GL.iNet GL-MT3000 + Tailscale: Cross‑Subnet Access Fix

GL.iNet GL-MT3000 + Tailscale: Cross‑Subnet Access Fix

Problem

LAN clients behind a GL.iNet GL-MT3000 could not access machines on other subnets within the same Tailscale environment. The fix required enabling split‑DNS in Tailscale, forcing the GL.iNet client to accept DNS, and NATing LAN traffic to tailscale0.

Symptoms

  • LAN clients behind the GL-MT3000 could not reach hosts in other private subnets over Tailscale.
  • Split‑DNS names such as pfsense.site-a.example.com did not resolve for LAN clients.

Fix Steps

1) Tailscale Admin

  • Enable MagicDNS.
  • Create split DNS entries:
  • site-b.example.com192.168.10.1
  • site-a.example.com192.168.1.1
  • Set Global nameservers to Cloudflare Public DNS and Google Public DNS.
  • Enable Override DNS servers.

2) GL.iNet GL-MT3000 (accept DNS from Tailscale)

Edit /usr/bin/gl_tailscale and apply this diff (line ~226):

- timeout 10 /usr/sbin/tailscale up --reset --accept-routes $param --timeout 3s --accept-dns=false > /dev/null
+ timeout 10 /usr/sbin/tailscale up --reset --accept-routes $param --timeout 3s --accept-dns=true > /dev/null

Upgrade note: This file may be overwritten by firmware upgrades. Add it to LuCI backups (System → Backup / Flash Firmware → Configuration):

/usr/bin/gl_tailscale

3) GL.iNet GL-MT3000 (NAT LAN → tailscale0)

Add the following to /etc/firewall.user and restart the firewall:

# NAT traffic going out to Tailscale sourced from the LAN subnet.
iptables -t nat -A POSTROUTING -s 192.168.8.0/24 -o tailscale0 -j MASQUERADE

/etc/init.d/firewall restart

Verification

  • nslookup pfsense.site-a.example.com 192.168.8.1
  • Ping or connect to a host in 192.168.1.0/24 and 192.168.10.0/24 from a LAN client.

Final State (Expected)

  • GL-MT3000 LAN clients can access hosts in other Tailscale‑reachable subnets.
  • Split DNS resolves *.site-a.example.com and *.site-b.example.com correctly.
  • Public DNS resolves everything else.

Trouble Setting n8n WEBHOOK_URL

If you have an instance of n8n running in a Proxmox LCX created from the community script Proxmox VE Helper-Scripts and want to set / change environment variables you need to edit:

nano /etc/systemd/system/n8n.service


Environment variables like WEBHOOK_URL can be set here (note: setting them in .bashrc etc does not work!)

e.g.

[Unit]
Description=n8n

[Service]
Type=simple
Environment="N8N_SECURE_COOKIE=false"
Environment="WEBHOOK_URL=https://n8n.example.com"
ExecStart=n8n start
[Install]
WantedBy=multi-user.target

Install Proxmox for PfSense

System Specifications

  • Mini PC with at least ETH 3 ports CWWK Mini PC
  • 16GB RAM
  • 256GB NVMe SSD
  • Single-node Proxmox setup (no clustering)
  • No dedicated GPU or RAID

Installation

  • Step 1 – Download Proxmox VE ISO
  • Step 2 – Download Rufus
  • Step 3 – Install ISO onto empty USB stick



  • Step 4 – Start the Proxmox installer (UEFI mode)
  • Step 5 – On the “Target Hard Disk” screen:
    • Select your drive
    • Then click the button labeled “Options” at the bottom-right corner of the screen
  • Step 6 – In the Options Window:
    • Filesystem: Choose ext4
    • hdsize: Default is fine unless you want to shrink it
    • swapsize: Set this to 0 to disable disk swap (note: we will be enabling zram swap later).
    • maxroot: Leave blank unless you want to cap /
    • minfree: Optional (for snapshots or alignment)
    • maxvz: Leave blank (it will use remaining space)
  • Step 7 – On the Management Network Configuration screen:
    • Management Interface: Choose the first port being used for your Linux Bridge (LAN)
    • Hostname (FQDN): Example pve.home.arpa
    • IP Address (CIDR): IP Address
    • Gateway: Gateway IP address
    • DNS Server: Usually the same as the Gateway

