Pages

02 November 2014

Cable Modem and DSL Home Networks Using VLANs Sharing Ethernet with DD-WRT in Control

This article continues the VLAN discussion from the previous post,  showing you the settings for DD-WRT to make an isolated LAN sharing Ethernet wiring between you and a roommate in the common areas of your home.  This requires installing custom firmware from DD-WRT or OpenWRT.  The included video shows a real world setup that matches the article, but simulates some components described herein.  The cable colorings match the diagram with VLAN7 in yellow and the trunk lines in orange.



I assume you have two networks in your home such as cable and DSL for you and your roommate and you want to use wired networking with access to both networks in common areas with only one Ethernet cable per room. VLANs are a great solution for this. Let's say your roommate needs  a connection in the office and one for the downstairs TV for her entertainment device (XBOX, AppleTV, etc), thus you two need to share the Ethernet cable for common rooms.  For this scenario, we will split the trunk into a Y configuration, bridging two physically separate cables together with VLAN tagging and trunking sending both LANs to two floors in the home.

Home Shares DSL and Cable in Wired Ethernet Using VLANs with DD-WRT, OpenWRT, and VLAN Trunks
Home Network Carrying  multiple VLANs


We will assign your roommate VLAN7 in the basement distribution switch (switch2), but we'll exclude the Netgear WNDR3800 basement router since which serves the cable modem.  In the prior article, you see the basement switch (switch2) as a VLAN distribution point, but it will become a VLAN access point for VLAN7.

Switch 2 changes from the previous build by adding a second trunk to the first floor switch (switch3). Port 3 is now tagged and includes both VLAN1 for the homeowner LAN, and VLAN7 the DSL LAN.  Port 2 is assigned to VLAN7's DSL modem which is simulated with a laptop in the video  Switch2 doesn't include VLAN7 in the Wan port (W) column excluding it from being able to receive VLAN7 traffic.

Image shows two VLAN trunks and one port assigned to VLAN7
DD-WRT VLAN Trunks and Ports on Linksys e3000

This is the first floor DD-WRT router using the venerable Linksys WRT54GS router.  In this configuration, port 4 is assigned to VLAN7, while the remaining ports stay on VLAN1 except for the WAN port which is the trunk line from the basement.  This router supports the roommate's living room device on port 4.  The video uses my receiver to simulate the roommate's device.

This diagram tags the VLAN trunk port and assigns the VLANs to their proper ports
Linksys WRT54GS VLAN Trunk

The 2nd floor VLAN distribution runs DD-WRT on a Linksys e3000 and uses port 4 for VLAN7 and supports the roommate's computer in the office.

This image shows VLAN7 on its own port, the WAN port as a trunkline, and the remaining ports on VLAN1


Electric wiring or wireless technologies can also be used to connect different networks to devices around the home and these solutions tend to be the the star attraction when you inquire at places like Micro Center or Best Buy for help, but you have another very powerful technique in VLANs which can be used with the inexpensive equipment you or others have discarded.  You can also find many managed switches under $100 U.S. if you wish to purchase hardware dedicated to VLAN networks.


19 October 2014

Home VLAN Trunking with OpenWRT and DDWRT




My edge router is a Netgear WNDR3800 running OpenWRT which creates four VLANs for my domicile.  I use Linksys e3000s running DD-WRT as managed switches distributing LANs where I want them to go.  I will show how I use the remaining Linksys e3000 units to send all four VLANs into one trunk line.  The DD-WRT and the OpenWRT projects have this well documented in a TL;DR manner showing all the command line steps.  I did the whole thing using the GUI interfaces and I will show the wiring as well.  I use VLAN trunking since my office has only one ethernet connection but I have multiple LANs and I want the ability to change the wiring without running physical wires.  Re-wiring is done with software changes!  Of course, you can buy managed switches but many of you might have collected these consumer routers over the years or would like to save some money on the used market since managed switches can be pricey. The short video above contains a demo toward the end.

To start, lets look at the diagram below showing the Netgear WNDR3800 serving the connection to the WAN.
Netgear WNDR3800 uses each port as a distinct VLAN with Port 2 as a VLAN Trunk
Netgear WNDR3800 as VLAN Distributor

The Internet goes into the WNDR3800's WAN port.  This router supports my guest wireless LAN 192.168.2.0/24 and the primary LAN 192.168.1.0/24.  Additionally, it supports a server control LAN 192.168.5.0/24 and the DMZ LAN 192.168.4.0/24.  The server LAN has only one PC-BSD based ATOM server running my IPv6 blog using ports 3 and 4 on the device.  Port 1 on the WNDR3800 goes into a power line adaptor, but isn't really used.  Port 1's main purpose is to be open in case of an emergency requiring a cable connection to VLAN1,which is the administrative LAN.

