Author: Scott Gruby

Posted on

EdgeRouter Lite and VPN Connections

When I was going through a variety of routers before I ended up with the EdgeRouter Lite, I found that my connection to my work VPN would drop several times a day which became quite annoying. The connection was a standard Cisco IPSec VPN connection using the built in Mac VPN Client. I’ve setup VPNs before (site to site using Cisco boxes) as well as a VPN Server (OS X), so I do have some experience with VPNs. I tried to tweak settings (OS X’s VPN client is built on top of raccoon) to no avail.

After I setup the EdgeRouter Lite, I tried to connect to my VPN and found that the VPN (except for 1 day) remained connected for the entire day! This was great news and is likely due to how the router handles NAT. For people that work from home, maintaining a connection to a VPN is absolutely vital. Some router manufacturers might not care much about this as they figure that home users don’t use VPNs; this is an oversight that I’m glad the enterprise grade EdgeRouter Lite handles well.

Yet another reason that I’m pleased with the EdgeRouter Lite.

Posted on

Review: Ubiquiti Networks EdgeRouter Lite

Earlier this year I started to have problems with my Internet connection. As most people do, I blamed my cable company. I filed a trouble ticket and a technician came out. He checked the signals, replaced a few connectors and called it good. After he came out, I still experienced blips where I completely lost connectivity for up to 30 seconds. The tech suggested I try replacing my router. As I’ve never had problems with Apple routers (I have a Time Capsule), I basically said “whatever”.

While I still wanted to blame the cable company, I went ahead and order a TP-Link Archer 8 router from Costco.com to give it a whirl. The router was easy to setup and I had it running for a week. After about a week, the web UI stopped responding and required a reboot; support had no idea why and just suggested I reboot the router when it happened. I didn’t like that answer as I like routers to just work, so I returned it to Costco. (Another issue I had with it is that it had an on/off switch; there doesn’t need to be a power switch on a router.) Other than the web UI not responding, it seemed to work well for the week I used it.

I decided to take a stab at another router; this one was a Netgear router that I bought at the Costco store. Configuration was easy (and it did have a power switch which I didn’t like) and it ran for about a day before the 2.4 GHz network stopped responding and required a reboot. This was not good as my son was quite upset that his Squeezebox Radio wouldn’t work when he got up. This router didn’t get a second chance and went right back to Costco.

My luck was kind of running out with routers. I remembered that I had backed the Securifi Almond+ on Kickstarter and I had it sitting on my shelf. I fired it up to use as a router. Setup, like the others, was easy and I was up and running. I went through a few software updates and it performed quite well for well over 2 months. I didn’t, however, take the last few software updates as there were reports of problems with them. I had wanted an integrated automation hub/router, but the automation stuff isn’t up to what I want, yet.

A colleague and I had been discussing routers over this whole time and we were both convinced that the Apple AirPort Extreme/Time Capsule wasn’t the fastest router. (Routers have processors in them and have to make decisions about where each packet goes; the more traffic going through the network and the more devices, the more processing power a router needs.) He had been reading about the Ubiquiti Networks EdgeRouter Lite and decided to pick one up. The router is less than $100 and is only a router and not a WiFi access point.

I’ve used a Ubiquiti Networks access point in the past and the performance for price was phenomenal. When my colleague got his router and started using it, I got a text that said “Holy cow, this router is fast!”. He’s on a 75 Mbps/75 Mbps FIOS connection. A few days after he got the router, I decided to bite the bullet and get one.

This router is definitely not a router for the average consumer. As I’ve configured Linux networking for almost 20 years, I wasn’t intimidated by the box. The web UI on this is much better than any other web UI I’ve seen for a device like this. It has pretty graphs and the latest firmware uses deep packet inspection (DPI) to show you the bandwidth used by each device and what services the devices are using. Initial setup was a little trickier as I had to upgrade the firmware (new firmware came out the day before I received mine), add a new admin user, figure out which wizard to use, and change a few network settings. This router has 3 ports; it is NOT a switch, so the 3 ports are designed for 3 separate network interfaces. One interface is the WAN (cable modem) while the other 2 are for separate LANs. I configured 1 LAN for my home network and the other LAN for my Ooma; no real reason to separate the Ooma, but I had the port available and I can monitor bandwidth for it separately.

