Run iotop tcpdump etc. on Synology DiskStation or RackStation with Synogear

When you need tools like iotop or tcpdump on you Synology DiskStation or RackStation, you doens’t need to itall it via ipkg. Synology had a build in way to install the tools.

  • Connect via SSH to your NAS
  • Run sudo synogear install
  • Now you could use the tools from the list below

The package “Diagnosis Tool” are now also visible in the package center. You could also uninstall it from here, but a installation from package center is not possible.


Add languages to PHP Docker Container

Recently I have noticed that the output of the following code shows the month in the wrong language (English instead of German):

setlocale(LC_ALL, 'de_DE.utf8');
$date_now = date('Y-m-d');
echo strftime('%B %Y', strtotime($date_now));

This can be solved by installing the required language in the docker container. Unfortunately there is a bug which prevents that the languages can be easy activated by locale-gen <lang-code>. So you have to enable them in /etc/locale.gen first and then generate them with locale-gen. This code solves the problem:

FROM php:7-apache


# install localisation
RUN apt-get update && \
    # locales
    apt-get install -y locales

# enable localisation and generates localisation files
RUN sed -i -e 's/# de_DE ISO-8859-1/de_DE ISO-8859-1/' /etc/locale.gen && \ # to uncomment the lange
    sed -i -e 's/# <your lang code from locale.gen>/<your lang code from locale.gen again>/' /etc/locale.gen && \


Or you could install all available languages:

FROM php:7-apache


# install localisation
RUN apt-get update && \
    # locales
    apt-get install -y locales locales-all


If you perform a dry run in the container, you must restart Apache for see the changes.

Preparing a Root-Server and install Docker-CE

This is my personal note list for preparing a root server. The list is not complete and may contain errors.

Network setup

  • Install OS as usual or use image from Control Panel

Network setup

  • Set/check fixed ip
  • Set the “Reverse DNS” entry in Control Panel
  • Add local user
    useradd <username>
    usermod -aG sudo <username>
  • Set hostname
    sudo hostnamectl set-hostname <hostname>
  • Edit the /etc/hosts file
  • Edit the /etc/cloud/cloud.cfg file if exists (preserve_hostname: false to true)


  • Add pubkey to ~/.ssh/authorized_keys
  • Disable SSH login with password and permit root login in /etc/ssh/sshd_config file
PasswordAuthentication no
PubkeyAuthentication yes
PermitRootLogin prohibit-password
  • Restart SSH Daemon
    service sshd restart


  • VIM Color open ~/.vimrc and add
    colo desert
    syntax on


  • Install docker-cd here
  • Install docker-compose here
  • Install docker-compose command completion here
  • add username to docker group (source)
    sudo usermod -aG docker $USER

Logrotate for Docker

  • Create Logrotate config file for Docker containers under /etc/logrotate.d/docker-container with the following content:
/var/lib/docker/containers/*/*.log {
  rotate 8
  • Test it with: logrotate -fv /etc/logrotate.d/docker-container

Docker Compose aliases

  • Create or append to ~/.bash_aliases:
alias dc='docker-compose'
alias dcl='docker-compose logs -f --tail=200'
alias dce='docker-compose exec'
alias dcb='docker-compose up --build -d'
alias dcu='docker-compose up -d'
alias dcul='docker-compose up -d && docker-compose logs -f --tail=50'
alias dcd='docker-compose down --remove-orphans'
alias dcdu='docker-compose down --remove-orphans && docker-compose up -d'
alias dcdul='docker-compose down --remove-orphans && docker-compose up -d && docker-compose logs -f --tail=50' 
alias dcdb='docker-compose down --remove-orphans && docker-compose up --build -d'
alias dcdbl='docker-compose down --remove-orphans && docker-compose up --build -d && docker-compose logs -f --tail=50'

