Category: Software

Posted on

PFSense and IPMI

TLDR; If your server has IPMI enabled make sure it’s set to dedicated mode (or better yet disabled) and not set to failover mode or else your pfsense WAN gateway will go offline randomly!

Over the weekend I visited my local electronics flea market and came across a Supermicro 1U server with 5 front facing ethernet ports. This guy is sporting an Atom C2758 8 core processor and 8GB of ram.  My current pfsense box is also a 1U Supermicro server but it has an atom D510. This wimpy processor caps my gigabit internet to ~700 Mbps so it’s time for an upgrade.

So once I got home I grabbed the nearest spare hard drive and loaded pfsense 2.4.3 right up. Everything installed correctly and I got a new router going. Nice! Or so I thought.

About an hour later the internet stops working… But the LAN still does. I can get into the pfsense web interface and everything looks good except that my WAN Gateway went offline. Well that’s weird but maybe it’s just a hiccup? So I restarted the server and hoped for the best but no luck. This issue of “working” but dying after an hour or three kept happening. I tried different versions of pfsense, held off from doing any kind of custom configurations / portforwarding, and even some different CAT6 cables.

No luck. It’s at this point that my 5 front facing ethernet ports are actually 4 ethernet and 1 IPMI port. Ok, well I didn’t use the IPMI port anyways since pfsense doesn’t know it exists, but maybe logging into IPMI would shed some light on this weirdness. I connected a CAT6 wire up so that I could connect to it and found its IP via pfsense’s DHCP leases page.

After some poking around I found one innocuous looking dropdown under the network settings labled “LAN Interface” which was set to “Failover”. After some reading it appears that IPMI, when not connected will “faillover” and hi-jack the first ethernet port to try and run IPMI in tandem with whatever that first ethernet port is doing. Well, what my port was doing was running the WAN connection for the whole house. I set this setting over to “dedicated” and ta-da! My house now has had working internet for a whole 24 hours!

My guess is that pfsense is simply not compatible for running IPMI and WAN on the same port so it kind of soft fails when it hits some bandwidth condition. So kids, the moral of the story is to outright disable IPMI or atleast set it to dedicated mode when you’re running pfsense on that box.

Posted on

WiFi and Emoji

Know what would be a great idea? Adding emoji to your wifi name to be that cool kid on the block.

Unfortunately most routers have “validation” and “error checking” so a handsome 💩 turns into %F0%9F%92%A9. What a shame. Pack your bags. Time to go home… Is what I would have said if I was afraid of gimping my whole wifi network.

DISCLAIMER: I am running Tomato Shibby on my router so your mileage may vary. Also I’m not responsible if you brick your router!

With that out of the way lets dive deeper and see what’s going on.

First off, lets visit the wifi editing page and clear the network tab of chrome to have a clean slate. Next I changed the name to my handsome poop emoji and saved again. While recording the network traffic I was able to see just how the router was saving the wifi name.

Tada, a neat little post request with the wifi name parameter. And it’s past all those silly validation checks.

curl 'http://192.168.1.1/tomato.cgi' 
-H 'Authorization: Basic sometokenHere' 
-H 'Origin: http://192.168.1.1' 
-H 'Accept-Encoding: gzip, deflate' 
-H 'Content-Type: text/plain;charset=UTF-8' 
-H 'Referer: http://192.168.1.1/basic-network.asp' 
-H 'Connection: keep-alive' 
--data-binary 'lan_ipaddr=192.168.1.1
&lan_netmask=255.255.255.0
&lan_proto=dhcp
&wl0_mode=ap
&wl0_ssid=%F0%9F%92%A9
&wl0_security_mode=wpa2_personal
&wl0_crypto=aes
&wl0_wpa_psk=super%secret%20password' --compressed

 

Next we just change the post data this for –data-binary field, “&wl0_ssid=%F0%9F%92%A9” parameter to”&wl0_ssid=💩

Now copy that curl request into your favorite terminal aaaaaaand…

@msg:Settings saved. Some services are being restarted...
jake@jake-laptop:~$

VIOLA!

Ok, so I know I gave you step by step instructions but…. Don’t. I know it sounds like a great idea at first but so did eating that tub of ice cream in less than 15 minutes.

After doing this I realized that my smart tv apparently doesn’t support connecting to wifi with emoji in its name. *Surprise* *Surprise*. Also my routers UI didn’t seem to like emoji in its “wifi name” textbox. This means that it sometimes threw spectacular JS fits with shifting focus randomly between DOM elements.

Whatever the case, I guess I’ll just have to settle on the name “Mr Weefee look at me” and hope for a day when all devices support wifi emoji connections.