LTE Permanence

September 11, 2020

I moved my cell service to Verizon and was able to add a “connected device” for $10/mo that has 16GB of LTE speeds then unlimited 600kbps afterwards, so I picked up the USB730L to go in my work backpack in place of the USB800, which now lives in the Pelican case and will be used as the sole WAN connection for the portable network going forward.

I have a 150GB/week plan on AT&T from FreePacket and am quite pleased with it, so I will continue to pay for it even if it doesn’t get used super often. If anything, it’ll be ready in case the power goes out and there’s a need for Internet in addition to pop-up work trips.

So why swap the USB800 with essentially 600GB/mo of LTE for the USB730L with a mere 16GB of LTE speed for daily carry? Simple: I will most likely barely use it in a month. I want to say the number of times I’ve needed the USB800 for work this year have been less than 10, and mostly it was to look up documentation to get on WiFi at a site or drop a file somewhere, all very easily done then swapping off LTE. Plus, on a work trip, this will let me keep the USB800 connected to the FortiWiFi in the hotel room, so easy peasy. Furthermore, I have an additional 16GB of hotspot data on my voice line, so that’s a huge amount of data available. And even if I go over 16GB, 600kbps is actually workable to open documentation or reply to emails in a pinch. Remote control of a client machine might be a different story, though I’ll work through it.

I currently have SD-WAN set up for the LTE card and the first WAN port on the FortiWiFi: I think I can safely disable SD-WAN and make the LTE card the sole WAN connection at this point. The only way it would be better is if I had a Verizon-based aircard of sufficient data for a hotel stay due to their superior coverage, but so far I’ve not had much trouble with AT&T on this data plan, so we shall certainly see.

At this point, I should probably keep the case in my car, or at the very least set it up and use it for a little bit each month at home. That’s a plan for another day, though.

Until next time!

0

Back to 6 Months Ago

August 22, 2020

After much brooding on all of this and realizing that I was running in circles as mentioned in the last post, I’ve decided to stick to the FortiWiFi as the portable setup.

It integrates well with the other 2 FortiGates I have, and the advanced hardware support contract isn’t that expensive, so I’ll keep it as long as I can continue to have support on it.

That said! The home network is back up and running on a FortiGate 60E, and I have a 24-port FortiSwitch, a FortiAP, and a PoE injector for the AP on the way, so it’ll be a full FortiStack at home soon.

I had some issues with IPv6 NAT with all the security services turned on, so I just went with prefix delegation from Comcast and all is well.

The specs for the 60E are kind of low, but I have all the rules in Flow mode and am getting 900 Mbps or so on speed tests, so I guess I’m okay on that front at home. If I switched them to proxy I’m sure the speeds would tank.

COVID has made all my experiments on this a little, let’s call it, questionable? Oh well, I’m sure I’ll have at least one work trip in the near future, so at least it’ll get used for that.

Until next time!

0

A Little Sanity

August 19, 2020

So, I’m starting to think maybe I’m barking up the proverbial wrong tree with the setup.

Sure, pfSense is awesome and having a proper managed switch will be nice and an actual AP vs. built-in radios is the better solution, but what am I doing except running myself in circles trying to figure out how “leet” I want to be with the stack when I have the FortiWiFi in the current case already. I just need to plug the aircard in and boot it up, after I change the WiFi SSID and password to the new one and reconfigure the site-to-site VPN of course.

So what is the plan now? I’m keeping the kit I bought as 1) an eventual replacement for the home firewall if I move out, 2) an extra AP to mess around with, and 3) a smaller managed switch I might take to the office to use instead of my venerable 24-port HP switch. I probably won’t buy the bigger Pelican case, so putting this gear, save for the AP of course, back in its boxes after resetting them to factory might be the best idea.

All that said, I will soon be swapping the home firewall back out for my other FortiGate 60E. The advanced hardware warranty license isn’t -that- expensive, and I have one of those on the FortiWifi already, and I have until May 2022 until I have to relicense the 2 60Es. I’ll probably just put the UTM package on the one at the data center when the time comes since the only port forward that’ll be enabled on the firewall here, besides the ports for Parsec for my gaming rig, is the SSL VPN if I feel like it. It’d be nice to have for a second entry vector if I want more direct access to my home network instead of having to bounce it through the DC.

The true question is: do I dump my Ubiquiti gear for Fortinet? Thinking no…

Until next time!

0

New pfSense Stack Ready for a Case!

August 2, 2020

Hi friends!

I figured out the IPsec issue: I changed the IP the dial-up VPN the datacenter FortiGate listens on and the tunnel came right up when plugged into the public VLAN. Therefore, I don’t feel too bad about not swapping that firewall out for the SG-3100 eventually.

Anyway, I had a little bit of trouble getting everything going earlier, but now I have the SG-1100 plugged into the public VLAN on my network with the SG250-08HP behind it with the AP-115 plugged into the switch.

I tested the Proxicast plugged into the USB port with the aircard plugged in and had no issues, so we’re good to power that device right from the firewall.

Once that was done I worked to get it connected with a connection other than that, so I put my Ting SIM in the LB1120 and that worked fine, then after some quick thinking I performed the task mentioned earlier and welp, we were up and running.

The plan as mentioned before is to have the SG-1100 on the left, the SG250-08HP on the right, with the Proxicast and a 6-port keystone block on the front, both facing up, then a small plug strip in the back with a power cable receptacle mounted on one side. The AP will be mounted on a small shelf above both the firewall and switch and powered via PoE from the switch.

