Skip to content

Instantly share code, notes, and snippets.

View robinchrist's full-sized avatar

Robin Christ robinchrist

15 followers · 14 following
  • 16:57 (UTC +01:00)
View GitHub Profile
@robinchrist
robinchrist / README.md
Created December 4, 2024 12:21
eduroam with Kubuntu / Ubuntu 24.04, iwd and network-manager

I'm using Kubuntu (Ubuntu) 24.04 and wanted to use eduroam. However when I tried to configure eduroam in the GUI (network-manager), I got the error message 802.1x connections must have iwd provisioning file

TL;DR You need to configure it manually. iwd also doesn't like external certificates.

PSA: You MUST embed the certificate in the iwd config file. If not, it will tell you Failed to load /home/robin/eduroam-rootcert.pem even though the file is perfectly fine.

Example config for TU Darmstadt:

Place under /var/lib/iwd/eduroam.8021x

@robinchrist
robinchrist / README.md
Created October 15, 2024 23:56
Botan Notes

Generate Ed448 Key pair

./botan keygen --algo=Ed448 | tee priv.key
./botan pkcs8 priv.key --pub-out | tee pub.key.pem
./botan pkcs8 priv.key --pub-out --der-out | tee pub.key.der
xxd -i pub.key.der > pub_key_der.h

Sign file: IMPORTANT!! Specify --hash="", otherwise Botan CLI will use --hash=SHA-256 and you won't be able to programatically verify the hashes with the default Ed448 settings, e.g. Botan::PK_Verifier verifier(*pubkey, "Pure"); or Botan::PK_Verifier verifier(*pubkey, ""); (with pubkey being an Ed448 key)

@robinchrist
robinchrist / hubs.txt
Created July 22, 2024 12:06
USB Hubs
Genesys GL852 -> MTT
Genesys GL3510 -> STT
Genesys GL3520 -> MTT
VIA VL812 -> STT
VIA VL813 -> STT
VIA VL817 -> MTT
Realtek RTS5411 -> MTT
@robinchrist
robinchrist / license.md
Last active September 7, 2024 10:18
Mellanox

License for Mellanox SX6036 (or SX6012, etc) that unlocks Ethernet, Gateway, VPI, etc...

License:       LK2-EFM_SX-5G22-05J2-205K-115L-115M-115N-2205-P220-5Q15-5R15-5T11-5U11-88A1-CP6U-DW5B-H
License type:  2
Well-formed:   yes
Feature:       EFM_SX
Hash type:     hmac_sha256_48
Hash type OK:  yes (globally)
Valid: yes
@robinchrist
robinchrist / README.md
Last active July 13, 2024 15:05
Building ONIE for Celestica DX010

PSA: Versions newer than 2021.08 will not build. Starting at 2021.11, build will fail with

make: *** No rule to make target 'conf/crosstool/gcc-4.9.2/uClibc-ng-1.0.38/crosstool.x86_64.config', needed by '/home/robin/onie-build/build/x-tools/x86_64-g4.9.2-lnx3.2.69-uClibc-ng-1.0.38/build/.config'.  Stop.

Download DUE (do not use the one from debian repos, it's v3.0 as of time of writing and too old) Create buildenv with DUE

@robinchrist
robinchrist / gist:bba95dd34584c1ca73d28c7201b981bf
Last active March 11, 2024 12:27
Ruckus v54bsp variables
ruckus$ cat /writable/etc/airespider-images/unleashed_oem
access_networks
ruckus$ ls -1 /proc/v54bsp/
MACbase
MACcnt
MACfreeWlan
MAChiwater
MAClimit
MACpool
@robinchrist
robinchrist / gist:723c235af59e6691b6311e058efeb040
Last active October 20, 2023 08:57
OPNsense in Layer 3 setup

OPNsense in Layer 3 setup

Assume the following base setup:

  • OPNSense exclusively as WAN Gateway / Firewall
  • Segmented Layer 3 / VLAN Setup
  • Speeds > 1G -> Wirespeed Inter-VLAN Routing needed -> Big Enterprise Core Switch/Router that does Inter-VLAN Routing at Wirespeed

Let's say we have the following IPs / IP Ranges:

  • 10.2.0.0/16 -> VLAN2 Service Range, e.g. DHCP, WAN Gateway are located here
  • 10.2.1.2/16 -> opnsense LAN1, clients shall use this IP to access WAN. No management access via this IP!