Mtl Dev's questions

(This question should be tagged with "Tailscale", but that doesn't exist yet - requires knowledge of Tailscale)

I have a standard Ubuntu 20.04 laptop, connecting via ssh to a remote Raspberry Pi (port 22). At the remote location, there is port forwarding on the router (59995->22).

Note: I have removed ~/.ssh/config during testing.

SSH always connects successfully, using:

ssh user@public_ip -i ~/.ssh/id_rsa -p 59995

However, when I use the Tailscale IP, it never connects, just hangs for 120s then times out:

ssh user@tailscale-ip -i ~/.ssh/id_rsa (does not work)

However, if I manually compile OpenSSH v8.2, and use that version, instead of the /usr/bin/ssh binary, then it works perfectly! Even though /usr/bin/ssh is also v8.2

./ssh user@tailscale-ip -i ~/.ssh/id_rsa (this works!)

Recap: the system binary works fine with "normal" ssh, but not with ssh-via-tailscale. However a manually compiled (same) version of Openssh works fine with both regular ssh, and ssh-over-tailsale. Does anyone know what might be causing this?

Additional Notes

I don't think it's any obvious problem with the tailscale network: i.e if I probe via tailscale IP then nmap scan shows correct ports are open, and I can netcat directly to tailscale_ip:22, it is receving and responding.

diff ~/openssh-8.2p1/ssh /usr/bin/ssh shows that the binary's differ. (huge size difference too, about 3MB vs 0.7MB)

/usr/bin/ssh -V : OpenSSH_8.2p1 Ubuntu-4ubuntu0.4, OpenSSL 1.1.1f 31 Mar 2020

~/openssh-8.2p1/ssh -V : OpenSSH_8.2p1, OpenSSL 1.1.1f 31 Mar 2020

Log of /usr/bin/ssh -vvv user@tailscale_ip -i ~/.ssh/id_rsa (ip redacted)

OpenSSH_8.2p1 Ubuntu-4ubuntu0.4, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 100.1.1.1 is address
debug2: ssh_connect_direct
debug1: Connecting to 100.1.1.1 [100.1.1.1] port 22.
< 2 minute hang here >
ssh: connect to host 100.1.1.1 port 22: Connection timed out

I am using rdiff-backup to backup Windows Server 2012 to a Raspberry Pi.

Raspberry Pi has a USB-attached 2TB NTFS drive.

In general all works well: Except when rdiff-backup comes across folders with french accents (e.g è) in the name, in which point it fails with:

Making directory /data/Am▒lie
Sending back exception [Errno 84] Invalid or incomplete multibyte or wide character: '/data/Am\xe9lie' of type : E

The command I am using, on the Windows Server, is:
rdiff-backup --terminal-verbosity 8 --print-statistics c:\. [email protected]::/media/pi/backupdrive/data

How do I get rdiff-backup to backup folder/filenames with utf-8 encoding?

EDIT: The issue is with the Pi->NTFS drive, not WindowsSever->Pi.
(If I run the same command to an ext4 partition, it works fine)

For a small business: at one site is windows 2012 server, (with ssl certificate), already running as a SSTP VPN Server.

At a remote site, is a live-to-public CentOS webserver running CFS.

Requirement: To establish a permanent and reliable VPN tunnel between the two servers.

What would be a recommended best practice here?

e.g Is it feasible (and reliable) to use a linux SSTP client on the CentOS Server for a permanent site-to-site VPN?

Or would it be better to establish a new OpenVPN connection on both servers etc?

Am troubleshooting a complete windows update failure - on a brand new install, standalone Windows 2012 Server Essentials. Zero config, no existing infrastructure, "straight out of the box" setup.

Windows Update never gets going at all - but strangly have installed it in the past from this exact install media on this exact server.
Yet, now it fails. The only rational reason I can imagine is a new update has recently been released that breaks windows update for this OS version on a fresh install.