While everything worked fine for my wired network, I had to reconfigure my Time Capsule to simply be a wireless access point which wasn’t hard.

Screen Shot 2015 07 09 at 4 49 46 PM

After the setup, I was pleased as punch with the graphs and the performance was quite snappy for accessing web pages. While most people would be done and happy, I wasn’t content! I wanted to get my guest WiFi network working. In a separate post, I’ve written about the experience.

Now my router has been running for 1 week without any hiccups. I’ve done some reconfiguring, but have not had to restart the router. This is NOT common in the consumer routers I’ve touched, but is very much UNIX like where you can bring network interfaces down and then back up. This router has so many options that I’ve only scratched the surface on what it can do. It is definitely a geek’s tool.

Screen Shot 2015 07 09 at 4 51 37 PM

Pros

  • Very fast router.
  • Excellent web user interface.
  • Extremely flexible (VLANs, VPNs, etc.)
  • Vibrant user community.
  • Well supported with firmware updates.

Cons

  • Some pieces are not very user friendly.
  • Command line need to configure some things.
  • Not a full fledged switch, so a separate switch will be needed.
  • Not a WiFi access point, so a separate WiFi access point is needed.
  • Limited documentation.

Summary

This router is an excellent router for someone that has a networking background and likes to tinker. The configurations are endless and can be tuned to the needs of almost any small setup. It is NOT a consumer router. For my uses, it is excellent and appears to be quite stable. The performance is more than I can ask for on my 50 Mbps/5 Mbps connection and I wish I had more bandwidth to really put this router through its paces.

I am looking forward to the web UI enhanced for IPv6 when that is rolled out. While the router handles IPv6 through the command line, there are only a few pieces in the web UI to support it. If Ubiquiti keeps up with the firmware, I expect to see this in the future.

If you have a really fast connection and feel that your router isn’t snappy, something like this router could be the ticket. However, don’t get this expecting it to be completely plug and play. If you have never used ipfilter or similar firewall tool and don’t know what to do with separate ethernet interfaces named eth0, eth1, and eth2, stay far away from this router.

Posted on

Setting up a guest network with the EdgeRouter Lite

I recently purchased a Ubiquiti Networks EdgeRouter Lite to act as the router to my home network. As this box is only a router and not a WiFi access point, I’m using my Apple Time Capsule as an access point. By doing this and not using the Time Capsule, I lost the ability to have a separate guest network that wouldn’t interact with my main network and wouldn’t have access to my internal resources. After a bit of searching, I found out that the Time Capsule (and Airport Extreme)’s guest network uses a VLAN tag of 1003. A VLAN is a virtual LAN designed to separate traffic without physically separating it. I knew that the EdgeRouter Lite was extremely powerful and could do all kinds of wacky things with a VLAN; the question was just how could I do it.

I’ve been dabbling with Linux networking for almost 20 years, so firewall, DNS, DHCP, etc. don’t scare me. It was just a matter of putting the right pieces in the right places without having to resort to the command line.

Here’s what I did:

  1. From the Dashboard, click Add Interface and select VLAN.

    Screen Shot 2015 07 05 at 1 59 24 PM

  2. Set up the VLAN as 1003 and attach it to the physical interface of your LAN. Give it an IP address in the range of a private IP block, but make sure you end it in a /24 to specify the proper subnet (I originally did /32 as I though it was supposed to be the exact IP address).

    Screen Shot 2015 07 05 at 1 59 56 PM

  3. Click on the Services tab. Click Add DHCP Server. Set it up similar to the image below.

    Screen Shot 2015 07 05 at 2 00 48 PM

  4. Click on the DNS tab under services. Click Add Listen interface and select the VLAN interface. Make sure you hit save.

    Screen Shot 2015 07 05 at 2 01 25 PM

At this point, you should be able to connect to your Guest Network and connect to the Internet. However, you’ll be able to access the EdgeRouter as well as other devices on your LAN. Next thing you have to do is secure the VLAN.

  1. Click on Firewall/NAT and then click on Add Ruleset. This is for packets coming into the router destined for somewhere else (not the router). Set up the default policy for Accept. Click Save.

