IPv6 on Time Warner with VLANs using OpenWrt

I’ve retired the old Linksys e3000 running TomatoUSB and have replaced it with a ZyXEL NBG6716 802.11AC router that is running OpenWrt Chaos Calmer.  One of the things I was never able to get to work on the e3000 with Tomato-USB was getting each of the four VLANs an IPv6 subnet.  I could only seem to pull down a /64 from Time Warner, which would then get assigned automatically to my first VLAN.  The good news is, I am now running with a /56 assignment from Time Warner with each VLAN assigned a /64.

My current setup looks like:

  • ZyXEL NBG6716 AC router
  • OpenWrt Chaos Calmer r43762 (snapshot of trunk at the time)

So, to start out, make sure you have the following software packages installed:

  • ip6tables
  • ip6tables-extra
  • kmod-8021q
  • kmod-ip6tables
  • kmod-ipv6
  • odhcp6c
  • (optional) luci-proto-ipv6

Setup WAN

At this point, I configured the WAN interfaces to pull an IPv6 address (Network -> Interfaces).  Edit the WAN6 interface to update the following settings:

  • General Setup Tab
    • Protocol: DHCPv6 client
    • Request IPv6-address: try
    • Request IPv6-prefix of length: 56
  • Advanced Settings Tab
    • Bring up on boot: checked
    • Use builtin IPv6-management: checked
    • Use default gateway: checked
    • Use DNS servers advertised by peer: check (even though TW hasn’t passed IPv6 DNS servers to me yet)
  • Physical Settings Tab
    • Bridge interfaces: unchecked
      • Interface: “Ethernet Adapter: “eth1″
  • Firewall Settings
    • Create / Assign firewall-zone: wan

Create VLANs

Now create the VLANs that you want to use (Network -> Switch).  Make sure that each of the VLANs you create are tagged for the CPU.  In my setup, I have the VLANS: Management, Home, Guest, DMZ.

Create Interfaces for the VLANs

Read more »

Burnt VPN Pi (VPN Hotspot on Raspberry Pi)

Warning: I found this in my drafts and I think it was mostly done.  Enough where I can follow it again.  You might have issues following it word for word though until I can recheck and remove this warning.

Purpose

The purpose of this project is to create an environment where we can use two Raspberry Pi’s to create a temporary VPN tunnel, where the client Pi also has an AP hotspot that routes all traffic through the VPN tunnel.  This is good for those people who are going to countries that have different policies than your current country.  Some of the uses I’ve used it for:

  • Watching Netflix while in another country so that I can view my home countries content
  • Getting around country firewalls that block applications such as Facebook, twitter, Instagram, etc
  • Connecting back to a trusted network when I am in a spot where the network is known to be monitored and trying to steal data.

Install the Required Software

Install the following packages:

apt-get update
apt-get upgrade
rpi-update
apt-get install openvpn hostapd resolvconf dnsmasq cryptsetup libnet-ifconfig-wrapper-perl cryptsetup

Now disable some of the software from starting up, as we will be having these pieces start up triggered by future events such as eth0 up and openvpn up:

update-rc.d openvpn disable
update-rc.d hostapd disable
update-rc.d dnsmasq disable

Load modules

Read more »

Using MAAS on OpenCompute – Setting up PXE for Serial Console

This article is using Ubuntu 13.10 (Saucy) as a base install.  One of the issues with using OpenCompute nodes is the fact that it is headless.  One of the issues that generally comes up with all tools, being it Cobler, Mirantis, or MAAS, is that the pxe config is not setup to actually show the serial information.  While playing with Ubuntu MAAS, I did figure out a way to redirect the console to serial to be viewed of SOL.

The first step is to install MAAS following the directions that are posted.  In this case I actually installed MAAS on a non-OpenCompute platform, in this case a laptop that I generally use as the controller.  The reasoning is that I don’t want to waste a power OpenCompute  node on what can easily be ran on a basic computer.

We are going to need to modify the templates that are located at /etc/maas/templates/pxe so that we can setup the bootloader and the kernel params so everything gets redirected to console.  If this is not setup, the lat thing you should see before funky characters would be:

Loading amd64/generic/saucy/xinstall/linux........
Loading amd64/generic/saucy/xinstall/initrd.gz.......................

