Configuring a Cisco switch from a Linux Terminal with Minicom

As much as I like playing in the terminal, the jury is still out as to how much I like working with Cisco. To be as objective as possible, I need to tell myself that: 1, I am not familiar with the command set or how they like to do things so I must be open minded; 2, Relax, the command line is a happy place to be and 3, this is new territory, don’t get frustrated, just write it down and enjoy the learning process. Also, my brother in-law, whose career is in network administration just loves this Cisco business so it turned out to be quite educational. The scope of this article is not how to set up a router, just, this is how I was able to get going with it.

The specific Cisco switch I configured was a Catalyst 3560 series PoE-48. I am sure these direction will work with other similar devices. Since I am an openSUSE user, the directions are tailored as such.

Minicom Installation

My first step was to find a piece of software that would work for me for this and I am sure that there are a ton of solutions but the one that worked the easiest for me was minicom. I am open to other suggestions, of course.

This is in the official repository so you can go into the terminal and type this to install it:

sudo zypper install minicom

I would give the alternative option to do the Direct Installation but since you will be in the terminal anyway, why would you do that?

https://software.opensuse.org/package/minicom

Set User Permissions

Before you run minicom you will need to add your user as a member of the groups: dialout, lock and uucp.

In all fairness, I don’t know if you actually need uucp but since I use it for serial transfers to Arduino type devices, I am just assuming.

To do this in YaST, select the Security and Users section, open the User and Group Management module and make the changes required for the user.

Alternatively, you can do this from the command line, enter the following as root:

usermod -a -G dialout,lock,uucp

The terminal method is way cooler, just saying.

Minicom Configuration

Before you can set up Minicom, you will have to determine where the serial port is that is connected to your computer. In my case, I have ttyS0 but if you have a USB serial port device, you may have something like ttyUSB0 or similar.

Now that you have an idea as to the name of your serial port you can begin the setup process. Some adjustments are needed so that you can successfully communicate with the router. In the terminal type:

minicom -s

This will bring you to a ncurses style menu system. Arrow down to Serial port setup entry.

To change the serial device to what you have, select A and adjust it to your particular serial interface. Then select E to set the Bps/Par/Bits

The baud rate (Speed) should be set to 9600 (C) and the Stopbits to 8-N-1 (Q).

That should do it. I must stress that this did indeed work for me and your results may vary. The speed and Stopbits seem to be key. I have seen some variations in Software and Hardware flow control but those settings didn’t seem to affect my results.

Connect

To make the connection, type minicom in the terminal and you will hopefully be logged into the smart switch.

Although I have screen captured how I configured the Cisco switch, I don’t think it would necessarily apply directly. I also don’t really know what I am doing and had to rely on an expert so I cannot adequately explain the process itself.

Final Thoughts

Setting up a smart switch in the terminal requires some real knowledge. The point of this write-up was to close some of those gaps that may exist if you decide to embark on going down the “fancy switch lane.” I don’t know if this will work for similar type devices or other Cisco switches. It is a starting point and something to build from. I hope it provides some use to someone other than me.

Additionally, I am very open to suggestions on other similar terminal applications for communicating over serial in the terminal.

References

https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3560-series-switches/product_data_sheet09186a00801f3d7d.html

http://www.allaboutlinux.eu/manage-cisco-switch-router-from-linux/

https://appuals.com/install-terminal-emulator-services-access-cisco-console-port-linux/

Windscribe VPN on openSUSE

With all the talk of VPN (Virtual Private Network) services to keep you safe and my general lack of interest in the subject, I was talking to Eric Adams, my co-host on the DLN Xtend podcast about the subject. He was telling me that he was hesitant to recommend any service so he gave me some option to try out. The one I chose, after doing a little reading was Windscribe.

I am new to the VPN game so I want to be careful in saying, I am recommending this as the perfect solution but rather demonstrating how I set it up and how I am using it on my openSUSE Tumbleweed system. Much in the same way Eric informed me about it.

Installation

For starters, I navigated to the Windscribe website, https://windscribe.com/

It’s a nice looking site and I like they have, front and center a Download Windscribe button. I am always annoyed when you have to go digging around to download anything. I give a resounding, “boo” when I am forced to play a scavenger hunt game to find the download link. Thank you Windscribe for not making this part difficult.

Another well presented download for Linux button. No hunting here either. Although, I did notice that there was a lack of definition of my favorite Linux distribution. They have left out openSUSE and that makes me just a bit frowny faced. No matter, I am not a complete “noob” to the Linux-ing and since Fedora and openSUSE packages are like close cousins (in my experience, but I am often wrong), setting this up for openSUSE was pretty darn straight forward.

These instructions are easily adapted to the fantastic Zypper package manager. This is my adaptation of their instructions for openSUSE and is well tested on Tumbleweed.

1. Get a Windscribe Account

Create a free account if you don’t have one already

2. Download and Install the repo as root

zypper ar https://repo.windscribe.com/fedora/ windscribe

This is telling zypper to add the repository (ar) https://repo.windscribe.com/fedora and naming it “windscribe”.

3. Update Zypper

zypper refresh

4. Install Windscribe-CLI

zypper install windscribe-cli

5. Switch to non-root user

exit

6. Login to Windscribe

windscribe login

Follow the steps with your newly created account

7. Connect to Windscribe

windscribe connect

And that is all there is to it. You will be connected and ready to be part of the cool-kid VPN club.

Side Note

If you need further help about how to use the different functions of Windscribe.

windscribe --help

If you need further information on how to use these other features, please visit the windscribe.com site as I am just using the basic functionality of it here.

If the windscribe daemon service does not automatically start up, you may have to start it manually as root.

systemctl start windscribe

and if you want to have it enabled at startup

systemctl enable windscribe

Those may or may not be necessary for you, but just in case, there you go and your welcome!

