Category Archives: Blog

Main blog category, I’m too lazy to manage multiple categories so this blog has only one category.

How to Rebuild a RAID 1 Setup (WD My Book Duo) on macOS, the Right Way

This guide will talk about rebuilding a failed RAID 1 disk with WD My Book Duo on macOS, it should also works on Thunderbolt Duo or other RAID 1 setup.

Many other guides only tell you how to replace the whole two disks without restoring / rebuilding data for this common situation:

In a common case, your RAID 1 setup could fail with only one defective disk, while the other is online. If you see this status on your macOS:

  1. Buy a brand new disk, same size and model as your failed disk.
  2. Reboot your mac in recovery mode, this step is very important to make sure your disks are not used by macOS.
  3. In recovery boot, open Disk Utility.
  4. Rename your RAID set, for example if your RAID set is External-Raid, rename it to something like External-Raid-Rebuild or just some names different than your original, this is the most important step to make sure your RAID set wouldn’t be using after entering macOS system.
  5. Restart your system in normal mode.
  6. Login to your system, then open Disk Utility, congrats, you will see the new disk is now rebuilding.

Other notes:

  • Restraint editing/adding/removing files on your RAID set while rebuilding.
  • The rebuild process could take hours depends on your disk size (10-20 hours for a 4 TB + 4 TB RAID 1 setup).
  • After the rebuild complete, you can rename your RAID volume name back to original.

This is not the only way to rebuild your RAID with a failed disk. According to WD documentation, you can power on your My Book Duo without connecting to macOS (remove the thunderbolt cable), then the My Book Duo should rebuild it automatically. However, it’s really hard to know when the rebuild process will finish, there’s no special indicator status for this situation, so I prefer rebuilding in macOS. This could be the best method for me.

Download 4k or 1080p Videos via youtube-dl

$ youtube-dl https://youtu.be/LB_X_GgNXMM -F

Output:

youtube: LB_X_GgNXMM: Downloading webpage
youtube: LB_X_GgNXMM: Downloading video info webpage
[info] Available formats for LB_X_GgNXMM:
format code  extension  resolution note
249          webm       audio only DASH audio   56k , opus @ 50k, 201.84KiB
250          webm       audio only DASH audio   71k , opus @ 70k, 267.21KiB
140          m4a        audio only DASH audio  127k , m4a_dash container, mp4a.40.2@128k, 547.96KiB
171          webm       audio only DASH audio  131k , vorbis@128k, 547.52KiB
251          webm       audio only DASH audio  135k , opus @160k, 534.35KiB
160          mp4        256x144    144p   69k , avc1.4d400c, 24fps, video only, 221.40KiB
278          webm       256x144    144p   95k , webm container, vp9, 24fps, video only, 387.03KiB
242          webm       426x240    240p  186k , vp9, 24fps, video only, 623.64KiB
133          mp4        426x240    240p  213k , avc1.4d4015, 24fps, video only, 618.98KiB
243          webm       640x360    360p  416k , vp9, 24fps, video only, 1.29MiB
134          mp4        640x360    360p  440k , avc1.4d401e, 24fps, video only, 1.26MiB
135          mp4        854x480    480p  714k , avc1.4d401e, 24fps, video only, 2.08MiB
244          webm       854x480    480p  724k , vp9, 24fps, video only, 2.22MiB
136          mp4        1280x720   720p 1001k , avc1.4d401f, 24fps, video only, 3.06MiB
247          webm       1280x720   720p 1122k , vp9, 24fps, video only, 3.39MiB
137          mp4        1920x1080  1080p 1679k , avc1.640028, 24fps, video only, 4.86MiB
248          webm       1920x1080  1080p 1998k , vp9, 24fps, video only, 5.13MiB
17           3gp        176x144    small , mp4v.20.3, mp4a.40.2@ 24k, 348.19KiB
36           3gp        320x180    small , mp4v.20.3, mp4a.40.2, 962.59KiB
18           mp4        640x360    medium , avc1.42001E, mp4a.40.2@ 96k, 2.11MiB
43           webm       640x360    medium , vp8.0, vorbis@128k, 3.46MiB
22           mp4        1280x720   hd720 , avc1.64001F, mp4a.40.2@192k (best)
$ youtube-dl https://youtu.be/LB_X_GgNXMM -f 137+140

EdgeMAX EdgeRouter – L2TP IPSec VPN Server

Source EdgeRouter – L2TP IPsec VPN Server

Applicable to the latest EdgeOS firmware on all EdgeRouter models using CLI mode. L2TP setup is not configurable on web interface.

