thewalrushole
thewalrushole
Random Linux and Raspberry Pi Stuff
3 posts
Don't wanna be here? Send us removal request.
Statistics
We looked inside some of the posts by thewalrushole and here's what we found interesting.
Average Info
Notes Per Post
1
Likes Per Post
1
Reblog Per Post
0
Reply Per Post
0
Time Between Posts
7 days
Number of Posts By Type
Text
3
Last Seen Tumblr Blogs
rafaelkfouri
7K posts
factspin360
FactSpin360
25 posts
maebelmelee
maebel:)
158 posts
nickifitzgerald
iPhone artist
235 posts
transformers-spike
My brain won't let me rest
3K posts
Fun Fact
Tumblr has 411 employees.
thewalrushole · 4 years ago
Text
Salt on Raspberry Pi ARM64 - Ubuntu
Install
Install all the salt-minion dependencies
apt install dctrl-tools python3-pycryptodome python3-zmq python3-dateutil python3-msgpack python3-psutil python3-gnupg
Download the specific salt packages, for salt-minion we are going to need 2 of them: salt-minion and salt-common
Check for latest files, at the time of writting it was salt_common_3003 & salt-minion_303 http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest/
cd /tmp
wget http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest/salt-common_3003%2Bds-1_all.deb && wget http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest/salt-minion_3003%2Bds-1_all.deb
Install the packages
dpkg -i salt-common_3003... salt-minion_3003
Configure the minion.
#saltstack#salt#arm64#raspberrypi#ubuntu
0 notes
thewalrushole · 4 years ago
Text
Site to Site VPN - OpenVPN on Asus Router (OE Firmware)
frkq Asus routers are painful, and open vpn isn't intuitive like a network appliance like a cisco router would work.
Most configuration is pushed server side including the satellite site routes.
ASUS OE firmware is dynamically generate each boot and apply so you have to work your configuration into the UI and jffs parition.
*Note I haven’t bother with security key authentication since its just a small test network
Topology
ASUS Router Headend 192.168.1.0/24
Ubuntu Raspberry PI Satelight. 192.168.200/24
UI
Tumblr media
client-config-dir /jffs/openvpn/ccd      #jffs persistant partition  topology subnet client-config-dir ccd client-to-client username-as-common-name # Remote routes route 192.168.200.0 255.255.255.0 10.8.0.2 # These routes are pushed out to other connecting clients/site and hairpin via the headend push "route 192.168.200.0 255.255.255.0 10.8.0.1" #end
JFFS files *on the server side
filename -> site cn name
ifconfig-push 10.8.0.2 255.255.255.0
iroute 192.168.200.0  255.255.255.0
Satelight Client Config
topology subnet
route-metric 50
route 192.168.1.0 255.255.255.0
push "route 192.168.200.250"
push "route 192.168.200.0 255.255.255.0"
pull-filter ignore "route 0.0"
pull-filter ignore redirect-gateway
Running OpenVPN Client as a Service w PWD
/etc/systemd/system/openvpn-client.service
ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config /etc/openvpn/client.ovpn --auth-user-pass /etc/openvpn/login.conf
DNSMasq Forwarding Local Domain
Place autorun file on a usb drive to hack ASUS mount autorun script on boot.
/jffs/configs/dnsmasq.conf.add
server=/home.local/192.168.200.250
.asusrouter
#!/bin/sh
killall dnsmasq
cat /jffs/configs/dnsmasq.conf.add >> /etc/dnsmasq.conf
dnsmasq --log-async
#openvpn#asus#sitetosite#dnsmasq
0 notes
thewalrushole · 4 years ago
Text
Distributed Wireless
A bunch of wireless access points running 802.11r in a bridged network, based on linux, hostapd, ect.