We first will need to setup the boot loader on each image to redirect to the console.  This can be done by:

# cd /etc/maas/templates/pxe/
# sed -i '1iSERIAL 0 115200n8' config.commissioning.template
# sed -i '1iSERIAL 0 115200n8' config.install.template
# sed -i '1iSERIAL 0 115200n8' config.local.amd64.template
# sed -i '1iSERIAL 0 115200n8' config.local.i386.template
# sed -i '1iSERIAL 0 115200n8' config.local.template
# sed -i '1iSERIAL 0 115200n8' config.xinstall.template

The second piece we have to fix then is having the kernel direct to console also.  This is good for when MAAS does the automated install. This step is easier and what you need to do is go to the MAAS webpage, click on the gear on the top left, and scroll down to the “Global Kernel Parameters” section. Add “console=tty0 console=ttyS4,115200n8″ in the text box and click the “Save” button.
MaasGlobalKernelParameters

Controlling a RGB LED attached to a Raspberry Pi through Android

This was a bit of a project that I used to learn some new technology.  Note: I am not an EE and I am just learning how to do this.  Proceed with caution if you want to repeat.

Project Description

I need to be able to control turning on and off an RGB LED utilizing the Raspberry Pi.  I also should be able to turn it on and off using an Android device.

Design

The design is made up to utilize three different components: Raspberry Pi / LED Hardware, Web Service, and Android device.

Raspberry Pi

All the gear that was used was:

  • Raspberry Pi – Model B
  • 5mm High Brightness Full-Color LED
  • Breadboard
  • Resistors
  • 3 x Transistors – 2N3904

Some of the constraints I also have to work with are:

  • Each of the 3.3V GPIO pins can handle a maximum current of 16mA.  They might be able to do more, but from what I read, it would not be for long.
  • The Pi takes about 700mA of the total power without anything plugged in (USB, HDMI, etc), so depending on the power adapter used, there might not be enough power.  In this case, I used a 2A plug.
  • Since each color will require more than 16mA of power to turn on, I need to utilize transistors and the 5V pin from the Pi.  I will use the GPIO to handle closing the circuit on an NPN transistor.  I believe I need to use NPN due to the fact that the LED has a common anode.

Read more »

OpenCompute IPMI with F11 / F12 Issues

These are more notes than a real blog post.  Working with IPMI on OpenCompute has weird quirks and one of those is the Serial BIOS with the F11 and F12 keys.

Here’s an example of using ipmitool to pull information remotely about the power status

$ ipmitool -C3 -I lanplus -H 172.16.56.180 -U admin -P <password> power status

Using the Serial BIOS

The serial BIOS interface is a bit brain damaged in that it does not recognise the “F11″, and “F12″ key escape codes that most terminal programs send, instead you can send “Esc-!”, and “Esc-@” (yes very logical, as long as the ‘@’ key is normally typed using ‘Shift-2′ – as on US keyboards, not miles away from the ‘2’ key, as on many non-US keyboards).  These escapes from HP, and Dell serial BIOS’ may or may not be useful:

Defined As     F1     F2     F3     F4     F5     F6     F7     F8     F9     F10    F11    F12
Keyboard Entry <ESC>1 <ESC>2 <ESC>3 <ESC>4 <ESC>5 <ESC>6 <ESC>7 <ESC>8 <ESC>9 <ESC>0 <ESC>! <ESC>@

Defined As     Home   End    Insert Delete PageUp PageDn
Keyboard Entry <ESC>h <ESC>k <ESC>+ <ESC>- <ESC>? <ESC>/

Use the <ESC><Ctrl><M> key sequence for <Ctrl><M> Use the <ESC><Ctrl><H> key sequence for <Ctrl><H> Use the <ESC><Ctrl><I> key sequence for <Ctrl><I> Use the <ESC><Ctrl><J> key sequence for <Ctrl><J> Use the <ESC><X><X> key sequence for <Alt><x>, where x is any letter key, and X is the upper case of that key

Setting up TomatoUSB for VLANs and Ubiquiti AP

So after getting a quarter of the way through a comment to a question somebody had on my Ubiquiti APs, TomatoUSB, VLANS, and Linksys e3000 post, I realized it would probably work better as a post instead. Christoph’s question was:

How did you wire everything? I’m trying to do the same and had no luck. I only have one UAP, but if I turned on tagging for the Port I used for each bridge, I wouldn’t even get an IP.
I would like Management and Home to be one vlan, and guest another, so my setup is simpler. Maybe knowing how you wired it will help.
Thanks!

