Feb 18 2016
Well,
I’m working on setting up two subdomains using Let’s Encrypt for SSL certificates. I managed to really mess something up in regards to forcing people to use SSL for them, so much so that I had to delete them and will try again in the future (they aren’t super important, just for my use mostly).
Jan 29 2016
Well,
I have successfully gotten Let’s Encrypt working. Therefore all traffic to and from smccloud.com will be over SSL.
Oct 5 2015
Well, MN law states that heat doesn’t have to be turned on before October 15th. That means since it is getting down to the high 20s at night it gets very cold in my apartment. Wife and I have resorted to using a space heater to keep our son’s room warm enough so he will sleep through the night.
Aug 4 2015
Well,
I rebuilt my dad’s computer over the weekend. He went from an AMD Phenom II X2 550BE (running as an X4) to an Intel Haswell Pentium dual core, AsRock B85 Pro4 motherboard, 4x2GB DDR3 DIMMs, Intel 530 240GB SSD round out the new parts. I think I did pretty good on cable management considering his case doesn’t have anything for cable management in it.
Jul 21 2015
I have been playing the World of Warships beta. It is a blast although I was kind of upset when I upgraded from the starter US Navy ship (the Erie) to the level 2 USN ship (Chester). I went from being able to bring 4 guns to bear when firing a broadside to being able to bring 3 guns to bear when firing a broadside. I know it has more health, armor, better guns etc, but it just doesn’t seem right. I’m hoping the hull upgrade for it actually mounts more guns….
Jun 22 2015
So, I decided to finally get my EdgeOS HE.net IPv6 tunnel howto done, although it should work in VyOS or Vyatta as well. This is how I have it setup and it is working for me, there are probably other ways to set it up that will work. They may also be more efficient too, but I don’t want to break a working setup.
Easiest way to do this is to SSH into your EdgeOS device. Then type the following commands to setup your firewall. Change WAN_LOCAL to your IPv4 local firewall rule, and change rule 15 to place the new HE.net IPv4 firewall rule as the second in your list.
set firewall ipv6-name tun-in default-action drop set firewall ipv6-name tun-in description "IPv6 Traffic To Internal" set firewall ipv6-name tun-in rule 10 action accept set firewall ipv6-name tun-in rule 10 description "Accept Established-Related" set firewall ipv6-name tun-in rule 10 state established enable set firewall ipv6-name tun-in rule 10 state related enable set firewall ipv6-name tun-in rule 15 action accept set firewall ipv6-name tun-in rule 15 description "Accept ICMP Echo" set firewall ipv6-name tun-in rule 15 icmpv6 type echo-request set firewall ipv6-name tun-in rule 15 protocol ipv6-icmp set firewall ipv6-name tun-local default-action drop set firewall ipv6-name tun-local description "IPv6 Traffic To Router" set firewall ipv6-name tun-local rule 10 action accept set firewall ipv6-name tun-local rule 10 description "Accept Established-Related" set firewall ipv6-name tun-local rule 10 state established enable set firewall ipv6-name tun-local rule 10 state related enable set firewall ipv6-name tun-local rule 15 action accept set firewall ipv6-name tun-local rule 15 description "Accept ICMP Echo" set firewall ipv6-name tun-local rule 15 icmpv6 type echo-request set firewall ipv6-name tun-local rule 15 protocol ipv6-icmp set firewall ipv6-receive-redirects disable set firewall ipv6-src-route disable set firewall name WAN_LOCAL rule 15 action accept set firewall name WAN_LOCAL rule 15 description "HE.net" set firewall name WAN_LOCAL rule 15 log disable set firewall name WAN_LOCAL rule 15 protocol icmp set firewall name WAN_LOCAL rule 15 source address 66.220.2.74
Now we create the tunnel to HE.net. Replace 2001:470:xxxx:482::2/64 with your Client IPv6 address, 184.105.253.14 with your Server IPv4 address.
set interfaces tunnel tun0 address 2001:470:xxxx:482::2/64 set interfaces tunnel tun0 description "HE.net IPv6 Tunnel" set interfaces tunnel tun0 encapsulation sit set interfaces tunnel tun0 firewall in ipv6-name tun-in set interfaces tunnel tun0 firewall local ipv6-name tun-local set interfaces tunnel tun0 local-ip 0.0.0.0 set interfaces tunnel tun0 multicast disable set interfaces tunnel tun0 remote-ip 184.105.253.14 set interfaces tunnel tun0 ttl 255
Next, we need to assign an IPv6 to our internal interface. On my EdgeRouter X, this is switch0. Other devices could be eth1, eth2, etc… Don’t forget to change 2001:470:xxxx:482::1/64 to an IP in your Routed /64 IPv6 Prefix, and 2001:470:xxxx:482::/64 to your Router /64 IPv6 Prefix.
