Windscribe VPN

It is quite common to hear that you need to use a VPN any time you are on a wireless network. Your typical free wireless network at the mall or your favorite coffee shop is not encrypted in any way. If you travel, you can rest assure that hotel wireless internet is terribly insecure, just because you never know if there is someone in the next room sniffing all your packets. Lastly, the internet service provider for the hotel is not to be trusted at all. However, VPN companies themselves can be shady and there is not a good way to verify who can be trusted with your internet communications. It is possible for technically minded people to spin up a virtual machine and provide their own VPN service, but this requires some effort and virtual machines costs can add up. In the end, I decided to go ahead and pay for a dedicated VPN service.

iPhone with Windscribe VPN

My VPN usage is primarily for my iPhone and so I am not going to go into any detail about using Windscribe on a Mac or Windows machine. Needless to say, Windscribe provides multiple clients and setups for all your devices. I chose Windscribe VPN because of their reputation and my initial experience with their free trial. I pay for a yearly plan, so that I can keep my costs down. Anything beyond a year for a service seems to be a gamble. No one wants to sign a 5 year lease, so don’t do it for software as a service either!

Windscribe iOS App

The iOS app allows you to connect to a variety of locations. I specifically choose the Chicago locations and select Wireguard as the protocol. My experience with iOS and VPN apps is that once you plug in your phone to charge, iOS will close out your VPN after a period of inactivity. This means I have to open the Windscribe app and establish the VPN connection. You can create rules that exempt your home wireless network or other wireless networks you trust so that the VPN is bypassed. For the most part I keep Windscribe on for all connections, wireless and Verizon cellular. I know for a fact that if you do not use a VPN and are on your cellular network, that a telecommunications engineer can actually see all your data in real time, (if they connect to the cellular tower device). If you have a VPN, you might as well use it all the time.

No VPN Allowed

Now there are some exceptions, when you cannot use a VPN connection and you might want to turn it off. These are annoying to say the least, but there is not much choice.

Some eCommerce sites do not allow VPN connections. The website will most likely give you an HTTP error such as 404 with a message that proxy connections are not allowed. I have had this issue with Lowes.

Warehouse stores and my Verizon cell service do not work well. Often when I am at Menards, Lowes, or The Home Depot, I will get zero bars and if I try to use the in store WiFi, they do not allow VPNs and so my choices are to walk out to the outside yard of the store and use my cell service or choose an insecure store wifi network.

I do have to say that Target and Walmart have great WiFi and their mobile apps make it very easy to scan for in-store prices.

The other exception is at home when I have apps that need to connect to the WiFi network to see local devices. My Sonos speaker is a good example of this. I want to stream Spotify to my Sonos, and so I can either make an exception rule for my home WiFi or just turn off the VPN.

Block Stuff

Windscribe offers a variety of blocking options. Turning some of these on will save on bandwidth and also keep you safe from malware. Windscribe describes this feature: R.O.B.E.R.T. as a customizable server-side domain and IP blocking tool.

Windscribe ROBERT Options

Turning on any of these options is account specific and will apply to your other devices as well. Note there is a link at the bottom of the screen that takes you to your account, where you can specify your own custom rules.

Final Notes

I recommend Windscribe as a VPN option for your iPhone. Overall it has worked well for me and my kids.

Error: There is no network connection right now

Disney Plus App IconSometimes the combination of technology results in a more complex difficulty than one would think. Recently I came across on annoying error message that displayed on my Sony TV from time to time when I was watching a movie. At first I thought it must be my AppleTV that is displaying this. The message was “There is no network connection right now” and after searching Apple’s forums there were people complaining of this same issue, but there did not appear to be a resolution. I then looked at Sony to see if the Google Android 8 software on the TV was to blame. For some reason unknown, Android 8 does not allow you to turn off IPV6 and I thought perhaps that was the issue. I spent some time troubleshooting my firewall and router settings and yet I could still not watch Eternals without this issue coming up.

