Posted by jpluimers on 2017/06/07
When switching my DHCP to a Mikrotik CCR1009, both the AP7920 and AP7921 failed to get IP addresses. The APC7921 would look bounce between waiting and offered states like this:
The cause is the need of DHCP Option 43 (Vendor Class Identifier) specified in RFC2132 – based on [WayBack] RFC 2131 – Dynamic Host Configuration Protocol and [WayBack] RFC 1533 – DHCP Options and BOOTP Vendor Extensions – which I found first via these links:
Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | 3 Comments »
Posted by jpluimers on 2017/06/06
The WAN sides of my Mikrotik CCR1009 are partly behind Fritz!Box routers that do NAT and contain a truckload of port-forwards.
A while ago, I wanted the CCR1009 to do PPTP as Fritz!Box 7360 and 7490: static routes over VPN don’t work (so I could only VPN to the WAN side of the CCR1009). However, it would not pass through the Fritz!Box from the outside.
It appears you need to forward both:
Maybe one day I will ditch the Fritz!Box 7490 and directly hookup the Mikrotik to the NTU: xs4all ftth en Mikrotik router – Google Groups.
But preferably I should follow Don’t use PPTP, and don’t use IPSEC-PSK either (via: CloudCracker blog)
–jeroen
via: VPNs einrichten mit PPTP – administrator.de: Achtung mit PPTP VPN Servern hinter NAT Firewalls !
Forward both PPTP TCP port 1723 and the GRE protocol
Posted in Fritz!, Fritz!Box, Fritz!WLAN, Internet, IPSec, MikroTik, Network-and-equipment, Power User, PPTP, routers, VPN | Leave a Comment »
Posted by jpluimers on 2017/06/05
Interesting:
As I always try to maximize the usage of new hardware I started to explore what is possible with this combination. In this post I will explain how you get access to your FRITZ!Box using ssh.
Source: FRITZ!Box tuning part 1: Enable remote access over ssh [WayBack]
–jeroen
Posted in Fritz!, Fritz!Box, Internet, Power User | Leave a Comment »
Posted by jpluimers on 2017/06/02
Just one example; it applies to virtually all consumer IoT and routers I know: upgrading is hard especially if it’s undocumented on how to keep your configuration.
–jeroen
Posted in Internet, IoT Internet of Things, Power User, routers, TomatoUSB | Leave a Comment »
Posted by jpluimers on 2017/05/11
OS X
Android / Chromebook:
clients3.google.comiOS 6:
gsp1.apple.com*.akamaitechnologies.comiOS 7:
www.appleiphonecell.comwww.airport.us*.apple.com.edgekey.net*.akamaiedge.net*.akamaitechnologies.comiOS 8/9:
Windows
ipv6.msftncsi.comwww.msftncsi.comdns.msftncsi.com (DNS resolves to 131.107.255.255)Amazon Kindle (Fire)
OS X settings are in:
/Library/Preferences/SystemConfiguration/CaptiveNetworkSupport/Settings.plist--jeroen
via:
Posted in Captive Portal, Communications Development, Development, Hardware, Internet, Internet protocol suite, Network-and-equipment, Power User, Software Development, TCP | Leave a Comment »
Posted by jpluimers on 2017/05/09
For hooking up SFP and SFP+ ports on Mikrotik devices you basically have two options:
Choosing the SFP/SFP+ modules is a bit intimidating as the MikroTik SFP module compatibility table – MikroTik Wiki has very few details.
Then I found sfp_all-150601132341.pdf (archived) which lists many of the SFP and SFP+ modules including their specifications.
Since neither the matrix nor the PDF contains links to the products, here is a small list of what I could source last year and is compatible with both the CCR1009 routeres and CRS226 switches:
–jeroen
via: Connect CCR1009 with CSR226 over a longer distance than 3 meter – MikroTik RouterOS
Posted in Internet, MikroTik, Power User, routers | Leave a Comment »
Posted by jpluimers on 2017/04/25
MikroTik has great hardware, but getting things to work can be a bit ehm intimidating.