Enable Trim/Discard

Login to the PVE shell and enable Trim/discard on the root filesystem:

lvextend -l +100%FREE /dev/pve/root
resize2fs /dev/pve/root
nano /etc/fstab

Update root line to:

/dev/pve/root / ext4 discard,errors=remount-ro 0 1
systemctl daemon-reload
mount -o remount /
nano /etc/pve/storage.cfg
lvmthin: local-lvm
    thinpool data
    vgname pve
    content rootdir,images
    discard 1
systemctl enable fstrim.timer
systemctl restart fstrim.timer

Set up zram swap:

apt update
apt install zram-tools
nano /etc/default/zramswap

Set:

ALGO=lz4
PERCENT=13
systemctl enable zramswap
systemctl restart zramswap
swapon --show
NAME       TYPE      SIZE USED PRIO
/dev/zram0 partition   2G   0B  100

Post Install Script

bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/tools/pve/post-pve-install.sh)"

Parasite Cleanse

New research has shown links between cancer and parasite activity within the body.

Once a year it is suggested you follow this protocol to properly cleanse the body of parasites:

Ivermectin – 12mg once a day https://m.indiamart.com/

Fenbendazole – 222mg once a day https://fenbenlab.com/

Do for 10 days. Stop for 5 days, then repeat for 10 days.

Spike Protein Detox

The following detox forces the ACE2 receptors to release the COVID spike protein.

It is suggested you follow this protocol if you have had the COVID vaccine and / or after contracting COVID.

Chlorella – 2 caps 3 times a day https://a.co/d/1teSzrM

Reishi Immune – 3 caps 3 times a day https://a.co/d/cKBTJnQ

Curmumin – 1 cap 3 times a day https://biotrace.co.nz/products/shop-online/biotrace-curcumin-bioperine/

Dandelion Root Extract – 3 times a day https://au.iherb.com/pr/christopher-s-original-formulas-dandelion-root-extract-2-fl-oz-59-ml/54682?gad_source=1

7 mg Nicotine Patches – Daily. Remove before bed.

Important. Introduce the patches only after one week of taking the above supplements.

Follow the protocol for a total of 4 weeks (3 weeks with the nicotine patches).

QNAP – HOW TO REPAIR RAID5 ARRAY WITH UNRECOVERED READ ERROR (URE) DURING REBUILD

Tonight I experienced first hand a fear that most QNAP NAS owners have whilst rebuilding a broken drive in a RAID 5 array. You guessed it, the dreaded URE (UNRECOVERED READ ERROR).

