UPDATE: Apparently they are willing to refund me via 3rd party company (Bluesnap) that handles paysafecard payment processor for them. And if that’s not enough, that I have to utilize 3rd party business to get my money back, guess what, they are unable to refund me directly to my paysafe account, they require my bank account name, IBAN and BIC. They make it almost unpossible to get your money back. Avoid PureVPN scammers.


So this is what happened. I was looking for a VPN service that does not require a credit card, because I don’t have one. Then I found PureVPN, they have a lot of payment options including paysafe card. I went to the gas station, purchased paysafe card and funded my account. I bought PureVPN 2 year package for 69$ with paysafe card. To my surprise, VPN stopped working few hours after the purchase was made. I’ve checked my email and received a messsage from them noticing me about my VPN account being disabled due security measures. They wanted me to verify my account by sending them a scan of my credit card. So, WTF, I bought their service with paysafe card because I don’t have a credit card, and they want me to verify the account with the credit card? Why would I even buy their service with paysafe card if I had a f*****g credit card? Where’s the logic behind that? I replied to their message and told them I don’t have a credit card and if they don’t like it they should just refund me. They replied with some bullshit generic text “about caring for the customers, jada jada, bullshit, more bullshit”. On the top of that email, they sent another generic mail noticing me that they will suspend my account if I don’t verify it, with a credit card. Really, did you even read what I’ve wrote the last time about not having a credit card? So, their lack of understanding about my situation and not mentioning it in the replies by just sending me generic non personalized emails tells me that they are scammers and they are stealing money from customers. Also, the service sucks, during a few hours I had a chance to test their service I tried many different servers on a different continents. I have a 220 mbit line but their VPN bandwidth never exceeded 50/60 mbit. So F*** you PureVPN scammers, you can keep my money and shove it up your a**. I wii never recommend your fraudulent services to anyone else ever. DO NOT BUY PUREVPN.


  • Bought PureVPN with paysafe card because I don’t have a credit card
  • They disabled my account and wanted verification by sending them a scan of a credit card that I obviously don’t have
  • They did not want to refund me, they ignored my issue about not having a credit card
  • Service sucks, low bandwidth

1st security measure email:

My reply:

Their second and third reply:


Xerox phaser 3020 black ink percentage remaining – SNMP cacti data and graph template at the bottom of this post.


With some tweaks this method should also works for other brand printers.

With the help of this article: https://thwack.solarwinds.com/docs/DOC-171511 I could set up a cacti template for my Xerox 3020 printer. Some printers return ink level value in percents but in my case I got only the raw value.

1. Get SNMP toner max capacity value, OID for that is

root@cacti: snmpget -v2c -c public
SNMPv2-SMI::mib- = INTEGER: 700

700 is the raw value for 100% toner capacity.

2. Get SNMP toner current levels value, OID for that is

root@cacti: snmpget -v2c -c public
SNMPv2-SMI::mib- = INTEGER: 686

686 is the current raw value of my toner levels. To calculate toner ink percentage remaining we need to divide current raw value (686) with max raw value (700) and multiply it by 100. 686 / 700 * 100 = 98 (percentage of ink remaining). Since the max raw value is a nice number (700), we can just divide current raw value with 7, 686/7 = 98. We can use this formula for our CDEF definitions in cacti later. Remember, this is only for Xerox 3020, other brand printers can output different raw values and you need to correct this formula accordingly.

Xerox 3020 ink remaining percentage formula: raw_current_ink_level / 7

3. Login to cacti and go to Console -> Presets -> CDEFs

Click plus sign and create new CDEF and name it Xerox toner percentage

Click plus at CDEF Items.

CDEF Item Type: Special Data Source

CDEF Item Value: Current Graph Item Data Source

Click Save

Click plus at CDEF Items.

CDEF Item Type: Custom String

CDEF Item Value: 7 (this is the value cacti will use to divide raw data)

Click Save

Click plus at CDEF Items.