This will need to be ran with the lid open, which isn’t really a big deal, and if I keep the foam in the top it’ll keep everything secure when closed for transport.

Sure this is me changing for the sake of changing, but who cares? Keeps me out of trouble…

Until next time!

0

A New Different Idea

July 18, 2020

I keep going back to pfSense it seems.

Background info: my company has been doing a company-wide infrastructure refresh, and one of the “victims” was an old Alcatel-Lucent (Aruba) AP-115, which I took home with me. Therefore, it needs a project. What better than to modify Internet-in-a-Box further? Sounds like a plan to me!

The firewall will be a Netgate SG-1100, the switch a Cisco SG250-08HP, and the AP the aforementioned AP-115.

I’m still going to use the Pelican 1450 for this project, so I will work on getting stuff on order soon.

This is of course massive overkill, but when you’re going to be dealing with up to 6 people with 1+n devices each, a little bit of overkill is nice to have.

The UniFi stack will still be used for another project in the future, possibly to replace my gear if I ever find a place I can afford to move out to…

Until next time!

0

UniFi Stack Ready

June 25, 2020

I had today off for an appointment this morning, so I spent the afternoon getting WireGuard configured on the USG in place of an IPsec tunnel.

It took be a little while and some futzing with the JSON, but I have it online and that network is reachable from both the DC and my home network.

One added benefit of WireGuard is I can plug this into the public VLAN here at home and the VPN connection will still work: what a win for WireGuard!

Even though I’ve resigned myself to the fact that there will not be any conventions this year, I’m still going to build this out because I do still have business trips that may crop up, and it will be useful to take it into the field.

Now I just need to get the proper Pelican case and I can start building this out in earnest.

Until next time!

0

A Different Idea, Follow Up 2

June 24, 2020

As people keep talking about WireGuard support in pfSense once it hits the FreeBSD kernel, I decided to do a quick Google at work to see if the USG-3 can do it: turns out the answer is yes, which solves the VPN issue. It should be speedier than IPsec anyway, so it’ll allow access to the rest of the network from the case.

Once I make some room in here I’ll get started on getting everything settled in the case. Turns out Micro Center stocks the 6-port keystone block I was looking at for the non-firewall and non-AP ports on the switch.

As an aside, DragonCon is officially allowing attendees to transfer their 2020 memberships to 2021, which I have done. Now for AWA to announce something…

Either way there’s a lot happening in my life, and even though I want to see my friends and go to cons it’s best not to this year. We can put the partying off for a year.

Until next time!

0

A Different Idea, Follow Up

June 16, 2020

Writing this tonight to say that yes, we have a functional UniFi stack!

I’d picked up a US-8-60W from Staples’ online store the other day as it was on sale, and it came in yesterday. I had some time tonight, so I reset the USG-3, dug out an old UAP-AC-LR which I reset, and set up the US-8-60W.

Right now it’s just plugged into my LAN, so I’ve not had a chance to test it with the Proxicast/USB800 combo and see if it’ll establish a site-to-site VPN yet, though I might skip that since I can WireGuard from my laptop and phone if needed, at least until I get pfSense back in the datacenter. Sadly that will require asking the DC if I can get in as well as reconfiguring the SG-3100 with the updates I’ve made on the FortiGate that’s there since installing it a few months back.

The Pelican 1450 will hit the spot for the stack, so I will start planning this out soon.

Until next time!

0

A Different Idea

June 10, 2020

I had a thought the other day. I have a Ubiquiti UniFi Security Gateway that is not being used, as well as a UniFi AP: why not get a slightly larger Pelican case, that will still fit in my larger suitcase, and set that up, with one of their switches to power the AP and give some wired ports? Why not indeed…

This variant would require the case to remain open, and of course I’d have all the LEDs off for this ‘site’ in my UniFi Controller, and I do think it would work.

The basic idea would be as follows:

– Power would be supplied by a small plug strip that would have a C13 power socket on the outside of the case to power the firewall, switch, and the Proxicast via one wall port.
– The firewall and switch would be side-by-side with super flexible ethernet cables connecting them together.
– There will be a 6-port keystone surface box mounted inside the case for additional network ports.
– The Proxicast will be mounted inside the case pointing vertically up for the aircard to be plugged into with another super flexible ethernet cable for connection to the firewall.
– The AP will be mounted to the lid so it will face up/forward with the case open.
– There will be a small mesh net in the lid to hold the exterior AC cord.

This will likely end up a two-level setup with the power supplies for the firewall and switch mounted beneath them with the devices themselves mounted on a shelf. I’ll need to figure this out for sure before I drop the money on the new case.

Truthfully this is almost an unnecessary exercise due to most things the stack would be used for being cancelled due to COVID-19. We’ll see, though…

Until next time!

0

MikroTik Troubles

May 9, 2020

I hooked the hAP ac Lite back up today to work on getting it set up with the IPsec tunnel again. However, so far it’s giving me a little bit of trouble.
I almost want to see if I can get back into the data center so I can put the SG-3100 in in place of the FortiGate that’s there. I’d need to spend a little bit of time adding the configuration changes I’ve made since putting the FortiGate in there, though.

Before I do that though I need to figure out just what the issue is, but that’s a plan for another day.

0