    Screen Shot 2015 07 05 at 5 00 24 PM

  2. From the Actions menu next to the Ruleset, click Interfaces.

    Screen Shot 2015 07 05 at 5 11 50 PM

  3. Select your VLAN interface and the in direction.

    Screen Shot 2015 07 05 at 5 12 44 PM

  4. Click Rules and then Add New Rule. Click on Basic and name it LAN. Select Drop as the Action.

    Screen Shot 2015 07 05 at 5 14 38 PM

  5. Click Destination and enter 10.0.1.0/24 or whatever your LAN IP range is. Then click Save. This will drop all packets from the VLAN destined for your LAN. Save.

    Screen Shot 2015 07 05 at 5 14 52 PM

  6. Repeat 1 and 2 above (name it GUEST_LOCAL). From the Interface, select the VLAN interface and the local direction. However, set up the default policy as Drop.

  7. Add a new rule. Set it to Accept on UDP port 53.

    Screen Shot 2015 07 05 at 5 18 22 PM
    Screen Shot 2015 07 05 at 5 18 28 PM

  8. Save.

Now you can test this by connecting to the guest network and accessing the Internet. Then try connecting to a device on your LAN or connecting to the EdgeRouter Lite. Both actions should fail.

I’ve tested this and it is working well on my network; if I’ve missed anything, please let me know!

Posted on

Fixing my faucet, a year and a half later

When we were remodeling our house, we had to pick everything, including the kitchen sink! My wife and I went shopping for a kitchen faucet months before it was ready to be installed so that we could get it ordered and get it out of the way. We wanted a detachable sprayer and wanted it in stainless steel. We went to our local Pacific Sales and looked at all the kitchen faucets (and there were a ton). The one feature we hated on just about all of them was that the detachable spray heads were made out of plastic while the rest of the faucet was made out of stainless steel (or at least some type of metal). The plastic would chip, change color or just not hold up based on past experience. Even though many consumer faucets carry a lifetime warranty, I didn’t want to deal with that (been there, done that).

We stumbled across the Brizo Solna (made by Delta) and thought that the hidden spray head was great as the plastic for the spray head wouldn’t been seen. We ordered it and then picked it up a few weeks later (or so). The plumber installed it when we were ready and that was that. A few days after it was installed (the plumber was still around doing something), I asked the plumber why the spray head wasn’t flush and didn’t retract well and he said it had to do with the weight on the hose and the position of the pipes. Oh well, I guessed I’d have to live with it even though it wasn’t quite a clean look.

A few months ago, I discovered that if I pushed the spray head all the way up into the faucet it would stay. It seemed a little clunky, but it was better than what we had before. This evening, I noticed that the spray head was no longer staying, so I started pushing on a tab to see what would happen and discovered that the MagneDock® magnet was stuck to the spray head when it should have been in the faucet.

Now things were starting to make sense; the MagneDock® piece was never seated properly and I had to get it back in place. I took the neck of the faucet off and the spray head. I then started pushing the magnet back in place. I pushed it down with the handle of a pair of pliers and presto, it stuck. I tried the spray head and it clicked into place; I pulled it off and tried again. Holy cow, I had been living with this problem for 1.5 years and never even thought of investigating it.

So after I put everything back together, I tried again and just like magic, the spray head clicked back into place. Looking at the assembly instructions, it indicated that the magnet was part of the neck, but that it wasn’t a separate piece. I almost feel like an idiot that I didn’t figure this out for so long, but the good news is that I figured it out and as pleased as punch that I feel like I have a new faucet!

Posted on

No longer feel safe in my own home

Today marks a kind of sad day for me; I no longer feel safe in my own home. The short term vacation rental next door has changed my whole sense of safety and security. The owner/operator has decided that money matters more than the neighborhood and rents it out to whoever will pay the asking price. This weekend it was a group of students on spring break. They have no respect for the neighborhood and have been loud. Last night we called the police and the noise quieted down; this morning, we saw them smoking pot in the backyard (they can see into our backyard and we can see into their backyard). Police responded and at least one of them had a medical marijuana card, so there was nothing the police could do. (Apparently police no longer deal with misdemeanor drug possession.)