CDEF Item Type: Operator

CDEF Item Value: / (this will tell cacti to use a divide operation with the custom string we defined in a previous step).

Click Save

4. Go to Console -> Templates -> Data Source

Click plus to create new data source template and name it Printer – black toner current

Name: |host_description| – black toner current

Data Input Method: Get SNMP Data

Data Source Active: tick the right box

Internal Data Source Name: toner_current

Click Create

New Custom Data field will appear.


Click Save

5.1 Go to Console -> Templates -> Graph

Click plus sign

Name: Printer – black toner levels

Title: Printer – black toner levels

Vertical Label: percent

Tick Rigid Boundaries Mode

Upper Limit: 100

Click Create

5.2 Now click plus sign at Graph Template Items

Graph Item Type: AREA

Data Source: Printer – black toner current

Color: select what you like

Consolidation Function: AVERAGE

CDEF Function: Xerox toner percentage

Text Format: Available

Click save

Add another Graph template item

Graph Item Type: GPRINT

Data Source: Printer – black toner current

Consolidation Function: LAST

CDEF Function: Xerox toner percentage

GPRINT Type: Percent(Round down to the nearest decimal)

Text format: Current:

Click Save

Add another Graph template item

Graph Item Type: LINE1

Data Source: Printer – black toner current

Consolidation function: AVERAGE

CDEF function: Xeror toner percentage


Your graph is now ready to device assignment.

Final result:

Download data and graph templates for xerox phaser 3020:

xerox_3020_cacti_toner_level_template [Dropbox mirror]




  1. SSH login to QNAP
  2. Identify virtual switch you want to put into monitoring mode, in my case qvs1
  3. Set ageing to 0
brctl show
brctl setageing qvs1 0

My example:

I’ve created a virtual machine  (SecurityOnion) on my QNAP virtualization station to monitor my home network traffic. I have setup a port mirroring on my switch to send all traffic to the QNAP ethernet adapter number 2. (My QNAP has 4 ethernet adapters). Sniffing OS usually needs two ethernet adapters, one for management and one dedicated for monitoring (sniffing). I’ve created a new virtual switch in QNAP with adapter number 2 and set it to external mode (no IP address), then I assigned this virtual switch to monitoring interface in SecurityOnion. I should’ve been able to see all the traffic now, but that wasn’t the case. There were no packets flowing to my monitoring ethernet adapter. After some investigating I found out a reddit user had the same problem. This is the solution:

SSH into your QNAP with your admin username and credentials. Check your virtual switches with a command “brctl show“, this will list all virtual switches you created. Now you need to select the virtual switch you assigned to your sniffing ethernet adapter in my case, that was adapter number 2 and run the following command: “brctl setageing qvs1 0″, where qvs1 is the number of your selected virtual switch (one that will do the sniffing, in my case adapter 2, identified as qvs1). That’s it, you should see all packets on the sniffing interface now. Thanks go to the reddit user I don’t want to name due privacy concerns.

SecuritOnion is now receiving packets on the monitoring interface:

Side note: Sniffing and analyzing traffic is heavy on CPU, HDD and RAM resources. Qnap is not a suitable candidate for that. My Qnap tests showed a CPU bottleneck (quad core celeron N3160) averaging around 70% cpu usage with low network traffic and less than 20 devices on the network.

I wanted to limit upload speed of my torrent clients (utorrent, qbittorent) with port forwarding enabled. This can be done on the client itself but I prefer the method via firewall.

For this example I forwarded port 17123 to my qbittorent client and limited upload speed to 1mbit/s. There are probably other more “proper” methods to achieve this on Pfsense, but this is working for me:

Set up a port in a client:

Go to Pfsense, Firewall, traffic shaper, limiters:

Click New limiter

Tick Enable limiter and its children

Name it upload1mbit

Set Bandwidth to 1 Mbit/s

Set Mask to Source addresses and set Description to something you like and save.