# dmesg

[23298.622891] md: md0: recovery done.
[23298.628401] md: Recovering done: md0, degraded=1
[23299.732589] ata6.00: exception Emask 0x0 SAct 0x7fe SErr 0x0 action 0x0
[23299.737963] ata6.00: irq_stat 0x40000008
[23299.743250] ata6.00: failed command: READ FPDMA QUEUED
[23299.748477] ata6.00: cmd 60/00:08:84:d9:44/04:00:57:00:00/40 tag 1 ncq 524288 in
[23299.748481] res 41/40:00:f0:dc:44/00:00:57:00:00/40 Emask 0x409 (media error) <F>
[23299.759028] ata6.00: status: { DRDY ERR }
[23299.764316] ata6.00: error: { UNC }
[23299.782380] ata6.00: configured for UDMA/133
[23299.787537] ata6: EH complete
[23301.855721] ata6.00: exception Emask 0x0 SAct 0x7ff SErr 0x0 action 0x0
[23301.860887] ata6.00: irq_stat 0x40000008
[23301.866252] ata6.00: failed command: READ FPDMA QUEUED
[23301.871320] ata6.00: cmd 60/00:48:84:d9:44/04:00:57:00:00/40 tag 9 ncq 524288 in
[23301.871325] res 41/40:00:ef:dc:44/00:00:57:00:00/40 Emask 0x409 (media error) <F>
[23301.882098] ata6.00: status: { DRDY ERR }
[23301.887228] ata6.00: error: { UNC }
[23306.892039] ata6.00: qc timeout (cmd 0xec)
[23306.897030] ata6.00: failed to IDENTIFY (I/O error, err_mask=0x4)
[23306.902001] ata6.00: revalidation failed (errno=-5)
[23306.906919] ata6: hard resetting link
[23307.371054] ata6: SATA link up 3.0 Gbps (SStatus 123 SControl 320)
[23307.388929] ata6.00: configured for UDMA/133
[23307.393885] ata6: EH complete
[23308.431943] ata6: log page 10h reported inactive tag 0
[23308.436777] ata6.00: exception Emask 0x1 SAct 0x7fe SErr 0x0 action 0x0
[23308.441659] ata6.00: irq_stat 0x40000008
[23308.446492] ata6.00: failed command: READ FPDMA QUEUED
[23308.451684] ata6.00: cmd 60/00:08:84:d9:44/04:00:57:00:00/40 tag 1 ncq 524288 in
[23308.451689] res 40/00:54:42:6c:10/00:00:00:00:00/40 Emask 0x1 (device error)
[23308.461723] ata6.00: status: { DRDY }
[23308.466716] ata6.00: failed command: READ FPDMA QUEUED
[23308.471658] ata6.00: cmd 60/00:10:84:dd:44/03:00:57:00:00/40 tag 2 ncq 393216 in
[23308.471661] res 40/00:54:42:6c:10/00:00:00:00:00/40 Emask 0x1 (device error)
[23308.481539] ata6.00: status: { DRDY }
[23308.486502] ata6.00: failed command: READ FPDMA QUEUED
[23308.491486] ata6.00: cmd 60/08:18:7a:6c:10/00:00:00:00:00/40 tag 3 ncq 4096 in
[23308.491490] res 40/00:54:42:6c:10/00:00:00:00:00/40 Emask 0x1 (device error)
[23308.501645] ata6.00: status: { DRDY }
[23308.506405] ata6.00: failed command: READ FPDMA QUEUED
[23308.511115] ata6.00: cmd 60/08:20:72:6c:10/00:00:00:00:00/40 tag 4 ncq 4096 in
[23308.511119] res 40/00:54:42:6c:10/00:00:00:00:00/40 Emask 0x1 (device error)
[23308.520405] ata6.00: status: { DRDY }
[23308.524995] ata6.00: failed command: READ FPDMA QUEUED
[23308.529534] ata6.00: cmd 60/08:28:6a:6c:10/00:00:00:00:00/40 tag 5 ncq 4096 in
[23308.529538] res 40/00:54:42:6c:10/00:00:00:00:00/40 Emask 0x1 (device error)
[23308.538586] ata6.00: status: { DRDY }
[23308.543067] ata6.00: failed command: READ FPDMA QUEUED
[23308.547584] ata6.00: cmd 60/08:30:62:6c:10/00:00:00:00:00/40 tag 6 ncq 4096 in
[23308.547588] res 40/00:54:42:6c:10/00:00:00:00:00/40 Emask 0x1 (device error)
[23308.556706] ata6.00: status: { DRDY }
[23308.561263] ata6.00: failed command: READ FPDMA QUEUED
[23308.565820] ata6.00: cmd 60/08:38:5a:6c:10/00:00:00:00:00/40 tag 7 ncq 4096 in
[23308.565825] res 40/00:54:42:6c:10/00:00:00:00:00/40 Emask 0x1 (device error)
[23308.574937] ata6.00: status: { DRDY }