So here are some links that were useful getting my CCR1009 and CRS226 configurations to do what I wanted.
/ip dhcp-server lease add address=192.168.100.10 mac-address=70:F1:A1:D1:49:49 client-id="client10"/ip firewall filter
add chain=input protocol=tcp dst-port=53 action=drop in-interface=!bridge_lan
add chain=input protocol=udp dst-port=53 action=drop in-interface=!bridge_lanput[: resolv ...] syntax: nslookup on Mikrotik – MikroTik RouterOS
put [:resolve shell.xs4all.nl]put [:resolve shell.xs4all.nl 8.8.8.8]put [:resolve 194.109.21.9]/ip neighbor print;
/system ntp client set enabled=yes server-dns-names=0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.orgSNTP Client dialog and a few seconds later, the Clock dialog will also update itself./ip firewall mangle add chain=prerouting action=change-ttl new-ttl=increment:1Very advanced stuff:
Packet flow (maybe the toughest part to wrap your head around):
Scripts:
Load balancing:
Syntax highlighting:
Pictures
Very well written blog:
Manito Network’s Mikrotik solutions blog. In-depth articles on Mikrotik routing, security, best practices, VPN, and more.
Source: Mikrotik — Manito Networks
Solutions for RouterOS-based Mikrotik networks. Includes security and best practices, VPN, routing, switching, and more.
Source: Mikrotik-1 — Manito Networks
–jeroen
Posted in DNS, Internet, IPSec, MikroTik, Network-and-equipment, OpenVPN, Power User, PPTP, routers, VPN | Leave a Comment »
Posted by jpluimers on 2017/03/30
I tried to power both Raspberry B+ and Raspberry 2 B devices via the USB ports of both a Fritz!Box 7490 and Fritz!Box 7360.
At first this works, but the Raspberry B+ devices over time would become unstable: not being able to ping and/or boot.
So below are some links on power requirements and powering Raspberry Pi A, B, A+, B+, 2B and zero.
Fazit/TL;DR: use an external power supply when available.
Posted in *nix, Development, Fritz!, Fritz!Box, Hardware Development, Internet, Linux, openSuSE, Power User, Raspberry Pi, SuSE Linux | Leave a Comment »
Posted by jpluimers on 2017/03/13
I hadn’t done a lot with pfSense in the past, which I regret a bit since I discovered this really cool feature: Sniffers, Packet Capture – PFSenseDocs.
The coolness isn’t so much that you can capture packets, but that it’s compatible with tcpdump and Wireshark (which has become available natively for Mac like 2 years ago).
Which means that you can download captures and open them in Wireshark.
So it’s as easy as 1,2,3:
–jeroen
Posted in *nix, *nix-tools, Internet, Monitoring, pfSense, Power User, routers, tcpdump, Wireshark | Leave a Comment »
Posted by jpluimers on 2017/01/23
This was a tad difficult to find as I searched for “Convert Fritz!Box to Switch” instead of “Convert Fritz!Box to Access Point”.
Since I had an old Fritz!Box 7360 lying around (from my ADSL era) and wanted to extend the cabled LAN for my brothers Fritz!Box 7490 with some low-bandwidth devices (max 100 megabit/second) I searched for Switch. My bad.
Oh I had to factory reset it as well as I forgot the management credentials. The AVM help on this is cumbersome: Loading the FRITZ!Box factory settings | FRITZ!Box 7360 | AVM International but the xs4all help includes a web-reset procedure as part of Internet: Reset procedures van mijn FRITZ!Box 7360 which translates to:
Forgot your password?
Restore Factory Settings
Anyway: with the above steps it becomes a Managed Switch (and if you don’t disable WiFi: Access Point too) that uses the primary internet connection as DHCP server (so it gets an IP address itself as well which means you can manage it).
Posted in ADSL, Fritz!, Fritz!Box, Internet, Power User | Leave a Comment »
The Wiert Corner - irregular stream of stuff 