For limiters to work you also need to make a download limiter. Click new limiter and name it download1000mbit

Set bandwidth to 1000 Mbit/s

Set mask to Destination addresses

Set description and click save.

Now go to firewall, NAT and add a new rule:

Interface: WAN

Protocol: Depends on your needs, usually TCP, UDP or both

Destination: WAN address

Destination port range: 17123 to 17123

Redirect target IP: LAN IP of the machine torrent client is running on, example

Redirect target port: 17123

Description: Torrents

Click Save


Now go to firewall, rules, WAN and find the associated rule we created in the previous step, click edit.

Scroll down to the bottom and click Display Advanced, scroll down again to find In / Out pipe.

For In select download1000mbit, and for out select upload1mbit, save and apply changes. This is the opposite of what you do when you want to limit LAN IP bandwidth, because this rule is applied to WAN interface not LAN. Click save and the limiter should work. You should always reset the states when applying new settings to filters. You can do that on Diagnostics, states, reset states.

I will add more images later, this is only a quick draft. It should be sufficient to set up a rule though.

1. Update system and optionally disable X Desktop, we don’t need GUI

apt-get update
apt-get upgrade

Select menu: 3, B1, B1

2. Install dependencies

apt-get install subversion libsigc++-2.0-dev g++ make libsigc++-1.2-dev libgsm1-dev screen \
libpopt-dev tcl8.5-dev libgcrypt-dev libspeex-dev libasound2-dev alsa-utils install qt-sdk git groff -y

3. Add a new user

adduser svxlink

4. Download svxlink source

cd /usr/src; wget https://github.com/sm0svx/svxlink/archive/15.11.tar.gz; tar xvf 15.11.tar.gz; cd svxlink-15.11/src; mkdir build; cd build

5. Compile and install svxlink

        -DLOCAL_STATE_DIR=/var ..
make doc
make install

6. Install sounds

cd /usr/share/svxlink/sounds; wget https://github.com/sm0svx/svxlink-sounds-en_US-heather/releases/download/14.08/svxlink-sounds-en_US-heather-16k-13.12.tar.bz2
tar xvf svxlink-sounds-en_US-heather-16k-13.12.tar.bz2
mv en_US-heather-16k en_US; rm -rf svxlink-sounds-en_US-heather-16k-13.12.tar.bz2

7. Configure sound levels


Press F6 and select usb soundcard.
Press F5 to show all.
Increase gain on CAPTURE, around 80 is fine, experiment otherwise.
Exit alsamixer and save the settings with:

alsactl store

8. Tweak configuration files in /etc/svxlink/svxlink.conf and /etc/svxlink/svxlink.d/ModuleEchoLink.conf

svxlink.conf: I will show you only modified lines

Uncomment LOCATION_INFO=locationInfo to show your Echolink on aprs.fi map.

Under [Rx1]

AUDIO_DEV=alsa:plughw:1 #Hardware ID of the soundcard, usually 1 on rpi with usb soundcard
SQL_START_DELAY=100 #Prevent TX, RX loop
VOX_THRESH=500 #Increase if your VOX gets falsly opened

Under [Tx1]:

PTT_PORT=/dev/ttyUSB0 #Depends what you have for PTT triggering, I do it with RS232 to USB converter

Under [LocationInfo]
#This is mostly self explanatory

#Go to maps.google.com, select your location, right click, what's here
#and you'll get coordinates, for example: 45.660325, 14.291537 Go to https://rechneronline.de/winkel/degrees-minutes-seconds.php
#and convert from decimal degrees provided from maps.google.com to degrees, arc minutes, arc seconds.
#Enter converted

COMMENT=SvxLink by SM0SVX (svxlink.sourceforge.net)


ALLOW_IP= #Depends on your home network setup,
#it could be also ALLOW_IP=
PASSWORD=your echolink password
LOCATION=[Svx] comment about your echolink
AUTOCON_ECHOLINK_ID=ID of the remote repeater for example AUTOCON_ECHOLINK_ID=609569
DESCRIPTION=edit text to fit your needs

