Ph: 2552552550

Fun with TomatoUSB and OpenBSD

Posted by Matthew Schick on 12/29/2011 0 comments

With family visiting and a steady stream of folks around the house needing Wifi access, I decided it was about time to finally set up a properly segregated guest SSID to both rate limit and protect my internal hosts from potentially insecure guest devices. As usually happens to me with such projects, I went a bit overboard and ended up with something much more complex but way more fun to manage.

TomatoUSB already has support for multiple SSID configurations, tho it’s considered experimental and doesn’t have full gui support. You’ll also need to either build yourself or use a community build to get the full goodness. I chose Toastman’s builds since it also includes full VLAN support and he’s very active in the community. Installing the latest on my RT-N16 was easy enough and a quick ‘nvram wipe’ gave me a nice clean base to work with. Getting the extra SSID was pretty painless, added the extra vlan and bridge then ssh’d into the router, ran the relevant nvram commands and voila! This is prolly where I should have left it, but in doing my digging I came across this post which details using OpenWRT to create a trunk port carrying all vlans to the OpenBSD router.

Why trunk you may ask? Short answer – because it’s fun. Long answer – single connection required to carry all routable traffic to my OpenBSD box where I can restrict, rate shape, etc. to my heart’s content. Setup here was dead easy, the NIC I was using for my internal network supports 802.1Q so all I had to do was some point and click goodness to tag all three vlans (internal, WAN, wireless guest) into port four on the RT-16N:

I also set the WAN port type to ‘Disabled’ in the basic network config page so the RT-16N wouldn’t try and get an external IP.

Once all that was done, I removed all ip configuration from my internal nic on the router and created the various vlan interfaces:

ifconfig vlan3 create
ifconfig vlan3 vlan 3 vlandev xl0

ifconfig vlan3 xxx.xxx.xx.x netmask 255.255.255.0 up

A quick tcpdump showed the right kinds of packets flowing across the new vlan interface, so I created the others (vlan1, vlan2) and then updated the various hostname.* files to reflect the new configs.
hostname.xl0 (interface just needs to be enabled):

up

hostname.vlan1 (static ip):

VLAN (1)"
inet6 alias xxxx:xxx:x:xxx::1 64
inet xxx.xxx.xx.x 255.255.255.0 NONE vlan 1 vlandev xl0 description "Interface in trusted
hostname.vlan2 (dynamic, used for ISP):

dhcp NONE vlan 2 vlandev xl0 description "Interface in external VLAN (2)"

hostname.vlan3 (static ip, wireless guest subnet):

VLAN (3)"
inet xxx.xxx.xx.x 255.255.255.0 NONE vlan 3 vlandev xl0 description "Interface in wireless guest

Yea, this is prolly way more complex than it should be for a home network, but the ability to do proper segregation of various traffic types is a big win in my opinion. The only downside I’ve encountered so far is with rate limiting as a whole. Since PF’s QOS is tied to individual interfaces, I can’t just pool all vlans together and have it shape that way. There’s prolly some way of doing it using static routes or even some virtual device, but I haven’t found it yet. For now I’m just aggressively limiting the bandwidth available to my guest network, but if anyone knows of a better way I’d be grateful for some pointers.

Geeky weekend projects

Posted by Matthew Schick on 5/9/2011 2 comments

Had some time on my hands this weekend, so decided to get a few small projects worked out.

IPv6 – Since TWC doesn’t provide native support, got my tunnel setup on my router and using rtadvd to hand out addresses with wide-dhcpv6 providing various dhcp options. I’m just assigning addresses manually for any host I want in DNS for now, might end up attempting some ddns magic at some point if I care enough. 802.11n – Enabling it has been problematic in the past with the default WRT160N firmware. I’d always end up with dropped packets or random ap reboots once I put it under a sustained heavy load. After attempting all the linksys recommended nudges, I replaced their firmware with TomatoUSB. Still had some dropped packets but after switching wifi from 40MHz to 20MHz I’m getting very smooth 80-90Mbps speeds through most of my house. No Cable! – Dropped Uverse due to their bandwidth capping and moved over to TWC’s DOCSIS for a whopping 30/5Mbps pipe. Decided not to keep cable tv and instead bought a Roku for the streaming stuff I can’t get easily via XBMC or PS3. Nice thing is, since I’m a TWC subscriber, all the base unencrypted channels are still available so we don’t have to put in an antenna for the normal networks and locals. Ended up picking up an HDHomerun box and setting up MythTV along with the XBMC MythBox plugin so we have proper timeshift/PVR as well. Gotta tweak Myth a bit still since playback of higher bitrate stuff is a bit jittery. Media Hub – Had my old media box sitting unused so decided to put that in our living room primarily for syncing media to/from our various portable devices. Bonus – due to the wireless and Myth changes (and a nice 23″ LCD/LED monitor), I was able to install XBMC on that box and have a perfectly suitable casual viewing spot. And yes, that does include full HD over wireless.

