Language:
switch to room list switch to menu My folders
Go to page: First ... 23 24 25 26 [27] 28 29 30
[#] Sat Nov 11 2023 18:33:51 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]


Finished my latest wiring project today. No big deal, but it's satisfying.

Last year I set up some driveway lights, and I had to open up some ceilings to get power over to the corner of the house where the conduit exits. While it was open I added some smurf tube for future data cable, and now that tube is populated.

The ugly cables along the baseboards in the mud room are now gone. One was disused coaxial cable and is now gone, the other was moved to the tube and feeds the ethernet jack in my son's bedroom. The tube also now contains an ethernet run to the den, where it is feeding a hardwired Roku in the home theater. We got tired of the shitty Chromecast and are ready to have the same solid experience that we do in the living room.

Plus I can make the posers' heads explode by telling them that my televisions are all attached to the network on 100 Mbps ports. (They're feed throughs from wireless access points, in case you were wondering.) I'll bet most of them think they need 2.5 Gbps ports or 10 Gbps ports for everything.
In practice, an HD stream is only 4 to 8 Mbps, and even a 4K stream is only 15 to 68 Mbps -- usually less, in practice, and the transition from H.264 to H.265 will make it even less. So it's a good use for those ports and I don't have to add a switch to the main wiring center.

And to think ... I could have spent my saturday drinking beer and watching sportsball!

[#] Sat Nov 11 2023 19:08:57 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

I spent time in the garage, setting things up to be tossed that have not been used in a while ( like a vacuum pump.. ).

Sat Nov 11 2023 18:33:51 EST from IGnatius T Foobar


And to think ... I could have spent my saturday drinking beer and watching sportsball!

 



[#] Sun Nov 12 2023 01:12:46 EST from LadySerenaKitty

[Reply] [ReplyQuoted] [Headers] [Print]

I spented the day workering on softwares.  KittyGuard v2.0 was released today.  Very nice.

https://gitlab.com/LadySerenaKitty/kgtools



[#] Mon Nov 13 2023 17:35:51 EST from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]


Interesting. I use pritunl which is nice because it has 2FA. There's wireguard support, but it's a bit of a bolt-on and I haven't made the time to fully investigate it yet...

[#] Thu Nov 16 2023 09:34:59 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]


KittyGuard and Pritunl both look like they roughly exist in the same space as TailScale. Now that WireGuard is here it looks like lots of people are attracted to the idea of using it as an overlay network instead of manually stitching together point-to-point links as was the common practice with IPsec.

I like this approach. I like it a lot. And yet, I cannot use it. Actually I could use KittyGuard if my FreeBSD machine was sitting at the network edge, but it isn't. All of the machines at my home are sitting behind a Mikrotik router, which supports WireGuard natively. Yes, I know I could switch to any of half a dozen different open source routers running on a cute little edge device, but I spend my days designing and maintaining data centers and I gave up high-intensity home network sysadmin job 12 years ago. And anyway my home network is all Mikrotik, the router has the controller for the wifi access points, etc.

So anyway, I've got the Mikrotik handling my home network, another WireGuard instance at the edge of my server farm at the main data center, and a few other locations where I have stuff. That's what KittyNet sounds like, so maybe we have the same kind of setup.

I'd like to do the "zero configuration ultra-mesh" type of thing, with the endpoints registering their locations so everyone can talk to everyone. But so far, no one has done it in a mixed-mode kind of way.

[#] Thu Nov 16 2023 12:56:25 EST from LadySerenaKitty

[Reply] [ReplyQuoted] [Headers] [Print]

You can still use KittyGuard!  Just make sure you do "doas pkg install -y miniupnpc" then configure KittyGuard appropriately.  KittyGuard uses the upnpc command to get its UDP port forwards for WireGuard packets to come in.

With WireGuard, there is no need to sit at the network edge, as long as packets can flow, you're good.  KittyGuard makes that part easy.

Thu Nov 16 2023 09:34:59 EST from IGnatius T Foobar

KittyGuard and Pritunl both look like they roughly exist in the same space as TailScale. Now that WireGuard is here it looks like lots of people are attracted to the idea of using it as an overlay network instead of manually stitching together point-to-point links as was the common practice with IPsec.

I like this approach. I like it a lot. And yet, I cannot use it. Actually I could use KittyGuard if my FreeBSD machine was sitting at the network edge, but it isn't. All of the machines at my home are sitting behind a Mikrotik router, which supports WireGuard natively. Yes, I know I could switch to any of half a dozen different open source routers running on a cute little edge device, but I spend my days designing and maintaining data centers and I gave up high-intensity home network sysadmin job 12 years ago. And anyway my home network is all Mikrotik, the router has the controller for the wifi access points, etc.

So anyway, I've got the Mikrotik handling my home network, another WireGuard instance at the edge of my server farm at the main data center, and a few other locations where I have stuff. That's what KittyNet sounds like, so maybe we have the same kind of setup.

I'd like to do the "zero configuration ultra-mesh" type of thing, with the endpoints registering their locations so everyone can talk to everyone. But so far, no one has done it in a mixed-mode kind of way.

