SSL Certificates on Private Networks with the EdgeRouter

These days it seems like every device on my home network has its own web server. Some of the devices have SSL enabled on them and force you to use them (http requests are redirected to https); this isn't bad, but since the sites are accessed with an IP address or a local name (using Bonjour), browsers always give a warning about a domain name mismatch. For those that don't know, when you connect to a secure site, the browser checks the domain name you entered with that of the certificate; if they don't match, it could indicate that someone is trying to spoof the site. You can either ignore the warning or you can choose the option to always trust the certificate. The latter method is what I usually do, but it just doesn't feel right and there could be security issues with this method.

Since I purchased a wildcard SSL certificate for my domain, I thought there must be a way to use it and not get browser warnings or have to accept the certificate. While browsing the forums for my EdgeRouter Lite, I stumbled upon a command that lets me basically override DNS entries. I could have setup DNS entries such as mydevice-internal.gruby.com and setup a private IP address (10.0.1.200) on my DNS provider, it isn't a good idea to pollute DNS with private addresses and I'm not even sure my provider's system would have allowed it.

The forums indicated I could do the following:

    configure
    set system static-host-mapping host-name mydevice-internal.gruby.com inet 10.0.1.200
    commit
    save

This simple command tells the EdgeRouter Lite's caching DNS server to return this entry prior to using real DNS servers. I setup the SSL certificate on a few of my internal boxes, used that command and now I use https://mydevice-internal.gruby.com to securely access the devices and no longer get browser warnings.

The EdgeRouter Lite has so many options that I'm just starting to scratch the surface on them and how I can use them!

Could we get Internet choice in San Diego?

Today Google announced that they are exploring bringing Fiber to San Diego. This is excellent news, but it will be a long time before anything actually happens. With Time Warner Cable bringing 300 Mbps/20Mbps connections to us later this year and possibly having gigabit from Google, consumers may actually have a choice in San Diego.

I'm not holding my breath that we'll get Google Fiber here because we are a large city with aging infrastructure in many areas (in my neighborhood, we don't have power cables in conduit and I suspect that we don't have conduit in the street for cable or telephone). Also as my son correctly pointed out, San Diego has cable franchise agreements with Time Warner Cable north of Interstate 8 and with Cox Communications south of Interstate 8. Why would Google Fiber be different than cable? It would provide the same services that cable provides, telephone, Internet, and TV. I suspect that the city council would have to do something about the franchise agreements.

I'm crossing my fingers that Google Fiber will come, but in the meantime barring any problems with Time Warner Cable, I'll be getting 200 Mbps service in a few months.

Conserve like every day is hot

San Diego has been experiencing a major heat wave and our local utility, SDG&E, has asked people to conserve electricity so that the grid isn't taxed too much. If people sign up for "Reduce Your Use" rewards, SDG&E will pay people if they use a certain amount less than normal at peak times. This annoys me to no end as I conserve everyday and can't conserve any more. We use ceiling fans all the time, turn off lights in rooms we're not using, run appliances at non-peak times, installed high efficiency appliances and lights, etc.

Our house has gotten so hot, that I had no choice but to turn on the air conditioning. When the house hit 88 degrees today, I set the temperature to 76, but the house only reached 83 before I turned it off. I work from home and stand under a fan all day; this keeps me reasonably comfortable so I don't run the air too much. When I've left the house, I close the downstairs windows and leave fans on for the dog. It has been so hot this week, that I had to turn on the air conditioning for the dog.

So I definitely won't be getting credit for conserving during these really hot days because I already conserve! Yes, my reward is I pay less for electricity, but providing people extra incentives to conserve when they should conserve all the time anyway rubs me the wrong way.

Wireless Link Becoming Limiting Factor

I've been experimenting with WiFi access points in the past few weeks and have tested the performance of the wireless link. The max speed of 802.11 n (most of my devices are n devices with a few ac and even a g device or two) is 300 Mbps or 450 Mbps depending on the number of antennas. That may sound fast, but actual performance is a lot less than that and in my testing, I was able to get about 225 Mbps using Iperf. Usually I can get between 50 and 150 Mbps. That should be plenty fast enough to max out many Internet connections; I currently pay for 50 Mbps down/5 Mbps up.

At the end of November, Time Warner Cable should be rolling out its MAXX service here in San Diego and will have a maximum speed of 300 Mbps down/20 Mbps up. I'll be opting for 200/20 which will lower my bill each month at the same time quadrupling my Internet speed. So where does that put me? That would put my wireless link at about the same speed as my Internet service! I really didn't think this day would come where the airlink can't keep up with my Internet. Of course all these speeds are theoretical and performance will varying depending on conditions, but it now becomes even more important to tune my WiFi network in order to get the most performance out of it otherwise I could be paying for Internet speeds that I can't use.