Device - R86S
Mini PC / NAS / Smart Gateway
Mini PC / NAS / Smart Gateway
For application i440fx is enough, and it is simple, for hardware related, such as GPU passthru, then Q35 is better.
After switch between, the network interface name will be changed.
Q35 supports PCIe
In order to input
% character as command parameter in cron task, it needs to be escaped using backslash ().
man (5) crontab: Percent-signs (%) in the command, unless escaped with backslash (\), will be changed into newline characters, and all data after the first % will be sent to the command as standard input.
Create a script as below in folder
10-openvpn-tun0-up, change the permission to executable
#!/usr/bin/env bash interface=$1 event=$2 if [[ $interface != "eth0" ]] || [[ $event != "up" ]] then return 0 fi # place your commands bellow this line
When using ubuntu GUI VPN connection, the DNS might not be updated correctly. Following command can be used to update search domain and DNS server.
sudo systemd-resolve --interface tun0 --set-dns <dns_server> --set-domain <domain>
Note: The latest test in VPN GUI, the DNS setting is working as expected.
For openvpn command line,
openvpn --config client.ovpn --script-security 2 --up ./manual-config
manual-config script can be as follow
#!/bin/sh set -e resolvectl dns $dev 192.0.2.53 192.0.2.54 resolvectl domain $dev "~foo.example.com" "~bar.example.com" resolvectl dnssec $dev off
#!/bin/sh systemd-resolve -i $dev \ --set-dns=192.0.2.53 --set-dns=192.0.2.54 \ --set-domain=foo.example.com --set-domain=bar.example.com \ --set-dnssec=off # <- Not super nice, but might be needed.
Another method is to use
/etc/openvpn/update-systemd-resolved script, which is in
openvpn \ --config client.ovpn \ --up /etc/openvpn/update-systemd-resolved \ --down /etc/openvpn/update-systemd-resolved \ --down-pre \
To allow DNS and other options applied to new interface, a dispatcher file can be created, for example,
/etc/NetworkManager/dispatcher.d/10-openvpn-tun0-up. The content can be as follows
#!/usr/bin/env bash interface=$1 event=$2 if [[ $interface != "tun0" ]] || [[ $event != "up" ]] then return 0 fi # place your commands bellow this line resolvectl dns tun0 192.168.1.1 192.168.1.2 resolvectl domain tun0 "~new.com"
In order to discard standard output and only log the standard error, following command can be used. The second part of command is to prefix the current timestamp in the output
sh monitor 2>&1>/dev/null | ts '[%Y-%m-%d %H:%M:%S]'
If need to run in
dash, such as running in
crontab, above syntax is wrong, use following command instead
sh monitor 3>&1 1>/dev/null 2>&3 3>&- | ts '[%Y-%m-%d %H:%M:%S]'
Note: This command can be run in
STDOUT ────────────────┐ ├─────> terminal/file/whatever STDERR ── [ filter ] ──┘
./a.out outputs as below
Then the following command will output as below.
# ./a.out 3>&1 1>&2 2>&3 3>&- | sed 's/e/E/g' more regular stdErr output
First save stdout as &3 (&1 is duped into 3) Next send stdout to stderr (&2 is duped into 1) Send stderr to &3 (stdout) (&3 is duped into 2) close &3 (&- is duped into 3)
After changed the display to
Spice and added Spice USB device, following error appeared.
swtpm_setup: Not overwriting existing state file. kvm: warning: Spice: reds.c:2893:reds_init_ssl: Could not load certificates from /etc/pve/local/pve-ssl.pem kvm: warning: Spice: error:0909006C:PEM routines:get_name:no start line kvm: warning: Spice: error:140DC009:SSL routines:use_certificate_chain_file:PEM lib kvm: failed to initialize spice server stopping swtpm instance (pid 55260) due to QEMU startup error TASK ERROR: start failed: QEMU exited with code 1
Update certificate also got following errors
root@pve01:~# pvecm updatecerts --force (re)generate node files generate new node certificate Signature ok subject=OU = PVE Cluster Node, O = Proxmox Virtual Environment, CN = pve01.xxx.net Getting CA Private Key CA certificate and CA private key do not match 139954545105792:error:06067099:digital envelope routines:EVP_PKEY_copy_parameters:different parameters:../crypto/evp/p_lib.c:93: 139954545105792:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:../crypto/x509/x509_cmp.c:303: unable to generate pve ssl certificate: command 'faketime yesterday openssl x509 -req -in /tmp/pvecertreq-56235.tmp -days 161 -out /etc/pve/nodes/pve01/pve-ssl.pem -CAkey /etc/pve/priv/pve-root-ca.key -CA /etc/pve/pve-root-ca.pem -CAserial /etc/pve/priv/pve-root-ca.srl -extfile /tmp/pvesslconf-56235.tmp' failed: exit code 1
In this case, remove keys and regenerate.
root@pve01:~# rm -f /etc/pve/pve-root-ca.pem /etc/pve/priv/pve-root-ca.* /etc/pve/local/pve-ssl.* root@pve01:~# pvecm updatecerts -f (re)generate node files generate new node certificate merge authorized SSH keys and known hosts root@pve01:~# pvecm updatecerts -f (re)generate node files generate new node certificate merge authorized SSH keys and known hosts root@pve01:~#
Now, problem fixed.
apt installindicated that the file couldn't be accessed by user
When installing package from local file (
.deb file), following error might be occurred.
Processing triggers for dbus (1.14.0-2ubuntu3) ... N: Download is performed unsandboxed as root as file 'full_path_of_deb_file_name' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
Usually apt tries to run the process that fetches packages as a different user called
_apt to increase security. That's no problem if it has to download packages from the internet. But if you tell it to install a
.deb file that's already on your system, it needs to have permission to access that file by
_apt user. Otherwise, above error will be shown.