Android Repo Mirroring

Posted by Matthew Schick on 2/24/2011 0 comments

Been playing with the CyanogenMod port during pto this week (yummy gingerbread goodness!) and got a crash course in building Android from scratch. Due to the rapid development, I ran into a huge issue pretty quickly when having to nuke/resync the various repos for building. The total space required for a full source build is roughly 14 gigs and requires pulling from a massive number of git repos. Android has a tool named ‘repo’ (info) which makes checking em all out in a cohesive manner very easy, however it’s still a prohibitive time sync to have to pull multiple times. Bit of digging and poking at repo gave me the ‘–mirror’ and ‘–reference’ params. Basically this allows you to initialize a local mirror of an android repo and then point subsequent repo pulls to that local copy.

My example (my tld here is ~/android/):

# make the local mirror directory for upstream android
mkdir ~/android/mirror; cd ~/android/mirror
# initialize the repo mirror and sync
repo init -u git://android.git.kernel.org/platform/manifest.git --mirror
repo sync -j40

That will take a while, once it’s done it’s time to create the mirror of CyanogenMod sources:

# make local cyanogenmod mirror directory
mkdir ~/android/cyanogen/; cd ~/android/cyanogen/
# since I'm building for gingerbread, grab that branch
repo init -u git://github.com/CyanogenMod/android.git -b gingerbread --mirror --reference=/path/to/home/android/mirror/
repo sync -j40

This will also take quite some time, note the use of the ‘–reference’ param. This uses my local mirror of the android sources instead of pulling across the network again.

Now I can pull one of the various Captivate repos, using that same ‘–reference’ param (pointed at my local cyanogen mirror) and profit:

# using atinm's repo for Captivate build, just an example at the moment
mkdir ~/android/atinm; cd ~/android/atinm
repo init -u http://github.com/atinm/android.git --reference=/path/to/home/android/cyanogen/

Success!

XBMC suspend/resume in Maverick

Posted by Matthew Schick on 12/27/2010 0 comments

Few updates to my previous post:

The format for the proc interface changed slightly (but significantly) from “disabled” to “*disabled”, scripts must be updated accordingly. One more step is required, details are in this post, but the short version is that you’ll need to enable wakup for the device at the sysfs level in addition to proc. I used the simple udev rule posted there and all works.

CR-48 and Linux Connectivity

Posted by Matthew Schick on 12/19/2010 4 comments

Was one of the luck ones that got a not-so-shiny (matte black actually) ChromeOS netbook from Google this past Friday. The only thing I’ll say here about ChromeOS is that it’s exactly what you’d expect from a browser-based environment.

With the specs on the netbook, my second task (after playing with ChromeOS) was to get a proper full OS installed. Following the instructions on the chromium wiki was pretty boring and worked perfectly. My first install was Meego which, tho very fast, didn’t have nearly the application choices I wanted so I moved on to Ubuntu Netbook Remix.

After the initial configuration I noticed a few rather crucial kernel modules missing from the chrome kernel; namely ppp* and tun. Without those there was no chance at either VPN or mobile broadband usage which limits the usefulness pretty drastically in my case. Luckily the chromium developer docs are pretty easy to follow and I was able to build the needed modules after determining which board (x86-mario) I was building for. Here’s my working result, built against kernel 2.6.32.23+drm33.10 (chromeos version 0.9.128.12 beta). Dropped those in the proper directory, ran depmod -a and now have working vpn (cisco vpnc and openvpn) as well as the built-in verizon broadband.

Quick aside, the broadband is a bit tweaky and has a few caveats. The module doesn’t seem to reinit proper after a suspend/resume cycle and you have to enable within Chrome before it’ll work on the Linux side. I might get around to tracking those down at some point, but I think my next task will be trying to get the touchpad working with all the multi-finger goodness.

Switch to our mobile site

You are viewing a mobilized version of this site...
View original page here

Mobilized by Mowser Mowser