I made this post 3 months ago: https://sh.itjust.works/post/50242033

@stevetech@aussie.zone was super helpful in checking that my Mikrotik configuration was set up correctly. There's a mess of IPv6 information out there for Mikrotik and it's confusing for a mid-nerd like myself.

Anyway, I checked the other day and boom, I had a prefix assigned by my ISP (Frontier).

Unfortunately Frontier has decided to give out /64 prefixes. The downside to that is you can't use SLAAC inside your LAN to do subnetting (guest networks, VLANs, etc).

So my next step is to learn about DHCPv6 to manage things inside my LAN.

There are comments on other forums that are hopeful that since Verizon bought Frontier, they'll eventually switch to handing out /56 prefixes.

I unfortunately HAD to get a stupid thermostat with wifi. can't even get one without it now. I'd much rather have it not hooked up but I may be forced to.

How can I put this on a VLAN and block all it's telemetry? It's a honeywell. Can i put it on my VLAN and then use mullvad DNS to block all the shit?

"They" are saying it has to be on wifi so it can see the outdoor temp to talk to the heat pump. Bullshit i say.

cross-posted from: https://feddit.nl/post/50949358

Creator of Mikrotik IaC modules gauging community interest

From Mircea Anton:

Hello, everyone!

I fairly recently re-worked most of my Mikrotik automation to move it from Terraform to OpenTofu and Terragrunt and modularize everything.

Tbh the project got to a point I'm quite happy and proud with it. I made a couple of videos about it if you're interested:

• original video about the terraform set-up: https://youtu.be/86LRoxuU5kg
• terragrunt migration walk-through: https://youtu.be/WHzgvH2zgdo

Here's the link to the repo: https://github.com/mirceanton/mikrotik-terraform

Been thinking about cleaning up the modules I made, writing a couple more and maybe publish a module library that others can use and contribute to if attempting something like this. What do you think?

I just finished my Cisco CCST Cybersecurity. The whole course of study is pretty much to get you skilled up enough to operate and understand the Security Onion console. The last half of the last class is all about handling the alerts.

Well, the CCST was a pretty cursory introduction to an extremely complicated platform. I checked out the vendor training, and its alright. Its a set of videos that walk you through setup and usage of a demo install. (See post link.) I've set it up at home, and I'm monitoring my network.

I know we use Security Onion at work, and I asked about it. Well apparently its completely broken, and my first task as a newly certified network security guy is to rebuild it.

Yup. I ate the Onion. ... err ... or I'm in process. Chomp, chomp, chomp.

It seems to happen maybe once a month or every 2 months. Sometimes random. Is it my ISP renewing my IP? How can I check that?

Im on all unifi hardware. Not a total noob but I struggle with the concepts.

Allow affiliate & tracking domains common on deals websites, in emails or in search results. Those usually only get called after manually clicking on a link.

Your IP address will automatically be hidden from those websites to preserve your privacy.

"Speed up delivery of data from content delivery networks without exposing your IP address."

Bypass Age Verification Auto bypass age verification checks used by certain websites, such as adult content sites, to verify a visitor's age before allowing access. By enabling this feature, you acknowledge that you are legally old enough to access the content.

I think my ISP randomly drops my DNS server IP.

blocks some wireguard IPs (there is no handshake on openwrt).

Some SOCKS5 Proxies stop working after few hours.

Snowflake isn't working

I've always wondered whether network interfaces that have these flashing lights flash as a gimmick or do they actually indicate the flow of traffic? Perhaps one flash per packet in or out? I wish I could remember what my call up modem looked like to make a historical comparison too.

TL-SG105E

By hijacking I mean redirection .

I think I should be done at cliet's OS level.

Can Router do anything for it ?

I have a 1 Gbps connection with an ISP that rents another telecommunications company's fiber. That telecom owns the ONT in my apartment.

I had an electrician fix the heated floor in my bathroom a few weeks ago. He had to turn off the main breaker for safety reasons, which also cut power to the ONT. After turning the power back on, my speeds had dropped from 1 Gbps to circa 100 Mbps. I filed a ticket with my ISP, who resolved the issue by having the telecom do something at their end, they said. (Sounds software-y/configuration-y.)