First Run and Impressions

There currently isn’t a graphical tool for using windscribe in Linux, or at least openSUSE. Chances are, if you are using openSUSE and are hyper concerned about protecting your traffic, using the terminal is not exactly going to cause you to have heartburn. Installation to execution is truly as simple as I have outlined above.

You can take it one step further in the cool, fun, I am a hacker-poser-type if you run it in a terminal emulator called Yakuake. This is a drop-down terminal that is invoked, on my machine with Meta+F12. It looks cool and very convenient to drop it down whenever I need it.

For the free account, you are limited to 10 GiB of data. To check the status of your account usage, in the terminal type

windscribe account

That will give you an output, something like this:

——- My Account ——-  
Username: CubicleNate
Data Usage: 80.02 MB / 10 GB
Plan: 10 GB Free

There is a paid option, which, in my opinion is very reasonable, if you buy a year at a time and I think, if you travel a lot, this may be of great interest to you to protect your data.

If you buy a one year subscription for $49, you are benefited by Unlimited Data, Access to all their locations which they boast as over 60 countries and 110 cities, a Config Generator for OpenVPN IKEv2 SOCKSS which, to my understanding will allow me to use NetworkManager to access the service, and R.O.B.E.R.T. to block ads, trackers and malware. If that is all up your ally, and you like the free service, it all seems pretty well worth it to me.

What I Like

The installation was simple, using it is simple (so long as you are good with the command line) and the performance is very acceptable. Since I am using this when I am away from home, I don’t expect any break-neck speeds out of it, I just prefer that my traffic is at least somewhat protected. After listening to this episode of Destination Linux, I felt like it was a good idea to intact some sort of VPN when I’m out and about.

What I Don’t Like

There isn’t a graphical interface for the terminal-phobic folks. Not a problem for me or likely most Linux users, but there are some that just won’t use it. That’s just the way it goes.

I don’t like that I am not quite familiar with Windscribe. That is not a fault of the service, just the fact that I know so little about them. I will tell you that every email interaction with Windscribe has been amusing so that bodes well for what I think of them.

Final Thoughts

I know that my employer requires me to VPN in to do any real work so even they recognize the value of a good VPN, so maybe I should too. How often do I plan to use it? Not all that often, really. Maybe a few times a month, specifically when I am using an internet access point that I do not trust. I will especially use it if the access point is has “xfinity” in the SSID as I have little to no trust for them.

I appreciate how simple this is to use and should I get to the point where I am pushing my 10 GiB per month limit, I will go all in on an annual subscription. It’s not that expensive to put up one extra line of defense, especially one as convenient as this.

References

Windscribe.com Home
openSUSE Home
Destination Linux Episode 146 on VPNs
DLN Xtend Podcast
Eric Adams at Destination Linux Network

Aruba IAP-105 Wireless Access Point Setup

Recently, my Linksys E2000 decided it would no longer be the wireless access point I expected it to be and it had to be replaced. Thinking that maybe it just needed an update or to be reverted to the original firmware also did not solve the problem as it would just not allow any clients to access the network. No matter what I did, there was no way I could get this thing to work properly. It was time to replace it. After doing some reading and digging but ultimately taking the advice of my e-friend Mauro, I purchased an Aruba IAP-105.

The WRT54GL I pulled out of storage just wasn’t cutting it, throughput wise, even though Wireless G was pretty great some 14 years ago.

This is a nice little device and it feels like a well built unit. While handling it, the look and feel of this well crafted equipment feels like something that shouts at me “professional” or perhaps, “I was built to survive knuckle-dragger handler like you.”

Reset the router done by inserting a paperclip into the recessed hole when off and turning it on. Wait about 5 seconds for the LED indicators to flash and you are off to the races. Note that just pressing and holding the reset button does nothing when it is on.

The Access Point presented a login screen and I was unsuccessful in locating anywhere in the instruction manual the default username and password. It took a bit of digging but I was able to determine that the default username is admin and the password is also admin. I was sure to fix that default as it has been shown far too often that the defaults are left and a network is compromised.

Setting up the Access Point was so simple that it took me a bit to realize I had it set up properly with very minimal effort on my part. The effort was so minimal, I was convinced it wasn’t set up properly until I started to see the clients connect. It was amazingly easy.

Under the Network section, select New to enter a New WLAN. What is interesting here is that you have 3 options. Employee, Voice and Guest. None of which are exactly my use but home use is probably closer to “Employee” than Guest.

Next was the Client IP & VLAN Settings. In my case, I have no VLANs on my network. Maybe I should but at this time, I don’t see a need. For my purposes. I want the Client IP assignment taken care of my main DHCP server and since I don’t have a Virtual Controller, I went with the “Network Assigned” option as it seemed the most reasonable. The client VLAN assignment was left at “Default”.

The Security section was straight forward

Nothing to do with the Access section.

Once I completed it, I was a bit confused because I didn’t set the DHCP server or the DNS or anything. I wasn’t sure if I had missed something so I clicked around a while, only to discover that it took care of all of that for me.

The client info provided by the access point is very interesting. Graphs on the signal strength, connection speed and throughput of the connected devices is very interesting to see. Now, should I have issues with a client, I can look at the graphs and make a better understanding of what the issues may be. It could help me to choose a better location for the IAP in the future.

I do want to add a note that I am getting a warning that I only have 100 Mbit/s link speed on the ethernet. I am thinking this has something to do with the PoE I am using as my switch and everything connected to it is full 1 Gbit/s. A bit irritating but I will circle back on that eventually.

Final Thoughts

Once again, my network feel solid and strong. I am very happy with this purchase and buying it on eBay for about $20 made it all that much better of a purchase. The set up was far more simple than I expected and I am strongly considering getting another one so that I have access points on opposite ends of the house.