 



[#] Thu Nov 16 2023 14:38:59 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

Totally out in left field i know..and i could go look i guess

But is the protocol across UDP or TCP ?

Reason i ask office blocks nearly all UDP packets on public WiFi. and nearly all ports other than 80 and 443 and a couple others across TCP. I have a hard time getting anything to work. "we are so secure" yet they prevent people from using it to be secure too. Oh and while its not 'blocked' VPN use is forbidden on the internal network unless its theirs. You get caught you get fired.



[#] Thu Nov 16 2023 16:20:55 EST from LadySerenaKitty

[Reply] [ReplyQuoted] [Headers] [Print]

WireGuard runs UDP.  Since it runs in the kernel, it can be any port you want.  Fun fact: there's no default "wireguard port" in the spec.

Thu Nov 16 2023 14:38:59 EST from Nurb432

Totally out in left field i know..and i could go look i guess

But is the protocol across UDP or TCP ?

Reason i ask office blocks nearly all UDP packets on public WiFi. and nearly all ports other than 80 and 443 and a couple others across TCP. I have a hard time getting anything to work. "we are so secure" yet they prevent people from using it to be secure too. Oh and while its not 'blocked' VPN use is forbidden on the internal network unless its theirs. You get caught you get fired.



 



[#] Sat Nov 18 2023 17:06:11 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

I feel as if what WireGuard needs most right now is to have its own BGP address family. Wouldn't that be cool? Then it would be like a peering exchange: you peer with the route server and it feeds you back all of the other peers and what's behind them. WireGuard cryptokey routes are small enough that they would fit inside a BGP announcement.

[#] Sat Nov 18 2023 17:32:58 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

so a public mesh , in effect?



[#] Mon Nov 20 2023 16:40:13 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Not public. Think of it like an exchange point. Everyone who peers with the route servers receives the prefixes of everyone else who peers with the route servers. The idea is that you could create a mesh (which software like TailScale does) but in a *standard* way.

I suppose you could also build route server technology into WireGuard itself, but that would be contrary to one of the design goals of WireGuard, which is to be simple and small. It does that admirably.

[#] Mon Nov 20 2023 18:18:57 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

So a mesh of friends...

 

Or am i still way out in left field :) 



[#] Tue Nov 21 2023 13:13:21 EST from LadySerenaKitty

[Reply] [ReplyQuoted] [Headers] [Print]

WireGuard has built-in routering.  You just need to connect your peers and WireGuard handles all routing internally.

 



[#] Thu Nov 23 2023 13:43:05 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Yes, yes it does.  And it works well.  I'm using it to build a virtual network across five (ok now four, since one machine moved recently) sites.  Some of the wireguard endpoints are individual machines, but others are gateways with subnets behind them.  Among the gateways, one is a virtual machine running the reference implementation, and one is a Mikrotik router.

At present, I have to manually establish links between pairs of sites.  There's no automatic full mesh.

Software such as Tailscale handles that for you, but it requires their server and their software on each endpoint.  I'm, looking for a standard way of automatically establishing a full mesh.



[#] Sun Dec 24 2023 18:47:21 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

802.11 ah halow.  just heard about that today, seems interesting.  Be good for neighborhood mesh ..



[#] Wed Dec 27 2023 13:17:41 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Weird. So they're going to do something in the 900 MHz band, like 1st-generation cordless phones. I could see it taking some market share away from LoRa and Zigbee on the basis of "you already have it" if they start building it into consumer grade routers.

[#] Wed Dec 27 2023 14:02:40 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

Right. However LoRa does have the range advantage, but its traded for speed. ( and isn't really native IP ) so i do see a place for both in the world. But ya, it might eat into some IoT use that LoRa has been dominating over.

And apparently its really low power resource use too.

Wed Dec 27 2023 13:17:41 EST from IGnatius T Foobar
Weird. So they're going to do something in the 900 MHz band, like 1st-generation cordless phones. I could see it taking some market share away from LoRa and Zigbee on the basis of "you already have it" if they start building it into consumer grade routers.

 



[#] Tue Jan 02 2024 11:08:53 EST from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]

KittyGuard and Pritunl both look like they roughly exist in the same

space as TailScale. Now that WireGuard is here it looks like lots of


If I remember correctly, I looked at TailScale a while back. Overkill for my use-case because it supports all this fully-meshed stuff (which pritunl does not). I don't know what to tell you about KittyGuard... ask the Kitty.

[#] Tue Jan 16 2024 17:17:39 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

I'm actively thinking about how I want to set up my VPN mesh as I shuffle things around.

And yet ... I might not need it at all.  I'm slowly coming to the realization that just about every location has IPv6 now.  My hosting front end has IPv6, my home network has IPv6, and my smartphone is native IPv6 (from which it is derived that my laptop has IPv6 when I tether).

What are the reasons to use a VPN?  Reachability and privacy.  IPv6 solves the reachability issue, and just about every protocol now has its own TLS encryption now anyway.  So I might just go without!



[#] Tue Jan 16 2024 17:32:33 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

Not me. I still want a wall up to the outside. 



Go to page: First ... 23 24 25 26 [27] 28 29 30