On the right, you see I have a Linksys e3000 in the basement which receives the trunk output from the WNDR3800 into its own WAN port. The settings are pictured below.

Linksys e3000 VLAN Trunk Setup with DD-WRT using WAN port and Physical Port 1
DD-WRT Trunking with Linksys e3000
The WAN port is used for input from the WNDR3800 physical port 2.  Port W in the picture above is the WAN port and it is tagged with VLANs 1 through 5 selected.  VLAN2 must be included per the DD-WRT wiki.  The middle ports serve the main network VLAN1 but these can be switched to different VLANs as needed.  Port 4 pictured above is tagged and contains all the same VLANs as the intake port, or "WAN" port as it is labelled.  Port 4 is actually physical port 1 on the Linksys e3000.  The DD-WRT switch guide identifies that the numbering is reversed from the GUI so port 4 in the GUI is labelled as port 1 on the device.

Port 1 is the trunk port sending everything upstairs to my office.  I prefer building servers in the comfort of the office rather than cold and cramped basement so I use the VLAN tagging to make the switch ports on the upstairs Linksys e3000 VLANs 4 and 5, but as you see I switched them to VLAN3 (GUEST) for the demo and the other port is still VLAN1.  For server building, I bring both VLAN4 and VLAN5 upstairs for DMZ and server control allowing me to easily configure the server with the proper IPs the first time without needing to change IPs once placed into the server area downstairs.

Below is the configuration of the upstairs DD-WRT using VLAN5 (SERVER) into physical port 1. DHCP/WAN and other features that make the e3000s a primary router are disabled but not depicted in any of the pictures below.

One port is switched to VLAN 5 on the Linksys e3000
Linksys e3000 with VLAN Trunking and VLAN5

As you can see from the above steps, VLAN trunking is pretty easy and OpenWRT/DD-WRT make virtual wiring quite easy.  Of course, with just about everything wireless nowadays, I suspect this article will get few hits.  You can assign wireless networks to VLANs just as my guest network is bridged to VLAN3.

You can see the devices in their real world setup below.  The basement e3000 should have two orange cables but the house is wired with blue so I put a white label with orange text around it on the right but the photo isn't very sharp around the cable nor is the label's text visible in the picture.

The far right is the trunk upstairs and is a blue cable with an white label with orange text
Linksys e3000 Basement VLAN Trunk Orange
I should use a blue VLAN1 colored cable for the gaming PC instead of the gray one in the picture.
VLAN Trunk in on orange cable into WAN port with remaining ports on VLAN1
Office e3000 with trunk in WAN port and AnyLAN port in Yellow

Netgear WNDR3800 backplane with separate VLANs
Netgear WNDR3800 running OpenWRT as Gateway Router

Netgear WNDR3800 Backplane VLAN Connections 

Intel ATOM Server with PC-BSD
Intel ATOM Server running PC-BSD





06 October 2014

Take and Bake Pizza Delicious Crust

Improving the Crust of Pre-made Pizza


I love the taste of Papa Murphy's take and bake pizza and I feel this pie is one the best values in fast food, but I don't like the crust so much.  The crust needs something extra which for some could be dipping sauce, but I like to spice up the crust myself with my own blend of seasonings.  You can use whatever seasonings you like, of course and if you do leave a note about your choices of spices and enhancers below.

Take a look at the video to see how to improve the crust of the pizza.


12 April 2014

Intel Atom D2500 Mini-ITX Unboxing and Setup

Unboxing and Setup of Mini PC

This quiet little PC arrived in the mail recently and is quick and easy to setup.  In the video, I unpack it from its carton, install a 320 GB disk drive, 2 GB of ram, and install PC-BSD 10.  The PC is solidly built and the plastic feels good to the hands.  The back panel is cluttered with too many legacy ports which could have been removed for newer technologies. It runs quiet but it is still warm enough to use for hand warming on a cold day.

You can see at its manufacturer's site all of the different ways Mini-ITX systems can be configured.  

Video

See this video featuring unboxing to startup.