I am incredibly satisfied with this purchase. The network connection in my house is very strong and although I am slightly annoyed by the Ethernet speed, it’s probably my fault some how and I am going to work that out later.

Reference

Default Username and Password for IAP-105
Getting Started with Aurba Instant AP

Commodore 64 on the Internet with IRC | YouTube Edition

This is nothing more than a placeholder post and an announcement of a somewhat embarrassing example of my poor video editing abilities. I previously created a blathering about getting the Commodore 64 on the Internet with IRC and step by step instructions but under the pressure of one person (see how easily I am swayed). I made a short video about the process.

Feel free to watch if it you wish and if you want more low quality, low budget productions, let me know. I just may get to it. I need more practice with Kdenlive.

Commodore 64 on the Internet | IRC

The Commodore 64 was my first computer and as such, now holds a special place in my heart and probably forever more, or at least until I lose my mind completely. In all the years I had a C64, I never visited a BBS as I didn’t get that bit of tech until I got my Commodore Amiga 600. Due to the wonders of the Internet, and a global effort to keep these old machines relevant from guys like The 8-Bit Guy, Perifractic Retro Recipes, Retro Man Cave, Dan Wood, LGR and so many others, I was inspired to take the time to make my Commodore 64 more than just a stroll down vintage lane for me. I have seen others make use of it for writing and developing new games and such for it but how could I incorporate it into my life was the question. That answer, IRC, it must do IRC.

So, lets use the “scientific method” on this as I make my kids do it, so why not force myself to do the same.

Purpose

Make use of my beloved Commodore 64, my first computer, in some practical way. I am going to use “practical” fast an loose for this. I have seen many examples of using the Commodore 64 in some sort of networked fashion but I wanted to see if I could have it serve a specific purpose. Chat on IRC, Connected through the Ethernet into my home network using it’s own power and capability.

Hypothesis

I think I am able to get the Commodore 64 to access the IRC function on the Internet without having to telnet into another server as a bridge to make it happen. I also think this is going to be a bit of a headache and everything is going to fight me along the way.

Materials

Here is my list of “materials” in order to conduct this experiment.

Commodore 64

This computer has a whopping 64K of memory to which, in it’s time was an extraordinary amount of memory, generally about 16 times that of its contemporaries at the time. If you know anything about the Commodore 64, nothing I am going to tell you here will be new. If you don’t know much about the commodore 64, this is a great video on YouTube with a great breakdown of the chip design.

SD2IEC drive

Purchased from The Future Was 8-Bit, this is a fantastic device that came included with an 8 GiB SD Card filled with all kinds of goodness. It is a joy to use and makes for reliving the Commodore 64 history so much more enjoyable. Although, you don’t get to enjoy the warm purring the 1541 5¼” Floppy Drive, this is a more practical and sustainable solution. If you purchase newer software for the C64, they usually build it to be compatible with this device. It was a great deal and allowed me to be able to use the .d81 image Contiki OS image that will be described below.

RR-Net MK3

This is a 10Mbit network card from icomp.de that comes form a rather long line of similarly designed devices. This is said to work with Contiki, Codenet and WarpCopy. The nice feature of this card is that it can be used as a stand alone or on a Carrier Card so that you can add this “feature” to another device like the MMC Replay or Chameleon. This will not work with a C128, SX-64 and very old C64 main boards. I don’t have a “very old” main board (just really old), so this works fine with my computer.

Wired Ethernet line

There really isn’t much to report here. I just made a cable and strung it from my router over to the Commodore 64. It is neat to see the flashing activity light when it’s running and doing it’s network activity.

CRT display

Why a CRT? To be more genuine to the period in which it came from? No, it is because it is what I have and it should also be noted that this is an old SVGA, CAD monitor that I once used for such activities. Now it serves are more noble function as my “retro corner” display. I have a ViewSonic that converts the S-Video and Composite signals to SVGA.

Contiki OS

Software package that is accessible from here on GitHub that comes in a few different builds. I used the .d81 image as that would eliminate the need to swap disks, or at least the risk of me screwing up the process of disk swapping should that become necessary.

Procedure

Assemble the components, plug the computer into a working Ethernet line and attempt to get online to chat in an IRC room. The intent here is to use the Commodore 64 as the client, not to use any other machine as a spring board.

Results

The results are mixed but I am going to break it down a bit so that you can replicate it and adjust the process to fit your situation.

Since I have the SD2IEC, I used the .d81 image and put it on the root directory of my SD Card that is in my SD2IEC. Why the root directory? Just to make it quicker to access it.

With the RR-Net MK3 installed in the cartridge port, the start screen is quite different, displaying information about the card. With the SD2IEC connected and the SD Card inserted, I loaded the drive management software which is a simple interface for navigating the contents of the drive. After all, it is 8 GiB of storage so the traditional methods are a bit cumbersome in this regard.

There are two applications that you have to run before you can begin doing the IRC you have to set up what is the “Ethernet device” and set the IP Addresses.

I am not sure if it is critical to do them in any particular order but I started with ETHCONFIG to set the Ethernet device.

Once it is set, all you can do is power cycle the machine to perform the next step. That means, enjoying the lackadaisical loading times of the Commodore 64. Even with an SD Card… not real fast.

Next was to run IPCONFIG to define the IP addresses of the Contiki OS. To navigate up and down in the fields, use the F5 and F7 keys. ENTER to select Save & Close

After this ready prompt, you will have to power cycle the machine once again to load the IRC application. The first run of this, I went for just IRC as opposed to IRC80 as that 80 means column and I like the C64 font.

