[Cerowrt-devel] new wiki pages the differences between an external gateway and internal router

[Cerowrt-devel] new wiki pages the differences between an external gateway and internal router

[Dave Taht]

I think I need to summarize what these differences are in a chart on a
separate page, so people get it right.

http://www.bufferbloat.net/projects/cerowrt/wiki/Setting_up_an_interior_gateway_router

http://www.bufferbloat.net/projects/cerowrt/wiki/Tuning_your_CeroWrt_default_gateway

But did I miss anything major above?

And I've seen instructions for bridging and using vlans go by on this list that
need to move to the wiki, if anyone is up for that.

-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

Re: [Cerowrt-devel] new wiki pages the differences between an external gateway and internal router

[Kai Yang]

On the note of ssh, I have disabled the password login, root password
login, and set the interface to se00. Yet, I'm still able to login
with root password from wifi. What gives?

On Wed, Mar 26, 2014 at 1:16 PM, Dave Taht <dave.taht@gmail.com> wrote:
> I think I need to summarize what these differences are in a chart on a
> separate page, so people get it right.
>
> http://www.bufferbloat.net/projects/cerowrt/wiki/Setting_up_an_interior_gateway_router
>
> http://www.bufferbloat.net/projects/cerowrt/wiki/Tuning_your_CeroWrt_default_gateway
>
> But did I miss anything major above?
>
> And I've seen instructions for bridging and using vlans go by on this list that
> need to move to the wiki, if anyone is up for that.
>
> --
> Dave Täht
>
> Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel

Re: [Cerowrt-devel] new wiki pages the differences between an external gateway and internal router

[Dave Taht]

I think you need to modify the /etc/xinetd.d/ssh entry to pass the -s
option to dropbear and restart xinetd.

Please don't try this unless you are sure your dropbear key is working!!

On Wed, Mar 26, 2014 at 10:45 AM, Kai Yang <yangk@vt.edu> wrote:
> On the note of ssh, I have disabled the password login, root password
> login, and set the interface to se00. Yet, I'm still able to login
> with root password from wifi. What gives?
>
> On Wed, Mar 26, 2014 at 1:16 PM, Dave Taht <dave.taht@gmail.com> wrote:
>> I think I need to summarize what these differences are in a chart on a
>> separate page, so people get it right.
>>
>> http://www.bufferbloat.net/projects/cerowrt/wiki/Setting_up_an_interior_gateway_router
>>
>> http://www.bufferbloat.net/projects/cerowrt/wiki/Tuning_your_CeroWrt_default_gateway
>>
>> But did I miss anything major above?
>>
>> And I've seen instructions for bridging and using vlans go by on this list that
>> need to move to the wiki, if anyone is up for that.
>>
>> --
>> Dave Täht
>>
>> Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
>> _______________________________________________
>> Cerowrt-devel mailing list
>> Cerowrt-devel@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

Re: [Cerowrt-devel] new wiki pages the differences between an external gateway and internal router

[Kai Yang]

So what are those options in /etc/config/dropbear for?

On Wed, Mar 26, 2014 at 1:50 PM, Dave Taht <dave.taht@gmail.com> wrote:
> I think you need to modify the /etc/xinetd.d/ssh entry to pass the -s
> option to dropbear and restart xinetd.
>
> Please don't try this unless you are sure your dropbear key is working!!
>
> On Wed, Mar 26, 2014 at 10:44 AM, Kai Yang <yangk@vt.edu> wrote:
>> On the note of ssh, I have disabled the password login, root password
>> login, and set the interface to se00. Yet, I'm still able to login
>> with root password from wifi. What gives?
>>
>> On Wed, Mar 26, 2014 at 1:16 PM, Dave Taht <dave.taht@gmail.com> wrote:
>>> I think I need to summarize what these differences are in a chart on a
>>> separate page, so people get it right.
>>>
>>> http://www.bufferbloat.net/projects/cerowrt/wiki/Setting_up_an_interior_gateway_router
>>>
>>> http://www.bufferbloat.net/projects/cerowrt/wiki/Tuning_your_CeroWrt_default_gateway
>>>
>>> But did I miss anything major above?
>>>
>>> And I've seen instructions for bridging and using vlans go by on this list that
>>> need to move to the wiki, if anyone is up for that.
>>>
>>> --
>>> Dave Täht
>>>
>>> Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
>>> _______________________________________________
>>> Cerowrt-devel mailing list
>>> Cerowrt-devel@lists.bufferbloat.net
>>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
>
>
> --
> Dave Täht
>
> Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

Re: [Cerowrt-devel] new wiki pages the differences between an external gateway and internal router

[Dave Taht]

They are unused in cerowrt as it uses the xinetd subsystem instead.
Yes, the gui should be aware of that
but we've not got around to it (and parsing xinetd syntax is hard).
The gui does do the right thing when
it comes to uploading the ssh key, I think, but the rest is mostly wrong.