Docker after dist upgrade

  • Re-enable repo
    sudo add-apt-repository "deb [arch=amd64] <replace with lsb_release> stable"
  • update the package database with the Docker packages from the newly added repo:
    sudo apt-get update
  • Make sure you are install from the Docker repo instead of the default Ubuntu repo:
    apt-cache policy docker-ce
  • upgrade packes
    sudo apt-get install docker-ce docker-ce-cli
  • reboot


  • TBD


  • Update repos and upgrade system
    sudo apt-get update
    sudo apt-get upgrade
  • Install fail2ban with sudo apt-get install fail2ban
  • Create config file /etc/fail2ban/jail.local and add a jail for the SSH Deamon
enabled = true
port = <ssh port>
filter = sshd
logpath = /var/log/auth.log
maxretry = 3

Can’t import SVG’s to Fritzing Part Editor created with Adobe Illustrator

When I tried Fritzing for the first time today, I unfortunately had to notice that two parts are missing. A NodeMCU has already created and released squix78, thanks for that. But unfortunately I could not find a RS232-TTL converter (MAX3232). No problem, then I just create an own part. With this manual this is relatively easy. Unfortunately the part editor did not accept the SVG’s I created with Adobe Illustrator. After a long time of trying I found out that the following export settings are necessary. Important is the number of decimal places:

The final part:

You could download my MAX3232 RS232-to-TTL-Converter Breakout Board here. To use it, drag and drop it into you sketch.


Download Fritzing for free (with out donation)

I just wanted to test Fritzing today, but it is not so easy to download the program. On the website it is only possible to download it after a PayPal donation. Unfortunately the binaries are not available on github. Please don’t get me wrong, I don’t have anything against donating for free software, but I don’t like to force this on everyone. At the end, I found something after all:

TL;DR: Sign up for an acccount (or use and then you can select “I already paid” and download the binary for you platform. If you like Fritzing, please donate.

How to easily clone a (encrypted hard) disk over network (with dd and netcat)

The task was simple: two computers (notebooks). One – we call it A – with a working operating system (Xubuntu) and a new one – we call it B – without operating system. This is how I proceeded:

  1. Create bootable flash drive with in my case Arch-Linux
  2. In the Arch-Linux boot loader, press [TAB] and add “copytoram” to the boot command to load the squashfs image into ram. I needed this because in this case I only had a flash drive at hand. If you have two, you don’t need this.
  3. List network devices:
    ip address
  4. Assign a IP adress to computer A with:
    ip address add <machine A ip adress> dev <ethernet device>

  5. To identify source disk, list all block devices with:

  6. Prepare the copy operation (do not execute yet!) with
    dd if=/dev/<source block device> bs=32M status=progress | nc <machine B ip adress> <random port number>

  7. Boot machine B from the same or different flash drive
  8. Assign different IP adress
  9. Identify target device
  10. Prepare the receiving copy operation with
    nc -l -p <same port number as A> | if of=/dev/<destination block device> bs=32M status=progress

  11. Execute the command on Machine B
  12. Then execute the command on Machine A
  13. Wait until the copying process is completed.
  14. Use at least the Sync command to synchronize corresponding file data in volatile storage and permanent storage
  15. Restart the machine, you are done

How it works/remarks
dd reads the source drive bit by bit into the normal output stream. The output stream is piped to netcat, which sends it over the network to a receiving netcat process (server with -l). Therefore the server must be started first. The server receives the bits and piped them back to dd, which writes them to the target on machine B.

Maybe this is not the best and/or most efficient way, but transfer speed in my case of 75MB/s (poor performance on screenshots is from a setup with two vm’s) is in IHMO very good for this simple setup.

Thanks to pmenke for his support.