set interfaces switch switch0 address 2001:470:xxxx:482::1/64 set interfaces switch switch0 ipv6 dup-addr-detect-transmits 1 set interfaces switch switch0 ipv6 router-advert cur-hop-limit 64 set interfaces switch switch0 ipv6 router-advert default-preference high set interfaces switch switch0 ipv6 router-advert link-mtu 0 set interfaces switch switch0 ipv6 router-advert managed-flag true set interfaces switch switch0 ipv6 router-advert max-interval 10 set interfaces switch switch0 ipv6 router-advert other-config-flag true set interfaces switch switch0 ipv6 router-advert prefix 2001:470:xxxx:482::/64 set interfaces switch switch0 ipv6 router-advert prefix 2001:470:xxxx:482::/64 autonomous-flag true set interfaces switch switch0 ipv6 router-advert prefix 2001:470:xxxx:482::/64 on-lin-flag true set interfaces switch switch0 ipv6 router-advert prefix 2001:470:xxxx:482::/64 valid-lifetime 2592000 set interfaces switch switch0 ipv6 router-advert reachable-time 0 set interfaces switch switch0 ipv6 router-advert retrans-timer 0 set interfaces switch switch0 ipv6 router-advert send-advert true
Next we set the IPv6 next hop. Again, don’t forget to change 2001:470:xxxx:482:: for your Routed /64 Prefix.
set protocols static route6 2001:470:xxxx:482::/64 next-hop 2001:470:xxxx:482::1 set protocols static interface-route6 ::/0 next-hop-interface tun0
Now, we setup the DHCPv6 server. Again, don’t forget to change 2001:470:xxxx:482:: for your Routed /64 Prefix.
set service dhcpv6-server shared-network-name LANIPv6 name-server 2001:470:20::2 set service dhcpv6-server shared-network-name LANIPv6 subnet 2001:470:xxxx:482::/64 set service dhcpv6-server shared-network-name LANIPv6 subnet 2001:470:xxxx:482::/64 address-range prefix 2001:470:xxxx:482::/64 set service dhcpv6-server shared-network-name LANIPv6 subnet 2001:470:xxxx:482::/64 address-range start 2001:470:xxxx:482::100 set service dhcpv6-server shared-network-name LANIPv6 subnet 2001:470:xxxx:482::/64 address-range start 2001:470:xxxx:482::100 stop 2001:470:xxxx:482::200 set service dhcpv6-server shared-network-name LANIPv6 subnet 2001:470:xxxx:482::/64 lease-time default 86400 set service dhcpv6-server shared-network-name LANIPv6 subnet 2001:470:xxxx:482::/64 lease-time maximum 86400 set service dhcpv6-server shared-network-name LANIPv6 subnet 2001:470:xxxx:482::/64 name-server 2001:470:20::2
Finally, we set the EdgeOS device to update DNS-O-Matic. I use this to allow me to update my OpenDNS & HE.net tunnel info at the same time.
set service dns dynamic interface eth0 service dyndns host-name all.dnsomatic.com set service dns dynamic interface eth0 service dyndns login YOUUSERNAMEHERE set service dns dynamic interface eth0 service dyndns password YOURPASSWORDHERE set service dns dynamic interface eth0 service dyndns server updates.dnsomatic.com
Now commit and save your configuration, and issue a ping6 google.com. You should see valid results, no reboot your client and ping Google’s IPv6 address (this will vary based on your OS, Windows is ping -6 google.com).
Jun 17 2015
Finally got around to setting this up with a co-worker. Its kind of a PITA to setup, but really neat when done. Now if only I had more time to game….
Jun 11 2015
Well, I again have a dual stack network at home. IPv4 from Charter and IPv6 through a Hurricane Electric tunnel. I do have to say it was not as easy to setup on my EdgeRouter X as it was in pfSense but I figured it out. I will be writing a tutorial on how I did it in a little while since I figure other people might like to know 😀
Jun 9 2015
So, I’ve been wanting to build a new home server for quite a while. Today I started planning it out, might be a while until I can build it but I can dream. My parts list is as follows.
Will use my current HDDs and set it up as an AIO ESXi/NAS4Free Host with 2x250GB HDDs for VMS & 2x2TB HDDs for other storage.
Apr 28 2016
Android Development
Well,
I have decided to do some Android development for the fun of it again. So far its going well, even have Jenkins setup to build automagically for me (just because I can). Working on a project for my wife and so far its turning out very well, couple more things I need to worry about doing but I think she will be happy with the end result.
By Shaun • Uncategorized 0