Category Archives: Tech

Monitoring IPv6 vs IPv4 traffic on Ubiquiti USG with SNMP

Posted by James on 3/21/2019 2 comments

So. This has been painful. I decided I wanted to view how much traffic is flowing in and out of my USG now that I have IPv6!!!! It must be crazy, so let me go look. And then the painful truth, the USG controller has no visuals or commands to find the information. Bummer.

After a lot of web browsing, researching, additional hair loss, crying, and help, I have found the solution. I am going to turn on SNMP on the Ubiquiti USG, install telegraf, influxdb, and grafana on my Ubuntu 18.04 server.

This should be easy, right? No.
What could go wrong? A whole whole lot.

Setting up SNMP

I’m going to skip most the heartburn I had of trying to find the correct OIDs, getting the names correct, and ultimately realizing that Ubuntu does not load the MIBs in by default, so you have to do it by hand. Here’s what I did though:

# apt-get install snmp-mibs-downloader libsnmp-base libsnmp-dev snmp
# cd /usr/share/snmp/mibs
# wget http://dl.ubnt-ut.com/snmp/UBNT-MIB
# wget http://dl.ubnt-ut.com/snmp/UBNT-UniFi-MIB

Now, I did something bad, but since this is pretty limited, I loaded all of the MIBs in by default. My /etc/snmp/snmp.conf file looks like this:

# As the snmp packages come without MIB files due to license reasons, loading
# of MIBs is disabled by default. If you added the MIBs you can reenable
# loading them by commenting out the following line.
# mibs :
mibs +ALL

Setting up InfluxDB

Static IPv6 Hostnames on Ubiquiti USG

Posted by James on 3/19/2019 2 comments

Yet another update for how I keep updating Ubiquiti to work with IPv6. In this case, I want to update my hosts so that they will use IPv6 locally when using their domain names. Even though my authoritative DNS server has the AAAA records setup correctly, because I had updated Ubiquiti to use the local IP on the USG, it would not return values for my servers. Here’s how I fixed that issue, in a not great way. I’m currently on controller version 5.10.19.

Let’s assume the following:

Domain: somelab.us
Host: someserver
IPv4: 192.168.1.15
IPv6 (Fake): 2606:1101:6412:fd00:223b:4911:2314:7843

The first thing to do is make sure that dnsmasq is turned on as the DHCP server. This can be found in “Settings” -> “Services” -> DHCP. Just make sure “Use dnsmasq as DHCP server” is turned on.

IPv6 on Cincinnati Bell Fioptics with VLANs using Ubiquiti USG

Posted by James on 3/6/2019 3 comments

Cincinnati Bell Fioptics has recently started the deployment of IPv6 through the network. Luckily, we will be allowed to pull a /56 prefix.

A bit of a warning, but the /56 prefix is not sticky to you. If your network connection becomes disconnected for long enough (as of this writing it is 7 days), you could be assigned a new /56. Also, if you put a new device on with a different MAC, you will get a different /56 prefix.

Another note is DNS. You will not be getting AAAA records for the DNS servers. DNS queries will continue to go to their DNS servers using IPv4 addresses. This is fine. You will still get AAAA IPv6 addresses when available for domain names when available, just the communication to get that AAAA is over IPv4. Since you will be dual stack, having both IPv4 and IPv6, there will be no issues.

Current Environment

My network setup currently is as follows:

Connections
- ONT is connected to the USG eth0 ethernet port (WAN)
Interfaces
- WAN1
- VLAN 1: Management
- VLAN 2: Home Network
- VLAN 3: DMZ Network
- VLAN 4: Guest Network
Hardware / Software
- Model: UniFi Security Gateway 3P
- Version: 4.4.36.5146617
- Controller Version: 5.10.20

Fioptics TV service with Ubiquiti Setup

Posted by James on 12/20/2018 2 comments

At this point, these are more notes for fixing it between upgrades. I use this so that I can hook my UniFi Security Gateway 3P directly up to the ONT and allow all video services to work correctly on my network, with VLANs.

There are too many references to remember on how I built this over the years, but a lot comes from multiple articles on DSL reports, along with things friends have done over time.

My Home Setup

I have multiple networks setup at my house, but in this scenario I will be using my “Home” network, which has the following details:

Network Name: Home
VLAN: 2
Subnet: 192.168.1.1/24

I have the following equipment in my home also that will be used for video:

UniFi Security Gateway 3P
UniFi Switch 24
Actiontec 5240 MoCA Adapters
- One of my STB has access to Coax, but no Ethernet, so I use a MoCA adapter being my switch and another in front of the Cable Box)
Amino Cable Box
- Entone and ZTE Cable Boxes could be used also. Those have MoCA built in, which reduces the need for a MoCA adapter connected to the Cable Box.
- An additional note. The Amino Cable Box is wireless, but requires WPS to sync up. Ubiquiti does not support WPS, so they will need to be connected up with Ethernet (or a MoCA adapter).

