D-Link DIR AP and IPv6

Posted on April 29, 2018 by gawen

If you have one of those very common D-Link DIR WiFi router/AP (such as the DIR-605L rev B2), you should know that they don’t get very well with IPv6. At least the vendor firmware doesn’t. Probably most people around here don’t even know and probably don’t even care. But that’s really no good 🙁

Apparently not all IPv6 messages seem to get through. ICMP6 echo-request on link-local addresses are not a problem. However RS messages between Ethernet ports don’t always get through. Here is a little diagram of what goes through and what doesn’t:

This was tested with FreeBSD 11.1-RELEASE-p9 and Debian 9.4.0 and on two different hosts (my trusty ol’ ThinkPad X201 and a homemade station with a Ralink Ethernet card). Still a lot of packets to test though. Don’t know if IPv6 packets themselves go through or not. However RS/RA don’t and that’s sufficient to make IPv6 completely unusable.

I will update the figure above when I know more. Although that may be never, don’t know yet. One solution would be to upgrade the firmware to either DD-WRT or Tomato router. However those are not supporter on the DIR 605L rev B2. Also this was supposed to be a replacement and we already bought a much better alternative.

FreeBSD on Intel Broadwell

Posted on April 21, 2018 by gawen

Around two years ago I posted about using FreeBSD 10 on the X250. A great deal has happened since then.

It is now possible to use the Intel Broadwell integrated graphic card (among others) under ~~FreeBSD-CURRENT~~ FreeBSD-STABLE! Also if I’m right, this will be integrated in FreeBSD 11.2-RELEASE. What a great day it is for FreeBSD on the desktop. I bet FreeBSD 12 will be truly great!

Note that it works much better on STABLE now than CURRENT because CURRENT is -well- not that stable…

So if you want to try this now, what you first need to do is to upgrade to the STABLE branch. For this you need to fetch the source, buildworld, buildkernel and installworld. Here is a very quick tuto (that you may need to adapt though). You can also find this here.

# Don't forget to upgrade RELEASE # in any case that there were any bugs in the building tools. freebsd-update fetch freebsd-update install reboot freebsd-update install


# Replace the current source tree with STABLE.

mv /usr/src /usr/src-RELEASE

svn checkout svn://svn.freebsd.org/base/stable/11 /usr/src
# Build! Build! Build!

cd /usr/src

make buildworld -j4
# Customize (while you are at it) and build STABLE kernel.

cd /usr/src/sys/amd64/conf

cp GENERIC {YOUR-CONF}

vim {YOUR-CONF}

cd /usr/src

make buildkernel KERNCONF={YOUR-CONF}

make installkernel KERNCONF={YOUR-CONF}

reboot

# Now it's time to install world over the new kernel. # In the meantime we also update configuration files # with mergemaster. mergemaster -p cd /usr/src make installworld mergemaster -Ui reboot

Now that your are on the latest STABLE, you can update the ports tree and install drm-next.

# Install ports tree if needed. portsnap fetch portsnap extract

# Install drm-next. cd /usr/ports/graphics/drm-next-kmod make install clean

Finally you must tell rc.conf to use the new i915 module instead. That is, add in /etc/rc.conf:

kld_list="/boot/modules/i915kms.ko"

Just one final reboot and you are done! Test this with the xorg and mesa-demos ports. Just startx from your user and check /var/log/Xorg.0.log to see if the intel driver was correctly loaded.

Easter Bunny

Aside

We might not have April fool fishes, but we got buns instead.

Portable C64

Posted on March 29, 2018 by gawen

This is my new portable C64, at least the screen part is. It is convenient not having to carry a several kilograms CRT. Although maybe it is a bit overkill.

Alternatives

Status

Trying to weight the pros and cons between two alternatives.
Several hours later, I now have three alternatives.
I’m not good at this…

Samba denied on FreeNAS

Posted on March 20, 2018 by gawen

If you recently discovered that some of your authenticated samba shares on your FreeNAS refuse to well authenticate. And maybe you did your own investigation and found that it failed with NT_STATUS_NO_SUCH_USER. Do not worry, you are not alone!

From what I understand, the last update changed the constraints on the user accounts metadata. In particular it seems that the E-Mail field must now point to a real e-mail address (something@domain) and cannot just be an alias to another local user.

Don’t know if that’s intended or not or why it would be. Going to IRC right now to find out.

Long story short, users that don’t match the new constraints are not recognized anymore by samba (and probably other services too), hence the permission denied and NT_STATUS_NO_SUCH_USER. So for those user using a local alias as E-Mail, use a fully qualified E-Mail. That will fix the shares. However it seems that "user"@localhost doesn’t work either. And you will also have to retype their password.

Wrong OS version in pkg

Posted on March 7, 2018 by gawen

If FreeBSD’s pkg refuses to update because of a wrong OS version, for example because you are in a FreeNAS jail and version mismatch are bound to happen, then you can always try to force the OS version in pkg (which you can find with uname -UK. Either put OSVERSION={{version}} in /usr/local/etc/pkg.conf or start it with pkg -o OSVERSION={{version}} where {{version}} is the target version, for example 1101001.

Today’s movie: Une part d’ombre

Posted on March 3, 2018 by gawen

We had the occasion to assist to the premiere of Une part d’Ombre a Belgian film by Samuel Tilman with Fabrizio Rongione, Natacha Régnier, Baptiste Lalieu, among others. Going there without knowing what to expect, this ended up being a unique and pleasant surprise.

It’s a movie about trust, the social contract that we build upon it which transcends all our relationships and the subjective value that people are willing to give to them. How things left unsaid rot the most obvious friendship and love and the fact that we cannot (most of the time) do a single thing about it. We just got to let it trough, even though the rambling mistrust breaks everything into its wrath and we know for sure than nothing will ever be the same.

It was amazing how after discussing the movie we could all reflect on this. We all had those stories of break up, circle of friends or family exploding because some could not live up to what was that we define as us. But it’s part of the human chore. Apparently many of us suck at relationships. We’ve just got to deal with it and try for ourselves to be among those we’d call human.

Still it may be a bit of our fault. Because there are many of those things that we don’t say either. Because we think wrongly that it would be better to keep our share of shade for the the sake of our beloved ones and the sacred things that lay between us. Maybe many of these situations would be a heck of a lot simpler if we could just at times lay our cards on the table and for others to accept our pledge of honesty.

And that’s the really important message from this movie. That at times, we’ve got to look into others eyes, and say “trust me”, and reciprocally for ourselves to say to them, I accept and trust you, it’s up to you to trust me in that. Because surely without that everything fall, sooner or later, into a bunch of ashes.

Sshguard, PF and FreeBSD

Posted on March 2, 2018 by gawen

We recently had a problem with sshguard. Some IP that were blocked were still able to send packets through because the associated states were not killed properly with pfctl -k $ip. We used an older version until then, so I just did an upgrade to the latest port.

From this point however sshguard did not block anything anymore. In fact it didn’t recognize the correct backend to use to block those IP. Not sure if we always have to specify it manually in the configuration or if there is some kind of broken-autodetect. But you can force the backend inside the configuration file in /usr/local/etc/sshguard.conf (see /usr/local/etc/sshguard.conf.sample):

BACKEND="/usr/local/libexec/sshg-fw-pf"

Gawen's blog

Enjoy life, one bit at a time.