1. How to Run Victron Veconfigure on a Mac

    Mon 04 March 2024

    Introduction

    Victron Multiplus-II inverter/charges are configured with the veconfigure1 tool. Unforntunately this is a Windows-only tool, but there is still a way for Apple users to run this tool without any problems.

    Tip: if you've never worked with the Terminal app on MacOS, it might not be an easy process, but I've done my best to make it as simple as I can.

    A tool called 'Wine' makes it possible to run Windows applications on MacOS. There are some caveats, but none of those apply to veconfigure, this tool runs great!

    I won't cover in this tutorial how to make the MK-3 USB cable work. This tutorial is only meant for people who have a Cerbo GX or similar device, or run VenusOS, which can be used to remotely configure the Multipluss device(s).

    Step 1: install brew on macos

    Brew is a tool that can install additional software

    1. Visit https://brew.sh and copy the install command
    2. open the Terminal app on your mac and paste the command
    3. now press 'Enter' or return

    It can take a few minutes for 'brew' to install.

    Step 2: install wine

    Enter the following two commands in the terminal:

    brew tap homebrew/cask-versions
    brew install --cask --no-quarantine wine-stable
    

    Download Victron veconfigure

    1. Visit this page
    2. Scroll to the section "VE Configuration tools for VE.Bus Products"
    3. Click on the link "Ve Configuration Tools"
    4. You'll be asked if it's OK to download this file (VECSetup_B.exe) which is ok

    Start the veconfigure installer with wine

    1. Open a terminal window
    2. Run cd
    3. Enter the command wine Downloads\VECSetup_B.exe
    4. Observe that the veconfigure Windows setup installer starts
    5. Click on next, next, install and Finish
    6. veconfigure will run for the first time

    Click on the top left button on the video to enlarge

    These are the actual install steps:

    How to start veconfigure after you close the app

    1. Open a terminal window
    2. Run cd
    3. Run cd .wine/drive_c/Program\ Files\ \(x86\)/VE\ Configure\ tools/
    4. Run wine VEConfig.exe

    Observe that veconfigure starts

    Allow veconfigure access to files in your Mac Download folder

    1. Open a terminal window
    2. Run cd
    3. run cd .wine/drive_c/
    4. run ls -n ~/Downloads

    We just made the Downloads directory on your Mac accessible for the vedirect software. If you put the .RSVC files in the Downloads folder, you can edit them.

    Please follow the instructions for remote configuration of the Multiplus II.


    1. Click on the "Ve Configuration Tools" link in the "VE Configuration tools for VE.Bus Products" section. 

    Tagged as : Uncategorized
  2. Tunneling Elixir Cluster Network Traffic Over Wireguard

    Tue 07 November 2023

    Introduction

    The other day I was supporting a customer with an Elixir-based platform that would make use of Elixir libcluster, so messages on one host can be passed to other hosts. This can - for example - enable live updates for all users, even if they are not communicating with the same application server.

    Encryption

    Elixir's libcluster does support encrypted communication using TLS certificates however I was struggling with the help of an application developer to make it work.

    "severity":"warn","message":"[libcluster:example] unable to connect to :\"app@Host-B\"
    

    I'm absolutely open to the idea that we did something wrong and certificate-based encryption will work, but we were time-constrained and we decided to opt for another solution that seemed simpler and easier to maintain.

    Wireguard as the encrypted transport

    I deployed a Wireguard mesh network between all application servers using Ansible, which was straight forward. We just provisioned all hosts into the /etc/hosts file to keep things simple.

    In the table below, we show a simplified example of the setup.

    Hostname IP-address Wireguard Hostname Wireguard IP-address
    Host-A 10.0.10.123 Host-A-wg 192.168.0.1
    Host-B 10.0.11.231 Host-B-wg 192.168.0.2

    The Elixir applications would only know about the Host-A|B-wg hostnames and thus communicate over the encrypted VPN tunnel.

    The problem with wireguard and libcluster

    The key issue with libcluster is that when Host-A connects to Host-B, it uses the DNS hostname Host-B-wg hostname. But the actual hostname of Host-B is - you guess it: 'Host-B'. This means there is a mismatch and for reasons unknown to me, the libcluster connection will fail.

    So the target hostname as configured in libcluster must match the hostname of the actual host! Since libcluster seems to make usage of domain names mandatatory, using IP-addresses was not an option.

    If we would point Host-B to it's Wireguard IP-address (192.168.0.2), the problem would be solved. However, in that case, Wireguard doesn't know about the external 10.0.11.231 IP address and also tries to connect to the non-existing 192.168.0.2 address. So the Wireguard tunnel would never be created.

    The solution

    The solution is not that elegant, but it works. We still point the Host-B domain name to the wireguard IP address of 192.168.0.2 but we create an additional DNS record specifically for Wireguard, pointing to 10.0.1.231, so it can setup the VPN tunnel.

    This is what /etc/hosts looks like on Host-A:

    10.0.10.123 Host-A
    192.168.0.2 Host-B
    10.0.11.231 Host-B-wg
    

    And this is what /etc/hosts looks like on Host-B:

    10.0.11.231 Host-B
    192.168.0.1 Host-A
    10.0.10.123 Host-A-wg
    

    Evaluation

    Although all choices are a tradeoff, for us, the Wireguard-based solution makes most sense. Especially now that we have an encrypted tunnel between all hosts and any future communication between hosts can thus be encrypted without any additional effort.

    Tagged as : Uncategorized
  3. LFS - Linux Firewall Script Released

    Tue 28 December 2010

    I started a small new Google project for a new script I wrote called LFS. It stands for Linux Firewall Script.

    I run a small Linux box as an internet router that doubles as a firewall. The firewall is configured using iptables. In my opinion, iptables is not the easiest tool to use and may have a steep learning curve for people new to it.

    The goal of LFS is to provide an easier interface to iptables. It also adds some features that by default are not or difficult to setup using only iptables. The most important additional feature is the use of objects and groups. Object groups can be used to make a single rule affect multiple hosts, networks or services.

    LFS uses a single configuration file which contains the firewall rules. Rules look like this:

    nat 192.168.1.0/24 88.32.44.144 eth0
    port_forward 88.32.44.144 192.158.1.10 80/tcp 8080/tcp
    

    Or by using variables:

    nat "$INTERNAL_NETWORK" "$EXTERNAL_IP" "$NAT_INTERFACE"
    port_forward "$EXTERNAL_IP"  "$INTERNAL_HTTP_SERVER" "80/tcp" "8080/tcp"
    

    Please visit the project page for some examples.

    Tagged as : Uncategorized

Page 1 / 23