IPv6 on Time Warner with VLANs using OpenWrt

Posted by James on 1/25/2015 No comments

I’ve retired the old Linksys e3000 running TomatoUSB and have replaced it with a ZyXEL NBG6716 802.11AC router that is running OpenWrt Chaos Calmer. One of the things I was never able to get to work on the e3000 with Tomato-USB was getting each of the four VLANs an IPv6 subnet. I could only seem to pull down a /64 from Time Warner, which would then get assigned automatically to my first VLAN. The good news is, I am now running with a /56 assignment from Time Warner with each VLAN assigned a /64.

My current setup looks like:

ZyXEL NBG6716 AC router
OpenWrt Chaos Calmer r43762 (snapshot of trunk at the time)

So, to start out, make sure you have the following software packages installed:

ip6tables
ip6tables-extra
kmod-8021q
kmod-ip6tables
kmod-ipv6
odhcp6c
(optional) luci-proto-ipv6

Setup WAN

At this point, I configured the WAN interfaces to pull an IPv6 address (Network -> Interfaces). Edit the WAN6 interface to update the following settings:

General Setup Tab
- Protocol: DHCPv6 client
- Request IPv6-address: try
- Request IPv6-prefix of length: 56
Advanced Settings Tab
- Bring up on boot: checked
- Use builtin IPv6-management: checked
- Use default gateway: checked
- Use DNS servers advertised by peer: check (even though TW hasn’t passed IPv6 DNS servers to me yet)
Physical Settings Tab
- Bridge interfaces: unchecked
  - Interface: “Ethernet Adapter: “eth1”
Firewall Settings
- Create / Assign firewall-zone: wan

Create VLANs

Now create the VLANs that you want to use (Network -> Switch). Make sure that each of the VLANs you create are tagged for the CPU. In my setup, I have the VLANS: Management, Home, Guest, DMZ.

Create Interfaces for the VLANs

Burnt VPN Pi (VPN Hotspot on Raspberry Pi)

Posted by James on 5/31/2014 No comments

Warning: I found this in my drafts and I think it was mostly done. Enough where I can follow it again. You might have issues following it word for word though until I can recheck and remove this warning.

Purpose

The purpose of this project is to create an environment where we can use two Raspberry Pi’s to create a temporary VPN tunnel, where the client Pi also has an AP hotspot that routes all traffic through the VPN tunnel. This is good for those people who are going to countries that have different policies than your current country. Some of the uses I’ve used it for:

Watching Netflix while in another country so that I can view my home countries content
Getting around country firewalls that block applications such as Facebook, twitter, Instagram, etc
Connecting back to a trusted network when I am in a spot where the network is known to be monitored and trying to steal data.

Install the Required Software

Install the following packages:

apt-get update
apt-get upgrade
rpi-update
apt-get install openvpn hostapd resolvconf dnsmasq cryptsetup libnet-ifconfig-wrapper-perl cryptsetup

Now disable some of the software from starting up, as we will be having these pieces start up triggered by future events such as eth0 up and openvpn up:

update-rc.d openvpn disable
update-rc.d hostapd disable
update-rc.d dnsmasq disable

Load modules

Using MAAS on OpenCompute – Setting up PXE for Serial Console

Posted by James on 1/27/2014 No comments

This article is using Ubuntu 13.10 (Saucy) as a base install. One of the issues with using OpenCompute nodes is the fact that it is headless. One of the issues that generally comes up with all tools, being it Cobler, Mirantis, or MAAS, is that the pxe config is not setup to actually show the serial information. While playing with Ubuntu MAAS, I did figure out a way to redirect the console to serial to be viewed of SOL.

The first step is to install MAAS following the directions that are posted. In this case I actually installed MAAS on a non-OpenCompute platform, in this case a laptop that I generally use as the controller. The reasoning is that I don’t want to waste a power OpenCompute node on what can easily be ran on a basic computer.

We are going to need to modify the templates that are located at /etc/maas/templates/pxe so that we can setup the bootloader and the kernel params so everything gets redirected to console. If this is not setup, the lat thing you should see before funky characters would be:

Loading amd64/generic/saucy/xinstall/linux........
Loading amd64/generic/saucy/xinstall/initrd.gz.......................