IPsec VPN between Sophos UTM and AVM Fritz!Box (LTE) with a dynamic IP-Adresss

Use the following settings to configure a Fritz!Box – also a LTE version – to connect to a Sophos UTM (v9.7)

  • Sophos UTM Settings
  • Fritz!Box VPN VPN-Configfile
vpncfg {
        connections {
                enabled = yes;
                conn_type = conntype_lan;
                name = "Sophos IPsec";
                always_renew = yes;
                reject_not_encrypted = no;
                dont_filter_netbios = yes;
                localip =;
                local_virtualip =;
                remoteip = AAA.BBB.CCC.DDD; // Change to Sophos External IP
                remote_virtualip =;
                localid {
                        fqdn = ""; // No change needed. Is ignored from the UTN
                remoteid {
                        ipaddr = "AAA.BBB.CCC.DDD"; // Change
                mode = phase1_mode_idp; // Main Mode
                phase1ss = "dh14/aes/sha";
                keytype = connkeytype_pre_shared;
                key = "MySecr3tPassw0rd!"; // has to be changed
                cert_do_server_auth = no;
                use_nat_t = yes;
                use_xauth = no;
                use_cfgmode = no;
                phase2localid {
                        ipnet {
                                ipaddr =; // change to local network
                                mask =;   // change to local subnet
                phase2remoteid {
                        ipnet {
                                ipaddr =; // change to remote network
                                mask =; // change to remote subnet
                phase2ss = "esp-aes256-3des-sha/ah-no/comp-lzs-no/pfs";
                accesslist = "permit ip any"; // to remote network
        ike_forward_rules = "udp",


Could not find any disk on this device. PRTG error code: PE188

I got this error when I tried to add a SNMP HP ProLiant Physical Disk Sensor for HP Proliant DL 380 G7 with Windows 2012 R2 in our monitoring solution from Paessler (PRTG). The SNMP HP ProLiant System Health, Network and Storage Controller Sensor works fine.

HPE Insight Management Agents and HPE Insight Management WBEM Providers for Windows are installed.

An SNMP walk against OID (used by Paessler for this sensor) works without errors but also without result.

I found some guys with the same probleme and a solution: The problem was the disk (controller) driver. Installed was v8.0.4.0, which seems to be a standard Microsoft driver. With the original HPE controller driver (for us it works.


How to easily migrate a Synology EXT4 volume to Btrfs without data loss

Today I switched from a Synology DS215play to a DS918+. Perfect time to change the file system – the DS215play didn’t support Btrfs. The migration also works with only one device. So I wrote down both ways.

Steps if you haven’t changed your DiskStation:

  1. Backup your data! If you switch to a device with new drives like me, you still have a copy of your data, but if you migrate without new drives, you don’t have a copy! In germany we say: No backup – no pity.
  2. Shut down the DS, remove drive 2. Format drive 2 with your computer.
  3. Turn the DS back on and DO NOT repair the fault volume.
  4. Create a new volume (SHA and Btrfs) in the Storage Manager on drive 2.
  5. For each shared folder, change the location to the new volume. You can only do this for one shared folder at a time and the move may need several hours depending on the size of your shared folders.
  6. When you have moved all the shared folders, shut down your DS and remove drive 1.
  7. Format drive 1 with your computer.
  8. Turn on your DS and go to the Package Center. Repair all apps.
  9. Expand your new volume to drive 1 and wait until RAID Resync is complete. You’re done.

Steps if you are switching to a new DiskStation with new drives (my situation):

  1. Turn off your old DS, remove drive 2.
  2. In the new DS, place the new drives in slot 1 and 2. Place the (old) drive 2 in slot 3.
  3. Turn on the new DS. Open your browser and navigate to the new DiskStation. In my case, the DS got a new IP address. I looked them up in my router DHCP table.
  4. Follow the Migration Wizard and wait until the DS restarts.
  5. Create a new volume (SHA and Btrfs) in the Storage Manager on drive 1 and 2. It is now recommended to change the RAID Resync speed to Fast and wait until RAID synchronization is complete.
  6. Now for each shared folder, change the location to the new volume. You can only do this for one shared folder at a time and may need several hours depending on the size of your shared folders.
  7. When you have moved all shared folders, shut down your DS and remove drive 3.
  8. Turn on your DS and go to the Package Center. Repair all apps. You’re Done.