When the application completes loading from the SD Card, you are the prompted for the IRC server and nickname. Using F5 and F7 to navigate up and down will take you to each of the fields and RETURN to Connect. I want to note here that you must write your IRC nickname in all lowercase and numbers. If you use any uppercase numbers, the IRC server will not be able to recognize the characters.

It will take just a bit but you will see the typical IRC “chatter” fly past on the screen.

Well… I wouldn’t say “fly past” for this. More like trot steadily through. To join a channel enter

/join #<room name here>

In my case, I decided to join the #bigdaddylinuxlive room because, why not? I know the people there, they are friendly and I knew that someone would get a kick out of it.

I made some observations that whatever you type into the prompt, whatever case it is, will be displayed as all uppercase.

I further compared it against what I see in comparison between the Qt based IRC application Konversation. How would it be displayed to “normal” or I guess, “modern” clients.

I was able to see that the Commodore 64 client could only send all lowercase characters, display it locally as Uppercase characters but be able to receive a mix of characters. I thought it all to be quite interesting.

I did test the 80 column mode of the IRC client. It did indeed work and was readable but but I have had it crash on me a few times. I can’t say as to why so I have decided to stick with the 40 column mode for now.

It should also be noted that the screen scrolling is quite a bit slower in this mode. Not terrible, just quite noticeable. The

Conclusion

The Commodore 64 is very much able to, under it’s own, power, unmodified with the additional components is able to access the Internet and perform communication in IRC chat rooms. It does work better in 40 column mode than it does 80 column but is very usable.

Getting online with the Commodore 64 to hang out in IRC chatrooms is really quite a satisfying experience. The fact that it is a computer from an age before the internet and when BBS systems were in their early stages, having the ability to plug an Ethernet line into it and with a little configuration was able to get onto the World Wide Web… of sorts, at least a part of it.

Final Thoughts

I am impressed that I am able to do this much with an unmodified Commodore 64. I am quite impressed that with 64 KiB of RAM, it is still a productive and usable tool. It is quite single purpose but absolutely useful.

I want to note that the web browser does work in this Contiki OS but not with HTTPS so that is out. It does make requests as you would expect and I think I just may revisit the rest of this on another blathering at some point in time.

Future plans, I really want to be able to telnet into a Linux machine with the Commodore 64, I have some other hardware and software I want to try out with this machine to see what other greatness can become of it.

References

Contiki OS for 6502 based computers from GitHub
25c3: The Ultimate Commodore 64 Talk
RR-Net MK3 from icomp.de
The Future Was 8-Bit SD2IEC Drive

pfSense Box Setup for Home or Small Office

A piece of hardware that is often overlooked in many homes and businesses is the the “edge device” or often just called a router. Many Internet providers will supply their own edge device. This is the first line of defense from those that would do you harm from the Internet to your home or business. I look at it as your first line of security to protect yet give you access to the machines or devices on your network.

I have two reasons for setting up a pfSense box. Since I have heard great things about it, I wanted to try it for myself on my own network to give me confidence to set it up for use in a small office setting. Nothing too large, just a moderate size.

Hardware

I had to start with an adequate piece of hardware to run pfSense. Since it requires a 64 bit system, I am using one of my newly inherited Dell Optiplex 745 machines. As far as specifications go, it is at the bottom end of the recommended specifications to run pfSense but the plan for this isn’t anything real intense.

Specs That Matter

  • CPU Intel Core 2 Duo 6300 @ 1.86Ghz
  • 2.0 GB of DDR2 SDRAM
  • 160 GiB HDD

 

Since this machine only comes equipped with a single Ethernet port, I had to purchase a half-height Gigabit Ethernet adapter to put in the one available PCI slot in this machine. The slot will only accept a PCI or PCI-X card which was actually more difficult to find than I originally anticipated. Full height, easy, half height, not so much.

ethernet card 1 gb

This particular unit came with two plate options. Changing out the plate consisted of removing two screw, separating the plate from the card and replacing it with the other plate. There wasn’t a bit of complexity to it.

 

The machine has one PCI slot in it but there was a card with a COM port and PS/2 port on a card attached via ribbon cable to the main board that had to be removed first. I inserted the card, started it up and jumped in the BIOS to make sure it was recognized.

ethernet registered in pci slot

Since it was recognized, I was ready to move on to the software portion of this little tech adventure.

There really wasn’t much to do in configuring the hardware. The only major change I made to the configuration, outside of adding the second Ethernet card was to ensure that the machine would boot upon being powered. This is assuming that should the machine loses power due to power failure, it will boot upon power being restored.

Downloading the Software

From the pfSense download page I chose the AMD64 memstick version to put on a Dell Optiplex 745. It should be noted that the memstick version cannot be written using SUSE Studio Imagewriter. For more information on writing images:

https://www.netgate.com/docs/pfsense/hardware/writing-disk-images.html

Conduct Checksum on the Downloaded Image

Since the the time of installation, the version I downloaded to install was: pfSense-CE-memstick-2.4.4-RELEASE-p1-amd64.img.gz. The key point here is it is the amd64 version to correspond with my hardware.

Next I downloaded the corresponding sha256 file from here so that I could do the appropriate checksum action and ensure that it is a good download. I have noticed on most sites, it seems as though that is just an expected understanding without much explanation, outside of the openSUSE download page, that is.

I Put the downloads in the same folder and ran this:

sha246sum -c  pfSense-CE-memstick-2.4.4-RELEASE-p1-amd64.img.gz.sha256

The response was:

pfSense-CE-memstick-2.4.4-RELEASE-p1-amd64.img.gz: OK

Which means that it was good to go. I haven’t seen anything other than OK so I couldn’t tell you what it’s like to not have an OK. Then either your image or the sha256 is not right and need to be downloaded again.

