I have a couple of Linux servers whose main purpose is to serve as a Wireguard server. The peers on these servers are a combination of pure clients (like a mobile phone or laptop) and more traditional site-to-site tunnel connections (like a router at a remote location). The site-to-site connections usually are routing a remote network over the wireguard tunnel, something like a /24 network so you can access the far site's local network.

Wireguard makes this easy to do, you just add the /24 network as an "AllowedIP" for that peer. Wireguard does the work of adding that route to the routing table on the Linux server itself. If this Wireguard server is part of a more complex network, though, you need to be sending these remote networks to your Wireguard server so everyone can access them, not just those using Wireguard. I have been forced to add static routes on my main router to point those networks to my Wireguard servers.

Enter OSPF! If you are reading this, I am going to assume you know what OSPF is and why it's preferred over static routing. What follows is the steps I took to get my Wireguard "AllowedIPs" network automatically advertised to my main router using OSPF.

interface ens160
  ip ospf network point-to-point
!
router ospf
  ospf router-id 192.168.0.0
  redistribute kernel
  redistribute connected
  network 192.168.0.0/31 area 0

interface ens160 # this is your linux interface that is facing your main router.
  ip ospf network point-to-point # I am using a point-to-point style OSPF network, yours might be a broadcast type.
!
router ospf
  ospf router-id 192.168.0.0 # this could be anything, but traditionally this is your LAN IP of this wireguard server
  redistribute kernel # this was the tricky part. This is required to insert the Wireguard "AllowedIPs" networks into OSPF
  redistribute connected # this is required to insert your wg0 (and other) networks in OSPF
  network 192.168.0.0/31 area 0 # this is your LAN network for this wireguard server. Whatever is assigned to ens160 in my case. This is required to establish a neighbor relationship with my router.

I have been using a Palo Alto PA-220 firewall for my home router for years. It is my DHCP server for my LAN. I often find myself needing to view the DHCP leases to see what IP address some random device (WLED, ESPHome devices, etc.) has. The web interface for the PA-220 is unbearably slow and the SSH CLI takes 30+ seconds after login to give me a prompt.

To speed up this task, I wrote this fairly simple script using python3. It uses the REST API that PAN-OS has to retrieve the DHCP leases. This script completes for me in less than 1 second. It outputs a JSON object. This works best for me as I find JSON to be humanly-readable and also allows me to pipe it to a utility like jq to filter it quickly.

Here is the code:

import requests
import json
from xmltodict import parse, ParsingInterrupted
from urllib3.exceptions import InsecureRequestWarning

requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)

host = "192.168.2.1" # IP of Palo-Alto firewall goes here.
key = "KEY_GOES_HERE" # Run `curl -X GET 'https://<host>/api/?type=keygen&user=<username>&password=<password>'` to create API key.
interface = "ethernet1/2" # can also use "all"

def get_dhcp_leases(host, key, interface):
url = "https://{host}/api/?type=op&cmd=<show><dhcp><server><lease><interface>{interface}</interface></lease></server></dhcp></show>&key={key}".format(host=host, key=key, interface=interface)
response = requests.get(url,verify=False)
return response

if __name__ == "__main__":
dhcp_leases = get_dhcp_leases(host, key, interface)
data = parse(dhcp_leases.content)
entries = data['response']['result']
print(json.dumps(entries, indent=4))

I also have this hosted as a gist on github. Any changes I make to it are more likely to end up there than here. Comments are welcome over there, too!

I know it's a little strange to still be writing AppleScript in 2023, but this was the best way I found to easily connect and disconnect from a GlobalProtect VPN "automatically". I trigger this from a Keyboard Maestro shortcut, you are free to trigger it any way you wish!

This is a simple script that will toggle the connect/disconnect state of GlobalProtect on macOS. Tested with the latest version of GlobalProtect (v6.2.0-89) and macOS Ventura (13.4.1).:

(*
Toggle GlobalProtect VPN with AppleScript
Tested using macOS Ventura 13.4.1 and GlobalProtect version 6.2.0-89
Written by Trevor Manternach, August 2023.
*)

tell application "System Events" to tell process "GlobalProtect"
  click menu bar item 1 of menu bar 2
  set statusText to name of static text 1 of window 1
  if statusText is "Not Connected" then
    # GlobalProtect is disconnected, so let's connect
    click button "Connect" of window 1
    set entireContents to entire contents of window 1
  else if statusText is "Connected" then
    # GlobalProtect is connected, so let's disconnect
    set windowText to entire contents of window 1
    repeat with theItem in windowText
      if (class of theItem is button) then
        if (value of attribute "AXTitle" of theItem is "Disconnect") then
          # We found a Disconnect button on the main page, let's click it.
          click theItem
          exit repeat
        else
          # We did not find a Disconnect button on the main page, let's hope there is one in the Settings Menu.
          click button "Global Protect Options Menu" of window 1
          click menu item "Disconnect" of menu "Global Protect Options Menu" of button "Global Protect Options Menu" of window 1
          exit repeat
        end if
      end if
    end repeat
  end if
  click menu bar item 1 of menu bar 2
end tell

I also have this hosted as a gist on github. Any changes I make to it are more likely to end up there than here. Comments are welcome over there, too!

I discovered that Home Assistant has a not-so-recent feature called "Quick Bar" that I somehow missed when it was released in 2020. In short, it allows you to press the e (for entity search) or c (for command search) anywhere in the Home Assistant web interface to access a Spotlight-style search box. This allows you access settings and devices in Home Assistant with just a few keystrokes.

I discovered a new static site generator today, Nikola.

It’s been years since I last paid for an Audible.com subscription. I just signed up this week ($5/month for 3 months) and it’s been a delight so far. I discovered that you can pretty easily remove the DRM on the audiobook .aax file. I am using Audible Tools to help me create the ffmpeg command to do this.

Another recent discovery is that Overcast, my podcast player of choice, seems to natively support .m4b files (audiobook file format). It even includes artwork and chapters, so it behaves just like most of the podcasts I listen to.

The earliest photo I have of me at a computer. Circa 1997!

Last month Apple announced the end of the iPod. I thought it might be fun to document my history with the product.

--

I got my first iPod in March 2005. I believe I bought mine at Best Buy on a weekend trip 350 miles away from home.

I was listening to a lot of podcasts in those early days and had to use "podcatcher" software because iTunes didn't support podcasts yet. That changed later that year when iTunes 4.9 added podcasts and the rest is history.

I visited that same Best Buy a couple years later when the iPod Touch was released. I remember checking their website and they said they had them in stock, but when I got to the store I couldn't find them. I finally asked and they were still in the back, they went and got one for me.

The iPod Touch was so much fun back then. The iPhone wasn't "in" Montana back then (no joke) and so the Touch was as close as I could get. I remember jailbreaking the thing, and even hanging out in IRC chatrooms trying to troubleshoot my jailbreak attempts. :-D

This past winter I spent ~$100 on new parts to revive my old 4th gen iPod. It now has new life with a fresh battery and an SD card in place of the 20GB spinning hard drive. It's hard to believe a piece of consumer technology from 17 years ago is still alive and well.

I love iPod. It was one of my first adventures into a lifetime of technology.

I started using Nginx Proxy Manger at home recently and found a fast and easy way to add internal domains to it. Here is a simple walkthrough.

Prerequisites

• You need to be using AdGuard Home for DNS
• You want to quickly add new domains to Nginx Proxy Manager

AdGuard Home setup

In the AdGuard Home web interface, go to Filters->DNS rewrites.

Click Add DNS rewrite and enter something like *.home in the domain name field.

Enter the IP address of your NPM host and click Save.

Nginx Proxy Manager

There really isn't anything special to do in NPM. Just add a Proxy Host and in the domain names field you can enter anything as long as it ends in .home (or whatever you chose for a wildcard). www.home even works!

Another little feature I discovered while setting this up is that I can add multiple domain names for each proxy host. So adguard.home and dns.home can both get me to the same place. This helps when I can't remember the name of a service, or when you change software you can keep using something like dashboard.home for your dashboard of choice.

Killing Kennedy: The End of Camelot
8 hours 25 minutes. Started January 11. Finished January 16th.

Killing Lincoln
7 hours 49 minutes. Started June 7th. Finished June 15th.

True Crimes and Misdemeanors: The Investigation of Donald Trump
496 pages. Started August 18th. Finished October 1st.

Where Law Ends: Inside the Mueller Investigation
432 pages. Started October 1st. Finished October 27th.

Battle for the Big Sky
286 pages. Started October 28th. Finished November 25th.

The Conscience of a Conservative
144 pages. Started November 26th. Finished November 28th.

The War on Normal People
304 pages. Started November 28th. Finished December 2nd.