Conversation

Notices

1. Embed this notice
   Alex Haydock (alexhaydock@infosec.exchange)'s status on Monday, 23-Dec-2024 21:03:02 JST Alex Haydock

   As promised, my post about building an IPv6-focused OpenBSD home router :puffer:

   Featuring NAT64, DNS64, PREF64, all of the 64s!

   https://blog.infected.systems/posts/2024-12-07-building-an-ipv6-focused-openbsd-home-router/

   #openbsd #ipv6

   • Embed this notice
     Leah Rowe is not a Rowebot (libreleah@mas.to)'s status on Monday, 23-Dec-2024 21:03:57 JST Leah Rowe is not a Rowebot

     in reply to

     @alexhaydock You, sir, have made my day. Thank you.

     This may be just what I need, for an upcoming project.

   • Embed this notice
     Alex Haydock (alexhaydock@infosec.exchange)'s status on Monday, 23-Dec-2024 21:20:19 JST Alex Haydock

     in reply to

     • Leah Rowe is not a Rowebot

     @libreleah Glad to be of help! :ablobcatnod:

     Big fan of the Libreboot project, by the way!

   • Embed this notice
     Leah Rowe is not a Rowebot (libreleah@mas.to)'s status on Monday, 23-Dec-2024 21:21:23 JST Leah Rowe is not a Rowebot

     in reply to

     @alexhaydock I also enjoyed this article of yours: https://blog.infected.systems/posts/2024-12-01-no-nat-november/

     I've had a no-NAT LAN for years, which I use to host servers. /28 IPv4 and various /64 IPv6 subnets. My current routing is configured on a Debian-based router, whose setup I document here:

     https://fedfree.org/docs/router/debian-l2tp-aaisp.html

     https://fedfree.org/docs/router/debian-l2tp-aaisp-redundant.html

     I later added a firewall to that; not yet documented. Static IPs are routed to me via PPP over L2TP.

     I've been meaning to write more guides. OpenBSD is what I'll use for the next one.

   • Embed this notice
     Alex Haydock (alexhaydock@infosec.exchange)'s status on Monday, 23-Dec-2024 21:29:49 JST Alex Haydock

     in reply to

     • Leah Rowe is not a Rowebot

     @libreleah I’ll definitely have to check these out since I like the idea of having the redundant routes configured.

     I’ve been trying to work out how I could fall back to 5G in a failure scenario without needing to face the problem that my /29 and /48 are bound to the hardwired connection, but I might have to investigate A&A’s L2TP for that…

   • Embed this notice
     Leah Rowe is not a Rowebot (libreleah@mas.to)'s status on Monday, 23-Dec-2024 21:29:49 JST Leah Rowe is not a Rowebot

     in reply to

     @alexhaydock My setup is a bit hacky. Most notably, I have to *break* two public IPv4 addresses. So I broke Google DNS.

     It pings Google DNS IPs on the router, where master is routed to one physical network and slave routed to the other.

     It's a static route, and the way it's done means that clients connecting to the router can't use Google DNS.

     The router pings each one, to know which line is up.

     Switching takes ~1 minute, so I make it stay on the backup for 8 hours before switching back.

   • Embed this notice
     Leah Rowe is not a Rowebot (libreleah@mas.to)'s status on Monday, 23-Dec-2024 21:31:42 JST Leah Rowe is not a Rowebot

     in reply to

     @alexhaydock The reason for the 8 hour time is because if main is flaky one day, I don't want it constantly switching between the two, due to the 1 minute switch time. It takes about 1 minute between one line going off and the other one going on.

   • Embed this notice
     Leah Rowe is not a Rowebot (libreleah@mas.to)'s status on Monday, 23-Dec-2024 22:38:04 JST Leah Rowe is not a Rowebot

     in reply to

     @alexhaydock oh btw if your internet connection (the hardwired one) is a&a, please note that a&a also provides l2tp for free with all their hardlines (e.g. PPPoE on adsl, vdsl, fttp).

     the l2tp becomes active when your main hardline is down, and you can use it from another ISP to do failover.

     https://support.aa.net.uk/Router:Linux_-_Debian_-_With_L2TP_Fallback

     This guide is for those using a *hardline*.

