What’s the deal with 512e/4k drives? Are they mostly plug and play or do I need to worry about something… looking to throw them in a FreeNAS box that already has some Ironwolfs. Not going to add them to the same pool or anything but not sure if there are issues having them on the same backplane… er, its a storinator, so no backplane, but any issues whatsoever (same HBA though).
Yeah. As long as you have somewhat modern partitioning tools everything is automatic and fine. The only detail to watch out for is starting a partition on a block that isn’t on a 4K boundary.
Like, here is from an external backup drive of mine. Note that I didn’t create that first partition I just left it there. But my version of fdisk does complain about it because block 34 / 8 is 4.25. (8 because there are 8 512b blocks in 4K)
# fdisk -l /dev/sdi
Disk /dev/sdi: 7.28 TiB, 8001563221504 bytes, 15628053167 sectors
Disk model: Expansion Desk
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: DBA06CA0-5EC2-4625-B70F-4A6138CCCFE5
Device Start End Sectors Size Type
/dev/sdi1 34 262177 262144 128M Microsoft reserved
/dev/sdi2 264192 15628052479 15627788288 7.3T Microsoft basic data
Partition 1 does not start on physical sector boundary.
I am trying to get wireguard running in a windows domain with the users having the ability to switch on and off the vpn on their bidding (yes, requirement. I don’t make the rules. ATM we got IPSec and would love to get away from that…)
Sadly since the MS14-025 Patch (2013ish) i can no longer just set the “wireguard.exe /installtunnelservice” in a schtask, so that any user (even without admin creds) can start it.
Does anyone have a solution for this? (still need it to be safe and not just either give everyone admin creds or hardcoding them into some script)
(PS: Would love to not have to enable the auditing for program-openings, I know that I could use a program opening event as a trigger, but would rather refrain from doing this the extremely hacky way. A bit hacky is okay though )
Also: Finally made an account here, hopefully I found the right place.
I think you just need to set HKLM\Software\WireGuard\LimitedOperatorUI dword to 1. Then non-admins can start/stop tunnels, although they are prohibited from adding/removing tunnels. Also, they need to be in the network configuration group.
Well, for the most part it has been much better than learning IPSec or OpenVPN, but (still not tried) if that small Option is working, it would have saved me 8h work.
I can only recommend the linuxserver/docker-wireguard image as it is nicely documented and works just as you would expect.
The Wireguard macOS client is pretty great for the end-user, but I haven’t figured out how to automate deployment yet. Since it’s a 3rd party app still, you can’t push a mdm profile for it and it stores the credentials in the user’s keychain which is nice for security but a pain to manipulate in a script.
Been using the vyatta patch on Edgerouters for the server. Kind of clunky there. If you accidentally configure 2 clients with the same IP address, it’s difficult to reverse.