Writing to USB Drive

The instructions recommended erasing the disk partition table before writing. I haven’t done this step before writing to a flash drive but who am I to argue with the developers?

sudo dd if=/dev/zero of=/dev/sdX bs=1M count=1

In my case, the drive is sdd, be very, VERY careful to not wipe out any of your other drives so pay close attention to what you are doing. To find out what the device name is of your USB drive, insert the drive into a USB port and run in terminal

dmesg

Look for the latest entry corresponding to the USB device you just plugged in. It should read /dev/sdb or something of that nature. If you are unsure, ask somebody. There are plenty of helpful folks out there. Feel free to contact me directly and I’ll do my best to help you out.

The next thing to do is to install the image onto the USB drive.

sudo gzip -dc ./pfSense-CE-memstick-2.4.4-RELEASE-p1-amd64.img.gz | sudo dd of=/dev/sdX bs=1M

Replace /dev/sdX with the appropriate drive identification. Also note the version of pfSense is a moving target, so an exact copy from above is probably not going to be valid for long.

Installation

The installation is very straight forward on pfSense. Just like any Linux distribution, once you have it on the USB media, and the machine boots from the drive, follow the directions. In this case, I am getting a warning about my system battery voltage which I will address later. Once it boots into a nice ASCII art menu, select 1 to Boot Multi User, which is default.

On a kind of funny note, the legal notice, pfSense is a federally registered trademark of Electric Sheep Fencing LLC.” I’d like the background story on that LLC name. After you accept you are given 3 options. Install being the key option here.

Next you will set the keymap and you will be asked how you would like to partition your disk. I chose to use the Guided Disk Setup because it’s my first time and this is a reasonable course of action.

Since I have no reason to use the disk for anything but pfSense, it was reasonable to select to use the entire disk. Graciously, you are warned that this will erase the disk and wants a confirmation to proceed.

Next you are asked for the partition scheme of which I chose MBR as this is “Bootable on most x86 systems. You are then given another opportunity to review the disk setup and make any modificaitons. Since I have no experience with pfSense and altering any preferences. I left the defaults be.

Once you select Finish you are given one final warning to Commit with a clear warning of your actions.

The installation will proceed, first, “fetching” the distribution files than extracting them.

After the installation is complete you are asked if you want to make any further changes, the selection defaulted to No so I just proceeded from there and rebooted.

I was again reminded about my low voltage system battery before the boot screen to which the default works perfectly.

The boot process is much like what I am used to seeing in Linux so it was interesting to watch and see the slightly different syntax.

On the initial boot, you are given a series of questions to define the interfaces. One which faces the scary internet (WAN), and the other that faces the internal network (LAN). The first question is to set up VLANs, I have no need for such a thing so I entered, N.

Next I selected the interface I wanted to be the WAN. Since I know the hardware I installed, I selected the appropriate NIC. Ultimately, it doesn’t really matter on this setup. If I had more than one NIC for the LAN, that would change things.

Next, I set up the LAN and confirmed the configuration.

When that is complete, it will write the configuration to disk.

When the configuration was completed, I decided I wanted to change the LAN side IP address. This can be done by selecting 2. You are then asked which interface you want to configure, in my case, the LAN is option 2.

I set the IP address then the subnet mask per my network preference.

I didn’t set an IPv6 address because… why? Then the DHCP Range. In my case 192.168.10.51 to 192.168.10.200. 150 DHCP addresses is more than enough for my purposes… for now.

pfSense will ask if you want to reroute the webConfigurator protocol, which YES to that seems like the most reasonable answer. Then you will be dumped back into the main menu.

I reset the Admin password for the webConfigurator, mostly because I didn’t remember setting it to begin with and wanted to get into it.

pfSense-37-Reset webConfigurator Password

My first order of business when logging in to the web configuration utility was to change the theme to a dark theme. I just don’t care for how light the default theme is. Of course, this is just my personal preference.

pfSense-41-Dark Theme

That’s it, you now have a functional pfSense box, but there was one more bit if business in order to be satisfied with the system. Local DNS name resolution.

Configuring DNS

A feature that is absolutely required for me is the ability to have local hostname resolution within my network. All my machines are named something I can remember so I can easily access them ussing SSH for remote access or file transfer. It is not quite as straight forward to do in pfSense as it is with DD-WRT but here are the resources I used to figure it out:

https://www.netgate.com/docs/pfsense/dns/dns-forwarder.html

https://www.netgate.com/docs/pfsense/dns/unbound-dns-resolver.html

There was some fiddling to get it to go but here are the take aways:

pfSense-40-Disable DNS Forwarder

On the General Setup page, you have to Uncheck Disable DNS Forwarder. Save your changes. Then navigate to Services > DNS Forwarder.

pfSense-39-DNS Forwarder

There you need to Enable DNS forwarder and Register DHCP leases in DNS Forwarder. Be sure to save the changes. If not you will have to repeat your steps.

I was able to test that the local DNS name resolution worked as I would expect and was thrilled that something I touched actually worked and without banging my head against the wall.

pfSense-38-Testing Network

Adding a Wireless Access Point

A working edge device is great but who wires anything up these days? I had to put in a wireless access point. I took the previous edge device my Linksys E2000 and set the device to DHCP Forward to the IP address of the pfSense box. I plugged the ethernet port from the switch into one of the LAN (not the WAN) port of the E2000 and it worked as expected. You can turn the WAN port to be on the same VLAN within the Linksys E2000 but that is a discussion for another blathering or you can search that one out yourself.

Final Thoughts

pfSense is a really quite easy to set up and use. I will say,the hardest part of the project is writing the installation media. I have power cycled and added other users as administrators and it all works fantastically well. This truly is a fine BSD based operating system distribution.