We first will need to setup the boot loader on each image to redirect to the console. This can be done by:

# cd /etc/maas/templates/pxe/
# sed -i '1iSERIAL 0 115200n8' config.commissioning.template
# sed -i '1iSERIAL 0 115200n8' config.install.template
# sed -i '1iSERIAL 0 115200n8' config.local.amd64.template
# sed -i '1iSERIAL 0 115200n8' config.local.i386.template
# sed -i '1iSERIAL 0 115200n8' config.local.template
# sed -i '1iSERIAL 0 115200n8' config.xinstall.template

The second piece we have to fix then is having the kernel direct to console also. This is good for when MAAS does the automated install. This step is easier and what you need to do is go to the MAAS webpage, click on the gear on the top left, and scroll down to the “Global Kernel Parameters” section. Add “console=tty0 console=ttyS4,115200n8” in the text box and click the “Save” button.

Controlling a RGB LED attached to a Raspberry Pi through Android

Posted by James on 11/7/2013 1 comment

This was a bit of a project that I used to learn some new technology. Note: I am not an EE and I am just learning how to do this. Proceed with caution if you want to repeat.

Project Description

I need to be able to control turning on and off an RGB LED utilizing the Raspberry Pi. I also should be able to turn it on and off using an Android device.

Design

The design is made up to utilize three different components: Raspberry Pi / LED Hardware, Web Service, and Android device.

Raspberry Pi

All the gear that was used was:

Raspberry Pi – Model B
5mm High Brightness Full-Color LED
Breadboard
Resistors
3 x Transistors – 2N3904

Some of the constraints I also have to work with are:

Each of the 3.3V GPIO pins can handle a maximum current of 16mA. They might be able to do more, but from what I read, it would not be for long.
The Pi takes about 700mA of the total power without anything plugged in (USB, HDMI, etc), so depending on the power adapter used, there might not be enough power. In this case, I used a 2A plug.
Since each color will require more than 16mA of power to turn on, I need to utilize transistors and the 5V pin from the Pi. I will use the GPIO to handle closing the circuit on an NPN transistor. I believe I need to use NPN due to the fact that the LED has a common anode.

OpenCompute IPMI with F11 / F12 Issues

Posted by James on 10/23/2013 No comments

These are more notes than a real blog post. Working with IPMI on OpenCompute has weird quirks and one of those is the Serial BIOS with the F11 and F12 keys.

Here’s an example of using ipmitool to pull information remotely about the power status

$ ipmitool -C3 -I lanplus -H 172.16.56.180 -U admin -P <password> power status

Using the Serial BIOS

The serial BIOS interface is a bit brain damaged in that it does not recognise the “F11”, and “F12” key escape codes that most terminal programs send, instead you can send “Esc-!”, and “Esc-@” (yes very logical, as long as the ‘@’ key is normally typed using ‘Shift-2’ – as on US keyboards, not miles away from the ‘2’ key, as on many non-US keyboards). These escapes from HP, and Dell serial BIOS’ may or may not be useful:

Defined As F1 F2 F3 F4 F5 F6 F7 F8 F9 F10 F11 F12
Keyboard Entry <ESC>1 <ESC>2 <ESC>3 <ESC>4 <ESC>5 <ESC>6 <ESC>7 <ESC>8 <ESC>9 <ESC>0 <ESC>! <ESC>@

Defined As Home End Insert Delete PageUp PageDn
Keyboard Entry <ESC>h <ESC>k <ESC>+ <ESC>- <ESC>? <ESC>/

Use the <ESC><Ctrl><M> key sequence for <Ctrl><M> Use the <ESC><Ctrl><H> key sequence for <Ctrl><H> Use the <ESC><Ctrl><I> key sequence for <Ctrl><I> Use the <ESC><Ctrl><J> key sequence for <Ctrl><J> Use the <ESC><X><X> key sequence for <Alt><x>, where x is any letter key, and X is the upper case of that key

Setting up TomatoUSB for VLANs and Ubiquiti AP

Posted by James on 10/23/2013 3 comments

So after getting a quarter of the way through a comment to a question somebody had on my Ubiquiti APs, TomatoUSB, VLANS, and Linksys e3000 post, I realized it would probably work better as a post instead. Christoph’s question was:

How did you wire everything? I’m trying to do the same and had no luck. I only have one UAP, but if I turned on tagging for the Port I used for each bridge, I wouldn’t even get an IP.
I would like Management and Home to be one vlan, and guest another, so my setup is simpler. Maybe knowing how you wired it will help.
Thanks!

I’m going to walk essentially through what steps I remember taking to get up that far.

Assumptions

VLAN 2: Home / Management
VLAN 3: DMZ
UAP plugged into Port 1
Admin Computer plugged into Port 4
Management / Home network is 192.168.1.0/24
Guest network is 192.168.2.0/24
You have a VLAN edition of Toastmans TomatoUSB mode

Setting up TomatoUSB Read more »

James Whitt's Mind Notes

Tinkering and Scribbling