Yes yes, my names thebaldgeek and I am addicted to Kickstarter… Ok, happy now? I said it. Again. Out loud… Moving on.
AmpliFi Teleport provides a secure and convenient way to access resources at home, even when you are not. Utilizing any Wi-Fi hotspot or wired Ethernet connection, Teleport is able to create an encrypted connection to your home network, expanding it wherever you go.
So in other words, exactly what you would expect from a VPN (Virtual Private Network).
You tunnel your traffic, from wherever you may be, to your home network and in effect use your home Internet to surf the web or access devices on your network.
(The big plus is of course is that your traffic is encrypted from your device, so it makes it a lot harder to sniff your traffic while are using free wifi at the coffee shop/ macca’s).
The downside?
Two things, firstly this; (From betanews)
Unfortunately, the campaign only includes bundled kits, meaning the AmpliFi Router and Teleport are sold together in a single package. If you already own the router, you cannot buy the Teleport separately — at least not during the Kickstarter campaign. This is disappointing, as existing owners are forced to either buy an additional router they do not need or wait until Teleport is sold individually down the road.
With all of that said, since the Teleport only works with the AmpliFi Router, this will prevent unknowing consumers from backing it and then becoming upset when it doesn’t work with a different router model. So yeah, I can understand why this is being done.
I can sort of see why, but its not going to work for me, since I already have a lot of money, time and tech invested in my router, and yes yes, I know, I could put their router behind my router, but I am trying to make my network more simple, not more complex!
The second downside is this;
200 bucks.
Suddenly I don’t feel too bad at re-purposing an old Pi 2 that I had in the bedroom – total original cost (some 4 years ago), 30 bucks…. That and about an hour of my time (50 bucks?, even at 100 bucks, it is still half price?)
Besides, for me, it was as much about the learning as the end product.
But. Options. You have options. And I like Ubiquiti stuff, so theres that.
I felt my network was out of control. Was it really? That was my problem… I did not know what it was doing, in or out of control, I had no idea.
Need to monitor it then.. and once we are gathering the data, then we can make informed decisions.
In other words, “You can’t control what you don’t monitor”.
Really rough brain dump for selecting ‘The Dude’ to do that job at home.
SNMP.
Simple Network Management Protocol.
This is the right tool for the job of network monitoring. It has been around a lot of years, is a bit of a standard, and works on Windows, Linux, managed switches and Raspberry Pis.
The best way to use this protocol is to use some SNMP monitoring software. There are Open Source, free and paid options. Google will guide you. (I have tried Cacti, Nagios, Zabbix, Ntop and The Dude). Look closely at the features, look at the amount of hosts the free versions support, look closely if the free version shows ads on the reports etc etc.
In the end, you just have to pick one and stick with it (wort’s and all). The longer you work with it, the better you will get at working around any shortcomings it has. One feature I would look at is its reports and alerting features. Sadly, The Dude seems to be lacking in this area.
I chose ‘The Dude’ from Mikrotik. We have been using it on and off for years and years thanks to Dan. I like the mapping feature. It’s not open source, but it is free.
One major gotcha with this application; They no longer are developing the Windows server. They are only developing their routerOS version.
Not all the features of the Windows platform has made it over onto the RouterOS version yet, so its sort of in a no mans land at the moment.
I am happy with the features and bugs on the Windows version, so I am mostly using that, but I have purchased their minimum level router (Mikrotik hEX RB750Gr3) to run it on.
Here is an auto generated map of my network generated by The Dude.
Network overview of home
I am a very graphic/visual guy, so really like The Dude for this reason. Most of my interaction with The Dude is through this map.
Double or right click on each object (I don’t mean to ‘sell’ The Dude, most SNMP applications are the same, so just bare with me) to expose the features of each device.
Green is all services up (you can add custom services like port 2001 and 22001 for Opto 22 devices), orange is one or more services are down and red is all services down.
On the links you can see some data, these are the current bandwidth values for that device to that port on the switch.
Hovering over them shows a graph.
This is for an OptoEMU-SNR-3v. It monitors the house power. You can see that it is uploading power readings (the blue spikes) and is receiving a lot of broadcast packets and data addressed to it.
So how did we get here?
The main advantage of SNMP software is that makes the SNMP tree structure a lot LOT simpler to work with.
Most Ethernet interfaces have some SNMP stack built in, so at the very least, to get SNMP up and running on your hardware, it should just take a software package to install.
What if your device does not support SNMP? If you connect the network port of that device to a managed switch, then you can get some data from the switch.
When Dan was in town, we went to the junk store and picked up a sweet Dell managed switch. We then added 3 more TP-Links because Gary uses them.
Here is a screenshot of the TP-Link;
This is one of the smaller 8 port, but the 24 port and 48 port look almost the same.
The important part here is that under ‘Global Config’ you turn on SNMP and then under ‘SNMP Community’ you add a community name.
To check what it is in your Opto 22 devices, open PAC Manager, inspect the device, click on communications and then SNMP;
Thoughts about this. IT guys might like to change the community name so that it is a little more secure. You can also set up a user/password for the SNMP user/community/group. I recommend that you adhere to any of their recommendations. That said, for my house, I set it to read-only and left the default group and community name as ‘public’ and no user/pass.
