Archive for the ‘Internet’ Category
Posted by jpluimers on 2017/06/06
The WAN sides of my Mikrotik CCR1009 are partly behind Fritz!Box routers that do NAT and contain a truckload of port-forwards.
A while ago, I wanted the CCR1009 to do PPTP as Fritz!Box 7360 and 7490: static routes over VPN don’t work (so I could only VPN to the WAN side of the CCR1009). However, it would not pass through the Fritz!Box from the outside.
It appears you need to forward both:
Maybe one day I will ditch the Fritz!Box 7490 and directly hookup the Mikrotik to the NTU: xs4all ftth en Mikrotik router – Google Groups.
But preferably I should follow Don’t use PPTP, and don’t use IPSEC-PSK either (via: CloudCracker blog)
–jeroen
via: VPNs einrichten mit PPTP – administrator.de: Achtung mit PPTP VPN Servern hinter NAT Firewalls !
Forward both PPTP TCP port 1723 and the GRE protocol
Posted in Fritz!, Fritz!Box, Fritz!WLAN, Internet, IPSec, MikroTik, Network-and-equipment, Power User, PPTP, routers, VPN | Leave a Comment »
Posted by jpluimers on 2017/06/05
Interesting:
As I always try to maximize the usage of new hardware I started to explore what is possible with this combination. In this post I will explain how you get access to your FRITZ!Box using ssh.
Source: FRITZ!Box tuning part 1: Enable remote access over ssh [WayBack]
–jeroen
Posted in Fritz!, Fritz!Box, Internet, Power User | Leave a Comment »
Posted by jpluimers on 2017/06/02
Just one example; it applies to virtually all consumer IoT and routers I know: upgrading is hard especially if it’s undocumented on how to keep your configuration.
–jeroen
Posted in Internet, IoT Internet of Things, Power User, routers, TomatoUSB | Leave a Comment »
Posted by jpluimers on 2017/05/26
There are various arguments for using Google DNS (8.8.8.8 or 8.8.4.4) or Open DNS servers or not. A few are listed here:
It basically comes down to two things:
- DNS speed
- CDN speed (Contend Delivery Network providers like CloudFlare, Akamai, etc)
If your DNS server isn’t close to you, it might select a CDN server that is far from you. If you rely on CDN, then you need to weight in that factor.
This is how I decide:
- devices not needing CDN: use Google DNS or Open DNS
- devices needing CDN: use Namebench to pick fast DNS servers that are nearby based on Namebench reports with “Recommended configuration (fastest + nearest)”
–jeroen
Posted in Akamai, CDN (Content Delivery Network), Cloud, Cloudflare, DNS, Google, Infrastructure, Internet, Power User | Leave a Comment »
Posted by jpluimers on 2017/05/11
OS X
Android / Chromebook:
iOS 6:
gsp1.apple.com*.akamaitechnologies.com
iOS 7:
www.appleiphonecell.comwww.airport.us*.apple.com.edgekey.net*.akamaiedge.net*.akamaitechnologies.com
iOS 8/9:
Windows
Amazon Kindle (Fire)
OS X settings are in:
/Library/Preferences/SystemConfiguration/CaptiveNetworkSupport/Settings.plist
--jeroen
via:
Posted in Captive Portal, Communications Development, Development, Hardware, Internet, Internet protocol suite, Network-and-equipment, Power User, Software Development, TCP | Leave a Comment »
Posted by jpluimers on 2017/05/09
For hooking up SFP and SFP+ ports on Mikrotik devices you basically have two options:
- Direct Access Cable (passive and affordable for 1 and 2 meters; active and more expensive for more than 3 meters)
- SFP/SFP+ modules with LC-LC optic fiber cable in between them (pairs of modules are more expensive than passive DAC, but the fiber is a lot cheaper)
Choosing the SFP/SFP+ modules is a bit intimidating as the MikroTik SFP module compatibility table – MikroTik Wiki has very few details.
Then I found sfp_all-150601132341.pdf (archived) which lists many of the SFP and SFP+ modules including their specifications.
Since neither the matrix nor the PDF contains links to the products, here is a small list of what I could source last year and is compatible with both the CCR1009 routeres and CRS226 switches:
- DAC allowing for two-way traffic compatible with both SFP and SFP+:
- 10G SFP+ modules (I think they are compatible with SFP as well):
- 1G SFP modules:
–jeroen
via: Connect CCR1009 with CSR226 over a longer distance than 3 meter – MikroTik RouterOS
Posted in Internet, MikroTik, Power User, routers | Leave a Comment »
Posted by jpluimers on 2017/04/25
MikroTik has great hardware, but getting things to work can be a bit ehm intimidating.
So here are some links that were useful getting my CCR1009 and CRS226 configurations to do what I wanted.
Read the rest of this entry »
Posted in DNS, Hardware, Internet, IPSec, MikroTik, Network-and-equipment, OpenVPN, Power User, PPTP, routers, VPN, WinBox | Leave a Comment »
Posted by jpluimers on 2017/03/30
I tried to power both Raspberry B+ and Raspberry 2 B devices via the USB ports of both a Fritz!Box 7490 and Fritz!Box 7360.
At first this works, but the Raspberry B+ devices over time would become unstable: not being able to ping and/or boot.
So below are some links on power requirements and powering Raspberry Pi A, B, A+, B+, 2B and zero.
Fazit/TL;DR: use an external power supply when available.
Read the rest of this entry »
Posted in *nix, Development, Fritz!, Fritz!Box, Hardware Development, Internet, Linux, openSuSE, Power User, Raspberry Pi, SuSE Linux | Leave a Comment »
Posted by jpluimers on 2017/03/13
I hadn’t done a lot with pfSense in the past, which I regret a bit since I discovered this really cool feature: Sniffers, Packet Capture – PFSenseDocs.
The coolness isn’t so much that you can capture packets, but that it’s compatible with tcpdump and Wireshark (which has become available natively for Mac like 2 years ago).
Which means that you can download captures and open them in Wireshark.
So it’s as easy as 1,2,3:
- Set-up the capture on your router https://a.b.c.d/diag_packet_capture.php and start it
- Stop the capture and download the file
- Open the file in Wireshark or convert it to text using tshark
–jeroen
Posted in *nix, *nix-tools, Internet, Monitoring, pfSense, Power User, routers, tcpdump, Wireshark | Leave a Comment »
Posted by jpluimers on 2017/03/06
I needed the current IP-addresses of the gmail MX server (don’t ask the details; but it has to do with the brain-dead TP-LINK ER5120 configuration possibilities).
This is the command I finally used:
dig @8.8.8.8 +short MX gmail.com | sed "s/^[0-9]* //g" | sed "s/.$//" | xargs -I {} dig @8.8.8.8 +short {} | uniq | sort
Basically it’s a three stage sequence which had to work on OS X as well as Linux using a bash shell:
- Use the Google DNS servers (either 8.8.8.8 or 8.8.4.4)
- Get the FQDNs of MX records of gmail.com which are the mail servers for GMail.
- Translate these in IPv4 addresses
- Filter into a distinct list (just in case entries are duplicate: they aren’t yet, but might be)
The basics of the above are about using dig to get short (or terse) answers with as little (but still to the point) information as possible.
Read the rest of this entry »
Posted in *nix, *nix-tools, DNS, Power User | 1 Comment »
The Wiert Corner - irregular stream of stuff 