     I don't use an a&a hardline at my lab. i'm using another ISP that offers much faster upload speed. I use a&a's standalone l2tp service.

   • Embed this notice
     Alex Haydock (alexhaydock@infosec.exchange)'s status on Monday, 23-Dec-2024 22:42:25 JST Alex Haydock

     in reply to

     • Leah Rowe is not a Rowebot

     @libreleah Oh, it is! That sounds ideal, thank you!

   • Embed this notice
     Leah Rowe is not a Rowebot (libreleah@mas.to)'s status on Monday, 23-Dec-2024 22:42:47 JST Leah Rowe is not a Rowebot

     in reply to

     @alexhaydock yeah not a lot of people know about it. it's really nice.

     i mentioned it because you specifically cited the issue of losing your IPs. whether you use my setup with standalone l2tp, or one of their hardlines with backup l2tp, you would retain the same IPs.

     when my main internet goes down, and switches to the backup, it stays online and my IP addresses do not change.

     quite often even my irc client doesn't drop during the switchover. it's quite nice.

   • Embed this notice
     Alex Haydock (alexhaydock@infosec.exchange)'s status on Monday, 23-Dec-2024 22:46:20 JST Alex Haydock

     in reply to

     • Leah Rowe is not a Rowebot

     @libreleah It does sound ideal for what I’m looking to build and is essentially what I had in mind already but I’m just surprised that it’s free. That’s definitely a good project for me to work on in the future then. Nice.

   • Embed this notice
     Leah Rowe is not a Rowebot (libreleah@mas.to)'s status on Monday, 23-Dec-2024 22:46:20 JST Leah Rowe is not a Rowebot

     in reply to

     @alexhaydock a&a is awesome. it's the only isp that i'd ever use, to actually route my traffic.

     the physical ISPs that i have at the lab, i simply regard as transit ISPs, for hooking me up to a&a - that's what the l2tp is for.

     also: xl2tpd (which i cover in my guide, and so does the other guide) was ported to openbsd ports, and the person who ported it is an a&a user!

     they also have openbsd routing guides on their wiki:

     https://support.aa.net.uk/index.php?search=openbsd&title=Special%3ASearch&wprov=acrw1

   • Embed this notice
     Leah Rowe is not a Rowebot (libreleah@mas.to)'s status on Monday, 23-Dec-2024 22:52:35 JST Leah Rowe is not a Rowebot

     in reply to

     @alexhaydock i will summarise all of this with a meme. https://av.vimuser.org/routeronacob.jpg

     that raspberry pi was my router for years

   • Embed this notice
     Alex Haydock (alexhaydock@infosec.exchange)'s status on Monday, 23-Dec-2024 22:56:56 JST Alex Haydock

     in reply to

     • Leah Rowe is not a Rowebot

     @libreleah This one hits fairly close to home as I only just retired my Pi 4 routing setup a few months ago. I didn’t dare try USB Ethernet though. It was all just VLANs and the single Ethernet port. Did very well routing VDSL for 4 years :blob_grinning_sweat:

   • Embed this notice
     Leah Rowe is not a Rowebot (libreleah@mas.to)'s status on Monday, 23-Dec-2024 22:56:56 JST Leah Rowe is not a Rowebot

     in reply to

     @alexhaydock this thinkpad is what i currently run my l2tp router on: https://av.vimuser.org/router.jpg

     though it now has 2 usb ethernet dongles instead of that cardbus ethernet adapter. in addition to the onboard ethernet.

     a bit hacky. this is the "upcoming project" i have in mind, because this was done for testing purposes but then i had to quickly move my servers 2 years ago and haven't bothered "fixing" it since.

     i'll re-do it with openbsd+xl2tpd, similar to the debian setup, on proper hardware.