jamesmacwhite

#!/usr/bin/env python
"""
<Program Name>
    say_lte.py

<Authors>
    Lukas Puehringer <luk.puehringer@gmail.com>
    James White <james@jmwhite.co.uk>

<Purpose>

jamesmacwhite

Converting mkv to mp4 with ffmpeg

Essentially just copy the existing video and audio stream as is into a new container, no funny business!

The easiest way to "convert" MKV to MP4, is to copy the existing video and audio streams and place them into a new container. This avoids any encoding task and hence no quality will be lost, it is also a fairly quick process and requires very little CPU power. The main factor is disk read/write speed.

With ffmpeg this can be achieved with -c copy. Older examples may use -vcodec copy -acodec copy which does the same thing.

These examples assume ffmpeg is in your PATH. If not just substitute with the full path to your ffmpeg binary.

Single file conversion example

jamesmacwhite

Workarounds for Netflix and the blocking of Hurricane Electric IPv6 tunnels

The dreaded "You seem to be using an unblocker or proxy." error message. Cool story bro.

This gist was essentially created out of my own rant about Netflix being hostile to IPv6 tunnel services since June 2016. You are welcome to read my opinion on the matter, this is the more technical side to the issue and how to combat it within your own network.

Since I wrote this, various GitHub users have contributed their thoughts and ideas which has been incorporated into this gist. Thank you to everyone who have contributed their own methods and implementations.

The problem

Netflix now treats IPv6 tunnel brokers (such as Hurricane Electric) as proxy servers. A while ago it became apparent to users and Netflix that somewhat by accident, IPv6 tunnel users were being served content outside of their geolocation because of the way Netflix was identifyi

jamesmacwhite

Deploying mwan3 with IPv6 (using NAT6)

I'm a user of mwan3 and contribute to its development in a small way by mainly providing feedback with my multi WAN setup and maintaining the beast of it's documentation on the OpenWrt wiki (feedback and contributors welcome).

This setup ultimately requires the use of a NAT6 firewall script. NAT6 is currently broke with fw3 and LuCI, so this is an important helper script to workaround this current limitation.

The NAT6 configuration requirements are explained in more detail on the OpenWrt wiki.

This gist is aims to document my configuration for others.

jamesmacwhite

Aquiss FTTP with OpenWrt

A guide for configuring an Aquiss FTTP connection on OpenWrt. There isn't much information specifically for Aquiss broadband and OpenWrt. The good news is that the setup is a typical PPPoE/DHCPv6 configuration.

• Router used: Linksys WRT3200ACM
• OpenWrt version tested: 21.02.3 r16554-1d4dea6d4f

ℹ️ This information has also been provided to Aquiss for inclusion in their customer knowledgebase for anyone else who uses a router running OpenWrt.

Prerequisites

jamesmacwhite

<!--
    Example 1: Using IF ELSE logic
    Works with Outlook (Desktop)?: Yes
    Works with Outlook.com?: No
    
    When using IF ELSE logic, Outlook.com will remove content in both conditionals, which is problematic.
-->

<!--[if mso]>
<table border="0" cellpadding="0" cellspacing="0" width="100%">

jamesmacwhite

Netflix and direct bypass rules using WPAD

If your like me you might already use a VPN to route your traffic through. The problem is some sites just don't like VPN services and will actively block you from using them without disabling or bypassing it.

Netflix is a prime example of a website that does not like VPN services, because they are seen as a way to circumvent the geo-restrictions imposed on the content library offered.

Below are WPAD rules I use to essentially send Netflix traffic directly and avoid any VPN errors/dreaded unknown error network messages. Error messages that Netflix throws back at you related to VPN usage when streaming might include:

• "You seem to be using an unblocker or proxy"
• VPN/proxy error M7111-1331-5059

jamesmacwhite

I no longer use Apache as a reverse proxy and moved to NGINX. No further updates will be made to this configuration. It may or may not work in the future, no warranty or support will be provided.

Apache 2.4 reverse proxy configuration for Plex Media Server

This VirtualHost configuration has been tested with the minimum requirements of Plex Media Server Version 1.16.5.1488 and Web Version: 3.108.2.

The TLS configuration only allows clients that support TLS 1.2+, this may cause issues for legacy clients. You may need to adjust this if specific clients have issues connecting. If however you are OK with having just TLS 1.2+ support, you can also enable the "Disable weak TLS versions" setting on your Plex server, given the reverse proxy will prevent a successful TLS negotiation for such clients anyway.

Requirements

jamesmacwhite

Andrews and Arnold (AAISP) L2TP tunnel setup on OpenWrt

This is a guide for setting up the L2TP service from AAISP on an OpenWrt router. AAISP have an official OpenWrt guide for this but it is outdated and looks to have been originally written for OpenWrt 15.01/15.05 (Chaos Calmer), which is a long unsupported firmware build.

I have previously contacted AAISP about their documentation being out of date, however it has not been changed. It is technically not wrong, but under newer versions of OpenWrt you can simplify some of the configuration compared to the official documentation and there are also a few potential issues you might come across in OpenWrt land which are worth mentioning and saving someone else from bashing their head against a wall for hours, until you realise that the Linux kernel just hates you.

This has been tested on the latest stable OpenWrt 19.07 release branch.

Required packages

jamesmacwhite

Protecting Sonarr Calendar feed requests

It was recently discovered that Sonarr does not protect Calendar feed requests when authentication is disabled. This discovery has identified a slightly misleading behaviour because the calendar feed URL appends the apikey parameter in the UI, which could lead you to assume means it can only be accessed with the API key parameter set in the URL to your Sonarr API. This is however not the case. With authentication disabled, the calendar feed path does not require anything related to the API key to access and in fact you can access it without any URL parameters at all. What is slightly more confusing is other apps like Radarr have changed this behaviour to require the API key.

While having the calendar feed URL publicly available isn't too much of an issue in terms of security (given it's read only), it does mean that anyone can use it and this might not be desirable.

Authentication should typically not be disabled