The long term expectation is that the procd subsystem will gain some
xinetd features eventually. In the meantime xinetd provides some extra
security (like being easily able to only allow services for certain
hosts) and sensors for malicious behavior that are missing elsewhere.


On Wed, Mar 26, 2014 at 11:04 AM, Kai Yang <yangk@vt.edu> wrote:
> So what are those options in /etc/config/dropbear for?
>
> On Wed, Mar 26, 2014 at 1:50 PM, Dave Taht <dave.taht@gmail.com> wrote:
>> I think you need to modify the /etc/xinetd.d/ssh entry to pass the -s
>> option to dropbear and restart xinetd.
>>
>> Please don't try this unless you are sure your dropbear key is working!!
>>
>> On Wed, Mar 26, 2014 at 10:44 AM, Kai Yang <yangk@vt.edu> wrote:
>>> On the note of ssh, I have disabled the password login, root password
>>> login, and set the interface to se00. Yet, I'm still able to login
>>> with root password from wifi. What gives?
>>>
>>> On Wed, Mar 26, 2014 at 1:16 PM, Dave Taht <dave.taht@gmail.com> wrote:
>>>> I think I need to summarize what these differences are in a chart on a
>>>> separate page, so people get it right.
>>>>
>>>> http://www.bufferbloat.net/projects/cerowrt/wiki/Setting_up_an_interior_gateway_router
>>>>
>>>> http://www.bufferbloat.net/projects/cerowrt/wiki/Tuning_your_CeroWrt_default_gateway
>>>>
>>>> But did I miss anything major above?
>>>>
>>>> And I've seen instructions for bridging and using vlans go by on this list that
>>>> need to move to the wiki, if anyone is up for that.
>>>>
>>>> --
>>>> Dave Täht
>>>>
>>>> Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
>>>> _______________________________________________
>>>> Cerowrt-devel mailing list
>>>> Cerowrt-devel@lists.bufferbloat.net
>>>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>>
>>
>>
>> --
>> Dave Täht
>>
>> Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

Re: [Cerowrt-devel] new wiki pages the differences between an external gateway and internal router

[Dave Taht]

The long term goals of cerowrt (in addition to fixing bufferbloat) are
now mostly aligned with the
ietf "homenet" working group. This includes things like automagic nat
detection and ipv6 prefix distribution,
correct firewalling, working upnp, pcp, and mdns proxies, and support
for integration into the "internet
of things", and reconnecting the edge of the Internet to the Internet.

We are not going to achieve all those goals in this release!, and
interfaces to several subsystems
remain prototypical or hacky or non-existent.

For an inspirational look at the long term problems the homenet
working group is trying to solve, see Mark Townsley's talk at:

https://www.youtube.com/watch?v=wQdfWUsG4uI&index=8&list=PL2B0BABF5D34C0932

Help is needed on the new hnetd protocol daemon (which will replace
AHCP among other things),
and the ohybrid proxy daemon in particular. This is a chance to shape
the code for everyone...

The codebases for these are open source and available in github, and
they are built as optional packages
(currently) for cerowrt.

There are many relevant RFCs:

http://tools.ietf.org/wg/homenet/

At the last homenet working group meeting we voted nearly unanimously
to adopt and improve the proposed homenet configuration protocol
(HNCP) and to put aside our differences on routing protocols (for
now).

CeroWrt started before homenet, however, and we were focused on
different stuff, which is mostly done now.

Our original goals in the CeroWrt project were fixing bufferbloat on
wired (done!), and wireless (in progress), improving home router
security (an ongoing exercise), improving routing in general, getting
IPv6 to work well
(getting better), and getting DNSSEC to the edge (almost there) - and
getting these needed features into mainline router distributions like
openwrt, dd-wrt, buffalo, netgear, linksys, etc.

Along the way we participated in the homenet working group to prove
out their ideas, (or disprove them),
with running code working in the real world.

Moving forward: after this release of cerowrt, well, all the above was
originally contingent on funding. We never got much.

So we limp and labor along with a wonderful group of concerned
volunteers in the hope that someone with pockets will notice we're
changing the world here... but even without funding, we're going to
fix all this stuff anyway. Eventually.

And everyone will benefit. Eventually.

Immediately after this release, I'm taking a BIG vacation, however.

-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html