[23308.579488] ata6.00: failed command: READ FPDMA QUEUED
[23308.584079] ata6.00: cmd 60/08:40:52:6c:10/00:00:00:00:00/40 tag 8 ncq 4096 in
[23308.584082] res 40/00:54:42:6c:10/00:00:00:00:00/40 Emask 0x1 (device error)
[23308.593387] ata6.00: status: { DRDY }
[23308.597981] ata6.00: failed command: READ FPDMA QUEUED
[23308.602812] ata6.00: cmd 60/08:48:4a:6c:10/00:00:00:00:00/40 tag 9 ncq 4096 in
[23308.602817] res 40/00:54:42:6c:10/00:00:00:00:00/40 Emask 0x1 (device error)
[23308.612334] ata6.00: status: { DRDY }
[23308.616907] ata6.00: failed command: READ FPDMA QUEUED
[23308.621563] ata6.00: cmd 60/08:50:42:6c:10/00:00:00:00:00/40 tag 10 ncq 4096 in
[23308.621567] res 40/00:54:42:6c:10/00:00:00:00:00/40 Emask 0x1 (device error)
[23308.631025] ata6.00: status: { DRDY }
[23308.648602] ata6.00: configured for UDMA/133
[23308.653389] ata6: EH complete
[23310.704908] ata6.00: exception Emask 0x0 SAct 0x3ff SErr 0x0 action 0x0
[23310.709669] ata6.00: irq_stat 0x40000008
[23310.714362] ata6.00: failed command: READ FPDMA QUEUED
[23310.719089] ata6.00: cmd 60/00:48:84:d9:44/04:00:57:00:00/40 tag 9 ncq 524288 in
[23310.719092] res 41/40:00:ef:dc:44/00:00:57:00:00/40 Emask 0x409 (media error) <F>
[23310.728625] ata6.00: status: { DRDY ERR }
[23310.733749] ata6.00: error: { UNC }
[23310.751334] ata6.00: configured for UDMA/133
[23310.756049] ata6: EH complete
[23312.863828] ata6.00: exception Emask 0x0 SAct 0x1 SErr 0x0 action 0x0
[23312.868659] ata6.00: irq_stat 0x40000008
[23312.873247] ata6.00: failed command: READ FPDMA QUEUED
[23312.877828] ata6.00: cmd 60/00:00:84:d9:44/04:00:57:00:00/40 tag 0 ncq 524288 in
[23312.877832] res 41/40:00:ef:dc:44/00:00:57:00:00/40 Emask 0x409 (media error) <F>
[23312.887045] ata6.00: status: { DRDY ERR }
[23312.891653] ata6.00: error: { UNC }
[23312.909053] ata6.00: configured for UDMA/133
[23312.913591] ata6: EH complete
[23314.959481] ata6.00: exception Emask 0x0 SAct 0x1 SErr 0x0 action 0x0
[23314.964017] ata6.00: irq_stat 0x40000008
[23314.968487] ata6.00: failed command: READ FPDMA QUEUED
[23314.972937] ata6.00: cmd 60/00:00:84:d9:44/04:00:57:00:00/40 tag 0 ncq 524288 in
[23314.972941] res 41/40:00:ef:dc:44/00:00:57:00:00/40 Emask 0x409 (media error) <F>
[23314.982330] ata6.00: status: { DRDY ERR }
[23314.986831] ata6.00: error: { UNC }
[23315.004157] ata6.00: configured for UDMA/133
[23315.008655] sd 5:0:0:0: [sda] Unhandled sense code
[23315.013027] sd 5:0:0:0: [sda] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[23315.017468] sd 5:0:0:0: [sda] Sense Key : Medium Error [current] [descriptor]
[23315.021882] Descriptor sense data with sense descriptors (in hex):
[23315.026341] 72 03 11 04 00 00 00 0c 00 0a 80 00 00 00 00 00
[23315.030854] 57 44 dc ef
[23315.035243] sd 5:0:0:0: [sda] Add. Sense: Unrecovered read error – auto reallocate failed
[23315.039729] sd 5:0:0:0: [sda] CDB: Read(10): 28 00 57 44 d9 84 00 04 00 00
[23315.044333] end_request: I/O error, dev sda, sector 1464130799
[23315.048820] md/raid:md0: read error not correctable (sector 1462010216 on sda3).
[23315.053422] raid5: some error occurred in a active device:0 of md0.
[23315.058027] raid5: Keep the raid device active in degraded mode but set readonly.
[23315.062687] md/raid:md0: read error not correctable (sector 1462010224 on sda3).
[23315.067315] raid5: some error occurred in a active device:0 of md0.
[25914.157523] md: ioctl lock interrupted, reason -4, cmd -2142762735

