Bob Beck Interview on OpenBSD, libTLS, LibreSSL with Tom Smyth at EuroBSDCon 2018



Bob Beck shares his experience of participating in the OpenBSD project. He patiently discusses aspects of the project he likes and enlightens us about the some of the methodologies OpenBSD use to root out bugs in the OS / general Eco System. Thanks Bob.

Join the patron only slack at http://patreon.com/thebrotherswisp

Here’s the video:(if you don’t see it, hit refresh)

The Brothers WISP 101 – Cheap OTDR, UBNT Data Collection, IPv6 Tracing



This week Greg,Tomas, Nick, and Tommy talk about networking and listen to traffic driving by Tomas’ house.

This week we talk about:
– George A had a cheap SM OTDR he likes…I wonder if he still does?
– Use caution with cambium 3000s and it looks like 4.4.2 firmware is “pretty good” so far.
Several of us have played with the Mikrotik Audience so far: Review sample from ISPSupplies!
– IPv6 tracing – imcpv6 vs. udp
– Unifi LTE – LTE gateway
– Unifi Dream Machine – new router AP for the house
– Ubiquiti UAP-Beacon HD mesh AP
– UBNT stealthily enables data collection
– Why does Nick B maintain so many random domains?
– Tomas is introducing a “Linux-desktop-only” policy at Unimus – should be fun times…

Here’s the video:(if you don’t see it, hit refresh)

MikroTik Audience – review and teardown

I was fortunate enough to get my hands on a pair of MikroTik Audience devices to put through their paces. The Audience is a new device from MikroTik, and perhaps one of the first I’ve seen that is specifically targeted to a home environment, with the stylish exterior designed not just to be a wireless powerhouse but look suitable to be placed on a shelf and give a better connectivity experience to boot.

can’t do meshing with just one..

First impressions

MikroTik are hitting some home runs with design and professionalism recently. This seems like the next step in the evolution from wAP form factor and Wireless Wire kit we have the Audience – and upgrade to both router design and packaging, opening the Audiences is more akin to an apple unboxing than anything else to come out of Mikrotik. Sure it’s nice that the boxing is still relatively simple and recyclable, but it LOOKS like what you’d expect a high end home router to look like; and I’d have no trouble selling this to someone as an upgrade on whatever they’re using now (it really is, but we’ll get to this..).

Teardown

Because I’m a heartless bastard and I know so many Latvians worked for years to create this device, I had to take one of them apart straight away before powering it up. More importantly, I had to try and do this without breaking anything, because I have to put it back together and test it afterwards. Easier said than done, but possible!

Check out the gallery of photos below with instructions on how to disassemble the device, if you’re that way inclined.

Performance

Onto the performance, this device has quad core 716MHz CPU which can be pushed as high as 896MHz (if you’re the sort of person who feels the need to overclock your router) or as low as 488MHz if you plan on the heatsink being a paperweight. During my testing I was unable to max out CPU utilisation while performing any basic routing or wireless functions and as per MikroTik’s testing this should be capable of a few hundred megabits of IPSec encrypted traffic if you have need of it. There are 3 distinct wireless cards available:

  1. 2.4GHz dual chain card (antenna on the board -used for clients)
  2. 5GHz dual chain card (antenna on the board – used for clients)
  3. 5GHz quad chain card (antenna array mounted above board – used for mesh)

Technically there’s nothing stopping a power-user from re-configuring the second 5GHz wireless card as another access point for clients, and if you just had the one Audience device I would probably recommend this for the better MIMO performance – however it was designed with a specific goal in mind – which is meshing.

In my testing – the meshing radios were able to hold a reasonable connection (consistent 60Mbps throughput using btest) through 4 double brick walls and one wooden garage wall. I placed one unit in my lounge room and the second in the detached garage at the other end of the property (a distance of about 24M / 78 feet).

By comparison, previously I have used a set of (non MikroTik) Ethernet over power adapters to deliver 60~Mbps from my office to the ground floor of this house, due to a lack of Ethernet cabling, but switching to the audience units has given me a reliable 300Mbps over the mesh wireless link in the ‘factory’ configuration, or as high as 500Mbps (through 2 walls and up one level) when adjusting the configuration of the mesh radios to use an 80MHz channel.