As I was walking the dog, I got a frantic call from my wife that some guy named Rob was banging on our door demanding to come in. I turned around and hurried back. When I got home, I went inside and then came out again only to see “Rob” walking out from our side yard. I yelled at him and told him to get off our property. I saw him walk down the street the wrong way (not towards the rental) and instantly knew he was drunk (can you say public drunkenness?). I then walked down the street to see where he was going next. He went to my neighbor’s house and then the next neighbor trying to get in. I walked back and stopped in front of my neighbor’s house; I saw him again bang on my neighbor’s door (who wasn’t home) and Rob insisted that he was renting the place. I told him he wasn’t and to get off the property. (I sent that neighbor a picture of Rob on his property.)

My wife was on hold with the police for 11 minutes and when she finally got through, the dispatcher wouldn’t send officers because the guy was no longer on our property and was inside a residence.

The owners/operators talk about this being managed by “bad apples”; the problem is that some of the people turning to vacation rentals as mini-hotels (just the properties that are used exclusively for short term vacation rentals) are in it only for the money. If they weren’t, they’d be renting out the properties on a long term basis.

While the city council’s Smart Growth and Land Use Committee is bringing this up on April 22nd, I fear that anything they decide to do will be reactionary and allow this behavior to continue. If the police can’t respond fast enough (they are already under staffed), how can these problems be witnessed and documented? It becomes a case of neighbor saying one thing and no one listening. (Video evidence doesn’t appear to count in this case.)

Change needs to happen now; these mini-hotels have to go. If nothing is done about these, what are my options to keeping my sanity? Move? Where do I go? If I move, I kick the problem down the road to my nice neighbors. How many more days/nights will I have to put up with this? Will someone knock on my door at 3 am and scare the crap out of me? Will some drunk person vandalize my house? Every weekend I fear what will be coming next; this is a horrible way to live.

To all those that claim property rights and that people should be able to do what they want with their properties, live next to a mini-hotel for awhile and feel what it is like to have no idea if the renters will be respectful or you’ll have to call the police.

(As a side note, I hate to call the police, but my options are limited. My neighbor only wants to do short term rentals and there is no way that he can (or will) vet everyone that stays. One person rents and brings 10 friends.)

Rob

Posted on

Installing a Car Stereo

About 10 years ago, I bought a Parrot CK3100 to install in my 2003 Toyota Highlander as I wanted to be able to answer the phone while driving if my wife called me. I was unable to figure out how to install it, so I returned it. I think about a year later, I bought the car kit again and tried again.

This time, however, I was determined to install it. It turns out the tricky part of installing the car kit was the factory amplifier I had, so I decided to put in a marine speaker and put it under the center console. The install was still tricky, but I managed to get it working.

The car kit worked OK, but the audio quality was never great due to the location of the speaker as well as the type of speaker. It survived a number of phones from different manufacturers and worked decently with my iPhones. However, in the last year or so, I’ve found the connection less than stable and would fail to connect quite often. It was annoying, but I didn’t think much of it.

Last week, I had a business trip where I had to drive to Orange County (I haven’t driven for work in years). On the way up, I used Navigon for navigation; normally it routes the navigation audio through the car kit, but due to the connection issues, it didn’t work well. So I turned up the volume and it continued to navigate. However, Navigon crashed and I didn’t want to pull over to figure out where to exit. I used Siri to navigate to my destination and all was good (a bit hard to hear as the audio was coming out of the phone’s speaker, but doable). On my way home from the trip, my wife was texting me about road conditions and since my car kit wasn’t working, I had to put in a headset and used Siri to read the messages.

When I got back, I wanted to find a solution to this and started looking at new stereos (something I’ve never done in my life) and found an inexpensive Pioneer one. I’ve always heard good things about Crutchfield and their support. I ordered the unit along with all the install pieces. I spent the time waiting for the stereo to study the install instructions and they were as clear as mud. I am an engineer, so how hard could it be?

Since I had a factory amplifier, Crutchfield had a Scosche SLC-4 Line Output Converter as a recommended install accessory. Using the included wiring harness and line output converter, I wired everything up and thought it would be a piece of cake (I soldered all the connections, used shrink wrap tubing on the connections, and tightened the screws on the SLC-4.