The last entries from the WindowsUpdate.log are:

2017-01-18  15:11:14:840     412    1424    Agent   WARNING: Failed to evaluate Installable rule, updateId = {E66A6795-3E20-43ED-9C66-FE134EEEECBC}.200, hr = 80070057
2017-01-18  15:11:19:324     412    1424    Agent   Bundled update {FBEC0F80-9F87-4B42-BA14-2BBE7148322A}.203 is missing extended metadata
2017-01-18  15:11:19:324     412    1424    Agent   Bundle contains children which has no localextended metadata and thus is invalid.
2017-01-18  15:11:19:324     412    1424    Agent   Update {B27CF4B3-0B7D-475D-9129-883E6DED6182}.203 is not a valid bundle. Not returning it.

Question: Does the above mean that there is a specific invalid/corrupted Update that the server is trying to fetch?

If so, is it possible to translate the hex/guid update ID codes ({B27CF4B3...}) into Microsoft KB Update ID? So one may research the specific update that is causing the problem?

Am attempting to install Windows 2012 Essentials on a Dell CS24-TY 1U Server, two disks, Raid1.

Note: Completely clean installation, for a small company, no existing domain controller, no other servers at all, original installation media, couldn't possibly be a more simple setup.

Am unable to get Windows 2012 server to install at all, if I allow it to try an update while installing - it just hangs on 0% at "Updating and preparing your Server". I have tried installing via Dell Drac remotely mounted media, local USB key, and local usb-attached DVD drive.

If I set the server to install without processing updates, it will install, but if I then try to run Windows Update it just again hangs forever. I have tried stopping the wuauserv service, and removing the Software Distrubtion folder etc, nothing appears to work.

I have also tried removing the RAID and installing just to a single disk: same result.

Nearly all references I find to "Windows Update not working" are based on an established machine that has somehow got corrupted etc - not on a brand new vanilla installation of Windows Server.

Does anyone have some pointers how I could go about solving this problem?

Note: This is a 100% clean and simple base setup - zero configuration or roles or services etc. Nothing has been done to the OS other than what is required during installation: setting server name and password etc.

Thankyou.

EDIT

Below are the last entries from WindowsUpdate.log, when it appears to hang. Given that it was possible to install this exact OS Media on this exact Hardware before, is it possible that Microsoft have recently released an Update that breaks Windows Update? Is it possible to translate the Update Guid to a KB number?

2017-01-18  15:11:14:840     412    1424    Agent   WARNING: Failed to evaluate Installable rule, updateId = {E66A6795-3E20-43ED-9C66-FE134EEEECBC}.200, hr = 80070057
2017-01-18  15:11:19:324     412    1424    Agent   Bundled update {FBEC0F80-9F87-4B42-BA14-2BBE7148322A}.203 is missing extended metadata
2017-01-18  15:11:19:324     412    1424    Agent   Bundle contains children which has no localextended metadata and thus is invalid.
2017-01-18  15:11:19:324     412    1424    Agent   Update {B27CF4B3-0B7D-475D-9129-883E6DED6182}.203 is not a valid bundle. Not returning it.

ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : server1
   Primary Dns Suffix  . . . . . . . : FABLAB.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : FABLAB.local

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82576 Gigabit Dual Port Network Connection #2
   Physical Address. . . . . . . . . : C8-0A-A9-C8-3B-8A
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82576 Gigabit Dual Port Network Connection
   Physical Address. . . . . . . . . : C8-0A-A9-C8-3B-8B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{468CFBC4-85E3-4EDA-96BC-6A3E4B842EA3}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{48398617-4417-4945-8A81-DE0F3BCC7D2B}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

nslookup google.com

Server:  localhost
Address:  127.0.0.1

Non-authoritative answer:
Name:    google.com
Addresses:  2607:f8b0:4006:80e::200e
          184.150.153.177
          184.150.153.158
          184.150.153.187
          184.150.153.183
          184.150.153.148
          184.150.153.153
          184.150.153.182
          184.150.153.163
          184.150.153.157
          184.150.153.167
          184.150.153.172
          184.150.153.152
          184.150.153.173
          184.150.153.178
          184.150.153.162
          184.150.153.168

For example, in bash I can type !xyz which will run the last command I typed beginning with xyz.

How can I bring up the last command I typed beginning with xyz but without executing it?
e.g so I can change parameters before execution....