What is ReBAR and Why Do I Want It Resizable BAR is a PCIe setting that allows the device (in this case GPU) to negotiate Base Address Register size (in this case access the whole frame buffer at once rather than in 256MB chunks). Some games make better use of this than others, and older
Read More »
This is a PSA for any pfatt users out there. PFsense 2.7 removed the functionality needed to get netgraph working. I compiled my own modules from the source and it was not enough. Upgrade to PFsense Plus and use its module to bypass or migrate OPNsense. Good luck with your decision! Maybe someone better can
Read More »
Create /etc/systemd/system/step-ca.service Fill it with this, make sure your directories are correct in the ExecStart line: [Unit] Description=step-ca After=syslog.target network.target [Service] User=step Group=step ExecStart=/bin/sh -c '/bin/step-ca /home/step/.step/config/ca.json --password-file=/home/step/.step/pwd >> /var/log/step-ca/output.log 2>&1' Type=simple Restart=on-failure RestartSec=10 [Install] WantedBy=multi-user.target Next, populate the pwd file with the plaintext intermediate CA password. I put mine in /home/step/.step/pwd Next, configure the
Read More »
Step-CA is a decent CA management program but it has one issue, its annoying to set the algorithm on the CA and intermediate CA. So I spent the day figuring it out. Here are the results. Choosing the Right Key Type There are 3 supported key types : EC (elliptic curve), OKP (octet for “Ed25519”
Read More »
#edit /etc/ssl/openssl.cnf Find [ ca ] and make sure this matches: #################################################################### [ ca ] default_ca = CA_default #default ca section #################################################################### [ CA_default ] dir = /etc/ssl # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database =
Read More »
This will be a guide on advanced tuning for a VFIO gaming VM. If you’re starting from scratch, read through the Arch Wiki guide on PCI passtrhough via OVMF. It is a great starting point and covers all of the basics. I’d recommend using libvirt instead of straight QEMU. Host hardware configuration Before we begin,
Read More »
As of Writing this (2/17/22), there is a bug in the latest version of pfSense with the Intel if_em.ko driver. This is causing the pf-att script to not work. Thanks to the work of neydah700 on github, the fix was found by replacing the kernel driver with a newly compiled binary that has the issue
Read More »
I have a Dell R720xd and its default fan curve is… aggressive. Here is how i found to lower the fan speeds so its not a constant vacuum cleaner in my living room. Set fan speed properties via iDrac Enable SSH on iDrac. Connect then connect to it and run: racadm set system.thermalsettings.FanSpeedOffset 255
Read More »
Before we begin, know that This subnet is NOT SECURE and should only be used for certain things that absolutely require Open NAT and UPNP like game consoles, old PC games, or other insecure things. I would strongly advise setting up an Intrusion Detection system or Intrusion Prevention System like suricata. It will allow any
Read More »
Before we begin, lets see what a ELK stack is made of. ELK stacks are comprised of ElasticSearch, Logstash, and Kabina with each of these services preforming different jobs. This diagram from Logz.io explains its the best Beats are installed to each host to collect the various metrics used by these services. Logstash is responsible
Read More »