The rest of the install was pretty easy and I was pleased with my work until I turned it on. There was static (not a hum) on the speakers and even a connection from my phone (to rule out the radio noise) didn’t help. I checked all the connections and nothing helped. I studied the diagrams again and took a chance hooking all the ground wires together; the diagrams had the ground for the amp separate from the chassis ground so I had connected the ground for the Line Output Converter to the amplifier ground. What I didn’t realize is that the amplifier needed to be grounded to the stereo. After this change, the stereo worked great!

There is a reason there are so many installers for car stereos; there are far too many combinations to have instructions for all of them. While the Crutchfield instructions were an OK start, they are definitely not for the novice. I was just lucky because I have a basic understanding of electronics as well as being determined.

I’ve learned a bit and am extremely pleased with my handy work. I’m also amazed at how inexpensive car stereos are and how much they do these days; my new stereo does everything my old one did (OK, it doesn’t have a CD changer that I never used nor a tape deck that I didn’t use either) and has all the pieces of a Bluetooth car kit.

Posted on

Learning about Surround Sound

During our recent vacation, I happened to hear rear speakers on a 5.1 surround sound system and was intrigued by it. I’m not an audiophile nor do I have a home theater system. I do have a TV and a sound bar in our living room. So I decided to try out a Vizio 38 inch sound bar. Setting it up was quite easy and the wireless subwoofer/rear speakers fit perfectly in my living room. This post, however, isn’t a review on this sound bar.

After hooking everything up, I only heard stereo sound and was confused as to why I didn’t hear surround sound even though I read that Netflix (my test content) had 5.1 surround sound content. I read a bit about this and saw that there were settings in the Roku box to turn on Dolby Digital and DTS. The sound bar handles DTS and Dolby Digital, but not Dolby Digital+. I chose Dobly Digital+ and DTS only as it was close enough. Still no go; I started futzing with the TV as I had also read that my TV (a Vizio) did pass through of audio, so the Roku should pass the audio to the TV and then to the sound bar via the optical out.

My TV had PCM and Bitstream audio out. I had never heard of Bitstream, but the TV was set to PCM, so I chose Bitstream. I went back to Netflix on the Roku and magically I saw content have a 5.1 badge next to it! It was a miracle (OK, not quite). I played some content and it was pretty cool to hear the audio behind me as well as the sound through the subwoofer.

So, it appears that anyone that wants to have a home theater work properly or just have surround sound needs to learn a new language (audio encoding/encoding) as well as futz with all the settings. My guess is that there are only a small percentage of people with these systems that actually have them working properly.

(Another part of this puzzle was getting the TV shows we record to properly export them and preserve the audio encoding; EyeTV’s export mechanism to MP4 converts audio to stereo even if the over-the-air format is 5.1. I did manage to figure this out, it it isn’t for the faint of heart and required a lot of futzing.)

Posted on

Traveling without a laptop

I recently went on vacaton with my family and for my electronic gear, I only took my iPhone and iPad. It got me thinking how long it has been since I traveled with a laptop for personal trips. Several years ago, when I first got an iPad, I tried just using it for trips, but felt like my hands were tied behind my back. Over the last few years, I’ve found that while my laptop is a bit easier to use with the bigger screen and bigger keyboard, for most of my needs on the road, I consume content (web, books, movies, etc.).

On this last trip, I found that I still needed to connect to my server as well as back to my home network, With Prompt from Panic, I was easily able to SSH into my server and tweak server settings. In addition, I used a VPN and Screens to control my server at home. I also used Remote Patrol to look at the cameras on my house.

When I got home, I decided to get a keyboard for my iPad to complete my setup. Now it is easier for me to not just comsune content, but also to compose.

The only major things I can’t do when I travel is write code (I still do some personal projects here and there) and keep up with my accounting. Both are pretty minor and I’m quite pleased at not having to travel with a computer for personal trips; it kind of feels liberating.

The iPad is an excellent tool and as many people have already written, the iPad can be the primary computer for many.

Posted on

Surveillance Camera Setup

Last week I was asked on 4 separate occasions what I use for my surveillance cameras. While this is usually a simple answer for most, it isn’t for me. My system wasn’t the cheapest, easiest to put together, or operate, but I like having control and being able to select my components. Since my cameras are clearly visible on my house, I’m not giving away any secrets about them.

So here it goes.

