardware radios. Home Assistant ultimately needs to bridge a ton of home automation networks, and most of these require some sort of USB / Serial dongle. You could have all of your dongles in your server closet and pass them through to the VM/container, but then you can’t migrate it across hosts. You could have one dongle for each host, I guess, but that doesn’t work for Z-wave where the entire network is stored on the dongle.

Today I’m diving in to the world of network access control! Being able to authenticate network devies plugged in to your switches is a great way to improve network security without resorting to unplugging or disabling every unused port on yout equipment. Now every switch port is universal, and will enable on demand based on what is plugged in. While I couldn’t go through the complete authorization part of the setup (mapping devices to VLANs), I’m planning on making a future video for that step.

Today I’m setting up a simple nginx proxy, so I can store updates used by my many Linux systems. Most of them run a derivative of Debian, so this guide focuses mostly on caching apt repositories (Debian, Ubuntu, Proxmox, and more), but the same approach should work with any distro. Install nginx I’m using a Debian 12 (Bookworm) unprivilaged LXC container, but this is basic nginx which should be in every distro ever.

Today I’m diving into Mutual TLS to securely expose my homelab services! TLS is already ubiquitous in the modern era, providing strong symmetric encryption, perfect forward secrecy, and a public chain of trust to authenticate the server. But, it also has a lesser known ability to authenticate the client. By creating our own certificate authority to issue certs to clients, we can securely authenticate them to the server, preventing other users from even hitting our web app and probing it for vulnerabilities.

In this episode, I’m playing with Single Root I/O Virtualization (SR-IOV) in Proxmox Virtual Environment (PVE). I’ve heard ruomors that it will be anything from a minor to major improvement in IO performance for my VMs, so I wanted to do some testing on my own system to be sure. Please don’t take my results as final, I’m not comfortable saying that I’ve removed all of the background tasks and load from the measurements.

In this post (and video) I’m going to setup Netconsole, so you can capture kernel panics and logs on headless systems. I know some of you are doing wild things with graphics drivers and passthrough, so hopefully this helps you debug them. Enable Now This option enables the module immediately, so you can use it before you do dangerous things. You Simply rebooting clears the setting, so you won’t continue to spam your kernel messages on the local network.

Since I like to image systems I’m testing, here’s the process I use to capture the boot drive of a bare metal system in Proxmox Backup Server. I start by booting into a Debian Live image (the small one without a GUI). Next, I install Proxmox Backup Client from apt packages: #Run as root sudo bash #Add repo wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg echo "deb http://download.proxmox.com/debian/pbs-client bookworm main" > /etc/apt/sources.list.d/pbs-client.list #Install PBS apt update apt install proxmox-backup-client -y After that, I set the environment variables for the backup client (I have a doc I can copy/paste from into my USB KVM):

So, while I was on vacation, my Proxmox Backup Server boot drive failed! No problem, I take backups of the server itself …. onto the backup server. So in this video, I’m going to start from a clean PBS install, mount my intact backup pool, and then restore the PBS configs out of the backup. Video Restoring the Datastore First, we need to mount the data disks. In my case, they are a zfs pool named backup, so we use zpool import -f backup to import the pool.