Tag Archives: Linux

Automate SSH reverse tunnel for remote access to local network

A RPi is deployed in an unknown local network and should connect to a public jump box. Later a user could connect to the jump box to reach the local network via the reverse tunnel.

Configure your RPi

I used a Debian 11.8 on a RPi v1 (2011.12) and install autossh and configure your reverse tunnel

example to bind on the onlinejumpbox and forward it to the RPi localhost:22 SSH server.

ssh -R debian@onlinejumpbox

Create and install a service with systemd in the file /etc/systemd/system/tunnel.service

Description=SSH tunnel service
After=network.target network-online.target sshd.service

ExecStart=/usr/bin/autossh -i /home/debian/.ssh/id_rsa -R -NT debian@onlinejumpbox


Optional: in /etc/ssh/sshd_config set

PasswordAuthentication no

Configure the server

Optional: if you want the bind_address parameter to work, in /etc/ssh/sshd_config set

GatewayPorts yes


A user can reach the local network via this command line

ssh -p 10022 debian@onlinejumpbox

Install Tailscale on Synology DSM 7 via Quickconnect

To keep this tutorial short, I'm assuming that the reader has the minimal level of knowledge to use upload file, launch a container on the NAS and use SSH.

This is a solution to configure Tailscale remotely when you only have a quickconnect access to your NAS.

Install Container Manager on the NAS

Click on 'Package Center' -> Search for 'Container Manager" -> and install it.
It'll create a docker volume that we are going to use next.

Enable SSH on the NAS

Click on 'Control Panel' -> 'Terminal & SNMP' -> 'Enable SSH service'.
Keep the default port to 22. If you modify it, modify also the port value in the ngrok.yml config file below.


https://ngrok.com/ is a tool to easily expose services behind NATs to public internet.

  1. Create a free account
  2. Retrieve your NGROK_AUTHTOKEN
  3. Create a file ngrok.yml with this content
version: 2
    proto: http
    addr: https://localhost:5001
    proto: tcp
    addr: 22

The first dsm service will expose the DSM web interface service.
The second ssh service will expose the SSH service

  1. Replace NGROK_AUTHTOKEN by the value you got from step 2.
  2. Upload the file in the docker volume.
  3. Open the 'Container Manager'
  4. From the Registry menu, download the ngrok/ngrok image for the release 3-alpine.
    (It's always better to fix the release version instead of taking latest for later compatibility)
  5. From the 'Container' menu, create a container
    • image: ngrok/ngrok:3-alpine
    • keep 'Enable auto-restart' disable. It's not needed.
    • 'Add File' in 'Volume settings' mapping '/docker/ngrok.yml' to '/ngrok.yml' in Read-Only
    • Select 'Host' in the 'Network'
    • Set start --config /ngrok.yml --all as 'Command' in the 'Execution Command'
  6. And run it

If ok, the container should be green and you will have two endpoints in your ngrok endpoints dashboard.

Setup Tailscale

Use the HTTPS endpoints to connect to your NAS and once connected, install Tailscale from the 'Package Center'.

From the NAS, click on 'Open' Tailscale, log in and add your devices to your account.

From the NAS, click again on 'Open' and activate the 'Advertise as Exit Node'

From that point on, I'm assuming you know how to configure and use Tailscale.

The last step is to advertise route. For this step, you'll need to use the TCP endpoint you configured with ngrok.
Use it to ssh to your NAS ssh -p <the port> <user>:<the tcp url without tcp://>
Once connected, configure the advertising route with this command
sudo tailscale up --advertise-routes --advertise-exit-node --reset


Congrats, you're done !
For security, you can stop the ngrok container and even deactivate the SSH service.

Install Ubuntu-18.04 on a NVMe disk

The price of NVMe disk getting closer or similar to SSD, most recent servers have only NVMe disks.

Unfortunately, installing Ubuntu-18.04 on such server triggers the error

Validation error: 'nvme.XXXXXX' is not valid under any of the given schemas in [...]

This issue has been fixed in https://bugs.launchpad.net/ubuntu/+source/curtin/+bug/1840524/comments/8 but is not yet backported on 18.04.3

If, you need to install 18.04, because for example of the NVIDIA driver support, the fix is to:

  1. flash a usb dongle with ubuntu-18.04
  2. after booting on the usb dongle, go to a terminal with Alt+F2 and enter
    sudo snap refresh --edge subiquity
  3. next, go back to main screen with Alt+F1 and start the installation.


Hopefully, 18.04.4 should have the patch.



Unbrick and update a J-Link V8 clone

You can buy a Segger JTAG J-Link clone for few USD on ebay, aliexpress, dx, ...

If you try to update its firmware with the official Segger tool, you'll brick the probe.

Don't worry, smart people have already put a checklist to restore a working firmware and even update it to the latest official version. I just put all the needed info into one single page.

Continue reading Unbrick and update a J-Link V8 clone

Pretty Check




function prettycheck {
    local TPUT='tput'
    local RED='1'
    local GREEN='2'
    local BLUE='4'
#man 5 terminfo

    [ ! -f $(which $TPUT) ] && TPUT=true

    echo "$> $cmd"
    $TPUT cuf $((`$TPUT cols` - 8)) # move the end-of-line minus 8 cols
    $TPUT cuu 1 # move on line up
    msgerr=$($cmd 2>&1 1> /dev/null)
    if [ "$?" -ne 0 ]; then
        $TPUT setaf $RED # change front color
        echo "[FAILED]"
        $TPUT setaf $BLUE # change front color
        echo "$msgerr"
        $TPUT setaf $GREEN # change front color
        echo "[  OK  ]"                                                                                   
    $TPUT reset