[Rack] ChaosVPN device

Jonathan Lassoff jof at thejof.com
Thu May 20 18:29:49 UTC 2010 

Excerpts from Dr. Jesus's message of Thu May 20 01:29:43 -0700 2010:
> Miah and I had a look at it again tonight and (re-) discovered the
> following things:
> 
>  - If you send DHCP requests on the sonic.net interface, the upstream
> router stops talking to you at layer 3 (but ARP still works).
> 
>  - Troubleshooting with sonic late at night is probably a bad idea
> because the support techs have to be out shortly after 11 or they have
> some kind of problem with automatic locks in their building.
> 
>  - I have no idea who the 415 area code phone numbers on the sonic.net
> account are.
> 
>  - They still think we're ops at noisebridge.net.
> 
>  - The la fonera device will send DHCP requests even if the external
> interface is configured for static addressing.
> 
>  - There is no obvious DHCP client running on the la fonera, and
> neither of us could find where the fon* daemons are documented with a
> quick search.

Weird! I can't imagine why this would happen with Sonic.

Since it sounds like you're setting up a router of sorts, what if you
just uplinked it to one of the managed Cisco switches and applied an ACL
to block UDP/67 & UDP/68?
 
>  - The grey 9 port dual speed 10/100 hub that's lying around to be
> used as a network tap didn't want to negotiate 100BaseT with our
> Macbooks, so they synced up at 10BaseT.  It did, however, sync up at
> 100BaseT with the la fonera device and the Cisco devices on either
> side of the tap.  Since it's a dual speed hub, there's a switch
> between the 10 mbit and 100 mbit sides and a Macbook (Pro) won't see
> any 100 mbit traffic if you just plug it in like a normal tap.
> Manually configuring your Macbook's en0 interface to do 100 mbit will
> solve this problem.

A hub? Why is a tap needed?

> I wrote up the changes on the wiki.  I didn't patch the network
> diagram because I couldn't find the original, and I suspect this
> configuration isn't finalized yet since more troubleshooting might be
> needed.  Jof, what did you use to make that?

I used Omnigraffle, and only for the eye candy. I can attach the
.graffle bundle on an SVG if you'd like to attack it, otherwise, I'm
happy to update it.

So is this La Fonera device just connected with a single cable to
switch3.noise? Is it a trunk? How does the inside interface reach the
internal network?

--j

More information about the Rack mailing list