Posts Tagged ‘EdgeOS’

PKI Revisited

A little more than two years ago, I set up a PKI and did a post on it. The main goal was to get a certificate on my EdgeOS router to get proper HTTPS support without the annoying red X. When I did it, however, I didn’t do it quite right, and so I decided to redo it all. Some of the major problems:

  • The cert for my router expired after two years. Hence, I as of today I need a new cert anyway.
  • The intermediate cert also expired after two years. Lame!
  • To trust the chain, I had to import the intermediate cert into Windows, not the root cert. I should just need the root cert.

So I decided to do it right, and do it all over again for posterity, again largely following this post from Didier Stevens and again having the same old issues. Details below.

Read the rest of this entry »

  • Current Mood: Fall

Netflow and Splunk

Yesterday, I told the tale of getting netflow data out of my EdgeOS router. Once I started actually receiving data, I wanted to get it into Splunk. I figured that I would have to set up a directory for netflow log data from nfdump, then set up a reader to have Splunk ingest the data. After doing some Googling, though, I found the Splunk Add-on for NetFlow, which handles all of that automatically! Once you get it up and running, that is.

Read the rest of this entry »

EdgeOS and Netflow

I’ve written a lot about getting stuff working on my Ubiquiti EdgeOS router. Recently, I got the idea in my head to enable netflow on the router to do some traffic analysis. My router does support exporting netflow data, so I thought it would be fairly simple to set up. In the end, it wasn’t too hard, but it did take some research and at least one dumb mistake.

Read the rest of this entry »

EdgeOS and IPv6 Revisited

About a week ago I noticed that my browsing was no longer using IPv6. How, you ask? I use IPvFoo, a Chrome extension that shows you in your address bar whether you are browsing a site using IPv4 or IPv6. True, only Google and Facebook are the sites that I browse regularly that use IPv6, but I still noticed that something was amiss. Not a high priority, I forgot about it for a few days until I saw a thread in the IPv6 subreddit which solved the mystery for me: Comcast had stopped giving out /60 address blocks to residential customers.

Read the rest of this entry »

mDNS Update

My last update on getting Bonjour/mDNS working on my network ended with “If it ain’t broke”… Sadly, the broke state cropped up at some point between then and now. Home sharing with the Apple TV was no longer working, and nothing had changed on my end to break it. Apple may have changed things on their end, breaking stuff, but regardless of the cause, my network wasn’t working right.

Fortunately, the fine people on the EdgeOS boards had already fixed this, amusingly enough even before my earlier attempts to get it working right. Instead of using mDNS reflector, using mDNS repeater apparently works much better. Specifically, following the instructions here fixed things nicely. Until the next time something breaks, that is…

Bonjour!: mDNS and iTunes Home Sharing on EdgeOS

Ever since I’ve set up my home network, Home Sharing hasn’t worked between our Apple TV and my desktop computer. It’s been a minor annoyance that I really didn’t look into before now, but I had some time yesterday to troubleshoot it and get it working just in time to watch Little Women, which Julia had just bought and downloaded from iTunes. Below is how I got it back up and running.

Read the rest of this entry »

Setting up a PKI

Since setting up my home network, I’ve been playing around with pieces of it. Today, when I was logging into the web interface of my EdgeLite Router, I noticed that dreaded red X through the https in Chrome, because Chrome didn’t trust the default self-signed certificate that came with the router. Why not replace that default cert with one I’ve signed myself, and import my signing cert as a trust certificate, thought I? So that’s what I did today.

Read the rest of this entry »

Adventures in Networking: Setting Up a Home Network with EdgeOS

As promised, the summary of everything I’ve done to date. I’m still messing with IPv6, and I found my VLAN settings were all messed up, so expect some more updates on this topic. So far, though, here’s what I have, from start to finish:

Adventures in Networking, Part 1: Intro

Adventures in Networking, Part 2: Initial Setup

Adventures in Networking, Part 3: Switch It Up

Adventures in Networking, Part 4: Zone Defense

Adventures in Networking, Part 5: Splunking

Adventures in Networking, Part 6: IPv6

I’ll continue to add more as I play around with my network!

Adventures in Networking, Part 6: IPv6

This is finally the end of my series on setting up my EdgeRouter and all the fun I had with it. This part was the hardest part, but it was also quite the learning experience: getting IPv6 up an running on my router. It took a lot of work, muddling around with configs, and reading a lot of articles, but in the end I passed the IPV6 Test with a score of 100%, which is something that I never could have done before. So read more to see the (current) conclusion of this endeavor.

Read the rest of this entry »

Adventures in Networking, Part 4: Zone Defense

After part 3, I had a fully-functioning, switched network. So then why would I want to change that? Ah, because if it ain’t broke, you aren’t doing it right. As I stated before, ACL-based firewalls are limited, defining only inbound, outbound, and local (to the router) rules on each interface. I didn’t like that limitation, since it wasn’t granular enough for those VLAN-to-VLAN connections. Fortunately, though, EdgeOS has the capability to get as strict as you want, but you better be ready for some CLI configurations!

Read the rest of this entry »

« Older Entries