Yesterday, I f*cked my router (a raspberry pi with openwrt) up by flashing the latest pre-release firmware on it. I lost all connections and the Pi wouldn't recognize any of its hardware interfaces. As part or my "routine", I rebooted my devices in this order: my APs, my routers and, lastly, my ONT. After some diagnosing, I identified that the problem was indeed the new firmware on the router/Pi. But then I noticed that my speeds had dropped, so I gauged the speeds directly at the ONT and, lo and behold, they were down to 100 Mbps again. I have, yet again, filed a ticked with my ISP, waiting to hear from them now.

My question, just out of curiosity, to those of you that have the knowledge/experience: what could be going on the telecom's end? Is there a correlation/plausible technical explanation between my connection speeds dropping and restarting or cutting the power to the ONT?

In the early 1990s, internetworking wonks realized the world was not many years away from running out of Internet Protocol version 4 (IPv4) addresses, the numbers needed to identify any device connected to the public internet. Noting booming interest in the internet, the internet community went looking for ways to avoid an IP address shortage that many feared would harm technology adoption and therefore the global economy.

A possible fix arrived in December 1995 in the form of RFC 1883, the first definition of IPv6, the planned successor to IPv4.

The most important change from IPv4 to IPv6 was moving from 32-bit to 128-bit addresses, a decision that increased the available pool of IP addresses from around 4.3 billion to over 340 undecillion – a 39-digit number. IPv6 was therefore thought to have future-proofed the internet, because nobody could imagine humanity would ever need more than a handful of undecillion IP addresses, never mind the entire range available under IPv6.

Why would I need to have software firewalls on my devices behind my NAT router at home? The topology is a basic consumer grade one: ISP -> my router (NAT) -> LAN, and vice versa.

If NAT already obfuscates my private addresses through translation, how would a potential adversary connect to anything beyond it?

What "good" would my public IP do for a hacker if I have no ports forwarded?

Is a firewall a second line of defense just in case I execute malware that starts forwarding ports?

I do have software firewalls on all my devices, but that wasn't an informed choice. I just followed the Arch Wiki's post installation guidelines.

Here's a puzzle for you networking specialists:

I'm coding an IP tunnel for our laser communication system. Basically it's a pair of lasers that send / receive raw serial data, and I'm coding a simple TUN wrapper to send/receive IP packets over the laser link. Think of it as PPP but customized for the idiosyncrasies of our laser system.

It works fine: I have one laser connected to one machine with one instance of my IP tunnel software running on that machine, the same setup on another machine, and I can network just fine between the two.

But here's my problem: those machines are at work and I'm currently sitting at home and working remotely, the second machine has crashed and I have no intention to go to the office just to reboot the damn thing.

But all is not lost!

The first machine happens to have another, unused laser aimed at the same target connected to it. Technically, I can open a serial terminal on one laser's serial device file, another serial terminal on the second laser's serial device file, and send / receive data between the two - to / from the same machine.

My question is this: can I somehow create two TUN network interfaces - one for one laser, one for the other laser - on the same machine, and somehow configure them so one is only reachable through the tunnel and not directly?

Or more concretely, here are the two tunnels setup on the first machine:

tun10: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500  
        inet 172.17.3.10  netmask 255.255.255.0  destination 172.17.3.10  
        inet6 fe80::48a7:298c:c6dc:bae  prefixlen 64  scopeid 0x20<link>  
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)  
        RX packets 4  bytes 192 (192.0 B)  
        RX errors 0  dropped 0  overruns 0  frame 0  
        TX packets 5  bytes 240 (240.0 B)  
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0  

tun11: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500  
        inet 172.17.3.11  netmask 255.255.255.0  destination 172.17.3.11  
        inet6 fe80::82b2:44f6:d510:c227  prefixlen 64  scopeid 0x20<link>  
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)  
        RX packets 2  bytes 96 (96.0 B)  
        RX errors 0  dropped 0  overruns 0  frame 0  
        TX packets 4  bytes 192 (192.0 B)  
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0  

I want to telnet to 172.17.3.10 through 172.17.3.11 and vice-versa. But of course, as it is now, if I telnet to either of those IPs, the kernel basically talks to itself and doesn't route anything out.

Naturally, I could setup a virtual machine and install a guest Linux OS just to run the second tunnel. But it seems like a sledgehammer approach to what should be a simple configuration job.

Can it be done? I can't think of a way. But then I'm not much of a networking guy 🙂

Uninitiated noon question below.

A couple of days ago, this haprogram https://programming.dev/post/41491279

Now, during the phonecall with my ISP, the guy asked, "is your router an ASUS?" to which I answered, "yes and no, because it's sold as a router but I have it in AP mode and my actual router is OpenWrt on a Raspberry Pi." To which he replied "noice!"

