Skip to content
Apr 28 / thebrotherswisp

TheBrothersWISP 88 – White label PCI Compliance, EDC Backpack, Basic Business Router Config



This week Greg, Tomas, and Dave talk about how we are getting into beach shape…or perhaps we just talk tech 😉

This week we talk about:
White label PCI compliance scanning.
Unimus is awesome – mass config push
Mikrotik try catch block

*Slack Updates*
What’s in your backpack. Aside from the common Some things are: lock picks, small multimeter, 6 inch industrail laptop
Tomas found a cli wireshark tool
sngrep – realtime SIP packet viewer
IPv6 routing subnets without routing?
Controlling traffic flow when BGP peering with the same ISP twice – MED vs Prepending
ZeroTier Opensource SDN doesn’t do multipathing yet
Bridge appliance resilancy – second link bypassing it shutdown by STP(Mikrotik to Netonix)
Customer silence, not always a good thing – either acceptance or they’ve given up. Out communicate them.
Basic router configuration for business customers.

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Click the link below to view the article!

Apr 19 / thebrotherswisp

Mikrotik MUM 2019 Austin After Movie



Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Here’s the video:(if you don’t see it, hit refresh)

Apr 14 / thebrotherswisp

TheBrothersWISP 87 – Confluence RCE, BGP On Various Kit, Configuring Edge Switches



This week Greg, Tomas, Mike, Wilson, and TOM SMYTH get all Irish up on it. Tom and I go on some deep tangents, prepare thy self.

This cast we talk about:
Confluence RCE in all but latest v6 versions
wpa3 vulnerability
GPENs will have water proof enclosures
V7 we saw was an internal alpha

*Slack Updates*
ESXi set port group vlan to 4095 to pass all vlans to a VM
Edwin is asking about spacing APs in public wifi – start with client density and go from there
BGP on arista and openBGPd routers
Manipulating tcam tables
Jeremy(aussie hipster) – diverse routers with different ISPs, transport both to one or terminate ISP on each and full mesh?
MC-LAG vs Stacking – as many opinions as there are engineers. Answer…add both features LOL
Configuring switches for edge user connections – DHCP snooping, port isolation, port security, storm contol, dynamic arp inspection,vlan acl

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Click the link below to view the article!

Apr 11 / Greg

Bridging all VLANs Into/Through A VMware ESXi VM

Recently I was assisting with a Preseem server configuration. These boxes want to be bridged in the traffic path. If you want to do this in an ESXi VM, this can be a little obtuse.

First create two new virtual switches.


Next add a single physical NIC to each virtual switch.


Edit each virtual switch and under security, enable all of the things.


Next, add a port group to to each virtual switch.


Here’s the secret sauce. Edit the port groups and set the VLAN to 4095!

As per this VMware link, setting the VLAN to 4095 will instruct the vswitch to pass all VLANs through unmolested. Of course the switch or router ports on either end need to be trunking all vlans you want to move across your connection.

Your VM server will need to configure a bridge interface, and the NICs added to it, thus the traffic will move through.

Good luck, and happy bridging 😉

Apr 7 / thebrotherswisp

TheBrothersWISP MUM USA 2019



This is recorded from a random conference room at the US MUM, which we get kicked out of after 10 minutes…LOL. Enjoy what’s there 🙂

This cast we talk about:
Stuff at the MUM, duh.

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Click the link below to view the article!

Apr 4 / thebrotherswisp

Mikrotik ROS V7 BGP CCR Performance – Leaked Video!



Greg Sowell, Justin Miller, and Justin Wilson get a live demo of 6 BGP peers loading on a CCR1016 running a build version of router OS version 7.
We give all the details we have on the inner workings of the new engine.

3.5 million routes in around 3 minutes and the UI didn’t bat an eye. Per table memory utilization is about 145MB.

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Here’s the video:(if you don’t see it, hit refresh)

Apr 4 / Greg

Accessing Geolocked Content The Easy Way With Mikrotik – MUM 2019 Presentation

This is a virtual light switch to turn routing rules on and off on a Mikrotik. My example here allows me to route my roku through a remote VPN, then easily turn that off. This allows me to access remote geolocked streaming video as well as local geolocked content.

Here’s the presentation:

Here’s my lab configuration:

Here’s the HTML for the “on/off” buttons:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
<html>
<head>
</head>
<body>
 
<div style="width:50%">
<form action="http://4.4.4.1:85">
    <input type="submit" value="VPN Off" />
</form>
<form action="http://4.4.4.2:85">
    <input type="submit" value="VPN On" />
</form>
</div>
 
</body>
</html>

Here’s the USA Mikrotik:

1
2
3
4
5
6
7
8
9
10
11
12
/interface pptp-server server
set enabled=yes
/ip address
add address=100.64.0.1/30 interface=ether1 network=100.64.0.0
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 gateway=100.64.0.2
/ppp secret
add local-address=4.4.4.3 name=roku password=rokupassword remote-address=4.4.4.4
/system identity
set name=USA

Here’s the AUS Mikrotik:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
/interface bridge
add name=loop1
/interface pptp-client
add connect-to=100.64.0.1 disabled=no name=pptp-usa password=rokupassword user=roku
/ip address
add address=100.64.1.1/30 interface=ether2 network=100.64.1.0
add address=192.168.10.1/24 interface=ether1 network=192.168.10.0
add address=4.4.4.1 interface=loop1 network=4.4.4.1
add address=4.4.4.2 interface=loop1 network=4.4.4.2
/ip dhcp-client
add dhcp-options=hostname,clientid interface=ether5
/ip firewall filter
add action=drop chain=input comment="tunnel off" dst-address=4.4.4.1 src-address-list=tunnel-off
add action=drop chain=input comment="tunnel on" dst-address=4.4.4.2 src-address-list=tunnel-on
add action=add-dst-to-address-list address-list=tunnel-off address-list-timeout=6s chain=input \
    comment="tunnel off" dst-address=4.4.4.1 protocol=tcp
add action=add-dst-to-address-list address-list=tunnel-on address-list-timeout=6s chain=input \
    comment="tunnel on" dst-address=4.4.4.2 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether2
add action=masquerade chain=srcnat out-interface=pptp-usa
/ip route
add distance=1 gateway=4.4.4.3 routing-mark=roku
add distance=1 gateway=100.64.1.2
/ip route rule
add action=lookup-only-in-table disabled=yes src-address=192.168.10.100/32 table=roku
/system identity
set name=AUS
/tool netwatch
add comment="turn off" down-script="/ip route rule set 0 dis=yes" host=4.4.4.1 interval=5s
add comment="turn on" down-script="/ip route rule set 0 dis=no" host=4.4.4.2 interval=5s