I’m going to walk essentially through what steps I remember taking to get up that far.

Assumptions

  • VLAN 2: Home / Management
  • VLAN 3: DMZ
  • UAP plugged into Port 1
  • Admin Computer plugged into Port 4
  • Management / Home network is 192.168.1.0/24
  • Guest network is 192.168.2.0/24
  • You have a VLAN edition of Toastmans TomatoUSB mode

Setting up TomatoUSB Read more »

Compiling Intel’s Data Center Manageability Interface on 64-bit

I needed to use Intel’s Data Center Manageability Interface program to interface with IPMI that does not have a dedicated controller, so we needed to use software emulation. Two issues that we had were:

  1. The binaries provided on their website didn’t work due to needing older libraries that had deprecated functions in them.
  2. Source code didn’t compile because of those same libraries that were missing.

I’m including a patch for DCMI_Conformance.cpp that will allow it to compile on Ubuntu 12.04 64-bit. The source came from ipdc-1-5-0-31-0-src.tar.gz, which was downloaded from Intels site. Just make sure that you have the dev libraries installed for ncurses and libssl.

RocketRaid 622 Driver (rr62x) for Ubuntu Linux Kernel 3.8

More of a reference for myself so that I don’t have to go through this again, but I put together the patches people had in multiple places so that I can install rr62x-dkms on my 12.04 system. Probably a better way to do this, but I’m tired and just wanted to get the system up.

File: rr62x-dkms_1.1_all-3.8.deb

Resources Used

Ubiquiti APs, TomatoUSB, VLANS, and Linksys e3000

Try not to get too shocked, but this actually an article about networking.

Back story, I picked up some Ubiquiti AP’s for a good price to install around the house. While I have these nice enterprise AP’s, I decided to redesign my home network utilizing VLANs to provide a management vlan, home vlan, dmz vlan, and a guest vlan. I set out to do this utilizing gear that I had laying around that consisted of:

To start off, I decided that I was going to utilize my two e3000’s as a router and a smart switch. I decided to continue to use the TomatoUSB ROM on those routers, but upgrade to the Toastman version (1.28.7502.7) that had experimental VLAN support.

The Design
In the end, I wanted to have four different vlans:

  • VLAN2 – Management
  • VLAN3 – Home Use
  • VLAN4 – DMZ
  • VLAN5 – Guest

In addition, I wanted to have multiple SSIDs on the Ubiquiti AP’s that mapped to specific VLANS:

  • Home – VLAN3
  • Automation – VLAN4
  • Guest – VLAN5

The nice thing about the Ubiquiti AP’s is that they allow multiple SSIDs to be set and also it will add tags to the packets. The only gotcha was that the non-vlan SSIDs and AP needed to be setup on a non-tagged vlan or native vlan.

The Problem
After many hours of trying to get Tomato to work correctly, it turns out that the problem is that I needed to have VLAN2 setup as non-tagged, while VLAN3-5 needed to have tagging on. The GUI had an option for setting the default, but that did not work and packets were ignored. The other issue was that the gui didn’t allow you to set VLAN’s that were tagged for a port and then add an untagged VLAN on that same port. It was either all VLANs were tagged or it would only let you select one untagged VLAN and no other VLANS.

The Solution
After many hours of trying to figure out what was going on, I realized that the firmware wasn’t handling untagged traffic correctly. The solution was that I needed to telnet into each of the routers and update the nvram values directly to specify that the port should be used, but not tagged, while the other VLANS would be tagged.

Read more »

Sound on Dell XPS L702X in Linux

After getting the sound working on the laptop, I was still running into issues with distorted sound and the sub woofer not working. The sound chipset that is in it is Intel, as can be seen by:

00:1b.0 Audio device: Intel Corporation 6 Series/C200 Series Chipset Family High Definition Audio Controller (rev 05)

The fix was by adding some additional commands to the snd-hda-intel module:

echo "options snd-hda-intel model=ref index=0" >> /etc/modprobe.d/sound.conf
echo "options snd-hda-intel model=6stack-full" >> /etc/modprobe.d/sound.conf