I then noticed that the error was more common on Disney+ and not on Netflix. Last week, Apple released iOS 15.3 for the AppleTV. Before installing the new update, I deleted the Disney+ app and then rebooted the AppleTV. Next installed the iOS 15.3 update. Once the AppleTV was up and running, I reinstalled the Disney+ app and tried to duplicate the error with Star Wars movies and I could no longer get the annoying message.

In summary, I do not know what the actual cause of the error was. There are various posts stating that if you have your own DNS server on your LAN, that the Disney app does not like that. However, I tried changing this before and the message still appeared. The ease of use of all this software makes troubleshooting more difficult. Android TV 8, Apple iOS, and the Disney+ app all have limited options for turning off or customizing internet options. The combination leads to not really knowing where error messages are actually coming from. I wish Sony would just make a TV that would not come with any Google Android software. I don’t really need such complexity in a TV.

Update:

After some additional troubleshooting, I do think the error message was coming from the AppleTV itself. Disconnecting the ethernet cord from both the AppleTV and my switch, then restarting the switch and reconnecting to a different port on the switch seems to have resolved the issue.

pfSense UPS Widgets

APC BE550G UPSLast month I walked into my home office and heard the buzzing of a UPS. After switching it out with another smaller UPS, I wiped off the dust and found the model number on the bottom to be: BE550G. These older UPS models are no longer even supported by APC anymore. After doing a search online, I found BatteryPlus.com had a replacement battery and they have a store nearby. I ordered the Duracell Ultra 12V 9AH High Rate AGM SLA Battery with F2 Terminals [SLAHR12-9FR] and then picked it up the same day. After letting the battery charge overnight, I had to hook the UPS up to my Windows machine to set the Battery Date using the PowerChute software. For some reason this is not possible on other operating systems and open source software that I could find. Once I had this done, I moved the UPS over to my pfSense firewall and connected it directly to one of the USB ports on the firewall.

There are a couple of different packages for pfSense that you can install. pfSense is FreeBSD based, so you can install the software natively or use the pfSense packages to install. Once you configure the setup, the packages offer dashboard widgets that you can add to the pfSense dashboard. Here is what each one looks like.

Apcupsd

Developed for only APC UPS units, apcusd features a better looking widget.

pfSense Apcupsd dashboard widget

Network UPS Tools

Known as the NUT package, this open source software has a more simplistic dashboard, however Network UPS Tools supports more devices and has extensive features for UPS units directly connected or on the network.

pfSense UPS dashboard widget

Additional Notes

Setting up either package requires reading the setup documentation online. I was able to run both packages for a direct USB connected device.

For apcupsd set UPS Cable and UPS Type to “USB” and leave the Device field blank. If you are using NUT, set the UPS Type to Local USB and driver to usbhid.

Overall I am glad that I could salvage the UPS and keep it in service. This keeps perfectly good equipment working and prevents waste. The plus, is that my firewall and internet connection will run a bit longer and not reset during a power spike.

pfSense 2.4.5 Package Manager Defect

There is a defect with pfSense 2.4.5 and the Package Manager. When installing, upgrading, or removing packages, the process will not complete. For the Squid package, I did the following to upgrade:

  1. Stop the Squid service
  2. Attempt to upgrade the Squid package
  3. Wait until the process stalls
  4. Use Putty to SSH into the pfSense firewall
  5. Select the SSH option
  6. Execute the command to kill the Package Manager and then Exit
killall -9 pkg-static

Reference the following forum post on the Netgate pfSense forum for more info.

pfSense Dynamic DNS

pfSense FirewallWorking remotely is pretty common these days, and even if you take your iPad with you, you always end up needing to access something on your local computer. For this, I have a Windows Server to which I connect to via Microsoft Remote Desktop. This works out great and allows me to access files, or use applications on my Windows box, that are not installed on say my iPad or my MacBook. However in order to get to my home machine, I need to have an external address on the internet. For this I have my own domain name which I have had for a few years now. The other issue I have is that my home internet connection does not have a static external IP address and so the IP address changes from time to time. Even though I have a domain name, I need a way for the domain name records to update every time the IP address changes on my DSL modem. This is what Dynamic DNS was invented for: updating DNS records as needed with new IP addresses. If you have your own domain name, you usually have to pay a provider to host your DNS and they will provide some sort of software or script that will update your DNS. This posting details how I setup pfSense to update my DNS provider ChangeIP.

