Hacking together a dual-stack lite AFTR

(ab)using connmarks and policy routing

April 17th, 2018

Recently I was bored at 1AM and wanted to try and understand dual-stack lite properly. In general, I've always believed that you need to run a certain technology to understand it, so after a quick read over the RFC I decided to hack together a DS-lite AFTR on a linux box.


Building a shiny new home network

Running (mostly) IPv6-only at home

September 16th, 2017

Quick update: since writing this I've rebuilt this network - the new network has a similar overall design in terms of sites and VLANs, but now has multiple upstreams (announcing my own IPv6 space) for redundancy, as well as internally anycasted NAT64. The routers all run BIRD on Debian, with individual openvpn tunnels between routers for internal communication. Hopefully I'll write this up properly at some point, for now see the small page on as204345.

For quite some time, I've been working on a new "home network", in order to have a properly designed network that spans multiple sites. Previously I had a complete mess - a single local private v4 subnet behind double NAT, as well as some remote LXC containers on a VPS that lived behind NAT. Connecting this up were several OpenVPN tunnels/bridges to allow access between the networks (but only in specific directions!), as well as for external access. In summary, a big tangled mess of NAT!

Therefore, when building this new network, I wanted to solve a few issues:

  1. I'd like routing between every server, allowing me to SSH into remote containers/VMs without having to jump through the host, and for pushing backups between sites
  2. Several of my sites (both at home and at university) will be stuck behind NAT, and I would like to be able to connect to the rest of the network from there
  3. Everything should have both a logical IP address and hostname to identify what site and VLAN it is on
  4. I wanted to learn about IPv6 :)


Hosting your own password manager using open source software

November 3rd, 2016

For the past few years, I've been managing my passwords using Lastpass. While it's been a great service, I still have two key issues with it - it's closed source, and I'm storing all of my passwords on someone else's "cloud" service. I also found it difficult to use because of the free service not supporting mobile devices, but that changed between me setting everything up and writing this post!

An excellent solution to this is Keepass - it's open source under the GPLv2, and while by default it's designed to run directly from a local file, it also supports working with remote files through a variety of backends. To top it off, there's a great web client, KeeWeb - let's self-host it!


Running TVheadend in a VM

Or how I went from trying to watch HD TV to changing hypervisor...

April 11th, 2016

For the past year or so, I've been running a headless virtualisation server, with a number of both Linux and Windows VMs to store files and for other home server tasks, as well as a load of Linux VMs that I'd spin up for testing software. One of these servers streams live TV from Freeview across the network, allowing clients (usually Kodi or VLC) to watch TV. However, the quality of this system wasn't always great, and when I got a shiny new DVB T2 tuner to have a go with Freeview HD, I had a number of issues.