One of the reasons for this is that I wanted The Dude to be able to do a scan (discover) of the network and did not want to have to set up each device or several profiles for the SNMP user.
While The Dude can handle different SNMP communities, when I tried to use it like that, I had a lot of issues, thus going back to the ‘public’ for every device.
Once you have your SNMP client enabled and your SNMP community name saved, you can then unleash The Dude to scan the network and walk the SNMP tree of each device as it finds it.
Here is a typical small section of an Opto SNMP tree screenshot;
I have closed a lot of the tree folders, they go on and on and on and on and on.
You can drill your way into any leaf of the tree and look at just that OID data. Thankfully a lot of the SNMP software knows the tree structure (as I said, its a lose standard) and will pick the right parts for automatically saving a HUGE amount of time.
MIB
A quick word on MIB’s.
MIB’s or Management Information Base work hand in hand with SNMP.
MIB describes vendor specific sections of the SNMP tree that are not in the standard.
Here is the front of the Opto 22 MIB;
As you can see, they are all things that are unique to Opto 22.
Most managed switch vendors do the same thing, the SNMP standard takes care of all the interface data in/out counters etc, but they might add CPU use or CPU temperature, Fan status/RPM and things like that…. You will find those OID’s in their MIB.
Most network management software allows you to add MIB’s as needed.
So, to summarize.
SNMP is a rough standard.
OID’s are a rough standard.
The Dude knows about those standards and can play nice with pretty much all of them.
Well, I passed.
Took two attempts, I failed the first and you have 30 days to resubmit. Worked on it 5 days a week, 7-9 hours a day for 3 weeks. We got there in the end.
Of course we have a massive amount of relief…. But I have also learned a great deal about learning. I was also a very humbling experience.
As best as we can tell, I still hold the world record for a single project having the largest number of HMI windows in the Opto 22 sphere, we also had a very large part in creating the HMI windows for DeepSea Challenger for James Cameron…. But it turns out, I failed and struggled to make around 10 windows on another software package. So yeah, what I think I know and what I can do… There is a gap.
It was also interesting the way we approached this… I knew nothing about the product some 10 weeks ago. We watched their online videos and passed the on line multi choice exams. This took some 5-7 weeks. I should have keep better track of the total time I spent on all this, but didn’t.
So after watching the videos, we had still not used the product. The written exam then required us to use the product, and this is where I fell apart.
I had learned what the product can do, but not how to do it, not how to string it together and create a finished project.
We did not ‘begin with the end in mind’ as my old boss at the hospital liked to often say.
There is no question in my mind that someone who had used the product, even just a little project, would have found the exam a lot more straightforward than I.
The other complication is that I have been ‘brainwashed’ (not the right word, but you get my point) by using Opto for all these years. They have a different way of doing things than Inductive. It was hard to leave 30+ years ‘experience’ on the table and start thinking the new Inductive way.
All up, it has been a pretty stressful 2ish months. Drinking from a fire hydrant and then being quizzed about said hydrant, then being asked to make one from scratch.
The really odd thing about all this is that in my current role, it’s very unlikely I am ever going to use the product… So the question may well be, how soon will I forget?….We will see I guess.
I have been wanting to move all my servers to https for a while, but I just can’t wrap my head around how. I also can’t seem to form up a google search that answers my one and only question….
Do I need to put a (different or same) certificate on each of my servers?
I have the one domain name, thebaldgeek.net, but I run several servers behind that on different port numbers, and they are all different applications. For example, this blog runs on wordpress (Apache I think), the FTP server, I have my aircraft tracking, which I have no idea what it uses for a web server, I have groov on Jetty (on the same Windows PC as the aircraft server, so that will get interesting), I have Node-RED, no idea what web server it uses, I have another groov site, also on Jetty on Linaro, Terry’s groov on Linaro, and I have my VPN.
What I wish is that I could put a single certificate (no idea yet how or who I am going to get it from) on the ‘front’ of the router and have it as a single point of entry for all those other ports.
Let me know if you have any thoughts or ‘how tos’ on this one.
I wanted to get a VPN working into my home network and after looking at a few, I settled on SoftEther.
First we tried setting it up on a Windows 10 Laptop, after 2 hours, we had to give up.
Last night I ran a script I found on the web on a spare Pi I had and it worked first go.
So, the thing is, I was not game to try it on any of my Pi3′ as they are all currently doing jobs that I don’t want to break, so it’s running on a Pi2 and is a bit slow.
I would like to put it on the same Pi as is doing my DNS/DHCP, but can’t figure out if SoftEther uses its own servers for that.
(I also have some time sunk into my MAC to IP mapping on that Pi and need to figure out how to back that up!).
Would love to know why it wont work on the laptop, the GUI is rather nice vs command line, and the speed would be there. I think it might have something to do with the laptop’s Broadcom interface adaptor driver not working in bridge mode.
Anyway, its an area (building a VPN Server) that I have not messed with, so it’s been interesting. I just want to get it finished up and move on to the next unexpected project……