If you have home or office networking requirements that a consumer grade edge device cannot handle, this is a low cost way of implementing one. I didn’t end up using this device for my house. After using it, I saw a greater need for this to be at my church and I ended up using IPFire for home, which is also quite good but I think in many ways, pfSense is a more polished and professional product and possibly better suited for a larger environment. I am not a network professional so take that opinion for what it’s worth.

This project has spurred on a few other future projects for the network in which it sits. More to come on that.

Further Reading

https://www.netgate.com/docs/pfsense/hardware/writing-disk-images.html

https://files.pfsense.org/hashes/

https://www.pfsense.org/download/

Flashing Linksys E2000 Router with DD-WRT

IPFire | Open Source, Linux based, Firewall, Install and Configuration

Network Diagramming with LibreOffice Draw on openSUSE

So, the title could be “Network Diagramming with LibreOffice Draw on whatever operating system” but since I use openSUSE primarily, there you go. I know it works on openSUSE, I can’t say for sure if it will work for you. Chances are it will.

The Problem

I spent some time last week making improvements to the network at my church this isn’t my first project there that is computer related. I also recently set up a Dell Inspiron as a Low Budget Multimedia Machine with openSUSE Leap and a RaspberryPi for slideshow announcements. The big irritation with doing any tech projects has been the network. It has been a smattering of routers in an ad-hoc manor. In fixing this, I needed a way to document it properly.

I looked at few pieces of software but didn’t like either the price or the operating system selection. Then I thought… LibreOffice Draw… I know that I can make boxes and connecting lines. Maybe there are some images I can find?

The Solution

The goal here is to make me less important in this project and try to get others on board so that, should I get hit by the proverbial bus, someone else is going to have to take control and need to know what is where and how to access it.

Searching around the World Wide Web, I found this shape gallery from VRT.com that has the images I need to put together a basic network diagram to show how things are laid out. At the bottom of the page, I selected VRTnetworkequipment_1.2.0-oo.oxt LibreOffice. Your version may vary, especially if you aren’t using openSUSE.

Installing this gallery of images is trivial, locate the download and open it with LibreOffice.

VRT Network Equipment OXT.png

The filetype should already be associated. Select okay to confirm installation and you are done.

I made a simple diagram to communicate the layout of the network, it is a rough drawing and I don’t really know what I am doing but it is a simple visual that is a “good start”.

LMCC Network Diagram-01.png

I at lest now have a basic visual as a frame of reference, and in the Lean Product Development, world a visual reference helps to identify Knowledge Gaps.

What I like

I didn’t have to go out and buy new software. I simply had to download an add-on to existing software, LibreOffice Draw. Adding the graphic components to LibreOffice was simple, download and run to install.

Using LibreOffice Draw is intuitive. It’s all drag and drop. You find the image you want that is now installed, click and drag it onto the

What I Don’t Like

There isn’t a text box immediately below or beside that is tied to the image for description of the component. It’s not a big deal as click-dragging to create a selection box around the objects to move them multiple items around works just as well. This is just being picky, really.

How It’s Working Out

I was able to create a “Phase 1” of the network plan and begin a course of action for the “Phase 2” of the network upgrades. Using Draw helps me to be able to communicate with the real network professional, my brother-in-law, so that we are aligned on where network is at, and where it needs to go. The next phases are almost entirely over my head but I will gladly help document what is done using this tool and others.

Final Thoughts

I spent a lot of time looking for software solutions, played with one other but realized that LibreOffice Draw can do the job quite nicely at the price I can afford. It is a testament to the LibreOffice Project and all the work that has gone into it. It reminds me that I should donate to the project to do my part to help keep it going.

Further Reading

openSUSE.org Site

LibreOffice Site

LibreOffice Network Gallary Images from VRT.com

IPFire | Open Source, Linux based, Firewall, Install and Configuration

ipfire-tux

I started searching for an edge device solution for my home I could put on x86 hardware after my Linksys E2000 started giving me problems. Initially, I was going with pfSense and set a machine up for that purpose but I came upon 7 32bit Dell Optiplex GX620 machine so I looked for a suitable solution. I wanted to make one of these an edge device. After all, they have more horsepower than any consumer based MIPS or ARM Router / Firewalls. After some searching, testing, more searching and testing, my solution is IPFire. IPFire, in short, could be considered the Linux version of the FreeBSD based pfSense. An Open Source firewall based on Linux that is easy to use, high performant and extensible which makes it usable to a large audience.

The documentation on this project needs some help, it took me some trial and error along with muddling my way through areas I didn’t fully understand to get it set up exactly as I want. Also note, immediately before starting this IPFire project, I set up a pfSense box so my expectations were now set. This is not a comparison to pfSense; that is another project of which is in progress.

This will hopefully help bridge some of the knowledge gaps you may have should you decide to try IPFire and an example of what works for me.

Preparation

To begin the process, I downloaded the IPfire from here:

https://www.ipfire.org/download/ipfire-2.21-core126

Should you be viewing this at a much later date, as in after a new version release click here and select Download from the menu.

I chose the flash image, I could have used the ISO, if I would have removed the drive and written the image directly to that drive. I think I may end up using this method for a future project. More on that later.

To match my hardware situation, I downloaded the 32 bit version of the Flash Image

Once downloaded I verified the image checksum

sha256sum ipfire-2.21.2gb-ext4.i586-full-core126.img.xz

Which gave me the output

0f8dc980103c733c7e236967ed35a3ce5cf847448f2b4e7c848220b334fddd38 ipfire-2.21.2gb-ext4.i586-full-core126.img.xz

Next I extracted the archive.

tar -xf ipfire-2.21.2gb-ext4.i586-full-core126.img.xz

In order to write the image to the flash drive, I had to check to see what drive I used the dd command as I would have done with pfSense. The instructions for installation where a little light and perhaps I need to help out with it.