9. Run svxlink


Try to transmit, usb soundcards on rpi are tricky. You will probably get a warning:
Rx1: Distorsion detected! Please lower the input volume!
Don’t worry about it.
Exit and run svxlink as daemon

svxlink --daemon

10. Start svxlink at boot
You need to wait some time after boot for Pi to initialize devices.
It will not work when you start svxlink immediately after the boot,
the process will run but there will be no access to PTT. Open
/etc/rc.local and add this two lines at the end of the file, before exit 0

sleep 120
/bin/bash -c '/usr/bin/svxlink --pidfile=/var/run/svxlink.pid --daemon'

This will start svxlink 2 minutes after boot.


# Rtsp to youtube streaming with ffmpeg

VBR="1000k" # Bitrate of the output video, bandwidth 1000k = 1Mbit/s
QUAL="ultrafast" # Encoding speed
YOUTUBE_URL="rtmp://a.rtmp.youtube.com/live2" # RTMP youtube URL
THREADS="0" # Number of cores, insert 0 for ffmpeg to autoselect, more threads = more FPS

VIDEOCHANNEL="videoSub" # videoMain and VideoSub for Foscam cameras

KEY="xxx-xxxx-xxxx-xxxx" # Youtube account key

# To download fonts
# wget -O /usr/local/share/fonts/open-sans.zip "https://www.fontsquirrel.com/fonts/download/open-sans";unzip open-sans.zip

# Text allingment

# Other
box="1" # enable box
boxcolor="black@0.5" # box background color with transparency factor
reloadtext="1" # Reload textfile after each frame, usefull for overlaying changing data 
# like weather info. To update the textfile while streaming, you need to use mv command or a crash
# is going to happen when you update the textfile.
# Example:
# wget -q https://something.com/ -O - | grep somevalue > ffmpegraw.txt; mv ffmpegraw.txt ffmpeg.txt

# Ffmpeg with drawtext, 
    ffmpeg -loglevel panic \
    -f lavfi -i anullsrc \
    -rtsp_transport tcp \
    -i "$SOURCE" \
    -vcodec libx264 -pix_fmt yuv420p -preset $QUAL -g 20 -b:v $VBR \
    -vf "drawtext="fontfile=${FONT}":textfile=${textfile}:x=${x}:y=${y}:reload=${reloadtext}: \
    fontcolor=white:fontsize=${FONTSIZE}:box=${box}:boxborderw=${boxborderwidth}:boxcolor=${boxcolor}" \
    -threads $THREADS -bufsize 512k \
    -f flv "$YOUTUBE_URL/$KEY"

# Copy stream only, don't encode
#ffmpeg \
#    -f lavfi -i anullsrc \
#    -rtsp_transport tcp \
#    -i "$SOURCE" \
#    -vcodec libx264 -pix_fmt yuv420p -preset $QUAL -g 20 -c:v copy -b:v $VBR \
#    -f flv "$YOUTUBE_URL/$KEY"

Overlayed data over webcam stream example:

To run the script in background you need to add nohup otherwise ffmpeg will hang.

nohup bash this_script.sh &

Ffmpeg likes to crash from time to time. Create a script to check for ffmpeg process and restart it if there is no process running.

# Description: Checks for existing ffmpeg process and starts one if needed

if ! pgrep -x "ffmpeg" > /dev/null
    /bin/bash $script > /dev/null 2>&1 &

Save script as check_ffmpeg.sh

chmod +x check_ffmpeg.sh

Run the script with crontab every minute.

