Holy heck... I have a blog.
Quick rant and post, more details on life after the break.
I'm extremely impressed with Junipers SRX300. Price, performance, features, are amazing.
Ordered up one of said SRX300's for my home lab, to replace my EOL'd SRX100B.
I can hear the Mikrotik and Ubiquity fans jumping up and down, but no... just no. Given the choice, I'd install OpenBSD on an APU2, before trusting Ubiquity or Mikrotik to do anything more than bridge frames, which they do poorly at that. Even then...
Related, mental note for RANCID command restriction within TACACS for Juniper/JunOS devices.
RANCID needs these, or it breaks expect:
- 'set cli complete-on-space off'
- 'set cli screen-length 0'
Set CLI commands are pretty tame, so you could safely get away with;
user rancid {
service = junos-exec {
local-user-name = your-standin-local-user
allow-commands1 = "(show .*)"
allow-commands2 = "(exit)|(quit)"
allow-commands3 = "(set cli .*)"
deny-commands = ".*"
}
}
Let's see, other stuff... other stuff...
I put pi-hole on a beaglebone black to try it out. I learned many, many things. The experience was painful, and wasted many, many, many hours of my time. However, given how out of touch with Linux I am these days, I could attribute it to a lack of practice and knowledge surrounding how ruined the Linux landscape has truly become.
Honestly, my last foray was with Gentoo, before the portage tree was opened up to volunteers that immediately broke everything, which forced me to slackware.
I'll admit it, I was a Gentoo-ite, obsessed with kernel size. 714k of kernel, man! And another 6% FPS increase in glxgears! WOO! Pretty sure I got it much smaller once, but honestly now, who cares...
As for the things I learned, the highlights:
- You can't just use ifconfig out of the box any more
- no tcpdump in the 1.8gig base install. This is just plain unforgivable
- The concept of editing resolv.conf, and expecting it to work is apparently dead
- Side note so I remember: have to piss around with 'resolvconf' and resolv.conf.tail
- Additional side note: Forget about resolv.conf entirely if you updated Debian to jessie, which apparently excludes the resolvconf binary. Download the rpm on another box with working DNS to proceed
- There is no fstat, so use 'pstat -apn' to figure out what PID's are squatting on what sockets
- Oh god systemd, why?!
- completely ignore init.d. Look at systemctl, and then proceed to spit tea at monitor, and then remove hair with clenched fists.
I can't help thinking I could have just setup unbound in the first place, since I don't really care about the Pi-hole GUI.
Next steps, repeat the experiment with OpenBSD and unbound.