In order to flash it to the drive, I first checked to ensure that I wrote it to the correct drive, I plugged in the drive and ran in terminal.

dmesg

In the last few lines, I was able to identify the drive.

/dev/sdd

Once extracted, I installed it, using

sudo dd if=ipfire-2.21.2gb-ext4.i586-full-core126.img of=/dev/sdd bs=16k

In only a few moments, the drive was ready for me to begin the installation.

Hardware Setup

ipfire hardware testingUsing 32bit Dell Optiplex GX620, I added an additional Ethernet Card. All I had on hand was a 100 Mbps device. The built in Ethernet Interface is a 1 Gbps so I decided to make that my internal side and the 100 Mbps NIC the external facing side as my max speed is around 60 Mbps.

My modem did make it known that it was not connected to a Gigabit device but until my speeds increase beyond 100 Mbps, I have no intention on changing it out.

The other work this computer needed was a new clock battery a CR2032 lithium button cell. I learned that the Dell Optiplex GX620 will not even boot with a dead clock battery

I had to make a few changes in the BIOS. One is to boot on AC restore so that should I lose power, it would boot as soon as power is restored.

Installation

The installation is fairly straight forward, so long as you have a basic understanding of what you want from your Local Area Network. Once your hardware is set, basically any computer with two NICs. The installation can commence.

Just a note, there is a mixture of camera photos of actual installation and VM installation. I should probably invest in a capture card at some point.

ipfire-01-1-boot screen

The first step is to install the Firewall Solution. You start with your language selection than to start installation.

You have one option on each of the next two screens, to agree to the license agreement and to delete all the data. Pictured below is the “VBOX” hard disk but I had a similar situation with the actual hardware.

In this process, you really only have one decision to make, to choose your file system. I chose ext4, because I know it is well tested and since it was first on the list, I wanted to start there.

After the system is installed you need to reboot to begin the configuration process.

ipfire-01-8-reboot

This is a very minimal Linux distribution… is it s a distribution? I don’t know if you call it that but it is a desktop-less interface so there is not much to install.

Basic Configuration

After the installation you have to complete the basic configuration. What took me a bit to understand was some of the IPFire-isms. For my two NIC setup, there is the Red and Green networks. More on that in a bit.

To start off, set your keyboard and Timezone.

Then your machine Hostname and Domain name.

You will have to set your root and admin passwords. From my experience in using it, the root user is for anything you do in the terminal and the admin is for the web interface. I am not able to ssh using the admin, nor am I able to log into the web interface with root.

The Network configuration menu portion of the install was a bit confusing for me at first. Here is where you must understand what the Red and Green networks do. If I had more than 2 NICs I would have played with the other settings.

The next section is the Drivers and card assignments. It is here that you will decide what NIC is Green and Red.

First I set the Green Network hardware. In my case, I wanted to use the Gigabit NIC on my internal network with my slower 100 Megabit NIC facing the modem to the Internet. This card is not going to be my bottle neck, my provider is still the bottle neck.

ipfire-14-card assignments

The Address settings will define the properties of your NICs.

I started with the Green interface, my internal network. I set the IP address and Network mask here.

The final bit to the Address settings is the Red interface, facing the Internet. My provider requires I set up my device to receive a DHCP address.

The last step is the DNS and Gateway settings. The only setting I filled in was the Primary DNS. Which, to my understanding, needs to be set for local hostname resolution. My primary DNS server is also the address of the IPFire device.

The last step is to Configure the DHCP server. In my case, I set the DHCP range from 192.168.10.100 to 192.168.10.200. My domain name, which was given earlier, was set already filled in.

That is it. Once rebooted, I could now further refine the configuration through the web interface.

First Run and Testing

The Web interface is quite straight forward. It will take some time of clicking around to become acquainted with all the options and once you think you have figured it out, you will find that you forgot where you just found the options you wanted. Not due to any lack of organization but rather due to the great number of options.

ipfire-25-system home

There are many, many, many features to highlight with IPFire. I will just show the bits that I find interesting. Even though I have 17 devices connected in my network with quite a few intrusion detection rules. The 16 year old 32 bit CPU doesn’t seem to be under any kind of stress.

ipfire-26-cpu graph

It is also worth noting that

ipfire-27-memory graphipfire-28-network utilization

Local Name Resolution

My most important feature of a Firewall, Router, etc system is that I have local name resolution. I spend a lot of time in the terminal and I also use Secure Shell for file transferring so it is important that I can address my computers by hostname and not have to figure out what the IP address is. Here is how you do it.

Under DHCP Configuration, ensure that the Primary DNS is set to the the the IPFire device… which is also your DHCP Server as well. It must also be noted that it did take a little while for IPFire to build the IP Tables for me to address the computers by hostname.

ipfire-29-dhcp configuration

DHCP Forwarding from the Access Point

I had no intention of discarding the Linksys E2000 that had been faithfully running my home network. I have chosen to keep it on the wireless as an Access Point.

This was done by setting the Access Point IP, Netmask and the DCHP Type is DHCP Forwarder to the address of the IPFire machine.

linksys e2000 network setup

That was literally all I had to do and my network was functioning the same as before but more efficiently. Interestingly, if I plug into the AP Ethernet Ports, it acts as a switch or wired access point. Very handy.

Intrusion Detection System

The features that I wasn’t looking for that made me pretty excited was this system of rules you can activate to harden your firewall.

For more inormation about it, you can navigate here and read away.

ipfire-30-intrusion detection system 1

There are some options as to which rule sets you choose. You can go with community rules or registered rules. I chose the EmergingThreats.net Community Rules. I don’t know yet if they are working as expected but I’m sure I’ll find out soon enough.

ipfire-30-intrusion detection system 2

Future Project

Though I don’t have any performance issues with this aged 32 bit hardware, my only issue is the age of the SATA drive sitting in its bowels. It has passed the SMART test but I want to replace it with an SSD before it fails. It will also be interesting to see if I can properly backup all my settings and restore the configurations to the new drive when I make the upgrade.