Objectives:
- distributed, redundant, optimised, converged coverage
Hardware:
Raspberry Pi 3B is ok for testing supporting either spectrum (2.4 or 5.0) in ht mode
SBC with dual concurrent radios to test .. Wally’s Communications DR6018 and DR6018-S V02
OS:
DD-WRT ( I really should revisit this, but seems like bloatware
Ubuntu server for ARM seems like a better option
Build:
apt-get install rfkill hostapd bridge-utils cpufrequtils dnsmasq htop lldpd sshpass wireless-tools 
remove snap from ubuntu
Netplan
Don’t need to configure wlan interfaces into the bridge hostapd will do this, loopback is a /32 from within the bridge lan range (linux is crap at strict routing so this will actually work), loopback duplicated on all AP’s for distributed DHCP, DNSMasq, ect
       version: 2
       renderer: networkd
       ethernets:
               eth0:
                       dhcp4: false
                       dhcp6: false
               lo:
                       match:
                               name: lo
                       addresses:
                               - 192.168.200.251/32
       bridges:
               br0:
                       dhcp4: false
                       dhcp6: false
                       addresses:
                               - 192.168.200.201/24
                       gateway4: 192.168.200.250
                       interfaces:
                               - eth0
Hostapd
country_code=NZ
interface=wlan0
bridge=br0
ssid=ssid here
auth_algs=1
macaddr_acl=0
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=password here
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
hw_mode=a
wmm_enabled=1
iapp_interface=br0
okc=1
ieee80211n=1
require_ht=1
ht_capab=[MAX-AMSDU-3839][HT40+][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]
ieee80211ac=1
ieee80211ac=1
require_vht=1
ieee80211d=0
ieee80211h=0
vht_capab=[SHORT-GI-80][SU-BEAMFORMEE]
vht_oper_chwidth=1
channel=36
#vht_oper_centr_freq_seq_idx=42
disassoc_low_ack=1
multicast_to_unicast=1
#proxy_arp=1
#rssi_reject_assoc_rssi=-75
#rssi_ignore_probe_request=-75
rssi_reject_assoc_timeout=10
mobility_domain=a1b2
nas_identifier=b827eb3b638c
r0_key_lifetime=10000
r1_key_holder=b827eb3b638c
reassociation_deadline=1000
#ft_over_ds=1
r0kh=ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff
DNSMasq
port=53
domain-needed
resolv-file=/etc/resolv.dns
strict-order
server=/200.168.192.in-addr.arpa/192.168.200.250
address=/double-click.net/127.0.0.1
ipset=/yahoo.com/google.com/vpn,search
server=192.168.200.250@br0
interface=br0
Thinks to do
Docker and Openshift Origin
Salt Stack package and configuration management
sshd authentication allow non privilege users during startup/shutdown
pretty sure if I set the radius interface and nas identifier it will control which interface hostapd used for broadcast
cluster DHCP and DNSMasq if required
Clean up and format this blog
TCP multipath dual ip uplinks
wireless backhaul backup
QoS/WMM
build standard vlan on bridge interface (management lan, user, security ect)
build mutiple SSID to vlan
something like vrf to ensure segmentation of SSID/VLANS
Manage all this via salt.. and look into dbus remote send
move to WPA3 or Radius or something more secure
Zigbee and BT....
Wifi spectrum management (channel management/switching)
RF location services
DHCP PXE boot for future management of zigbee ect.
802.11ac dongle, onboard 5ghz radio and antenna are weak switched to 2.4(g) 
Do I
local cluster/bind9 <--> local dnsmasq 
local cluster/bind isc-dhcp-server <--> local dnsmasq
Why, bind9 able to look up root no fowarder required, and local entries for windows ect, but dnsmasq for fast caching .. is it overkill, bind9 is supposed to cache too in ram, but we want this highly available and fast
Same for dhcp fast/redundancy
References / Reading
http://www.routereflector.com/2016/11/working-with-vrf-on-linux/
https://www.raspberrypi.org/documentation/configuration/wireless/access-point-bridged.md
http://ftp.gwdg.de/pub/linux/linux-magazin/listings/raspberry-pi-geek.com/04/AccessPoint/Listing04.txt
https://www.linux.com/topic/networking/advanced-dnsmasq-tips-and-tricks/
#hostap#802.11r#roaming#access point
1 note · View note