07 April 2014

IPv6 Only Network with DNS64, NAT64, and OpenBSD Router

How To Setup IPv6 Only Network with OpenBSD as Router

Overview

I decided to see what a computer network running only IPv6 would be like and there are many ways to do this.  I find the easy way is to disable IPv4 and set the name servers to Google's public DNS.  But, for this lab, I decided to put a host behind an OpenBSD router with an internal LAN IPv6 only.  You will quickly find many sites on the Internet do not have IPv6 addresses and the Internet turns into a lonely place.  There are other solutions that could have been instead of NAT64 such as a proxy that could reach IPv4 addresses but I wanted to try NAT64, so here goes.

Video Demo



Configuration of OpenBSD NAT64 Router

The OpenBSD router needs two network interface for internal IPv6 and both IPv4 and IPv6 outbound connectivity.  This guide uses OpenBSD snapshot which is 5.5 at the time of this writing.  The good news is that OpenBSD makes NAT64 incredibly easy so here are the steps:

1) Install package libdaemon and totd from packages or ports.
2) Download and compile the Router Advertisement Daemon (radvd)
3) Configure rc scripts as seen at the bottom of this document.
4) Configure /etc/radvd.conf daemon configuration file.  The RDNSS option will pass DNS info to the IPv6 client.

interface re0
{
     AdvSendAdvert on;
     MinRtrAdvInterval 3;
     MaxRtrAdvInterval 10;
     AdvDefaultPreference low;
     AdvHomeAgentFlag off;
     prefix 2001:db8:ff10:1::/64
     {
          AdvOnLink on;
          AdvAutonomous on;
          AdvRouterAddr off;
     };

        RDNSS 2001:db8:ff10:1::1 
        {
                AdvRDNSSLifetime 30;
        };

        DNSSL localdomain
        {
                AdvDNSSLLifetime 30;
        };
};

5) Configure /etc/totd.conf which will perform DNS64 using the RFC standard address range for DNS64.

; $OpenBSD: totd.conf.sample,v 1.3 2012/08/19 22:30:37 ajacoutot Exp $
; Totd sample configuration file
;forwarder 192.168.0.1 port 5000
forwarder 2001:db8:ff10::1 port 53
prefix 64:ff9b::
retry 300 

6) Update pf.conf with NAT64 configuration by adding the IPv6 to IPv4 NAT rule.  You will see I built my NAT64 server behind another IPv4 NAT gateway but if you do this in production, this server would probably be your gateway to the Internet.

pass in log on re0 inet6 from any to 64:ff9b::/96  af-to inet from 192.168.1.153 

7) Give reboot test to ensure clean startup.
8) Test client with an IPv6 only host and ensure it works.
9) Test client with an IPv4 only host and ensure the DNS64 and NAT64 function correctly.

Summary

It is cool but just like IPv4's NAT, some things will break!  The Macintosh will configure itself automatically on the network, but you might find some things don't work.  Other clients may not get DNS information from RDNSS at this writing but you can find help on your particular client from searching the web. I hard coded the DNS into the Linux Mint client's config file but there is a Linux RDNSS daemon that will automate that for you.

Extra Information

Some extra things that you might already have figured out follow.  You will see the two internal interface re0 and the external interface pcn0 along with the autostart options for rc.conf.local and the libdaemon package needed to compile radvd.  Versions may change for packages listed since I used OpenBSD snapshot at the time of this publishing.

Internal Interface settings:

/etc/hostname.re0

inet6 alias 2001:db8:ff10:1::1 

For /etc/hostname.pcn0, don't use DHCP for IPv4 since I was being lazy and assign a proper static address.

dhcp
inet6 2001:db8:ff10::100 64
!route add -inet6 :: 2001:db8:ff10::1

/etc/rc.conf.local

pkg_scripts="totd radvd"
totd_flags="" # for normal use: ""


/etc/rc.d/radvd copied from /etc/rc.d/totd script and modified for radvd.

#!/bin/sh
#

daemon="/usr/local/sbin/radvd"

. /etc/rc.d/rc.subr

rc_reload=NO

rc_cmd $1

pkg_info output showing libdaemon is needed to compile radvd.

libdaemon-0.14p0    lightweight C library that eases the writing of daemons
quirks-1.130        exceptions to pkg_add rules
totd-1.5.1p3        DNS proxy that supports IPv6 <==> IPv4 record translation