When you encounter a URE during a re-build, most of the advice on many of the forums suggest that the only course of action is to create a new array and restore your data from a backup.

As someone who does not give up that easy, I went looking for an alternative option and found my new best friend. ddrecue.

Using ddrescue, I was able to clone the disk that was having the URE (UNRECOVERED READ ERROR). To begin the process you must first identify the problem disk. Steps are:

  1. You need to ssh / putty into the NAS
  2. Run the command dmesg and locate a line similar to “read error not correctable (sector 1462010224 on sda3)“.
  3. Typically – sda3 = disk1, sdb3 = disk2, sdc3 = disk3, sdd3 = disk 4
  4. Eject the problem disk from the NAS
  5. Download and install SystemRescueCd on a USB stick – see http://www.system-rescue-cd.org/Installing-SystemRescueCd-on-a-USB-stick/
  6. On any computer, install the problem drive and the new replacement drive using SATA connectors.
  7. Configure the computer to boot from USB, plug in the SystemRescueCd on the USB stick and power-on
  8. At the command prompt use fdisk -l to identify your disks – typically /dev/sda and /dev/sdb
  9. To determine which is the source disk, you can use smartctl:|
    smartctl -a /dev/sda
    smartctl -a /dev/sdb
  10. You can also determine drive serial numbers with hdparm:
    hdparm -I /dev/sda
    hdparm -I /dev/sdb
  11. Once the source and destination disks are determined. Use ddrescue to copy the disk:
    ddrescue -f /dev/sda /dev/sdb
    Important Note: In this example /dev/sda is the source and /dev/sdb is the destination.
  12. Once the cloning of the disk completes, replace the problem disk with the new clone and start the RAID array rebuild again.

HowTo – Jenkins – Remove an Orphaned Workspace

A couple of times I’ve been left with an orphaned workspace directory after deleting a project.

If you don’t the credentials to remove the directory in the operating system, try this Groovy script:

def command = """rm -rf /var/lib/jenkins/workspace/TheOrpanedWorkspace""" // Create the String
def proc = command.execute() // Call *execute* on the string
proc.waitFor()
print "done";

Useful GIT Commands

Clone a “bare” Repository
This command is useful to setup an intermediate repository to develop against instead of developing directly against github:

git clone --bare [remote github repo] [local repo]

Push all your branches in the “bare” repo to the github remote
This will push all your branches to the remote, and set-upstream tracking correctly for you:

git push --all -u

HowTo – AIX – Emulate BASH Keystrokes

If you are looking for an easy way to emulate BASH up / down arrow behavior as well as TAB completion of filenames and directories then this might be a solution for you:

  1. Change your default shell to ksh93 using the “chsh” command and select “/usr/bin/ksh93

  2. Edit you “.profile” file and add the following line:

    export ENV=$HOME/.kshrc

  3. Copy the contents of THIS FILE to $HOME/.kshrc