Fixed it. Thanks

My network is currently setup with wireguard. I have a VPS operating as a hub within a hub and spoke (or is it hub and wheel?) configuration. This has worked great with the exception that all traffic passes through the VPS. The benefit of a mesh network is that I can directly connect clients and data does not have to flow through an intermediary VPS.

Ideally I would be able to split tunnel around the vpn but I don’t have the option on mac

I tried to set up a nebula network but it seems like it has trouble when your hosts are behind a VPN service. The VPN must block the port or protocol the lighthouse is connecting with and I can’t figure out a way to bypass the VPN (at least on Mac split tunneling isn’t supported). I’m assuming you’re familiar with mesh networks…do you have any good youtube videos or resources you would recommend? The nice thing about VPN is it’s crazy simple to set up and seems to work with all types of system configurations. Nebula was pretty simple but seems like a pain to troubleshoot so far.

Thanks. That helped a lot. It gave me a good basis for some further googling.

It ended up that the Internal Clock of the hardware interface was deselected in alsamixer. Enabling it fixed the no audio issue.

For the channel remapping I tried a bunch of different config files until finally one actually managed to not be ignored. It’s absurd how many separate configuration files and sound settings menus exist for linux audio and there’s no guarantee the one your editing is even being used. An absolute mess IMO and it’s no wonder people shy away from linux for desktop purposes.

Funny enough, despite getting the channel remapping to work, it’s completely ignored unless you put pulseaudio -k into your user profile. And even now, because the remapped output device doesn’t show up on boot, it has to be manually set to the default output every login.

At least I have the right channels mapped though.

I love linux but god damn is it a hot mess for the simple stuff.

Funny you mention that. I was about to make a post about Nebula earlier. I learned about it through YouTuber apalrd a few months back and it seems perfect. I’m still trying to understand some of the complexities when utilizing a service that requires circumventing the mesh network for public access such as Nextcloud. I’ll probably make a post about this after I’ve done some more research. I think there’s some good discussion to be had about such a setup.

So each time I get shut down is during a large extended data transfer. I have my VPS server set up as a VPN hub that connects multiple servers. So typically when my traffic gets diverted to a black hole by DO, there was a consistent roughly 35MB/s inbound/outbound vpn traffic stream for 4-5 hours going through the VPS. My server gets shut down for 3-4 hours and I get a email notice that my server was under a massive DDoS attack and they diverted traffic to a black hole. I always respond informing them that it’s not a DDoS and explain the situation. They typically respond with “Utilize a service like Cloudfare which has DdoS protection”.

I’ve been really happy with them as a provider otherwise but this is a dealbreaker for me.

Thanks. I actually selfhost my backup server. So I’m not backing up to a VPS. I use the VPS as a hub in a hub and wheel configuration to connect multiple servers (including a dedicated backup server).

I appreciate your insight. That’s good to know. My journey into self hosting started with searching for alternatives to google products so I’m naturally hesitant to touch anything under their umbrella.

That’s pretty decent. I tried speed testing some other recommendations and I was seeing 35 MB/s.

Looks promising. Do you know what their network speeds are? I can’t seem to find that in their FAQs.

This looks great for privacy but their servers are hosted only in Sweden, which might be an issue since I’ll need good latency and high bandwidth.

I prefer to shy away from those companies, especially Google, for moral/privacy reasons.

Due to my understanding of it, I was hesitant to use AC recovery in the case that the power goes down more than once in a short period. It could drain the UPS to the point that it might not be able to sustain enough runtime for a proper shutdown. But I’m also a bit confused about the setup here. If the server is sent a signal to shutdown due to a grid outage, who is telling it the grid was restored? The server would always detect power because of the battery backup, so I don’t think AC Power Recovery would work in this case, no? I believe I have the UPS comm server (probably apcupsd) installed on the server itself, so there’s no way for it to know to wake up unless from an outside source.

Maybe you have some further incite into how to make that setup work properly.

I’m brainstorming here, but would it be possible/feasible to have the Unifi Dream Machine execute a script everytime it turns on telling the server idrac to power up. I’d have to see if the UDM has that ability as well. The UDM turning on would only really happen if power was restored from an outage. Otherwise I could send a command manually once I have access to the network.

I was under the impression you need a license to use remote access via idrac. Do you know if it also requires a second run of ethernet cable separate from the server NIC?

Very true. Traefik is pretty awesome. Thanks for the input!

I’ve had the IP for a couple of years so I can rule that out. The only thing different than usual is I recently added a backup server to the VPS network. I’ve been doing a remote backup from one server through the VPS to the backup server over the past week. It’s a 4TB backup averaging 4MBps.

My guess is that the VPS provider’s algorithm is bungling the bandwidth calculations, possibly refreshing the bandwidth amount incorrectly which to the black hole detector appears as a sudden spike in bandwidth rather than a steady flow.

I’m going to keep running the backup and compare how long after the backup starts that I get a black hole trigger. If it’s relatively consistent then that might be the problem.

I imagine that’s essentially what I’ve accomplished with Traefik already. The question I have is if Geoblocking does much to mitigate a DDoS. I know for sure it’s at least useful to block third world scammers and bots from running hacking scripts against my server.

I appreciate the tip but as a privacy minded self-hoster I try to avoid companies like cloudflare. Surely there has to be a way to diy DDoS protection?

You can connect your main server and backup server to a VPS with wireguard. The main server backs up proxmox vms and cts to a proxmox backup server on the backup server. Nextcloud data can be backed up with something like duplicati encrypted over sftp to the backup server. Only hiccup about backing up Nextcloud is you should put it into maintenance mode first. You can write a script pre duplicati backup and post backup to enable and disable maintenance mode.