Even without using the mesh functions I did not coverage around the house also increased noticeably with just the one unit. I suspect some of this is a byproduct of being able to locate the AP on top of furniture, and the antennas being well positioned for good ‘home’ coverage due to the router being stood upright (vs a hAP ac2 which can be mounted on a wall/inside a cupboard/stood on its side).

It’s worth noting at this point – using quickset to configure this device actually employs the use of CAPsMAN to configure each wireless radio (including those of any repeaters) which is the first I’ve seen a product making use of MikroTik own built-in wireless control system.

Negatives / Wishlist

I am sold on the Audience and suspect I will continue using it as my primary AP(s) at home until something better comes along, but that’s not to say I don’t have some gripes.

  1. Port density – yes it’s a pretty router designed to sit up on a bench.. but maybe a stackable switch module (in the same partner-approved style) wouldn’t go astray? Or just one more Ethernet port.. there’s room in there for 3!
  2. PoE out – given WISPs and FISPs are supporters of MikroTik I would have thought it made sense to include a PoE out/pass-through option of some kind – because hey if it can power the radio on the roof, or even another Audience AP nearby.. that’s a useful feature! But the hAP ac2 is also missing this function so I’m not as surprised.
  3. USB support (either internal or externally accessible) would have been useful – yes there’s an LTE version available but the device is targeted at the home market.. how are they going to use the SMB functions now?!

Conclusion

The MikroTik Audience is a well designed and thoroughly capable wireless home router at a price point enticing for gamers and power-users alike. While it lacks the physical connectivity options of some competing platforms, everything about the device makes it clear it wasn’t design to sit connected to a modem/radio or ONT gathering dust in the cupboard – it is well positioned to deliver on the promises of better wireless by providing a platform that looks and feels like part of a modern home and in light of this I can’t wait to see what comes next.

The Brothers WISP 98 – Warshipping, LACP Hashing, Switch Port Security



This week Greg, Mikey, and Tomas do a lot with a little, and at the end we get a patented Mike rant in place of the normal Tomas one LOL

This week we talk about:
Warshipping
WISPAPALOOZA 2019
Mikoritk trolled us with the “new hardware found in new NPK file”…thanks Obama
ROS v7 alpha 2 out, CHR release available
Colin asks about 802.3ad(LACP) and how to distribute traffic. Transmit hasing, bro.
Mikrotik CSS port security – lock on first, no other options.
Chad had random reboot issues 6.44.5 long term- official response “might be bonding issue fixed in 6.45”
Jeremy asks about notification systems: pagerduty, opsgenie, victorops, email to sms
NetXMS 3.0 released
Mike complains about municipalities and fiber – he complains about everything

Here’s the video:(if you don’t see it, hit refresh)

TheBrothersWISP 92 – IPAMs, Verizon Cust BGP Leak, Linux TCP DoS



This week Greg, Tomas, and almost Tom Smyth(but not quite) catch up on a month’s worth of stuff. The show is complete with a Tomas rant(your life is now complete).

This week we talk about:
Greg is looking for a reasonably priced OTDR
Lightning hitting a tree can take out your fiber
PHPIPAM for address management
Mikrotik CVE (linux in general) TCP DOS – fix in 6.45.1
Mikrotik 6.45.1 – API has changed so sonar and other systems aren’t working with it
Bridge filter in MIkrotik can block rogue DHCP servers without sacrificing hardware filtering.
Quick article on installing Mikrotik CHR on proxmox
Nick A. wanted a looking glass, and Greg’s favorite is routeviews
HFS webserver is a good way to test ports through a firewall – thanks Tomas
Physically security APs
Verizon customer leaked full routes due to a route optimizer
The “Tomas corner”:
Tomas loves his Linux Desktop – fully migrated from Windows to Linux on primary PC
RadMan – FOSS FreeRadius Management GUI
Unimus 1.10.2 release
Dealing with CAs as a non-US company is stupid

Here’s the video:(if you don’t see it, hit refresh)