Differences between revisions 8 and 9
Revision 8 as of 2016-11-30 19:26:19
Size: 2038
Comment:
Revision 9 as of 2016-11-30 19:57:19
Size: 2593
Comment:
Deletions are marked like this. Additions are marked like this.
Line 27: Line 27:
 * No longer want to publish (the single) ssh host key.
  * Instead we would generate the host key at build time, archive them for redeployments.
 * Russell has a YubiKey4 with his GPG private key baked in. Runs PGP applet for authentication.
  * Best practice is to sign subkeys for regular use.
 * PCEngines order complete, ConnorScott still needs to contribute.
  * 10% savings on order.
Line 28: Line 35:
  * NodeLuckyLab - no issues noticed, individual captive portal issue?   * NodeLuckyLab - no issues noticed, individual (Mitch) captive portal issue?
  * NodeFirstUnitarian - Next door apartment (Harsch properties) can run wire under door, loan Soekris to extend net and provide connectivity.

Location: NodeLuckyLab
Date and Time: Wednesday, November 30, 2016, 6:30-8:00 p.m.
Scribe: You
Roll Call: RussellSenior,JasonBergstrom,SteveTree,MatthewKlug,TedBrunner

Agenda

  • OpenVPN reconfiguration and (temporary?) relocation, drei is now terminated at the Seattle POP again after terminating in Fremont for several days.
  • OpenVPN problem in LEDE, /etc/init.d/network restart kills the openvpn connection (discovered at NodeLuckyLab) ... fix possibly on the way.

  • ArchLinux discovery: when pacman -Syu updates the kernel, it removes the old one with modules, meaning modprobing fails until you reboot. it's possible to downgrade with, e.g.: pacman -U /var/cache/pacman/pkg/linux-4.6.2-1-x86_64.pkg.tar.xz to recover the modules, as long as you haven't cleaned the package archive.

  • Ssh changes?
  • Recap on successful PC Engines group order
  • Node notes:
    • NodeFirstUnitarian -- still looking to possibly extend network to nearby balcony

    • NodeUglyMug -- made contact with an owner, collected the router on 11/29. R.I.P. NodeUglyMug

    • NodeWhet -- adding a new AP for node host, reconfiguring from non-traditional configuration.

    • NodeSechzig -- still need to submit an invoice to be reimbursed for node hardware -- Russell

  • This is the final meeting of 2016. Regular meetings will return on January 4, 2017. Happy holidays!
  • <add your item here>

Notes

  • OpenVPN reconfigured, to point to drei, tunnel also now has Seattle IPv6 prefix
    • PTP OpenWrt files has wrong prefix still

    • OpenVPN doesn't recover if rc (/etc/init.d/network) script is run - reboot instead.
    • Two Widgets, one Acton and anything offline will still use the tunnel on Iris.
    • Comcast Business IPv6 addresses have ports filtered inbound.
    • Prefer model with IPv6 publicly routed that could hand off IPv6 addresses to clients.
  • No longer want to publish (the single) ssh host key.
    • Instead we would generate the host key at build time, archive them for redeployments.
  • Russell has a YubiKey4 with his GPG private key baked in. Runs PGP applet for authentication.

    • Best practice is to sign subkeys for regular use.
  • PCEngines order complete, ConnorScott still needs to contribute.

    • 10% savings on order.
  • NodeNotes:

    • NodeLuckyLab - no issues noticed, individual (Mitch) captive portal issue?

    • NodeFirstUnitarian - Next door apartment (Harsch properties) can run wire under door, loan Soekris to extend net and provide connectivity.


[CategoryMeetingNotes]

MeetingNovember2016 (last edited 2016-11-30 20:18:49 by JasonBergstrom)