I have Q-See QCN7001B IP cameras (they appear to have been replaced by the Q-See QCN7005B). These cameras are PoE (Power over Ethernet) so that there is only one cable going from the camera to a PoE switch. These are 720p cameras with IR capability. The picture is pretty clear and the night vision is very good. They’ve been up for almost 2 years without any problems.

The cameras are hard wired (when we renovated our house, I was able to run all the wires in the walls back into an equipment closet) into a Cisco SG 300-10P PoE switch. While the switch is managed, I don’t use any of the management capabilities. When I was shopping around, there weren’t many rack mount PoE switches available without a fan.

Since I already run a Mac Mini as a server (media, video, build server), I wanted to record all the video onto that; this reduces the need for a separate device, gives me a choice of software to record, as well as keep noise and power consumption down. On the Mac Mini, I run SecuritySpy. It isn’t the prettiest piece of software, but it works well and has the options I need for rolling over video, recording stills, etc. It also has a web interface if I wanted to use that and port forward through my router.

For remote access to SecuritySpy, I use an app called Remote Patrol on my iPhone as well as iPad. There is a bit of configuration involved here, but it wasn’t difficult for me.

So what does this setup (which isn’t cheap) buy me over an off the shelf solution? Well, it allows me to easily backup all the video and configuration (just use a standard Mac backup program like SuperDuper!, it allows me to run a very energy efficient recording device (the Mac Mini is pretty efficient in terms of power usage compared to a standalone box), and I can swap out my cameras at any time (that’s a huge reason to use PoE over any other type of camera).

What do I lose with my setup? Ease of installation is a big one and easy of use (that may be debatable as I’ve seen the interface for one at my parents’ condo). It also requires me to handle all the backups which a cloud based solution has that under control for you.

I definitely wouldn’t recommend this to the average consumer and am, in fact, looking for something to recommend.

Posted on

Review: Logitech Ultrathin Keyboard Cover

Last week a friend of mine came to visit and during some downtime, he had a Logitech Ultrathin Keyboard Cover. (His was for a larger iPad.) I thought it looked interesting and decided to get one for my iPad mini. Of course, I neglected to realize that the keyboard would be a lot smaller because it was for an iPad mini, doh!

When the keyboard arrived, I was impressed with how little bulk it added and really like how the keyboard sits in the stand. As a cover and a stand, the keyboard cover works well. The keyboard is a little small for touch typists, but after a few days, I’m starting to get used to it and am, in fact, writing this review using the keyboard. The biggest problem I’m finding is that I feel like the keyboard is shifted slightly offset from center causing me to shift my hands. The smaller keys aren’t for everyone, but I’m finding that I can fairly easily type on it while it is on my lap or on a desk,

It is easy to forget that it is a Bluetooth keyboard and has to be charged. Logitech estimates that with 2 hours per day usage, you can get about 3 months of usage. Unfortunately the only way you know the power level is to wait until the power light blinks and at that point, it is down to 5%. The cover uses magnets like the smart cover to turn the iPad on/off when the cover is opened and closed which is clever as I’ve only seen it in Apple’s covers. In addition, it uses magents to hold the iPad in the stand.

Pros

  • Compact.
  • Provides a protective cover for the iPad.
  • Rechargeable.
  • Connects easily to the iPad.
  • The keys have enough travel for typing.

Cons

  • It is a little small and may be hard for some people to type. (The one for the other iPads will be different.)
  • Keys appear to be shifted which can make it hard to type.
  • No indicator for battery remaining.

Summary

The Logitech Ultrathin Keyboard Cover is going to be an excellent addition to my iPad mini and make it even easier to leave my laptop behind on trips or to leave it in my office at night when I want to write. If you have big hands and use an iPad mini, I suspect that this keyboard won’t be a good choice for you. For a bigger iPad, the keyboard will, of course, be larger and easier to use. At the list price of $70, I think this could be overpriced. However, I got mine off Amazon as an openbox item for $32 and for that price, I think it was a good purchase. This week my personal MacBook Pro is going in for repair (it is part of Apple’s extended warranty program for graphics card issues) and this keyboard is going to help me with my computer withdrawl :-).

For other iPads, the versions of the keyboard may prove to be easier to use, so if you’re looking to make your iPad your only computer or a travel device, you should definitely check out this keyboard.