#nixos-on-your-router on 2019-12-08

05:37 <danderson> Whee, finally got my router running on nixos. Interaction between pppd and the network interface systemd units is a bit wonky

05:38 <danderson> somehow restarting a couple interfaces made the default route go away, even though I wasn't touching the WAN interface

07:52 <clever> danderson: ive sometimes had that happen, without any pppoe clients (though i run a pppoe server, for complex reasons)

07:56 <danderson> the pppd we have in nixos lacks some patches that are being carried by debian, related to default route handling. May want to port them over

08:03 <flokli> danderson: :+1

11:50 <betawaffle> flokli: nixos

11:50 <betawaffle> the 19.09 release

13:49 <betawaffle> gchristensen: i just ordered a second apu2, this time an apu2e4. my first motivation is to have a backup in case i brick one with a firmware upgrade (though i also ordered an un-bricker)

13:50 <betawaffle> my secondary motivation is to have another small nixos machine i can mess with more, without having to be concerned i'll knock myself off the internet

13:50 <gchristensen> oh cool!

13:50 <gchristensen> haha yeah fair

13:51 <betawaffle> my tertiary motivation is to have a machine i can ssh into to get serial access to my router, in an easier way that what i have to do now

13:51 <betawaffle> than*

13:53 <gchristensen> set them up in an active/passive config with your home router, and each connected to the other's serial port

13:53 <gchristensen> s/router/ONT/

13:53 <betawaffle> i also want a machine i can play around with firmware on, and these things use coreboot

13:53 <betawaffle> unfortunately the ONT only has one ethernet port

13:54 <betawaffle> (i think)

13:54 <gchristensen> ONT->switch->your two devices with one of them always administratively marked as down

13:55 <gchristensen> anyway I'm absolutely 100% kidding and have no idea if this would work

13:55 <betawaffle> the switch would need to support forwarding 802.1x auth, which is against spec

13:55 <betawaffle> that's actually why i'm using this apu2 as my router

13:55 <betawaffle> to do that forwarding between the ONT and the gateway they give me, which has the certificates used to auth with at&t

13:56 <betawaffle> if i can extract them at some point, i can scrap that shit

13:56 <betawaffle> but i'd need to root the gateway

13:56 <gchristensen> :D

13:56 <betawaffle> which i don't know how to do

13:57 <betawaffle> (the currently functional ways to do it are not public)

13:57 <gchristensen> I don't either, but I bet it involves cracking open the box and finding a EEPROM you can dump

13:57 <betawaffle> yeah, you can dump that with a usb ttl, people say

13:57 <betawaffle> i'm not confident enough for that yet

13:57 <gchristensen> I've never done that sort of thing before

13:58 <gchristensen> and I probably wouldn't start on my router

13:58 <gchristensen> ...ONT.

13:58 <betawaffle> i've got a friend (on the other side of the country...) who does this sort of thing for a living

13:58 <gchristensen> perfect

13:59 <betawaffle> so... just to be clear, the ONT is the optical network terminal, mounted on the wall. the fiber goes in, and ethernet comes out

13:59 <gchristensen> oh right and you do actually need to examine the router

13:59 <betawaffle> the gateway i need to break is something else

14:00 <gchristensen> the gateway is intended to be your router, no?

14:00 <betawaffle> but currently it's literally only used for auth, so i'm in a pretty good state

14:00 <betawaffle> yes

14:00 <gchristensen> yeah

14:00 <betawaffle> but i've bypassed it

14:00 <gchristensen> :D

14:00 <betawaffle> many other people have too, fwiw

14:00 <betawaffle> it's garbage

14:01 <betawaffle> the *only* problem i have remaining with it, is the order and timing that network interfaces have to come up

14:02 <betawaffle> it's critical that the interface the gateway is connected to doesn't get carrier before the ONT does

14:02 <betawaffle> i've made a change that *might* fix that, but i'm not super hopeful

14:03 <betawaffle> currently, whenever my router boots up, the interfaces just all come up in whatever order. which means the gateway may try to authenticate before my router is ready to forward those packets to the ONT

14:03 <gchristensen> ouch

14:03 <betawaffle> so i have to down/up the port after everything is up and i can ssh in :/

14:04 <betawaffle> but i'm gonna see if BindCarrier can help me

14:08 <gchristensen> what des BindCarrier do?

14:09 <betawaffle> "When set, controls the behavior of the current link. When all links in the list are in an operational down state, the current link is brought down. When at least one link has carrier, the current interface is brought up."

14:10 <gchristensen> sounsd right!

14:10 <betawaffle> i could have sworn i tried it before, but i'm not certain...

15:29 <betawaffle> gchristensen: it seems like BindCarrier may have worked

15:29 <betawaffle> internet came up by itself

19:10 <gchristensen> nice!!