Mikelius

Not much for myself, like many others. But my backups are manual. I have an external drive I backup to and unplug as I intentionally want to keep it completely isolated from the network in case of a breach. Because of that, maybe 10 minutes a week? Running gentoo with tons of scripts and docker containers that I have automatically updating. The only time I need to intervene the updates is when my script sends me a push notification of an eselect news item (like a major upcoming update) or kernel update.

I also use a custom monitoring software I wrote that ties into a MySQL db that’s connected to with grafana for general software, network alerts (new devices connecting to network, suspicious DNS requests, suspicious ports, suspicious countries being reached out to like china, etc) or hardware failures (like a raid drive failing)… So yeah, automate if you know how to script or program, and you’ll be pretty much worry free most of the time.

Plus 1 to openvas. UI is indeed horrendous though.

Be careful running high load tests against sensitive devices. I once ran it against a PoE switch I used for my cameras and it did something so crazy that it required me not to only power cycle the switch, but to disconnect all the cameras first and then power cycle. Was super confusing and felt like it found a way to short the device lol. Scared the hell out of me.

That being said, I’ve found many many things to improve on my devices thanks to openvas.

If you have a pi or Linux box, try setting it up as a syslog server. Then tell opnsense to use that for forwarding logs to. Doesn’t guarantee you’ll see what went wrong, but maybe it’ll help.

I’m not sure opnsense has journalctl or something similar, but that would be a good place to look for some history, too.

Okay hopefully attaching images work on this app, never tried on Lemmy lol. I blocked the domain on my network firewall and then unblocked it from the DNS to confirm… and yes, the latest rustdesk appimage still calls out. I guess my memory of trying to disable the relay server was to try and force it to localhost in the settings. Could have swore there was a checkmark setting in there, but maybe that was some other software. The fields are default blank I believe.

However… I just tried to put 127.0.0.1 in ALL the fields (unlike the screenshot, which was when I checked what I had in there before), and it appears to now to call localhost. Either I goofed before, or it was fixed recently, because I am pretty sure I did try that before. It doesn’t get you around the very first call made when running the software of course… Opt out, not opt in, lol. But hey at least it’s possible now? I just tried on mobile and it worked there to when filling everything in with 127.0.0.1.

Noticed it with the android install (via fdroid) and I think I had the appimage on Linux (not at my machine to check, so going by my memory). I connected to a windows machine that had no internet connectivity so can’t speak to the windows installs working and ignoring relays or not, but Linux and android do phone the relay servers at least. I’ll see if I can pull some screenshots or details tomorrow when I get a moment! I’ll update the appimage too just in case (since I only validated the DNS call being made on my phone yesterday)

Either way, if I had to choose between it and TeamViewer for what I use it for, Rustdesk is still a clear winner lol.

If you have a custom DNS, be sure to block all the relay domains they use and block the respective ports from external access. Even if you disable the settings to avoid relays, they don’t acknowledge them and continue to try and phone home somewhere. Just checked the latest version on my phone, which has no relay setting configured, before commenting on this and sure enough, still true. Just logged an entry to rs-ny.rustdesk.com on my DNS, which of course was blocked. Desktop app has an option to disable them if I recall, but it never worked for me.

That out of the way, it is a very good local network software for remote access. Way faster than the alternatives I’ve tried.

Gentoo!

This post may have crashed Voyager twice… Once when scrolling by it, again when trying to reply. I don’t know why I can reply now.

Edit: lol I know why. My app auto updated at the same time I clicked reply. Perfect timing. Scrolling crash still unexplained though.

Is wireguard hosted on opnsense, or an internal device that the port is being forwarded to?

If it’s on opnsense, be sure you route outgoing traffic on that port over the correct gateway, possibly even an extra rule to be sure the proper reply-to is set. Opnsense used to do the gateway routing configuration automatically, but once wg got added to the kernel, you’re now required to manually specify the gateway in your rules for it to work properly.

Also, if you see zero packets, then as others mentioned, try a different mtu. Some service providers (mobile, and even hotels) try to block all VPN traffic altogether and they do this by measuring the mtu of the packets. A little tweaking might get it to work, although I’d expect this to have held true for the VPS too, honestly.

Use -F so you can keep getting those live reports even after the forest you’re watching vanishes