over the last couple of months, there have been a few issues related
to the network, along with a few requests for additional features to
be added.
the primary issue is that our network is very flat and very open, and
a few essential services are being provided by some fairly low end
hardware.
the secondary issue is that our network is configured like a large
home network: it's flat and there is very little separation between
devices that perform different tasks. this means that one glitch
basically affects everything. this is why most large networks use
subnets.
i spent the evening making some changes that will hopefully alleviate
some of our woes.
in the past week i have identified three critical problems:
1) the wireless network (hivenet) can be unreliable, and we tend to
troubleshoot problems with in a manner that's consistent with our home
networks: we unplug things and reset things until it works again.
2) the lab subnet (hacklab) does not play nicely with some hacking
tools that are developed and tested by targeting consumer network
hardware. the purpose of the hacklab is to keep experiments and
demonstrations off of hivenet.
3) the telephone is a pretty important method for guests of the hive
to gain entry to the space and the adapter that connects it to google
voice doesn't handle arbitrary reboots of the entire network.
tl;dr: hivenet is vulnerable to shenanigans, hacklab makes shens fail,
shens make the telephone fail.
to resolve these issues i have made the following changes:
1) i moved hivenet to a separate network from the wired LAN and
connected it directly to the internet. if there is an issue with
internet access on hivenet, you can pull the power for the access
point (the blue linksys box located above the bar) just like you do
with your router at home. if you hit the reset switch on the back, it
will also reboot the router, but it will not wipe out the
configuration. hivenet and the wired network are no longer connected
to each other, so if you are having wifi troubles, there is no reason
to reboot the black firewall box on the top of the server cabinet.
2) i swapped the hardware between hivenet and hacklab: hivenet is now
using the openWRT router with host isolation and hacklab is now
running the factory linksys firmware and 128bit WEP for folks who want
to crack it. hivenet is still using the big antenna, so the signal
strength should be the same as it ever was.
3) i tested the memory on the firewall box and installed pfsense.
pfsense has way more features than IPCop (like IPV6 support) and
hopefully i will be rolling some of them out soon. devices like the
spy camera, telephone, and door switch should not be affected by the
random rebooting of the hivenet router. the internal network is also
connected directly to the internet, and the usual remote access tools
should work.
tl:dr: hivenet is less crashy and more user-serviceable; hacklab is
your neighbors' wifi; the wired network got a major upgrade.
separating the network has created at least one issue which is how to
connect to the network printer. the solution will depend on how we
actually use the network printer.
which devices to people print from the most? do we use laptops with
wifi connections, or the linux desktops on the wired network? i can
add an encrypted access point to the wired network for people to use
their laptops, or i can plug the printer into the wireless network
instead. either way is a slight reduction in convenience, but should
make the network safer for the hive's infrastructure.
since i basically rebuilt the whole network, i am sure i missed a lot
of things. if your device has stopped working, please let me know and
i will do what i can to fix it.