tuhriel

joined 1 year ago
[–] tuhriel@discuss.tchncs.de 1 points 5 months ago

Worth a try, will try it when Im back home

[–] tuhriel@discuss.tchncs.de 2 points 5 months ago

I'll try that one thanks

[–] tuhriel@discuss.tchncs.de 1 points 5 months ago

I changed the native vlan to '83' and allowed all others

The isoöation is done with firewall rules blocking access from the IoT net to default, with some exceptions (dns, media nas (currently), etc.)

[–] tuhriel@discuss.tchncs.de 1 points 5 months ago (2 children)

So if I understand this right you will need to change the network on the port attached to the synology in your UniFi configuration or set the vlan tag in the synology OS, I would do the former.

doesn't the switch terminate any VLAN tagging at the port? so if I add the VLAN to the DSM configuration it doesn't receive any tagged packages and refuses them?

It sounds like you just added a second network/vlan to the existing interface which means you actually created a trunk and are getting the old network untagged and the new network with vlan tags which the synology is dropping.

with all the other devices in the IoT subnet it works with setting the VLAN on the port of the switch. If I check back on the unifi site, I found this:

'Applying a VLAN to a Switch Port
Native VLAN

The Native VLAN is the VLAN assigned to "untagged" traffic passing through a switch port. Devices physically connected to a switch port will be placed on this Native VLAN.
Tagged Networks and Trunk Ports

Ports can be configured to allow traffic from other networks. Allowing specific networks/VLANs is referred to as “tagging” them on the switch port. You can see all ports’ VLAN tags in the VLAN Viewer, found in the Ports tab.

Ports that have been tagged to allow traffic from multiple VLANs are referred to as “trunk” ports. By default, all ports on UniFi Switches are trunked to allow all VLANs. '

if I understand that in combination with your comment correctly: I set the native VLAN to 83 so everything tagged with 83 is correctly forwarded to the NAS and accepted there, stuff tagged with 1 are non native, the tag stays on and the NAS doesn't accept it?

But that would make the Synology NAS quite hard to use in any corporate setting with multiple VLANs which need to interconnect and why does it work the other way around? while being in the default net 1 it does accept stuff from VLAN 83

Synology OS also doesn’t really support trunked ports through the UI (even though it does support a port that only uses a vlan tag) so it’s much easier to just leave them untagged.

which would mean, I can't put it in the IoT net?

[–] tuhriel@discuss.tchncs.de 1 points 5 months ago

It’s normal for a switch to strip a vlan tag when it sends a packet out, so that the endpoint doesn’t have to support vlans. Don’t worry about that. As far as the endpoint is concerned, it’s just normal subnetting.

okay that's what I thought

When it’s on the other vlan, can you even ping it? When you check the packet capture, can you see the ping and response? Where does it get dropped?

if I try to ping it it doesn't answer, the unifi logs do show that the packages have been forwarded to the subnet. If I use netcat to open a port on the other device it receives the connection request, but the NAS doesn't recognize it. Maybe I have to do some Wiresharking on a mirror port to see what exactly comes back, hoped I could get around it

[–] tuhriel@discuss.tchncs.de 1 points 5 months ago

I'm a bit hesitant to activate the tag in the DSM, as it states that it then needs a tagged counterpart to be reachable, and since all the other devices in this subnet aren't tagged anymore (as the switch untags the vlan at the port)

Connect a laptop into the same subnet as your Nas (so same vlan and IP range/subnet) and connect to the nas. This either eliminates the NAS or the router from the equation

did that, the NAS is easily reachable from within the subnet it's only a problem from another subnet

[–] tuhriel@discuss.tchncs.de 5 points 6 months ago

Running tasker on a unrooted Fairphone 5 There is a function "System Lock" which locks the phone so you have to enter the PIN. I created a task and a widget on the home screen that triggers the task

I did give tasker some extra rights via adb, which is a quite straight forward process. I think the dev even has a guide for it...

[–] tuhriel@discuss.tchncs.de 1 points 6 months ago

Tried that as well, it's only around 30 seconds off, which annoyingly is enough to mess up OTP challenges

[–] tuhriel@discuss.tchncs.de 1 points 7 months ago

I also like that with the rest-server you can configure it with append-only, so even if someone wants to encrypt or delete the data they are not able to modify the existing backup

[–] tuhriel@discuss.tchncs.de 1 points 8 months ago (1 children)

It is at the scale they are working on, there's a reason you can't get an actual person to contact you... It's too expensive to have actual people working these cases

[–] tuhriel@discuss.tchncs.de 1 points 8 months ago (1 children)

As far as I know you can install Mint with KDE

[–] tuhriel@discuss.tchncs.de 2 points 9 months ago

Also, everybody started the round the same, and it was your skill, knowledge of the map etc. Which made the difference, not if you had unlocked some better scopes or weapons

view more: ‹ prev next ›