Asus AiMesh Node Auto-Reboot

I have several Asus routers running their AiMesh networking. AiMesh was perfect for me because when it came out, I already had a couple of routers that supported it and I wanted to expand my network and use MESH anyhow. The expense was only one additional router.

It has worked very well, except on rare occasion, my MESH node that is furthest out in the garage will lose its association and require a reboot to reconnect. It is really on the edge of signal range that I’d consider reliable.  Since these Asus routers are unix-based, a little scripting magic will save me a run out to power-cycle it.

We’ll create a script that pings an address on my LAN every 15 minutes. If unable to ping that address, it will wait 4 minutes longer and then reboot the node. Why 4 minutes? If the nearest node it is speaking to is getting a firmware upgrade or reboot, it will have time to complete and return a ping.

Log-in to your router, switch to the jffs directory, make a scripts folder and go into it as shown below:

Create the following scripts:

You will want to change the IP address above to something on your LAN. Save it, I called mine pingcheck.sh.

Make a script called services-start that will include a cron job to run this script at 15 minute intervals:

Then, make sure both are executable.

Asus routers do not retain cron tasks when rebooted, to do this we add our services-start script to run at boot which adds the task. Technically, when the jffs directory is mounted this nvram variable runs the script. Add it by issuing the following commands:

You can test it right away by just issuing a reboot, waiting for it to come back on line, when it does, log back in and check the cron. You would see something like this with the following command:

Of note, the jffs directory is a semi-permanent user storage on the router. It is a good place to put these scripts. However, it is possible that a firmware update or a factory reset of your router will wipe them. It is a good idea to backup these scripts so that they can easily be re-added.

Optional thought: I have a drawer full of old USB flash drives of fairly useless sizes given the progress of technology. As mentioned above, the jffs directory and the scripts could be removed during a firmware update/reset. It should be possible to put these scripts onto one of those small drives and use the script_usbmount= nvram setting to run the services-start and pingcheck.sh scripts from the flash drive utilizing the USB port on the routers.

I will have to weigh how often Asus publishes firmware that wipe that directory to see if the extra time is worth it. Copy/pasting from even this blog post to recreate the scripts isn’t that difficult or time consuming.

Posted in General Happenings | Leave a comment

Join – An Awesome Browser Plugin/Android App

Join is an app for Android that provides several functions. When used with the desktop app (Windows) or any desktop that supports the Chrome web browser, you can receive all of your phone’s notifications, share the clipboard, share files, and view/reply to SMS text messages.  The last item is probably the feature that is most used. Below is what the initial SMS notification pop up looks like in Chrome.

For the techies reading, Join also has a full API, Tasker, and IFTTT support. So the things you can do with it are only limited by your imagination.

Join has 30 day trial and after that a one time $4.99 payment.

Posted in Android, macOS, Tech Trinkets, Windows | Leave a comment

Using Synology’s Application Portal to Secure Non-Secure Sites

As a recent Synology convert, I continue to find interesting and well thought out features. Following up on last week’s Synology & Let’s Encrypt, Certs Made Easy one feature that I really like is the Application Portal which can be found in the Control Panel.

Inside that, click the Reverse Proxy tab and this is where the fun begins.

The idea behind this is that you will use Synology’s secure https connection to reverse proxy to an insecure http connection somewhere on your LAN, thus making that connection secure – especially if you’re connecting from outside your network.

Click Create and you’ll see something like this:

  1. Give the rule a Description.
  2. Source is HTTPS, usually * for any hostname. If you have many hostnames assigned to your Synology, you could restrict it to one. Port should be one that isn’t in use.
  3. Destination is where your unsecured host is. If your service is running on your Synology, it can simply be localhost, or if it is on another device elsewhere on your network, put in the URL you use to access it.
  4. If you destination host uses a port other than 80, use that for Port.

Below is an example of how I route a couple of services on my own LAN.

This is a great was to use a managed certificate on the Synology to secure other sites, even on other devices, with https.

Posted in Synology, Tech Trinkets | Leave a comment

Synology & Let’s Encrypt, Certs Made Easy

Adding certificates to any service can be tricky and sometimes really frustrating. When I first started exploring my Synology I was delighted to see it has built-in support for Let’s Encrypt certs.  For those that don’t already know, Let’s Encrypt (aka Certbot) provides free and industry-wide supported certificates.

Adding a cert to Synology is very simple and it supports multiple certificates with auto-renewal.

  1. To begin, just login to your Synology, enter the Control Panel and click on Security.
  2. Next, click the Certificate tab and click Add.
  3. From here, you want to Add a new certificate and click Next.
  4. Next, Get a certificate from Let’s Encrypt and click Next.
  5. Next fill out your Domain info, it would look something like this:
  6. Subject Alternate Name just means if you have subdomains, you would add them here. Like www.mydomain.org for a website, or any other. You can, in theory, add a completely different domain in this list and have it work, such as mycoolsite.com, but think it is better to do one Let’s Encrypt cert per domain to keep things organized.

For reference, here’s how my sites look with their respective domain certs.

Best of all, your certs will renew automatically with the Synology and Let’s Encrypt. Once set, you really only need to periodically check to make sure this is happening.

Posted in Synology, Tech Trinkets | Leave a comment

YouTube – Michael Mercy

Do you like 80s Toys, Animation and Comics?  If so, the Michael Mercy channel is for you! It’s a younger channel, at only 2 years old, but his content is an amazing amount of fun.

While he does do some really good reviews on movies and TV, my favorites are the toys of the 80s. Some I had, some I really wished I had (like the USS Flagg from GI Joe!) His toy reviews are always filled with great details, but even better is that he plays with the toys in an endearing way while showing them off and places clips of the shows along with them.

…and remember, Nerdmaste!

Posted in TV | 2 Comments

Add PATH Environment Variable to launchd Scripts

Recently I was having an issue with Node.js not being detected in my PATH with a Python script executed by launchd. This was bizarre to me for a couple of reasons.

First, I’ve been using launchd for awhile now, and any LaunchAgents run under my profile usually has detected anything in my path, including Homebrew installed binaries.

Second, when testing the script via Terminal it worked perfectly.

After reading the available launchd keys, I discovered you can add an EnvironmentVariable with a list of your PATHs that will be executed before the ProgramArguments key.

It worked perfectly, and since it seems to be little used, I thought I’d post it here. Here is an example of the format you want to use in your launchd item:

 

Posted in macOS, macOS Server, Tech Trinkets | Leave a comment