For now, I am satisfied with my network as it is but I am also considering getting another NIC upon which to put all of my IoT devices. I generally distrust IoT and segregation is good for these useful yet potentially troublesome machines.

Final Thoughts

Looking back, I started to have problems with my Linksys E2000 in early fall of 2018. I wasn’t sure of the trigger but the router eventually required an intervention shortly before Thanksgiving. Things seemed fine for a while until I added my Kitchen Command Center in December. I would periodically have buffering and network slow downs. I was especially noticeable when I had guests. Running CAT5 to several machines did help somewhat but it pretty obvious the router was operating at levels slightly beyond it’s capability. The router’s average load was high, and that poor little device was doing just a bit too much. Firewall, router, DHCP Server, DNS Server and wireless access point was just a bit too much for that MIPS16 powered device. I didn’t eliminate this router, I reduced its responsibilities to just being an Access Point and now my home network functions fantastically well.

This was a very satisfying project worth every penny I spent on it… which was about 1 gallon of diesel to pick up the hardware. I am not a network guy but I can muddle my way through. If I have made any obviously egregious errors, feel free to let me know by commenting or sending me an email so that I can learn a little and not steer anyone else wrong.

Further Reading

IPFire.org Home

EmergingThreats.net General Intent

pfSense Project

Flashing Linksys E2000 Router with DD-WRT

Flashing Linksys E2000 Router with DD-WRT

No Network.png

When it comes to home networking, I have lost some “Geek Points” in the last few years. In general, I don’t find all the bits that go into networking all that interesting, I know the basics, have had my network doing what I want it to do and have basically neglected it for some time. If I need real help I will lean on my brother in-law to help me sort out the netmasks or routing tables or whatever else by which I am less excited. To the level I have come to understand I have gotten what I needed working so why think about it… That was until my router, already running DD-WRT, started to give me some problems.

Using Speedtest.net I was only getting 12 Mbps on the Wireless and around 70 Mbps on the wired Ethernet. This was becoming increasingly annoying as most of my work requires reliable internet connection so I started running CAT5 to each computer in my SuperCubicle plus one extra for a future project.

Productivity had been restored, so long as I was wired. Then one morning the wireless just stopped altogether. The wired Ethernet was still routing but the traffic on the wireless just stopped routing traffic all together.

Hardware

Linksys E2000.png
Linksys E2000

Not a very complex network and would have been something great 8 years ago for a home network but today, the idiom “long in the tooth” would be an understatement. I have a DOCSIS 3 Modem, which is new and trouble free that is connected to a Linksys E2000 router running DD-WRT. Attached to that is a Linksys 16-port EZXS16W switch. From that switch there are about 10 ports used up.

 

Linksys EZXS16W
Linksys EZXS16W 16-Port Switch

In order to bring the wirless back up, I tried to adjust some of the settings and nothing seemed to save. It was like it was working and not working in the same stroke. Rebooting the router didn’t change anything, it was still in a kind of undead state. I was unsuccessful with everything I tried. I saw only one option, factory reset the router and upgrade the firmware.

Firmware Flashing Complications

Using the DD-WRT Router Database I searched for the Linksys E2000 and downloaded the latest “Mega” firmware. Based on my understanding and referencing the wiki page, I just needed to update the firmware with the latest “Mega”. I did the initial attempt at flashing the firmware with the Falkon browser, it didn’t take. I got the “Flash Failed” error. I did it again but disabling the Ad Blocker thinking that might have been the problem but it still didn’t work. I tried Firefox and the Konqueror browser. All failed.

I downloaded the “Big” version and tried it again but with no success. What finally worked was upgrading with the DD-WRT: Factory Flash dd-wrt.v24-37305_NEWD-2_K2.6_mini-e2000.bin (at the time of writing, November 2018).

This flash was successful a since I didn’t need any of those extended features, the Mini was plenty good for what I need to do with it, at least for the short term.

Features I use

I don’t have a whole lot of requirements for my router at this time. What is important to me are the following features less common in typical consumer wireless router / switch / firewall / gateways:

DNSMasq

DNSmasq is a local DNS server. It will resolve all host names known to the router from dhcp (dynamic and static) as well as forwarding and caching DNS entries from remote DNS servers. Local DNS enables DHCP clients on the LAN to resolve static and dynamic DHCP hostnames. This is especially important when communicating with computers through the terminal or doing SFTP transfers. Rather than typing out the IP address, I can just type the computer’s hostname.

DHCP Static Lease

I have a few devices on my network that it is important that the IP address doesn’t change, specifically my HP OfficeJet All-In-One printer and my server.

DHCP LAN Domain

I like to set a LAN domain, not really a necessity but I like to have one for fun and fashion.

Next Steps

My home network hardware is aging and needs several upgrades. I think I am going to start with a pfSense Box probably use some sort of older x86 machine with a couple NICs, use the current router as a Wireless Access Point then look at changing out my 16-port switch to some sort of Gigabit Switch with about the same number of ports. Judging by my cursory review of the setup and features, I will have to make a significant time investment.

Network Cable Nest.jpg

Final Thoughts

It is remarkable how quickly one’s morning priorities can change when the network becomes largely inoperable. It is also remarkable how quickly it seems like your network components age when you are not thinking about it.

This little “breakdown” has inspired me to begin making the changes to my network. Future blatherings to come from this as I make the upgrades and figure out what works best for my home network.

Further Reading

https://wiki.dd-wrt.com/wiki/index.php/Linksys_E2000

Linksys E2000 DD-WRT Wiki page

https://www.pfsense.org/