crontab -e
* * * * * sudo bash /path_to_script/check_ffmpeg.sh


# Get APRS weather data from aprs.fi


# Basic weather data
temp="$(wget -q https://aprs.fi/weather/a/${wxstation} -O - | grep Temperature | egrep '[-+]?([0-9]*\.[0-9]+|[0-9]+)' -o)"
humidity="$(wget -q https://aprs.fi/weather/a/${wxstation} -O - | grep Humidity | egrep '[-+]?([0-9]*\.[0-9]+|[0-9]+)' -o)"
wind="$(wget -q https://aprs.fi/weather/a/${wxstation} -O - | grep Wind | egrep '[-+]?([0-9]*\.[0-9]+|[0-9]+)' -o | sed -n -e 2p)"
rain="$(wget -q https://aprs.fi/weather/a/${wxstation} -O - | grep Rain | egrep '[-+]?([0-9]*\.[0-9]+|[0-9]+)' -o | sed -n -e 1p)"

# Telemetry
radioactivity="$(wget -q https://aprs.fi/telemetry/a/${wxstation} -O - | grep Radioactivity | egrep '[-+]?([0-9]*\.[0-9]+|[0-9]+)' -o | sed -n -e 5p)"

printf "%s\n" "Temperature: ${temp}°C" "Humidity: ${humidity}%" "Wind: ${wind} m/s" "Rain: ${rain} mm/h" "Radioactivity: ${radioactivity} uSv/h"

1. Make sure .well-known and acme-challenge directories are set permissions to 755

2. Create random file test.txt in .well-known/acme-challenge/ and try to view it with browser

If all of this is good, your certificate should renew. The problem I had on my server is that even when step 1. and 2. were ok and working, I still  got permission denied message. The problem was I setup my Varnish engine to force SSL on non SSL request. When bot requested http://somedomain.com/.well-known/acme-challenge/ it was automatically redirected to https://somedomain.com/.well-known/acme-challenge/. So,

3. Make sure you disable force SSL during renewal.

Error message example:

Failed authorization procedure. s55ma.radioamater.si (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://s55ma.radioamater.si/.well-known/acme-challenge/i825k_Mk8YGTTD1GOsZvMCkZ0KaRFdext04LfQdelQs: "<!DOCTYPE html>
<title>403 Forbidden</title>
<h1>Error 403 Forbidden</h1>

Enable server ports on Xastir. We need to use the command line binary xastir_udp_client which is part of Xastir. To send the data over RF, you need to have Xastir configured with your transmitter already.

More info about the mail APRS service: http://www.aprs-is.net/email.aspx

The basic string is:

xastir_udp_client XastirIP port callsing passcode -to_rf 'callsign>APRS::EMAIL    :EmailOfReceiver@something.com message'

Real example:

xastir_udp_client 2023 S55MA-10 22222 -to_rf 'S55MA-10>APRS::EMAIL    :s55ma@radioamater.si hello'

Note: You may only send one line messages of 64 total characters maximum for the message even though the documentation is saying 67. You have to put 4 white spaces between EMAIL and EmailOfReceiver, so the total lenght of EMAIL+white spaces is 9 characters.

This post is about Xastir, but on the side note, most APRS capable handhelds stations are not able of sending email messages through APRS. One portable station that’s able to do it is Kenwood TH-D72. I found this post about it. Too bad other portables are not able to do that where this feature is the most usefull, I mean, it’s not like I’m going to need aprs to email service from my home station, I’d likely need it outdoors for emergency situations or to send an email when I’m abroad and without cellular data service.

Quick script for sending messages:


#APRS to Email script using Xastir
#Define variables
#Xastir server and port

#Authentication info

echo "Enter sender (yours or some others callsign)"
read sender
sendercapital="$(echo $sender | awk '{print toupper($0)}')"

echo "Enter destination email:"
read email

echo "Enter your message (max 64 characters):"
read message

#Count message characters
msglenght="$(echo $message | wc -c)"

#Restart script if message exceeds 64 characters.
if [ "$msglenght" -gt 64 ]; then
echo "Your message exceeded 64 characters, try again!"
exec bash "$0"
xastir_udp_client $server $port $user $passcode -to_rf "$sendercapital>APRS::EMAIL    :$email $message" >/dev/null 2>&1
echo "Message has been sent."