Enter configuration mode

configure

Configure the server authentication settings (replace with your desired passphrases).

set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <secret>

set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username <username> password <secret>

Define the IP address pool that will be used by the VPN clients.

set vpn l2tp remote-access client-ip-pool start 192.168.100.240
set vpn l2tp remote-access client-ip-pool stop 192.168.100.249

Define the DNS server(s) that will be used by the VPN clients.

set vpn l2tp remote-access dns-servers server-1 <ip-address>
set vpn l2tp remote-access dns-servers server-2 <ip-address>

Define the WAN interface which will receive L2TP requests from clients.

Configure only one of the following statements. Decide on which command is best for your situation using these options:

(A) Your WAN interface receives an address through DHCP

set vpn l2tp remote-access dhcp-interface eth0

(B) Your WAN interface is configured with a static address

set vpn l2tp remote-access outside-address 203.0.113.1

(C) Your WAN interface receives an address through PPPoE

set vpn l2tp remote-access outside-address 0.0.0.0

Define the IPsec interface which will receive L2TP requests from clients.

set vpn ipsec ipsec-interfaces interface eth0

(Optional) Lower the MTU for L2TP traffic.

set vpn l2tp remote-access mtu <mtu-value>

Commit the changes and save the configuration.

commit ; save

You can verify the VPN settings using the following commands from operational mode:

show firewall name WAN_LOCAL statistics
show vpn remote-access
show vpn ipsec sa
show interfaces
show log | match 'xl2tpd|pppd'

HTTPS on UniFi Cloud Key, with Remote Access Support, the Easy Way

You can try this method if you meet one of the following situation:

Requirements

  • A public IP to the internet (to access Unifi Security Gateway remotely)
  • A server running Nginx on public internet
  • A CA issued certificate

Set port forwarding for your Cloud Key

In general, you can access your Unifi Secuiry Gateway (USG) via your public IP (USG_IP), so in my method you need to forward your UCK management dashboard (UCK_IP:8443 by default) traffic to your public IP. it’s under Settings – Routing & Firewall – Port Forwarding. Enter your Cloud Key address IP as Forward IP, use default 8443 as Port and Forward Port. You can also limit from destination to your server IP for security best practice.

Setup Nginx proxy

Use the following Nginx configuration, please note that this is a simplified version.

server {
  listen                  80;
  listen                  [::]:80;

  server_name             unifi.example.com;

  return                  301 https://$server_name$request_uri;
}

server {
  listen                  443       ssl http2;
  listen                  [::]:443  ssl http2;

  # To avoid unreachable port error when launching dashboard from unifi.ubnt.com
  listen                  8443       ssl http2;
  listen                  [::]:8443  ssl http2;

  server_name             unifi.example.com;

  # Certificate
  ssl_certificate         /etc/nginx/ssl/unifi.example.com.crt;
  ssl_certificate_key     /etc/nginx/ssl/unifi.example.com.key;

  location /wss {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header CLIENT_IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_read_timeout 86400;
    proxy_pass https://USG_IP:8443;
  }

  location / {
    proxy_set_header Host $http_host;
    proxy_set_header CLIENT_IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_read_timeout 180;
    proxy_pass https://USG_IP:8443;
  }
}

Update DNS records

Point your unifi.example.com to your public IP, access it in your browser, everything now should works!

References

UniFi – Cloud Key Emergency Recovery UI – Ubiquiti Networks Support and Help Center

This article describes how to access the emergency recovery UI and recover a Cloud Key. From this UI you can reset it to factory defaults, reboot, shutoff and upgrade the firmware. To upgrade the firmware you will need a firmware binary for the UniFi Cloud Key.

Source: UniFi – Cloud Key Emergency Recovery UI – Ubiquiti Networks Support and Help Center

S/MIME for Apple Mail, The Right Way (DigiCert Version)

Install it on macOS:

  • Download cert bundle (.p7b) or individual certs (zipped) from DigiCert
  • Double click to install them on macOS Keychain Access

Install it on iOS:

  • Open Keychain Access, select category My Certificates
  • Right click and choose Export, select format .p12 (Make sure to export your cert into .p12, this will contain private key for iOS to send encrypted emails)
  • Email it with your individual certs (root CAs from DigiCert) and install them on iOS
  • Select this cert under email account settings