Add Dynamic DNS to pfSense

First log into your pfSense admin panel and choose Services – Dynamic DNS. Under the DynDNS tab click on the cross icon to add an entry. You will come to a screen like this one:

pfSense Firewall DDNS

  • Change Service type to Custom
  • Check the Enable verbose logging option
  • Add your Update URL
  • Add a description
  • Click Save

Update URL

The URL needs to be specific to your setup at ChangeIP. In my case, I have one domain with the three basic DNS A records: domain-name.net, www.domain-name.net, and ftp.domain-name.net

Here is an example of the URL:

https://nic.ChangeIP.com/nic/update?u=username&p=password&set=1&ip=%IP%

In order to update all my dns records, I have setup domain-name.net, www.domain-name.net, and ftp.domain-name.net to be in set 1 at ChangeIP. The SET= parameter tells ChangeIP to update records in set 1 to the IP specified. The %IP% is a the variable pfSense uses to input the IP address it resolves for the WAN interface. Reference ChangeIP DDNS API Information for parameters and Setting Sets for DDNS Update.

Adding Cronjob for DDNS

With the Cron package installed, it is easy to add and modify Cron jobs. What I recommend doing is scheduling a Cron job to run every ten minutes.

pfSense Firewall Cron DDNS

Checking System Log

Once you force the update, it is important to check to see if it worked. You can check the System Log in pfSense to see if there were any problems that occurred and then at ChangeIP, check your Domain Manager – Premium Domains – Domain-Name – A records, to see if all records in Set 1 updated to the same IP address.

Mac OS X 10.9 Mavericks SMB2 and Windows 2012 Essentials Server

Apple LogoApple has a long history with computer networking, from AppleTalk to today’s Internet connected world. However, it is Windows networking that still causes all kinds of headaches for Mac OS X users. It seems that with every release of Mac OS X, Apple seems to have recurring issues with Windows shares. Some of Apple’s defenders will state that Apple adopts industry standards as is, and it is Microsoft and others who publish specs, but don’t actually follow them, so when Apple does follow the specs, it seems to just end up breaking things. SMB is the networking protocol that Microsoft uses for Windows networking. It is what allows Windows network file shares to work across the network. With the latest versions of Mac OS X, Apple abandoned the open source SAMBA package that most Linux distros use to connect to Windows, and wrote their own SMB2 software. This makes Mac OS X 10.9 Mavericks connect faster and better to Windows servers. Well that is when it works!

SMB Connections Fail

There is one Windows 2012 Essentials server with multiple shares. There are two Macs on the local network. One iMac is connected over Wireless N and one MacBook Pro is using a wired ethernet 1Gb connection. When using the Connect to Server… option the iMac connects fine and has no issues. The MacBook Pro opens the share and then never displays any files, it just spins in the lower left hand corner of the window that opens. Both computers are running Mac OS X 10.9.3 Mavericks.

Mac OS X SMB Connect to Server

Connecting via CIFS instead of SMB seems to work for the MacBook, but it is slower.

The Solution

The solution ended up modifying the Windows 2012 Essentials server. There are two registry keys that need to be added in order to fix the problem for the MacBook.

Under this Registry Key:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

Add these DWORD values:

  • Smb2CreditsMin – make this 768
  • Smb2CreditsMax – make this 16384

Once you made the changes restart the Windows Server and then the Macintosh clients. It should now fix the problem.

Microsoft provides the following information on these registry keys:

The defaults are 512 and 8192, respectively. These parameters allow the server to throttle client operation concurrency dynamically within the specified boundaries. Some clients might achieve increased throughput with higher concurrency limits, for example, copying files over high-bandwidth, high-latency links.