How did he know the make of my access point? A few of my own thoughts are:

1. he was referring to historical data (I've been a loyal customer of theirs for a looong time...) from a time when I was using the same topology (setup?) but without a VPN on the router, so the hostname of the AP (stored in /etc/hostname on the ASUS OS/firmware ?) was simply displayed on whatever software an ISP uses for troubleshooting through... an ARP? But aren't ARPs limited to a LAN/they cannot resolve beyond a hop? Or perhaps a variant of DNS? How indeed do hostnames transmit? Are they in the IP header by default?
2. as in 1 above, but he actively used nmap or some other recog program
3. as in 1 above but from a time when I was in fact using the ASUS machine as a router
4. my VPN is "leaking" - not likely, because all my traffic either goes through the wireguard interface on OpenWrt/RPi, or it doesn't go anywhere...

If 1, 2 or 3: why do they keep historical data on me? Is it praxis?

Hey everyone,

I searched for the keyword CCNA, but it hasn't appeared for a while.

I'm actually learning the concepts, I'm on STP.

I'd like to hear about your experiences, how long it took you, which website you're learning from, etc.

Have a great day!!

EDIT: Got an email from my ISP saying "the fiber owner has resolved your issue, we are closing the ticket." I immediately called my ISP out of curiosity, since they earlier had told me that they need to change my ONT for me to get my full speed. Well, it turns out, the fiber owner (don't know the English word for them) can manage speed per port on the ONT. Sic. So for some reason, they had limited the speed to 100 Mbps.

I purchased a 1 Gbps down/up connection and noticed that I was consistently getting 95 Mbit/s down/up, regardless of hardware configuration (router, no router, switch, no switch, connecting directly to the ONT, cat 6/6a cables, etc) and regardless of software configuration (VPN on/off, firewall on/off, OS Linux/Android, driver updates, etc).

When nothing seemed to help on my end, I finally called my ISP. They could confirm that my ONT is a decade old and that they can see that each port only allows for 100 Mbit/s down/up.

I went through these steps before finally testing a direct connection to the ONT which finally made me call the ISP.

The ISP is going to replace the ONT for free.

I've had Frontier fiber internet for the past 2-ish years. No complaints at all, but the nerd in me desires IPv6. I have the Frontier provided ONT device but declined their router. I have a MikroTik RB5009 which has been "searching" for an IPv6 prefix.

Anyway, I found this link during my research some time ago, and it finally looks like Frontier is enabling IPv6 for people.

I'm still not sure I'll be able to get it until I get the settings just right, but thought I'd share.

I have been looking into setting up a secure home/small business server and hardening my local network and I came across this kickstarter which is currently floundering, likely because it’s campaign page is way too technical without enough fluff for the uninformed out there (like myself to some extent). For reference I work in small industry and have some interest in implementing more IOT.

That said, from what I can tell it seems like a really great device for my use case actually, combining a multiband WiFi 7 gateway with a built in NAS and upgradeable compute modules. As a bonus it is a German company so I’m a bit less worried about back doors that with some of the Chinese generic manufacturers out there.

What I can’t sus out is how secure this actually is, how technical my background needs to be to get it set up effectively, and whether the price is good for the hardware. Any help?

A while ago I made this post:

Ubiquiti Dream Router Throughput Issue

I figured it out. My toddler had evidently messed with the router and damaged the RJ45s from router to wired devices.. There was no actual drop in service so didn't even consider the cables themselves.

Changed out the ends and voila - throughput fixed.

Gonna go put on my dunce cap now and sit in the corner.

Edit:

No idea what was causing the wireless devices to have issues as well since the router itself was pulling correct speeds, but hey. It works now. Even upgraded to 750/750.

Hi,

I have a IP camera that have two power input

a DC 12V and PoE

I've lost the 12V power supply.

So I'm considering to power it trough a simple PoE injector like those

I believe those do not come with a 802.3af negotiation protocol (Not sure) so if those injector directly inject the voltage. (Here 48v) will it work ?

Did you already tried ?

Sorry I know it's not "totally" network related but if you know where I can post I'm all ears.

Thanks.

We have a wireless camera connected to our wifi, but the concrete wall makes the signal inconsistent. There is an available POE port nearby indoors, and the existing wifi which has a good signal indoors.

What would be the most convenient solution to fix our issue? Should we just get a standard AP/repeater and put it close to the wall, or is there a better option?

Thanks