Exploring the KEA DHCP Server in pfSense+ 23.09

Do not use KEA DHCP after 50 days, I got a lot of problems and my devices did not come on the internet and also not got the right IPs.
So I had to switch back to the old ISC DHCP again.

Warning – KEA DHCP is not working 100% in 23.09.1

With the release of pfSense+ 23.09, a significant transition in DHCP services is on the horizon. The move from the traditional ISC DHCP server to the modern KEA DHCP is not just a change; it’s an upgrade that brings several benefits and improvements.

Why Switch to KEA DHCP?

  1. Deprecated ISC DHCP: The ISC DHCP server is now deprecated, signaling a shift towards more advanced and supported solutions like KEA.
  2. Simple Transition Process: You can easily switch to KEA DHCP via System > Advanced > Networking in the pfSense+ interface. A simple toggle from ISC DHCP to KEA DHCP is all it takes, maintaining the simplicity of the process.
  3. No Reboot Required: Remarkably, switching to KEA DHCP doesn’t necessitate a system reboot. This feature ensures minimal disruption in network services.

Key Considerations for Migration

  1. Automatic Migration: pfSense+ is engineered to seamlessly migrate your existing DHCP settings to KEA DHCP, preserving configurations like IP ranges and reservations.
  2. Manual Verification: It’s prudent to manually check that all settings have correctly transferred and KEA DHCP operates as expected.
  3. Advanced Configurations: KEA DHCP offers more flexibility, which might necessitate some manual adjustments for complex configurations.
  4. Documentation and Community Support: Leverage pfSense documentation and forums for any migration challenges or questions.
  5. Backup Your Configuration: Always backup your current configuration before making significant changes like this.

Enhancements with KEA DHCP

KEA DHCP is not just a replacement but an enhancement. It offers:

  1. Unified Configuration: KEA integrates dynamic ranges and static mappings more cohesively.
  2. Static Mappings in Dynamic Range: Static mappings can now coexist within the dynamic range, optimizing address space utilization.
  3. Flexibility in Assignments: KEA allows dynamic and fixed address assignments within the same pool, offering greater flexibility.
  4. Improved Management and Performance: Expect easier management and better performance with KEA, along with advanced features suitable for complex networks.

Post-Migration Steps

After the migration:

  1. Monitor Service Status: Check Status > Dashboard to confirm KEA DHCP service is up and running.
  2. Adjust Watchdog Settings: Update your service watchdog to monitor KEA DHCP instead of the old ISC service.
  3. Review Notifications: Keep an eye on notifications for any alerts related to DHCP service.

In summary, the transition to KEA DHCP in pfSense+ 23.09 is a straightforward yet impactful change. It simplifies the DHCP management while offering improved performance and flexibility. Remember to verify settings post-migration and enjoy the new capabilities of your upgraded system!

Knud ;O)



Setting Up Omada Controller on a Raspberry Pi 4 with Docker

Introduction

Managing TP-Link EAP devices becomes a breeze when you have a centralized controller. In this guide, we’ll walk through the steps to set up an Omada Controller on a Raspberry Pi 4 using Docker. This is an excellent solution for both home and small business networks.

Prerequisites

  • Raspberry Pi 4 with 4GB RAM
  • Docker installed on the Raspberry Pi
  • SSH access to the Raspberry Pi

Step-by-Step Guide

Step 1: SSH into Your Raspberry Pi

First, connect to your Raspberry Pi using SSH. This will allow you to execute commands remotely.

Step 2: Pull the Omada Controller Docker Image

Run the following command to pull the latest Omada Controller Docker image:

docker pull mbentley/omada-controller:latest

Step 3: Create Data Directories

Create directories to store Omada Controller’s data and work files:

mkdir -p /opt/tplink/OmadaController/data
mkdir -p /opt/tplink/OmadaController/work

Step 4: Run the Omada Controller Container

Execute the following command to run the Omada Controller container:

docker run -d \
  --name omada-controller \
  --restart unless-stopped \
  -e TZ='Europe/Copenhagen' \
  -e SMALL_FILES=false \
  -p 8088:8088 \
  -p 8043:8043 \
  -p 27001:27001/udp \
  -p 27002:27002 \
  -p 29810:29810/udp \
  -p 29811:29811 \
  -p 29812:29812 \
  -p 29813:29813 \
  -v /opt/tplink/OmadaController/data:/opt/tplink/EAPController/data \
  -v /opt/tplink/OmadaController/work:/opt/tplink/EAPController/work \
  mbentley/omada-controller:latest

Step 5: Access the Omada Controller

Finally, open a web browser and navigate to https://<Raspberry_Pi_IP>:8043. Follow the setup wizard to complete the installation.

Note: Replace <Raspberry_Pi_IP> with the actual IP address of your Raspberry Pi.

Conclusion

You’ve successfully set up an Omada Controller on your Raspberry Pi 4 using Docker. This will help you manage your TP-Link EAP devices efficiently. If you have any questions or run into issues, feel free to reach out.

Feel free to add this to your homepage, and let me know if you’d like any adjustments.



Creating Your Own Omada Controller for TP-Link Omada Access Points

Managing multiple TP-Link Omada access points can be a breeze when you have your very own Omada Controller set up. In this guide, we’ll walk you through the process of creating your Omada Controller using a Raspberry Pi, giving you the power to effortlessly handle your access points. Let’s dive in!

Preparing Your Raspberry Pi

To start, make sure your Raspberry Pi is up to date:

sudo apt update && sudo apt upgrade -y
sudo reboot

Installing MongoDB

The Omada Controller relies on MongoDB. Let’s install it:

wget https://repo.mongodb.org/apt/ubuntu/dists/focal/mongodb-org/4.4/multiverse/binary-arm64/mongodb-org-server_4.4.18_arm64.deb
sudo apt install /home/pi/mongodb-org-server_4.4.18_arm64.deb

Ensure MongoDB is running:

sudo systemctl daemon-reload
sudo systemctl enable mongod
sudo systemctl start mongod

Installing Dependencies

You’ll need a few more tools. Install them:

sudo apt install curl autoconf make gcc openjdk-11-jdk-headless
sudo apt remove jsvc

Compiling and Installing JSVC

Download and install JSVC:

wget https://dlcdn.apache.org/commons/daemon/source/commons-daemon-1.3.4-src.tar.gz
tar -xzf commons-daemon-1.3.4-src.tar.gz
cd commons-daemon-1.3.4-src/src/native/unix
sh support/buildconf.sh
./configure --with-java=/usr/lib/jvm/java-11-openjdk-arm64
make

ln -s /home/pi/commons-daemon-1.3.4-src/src/native/unix/jsvc /usr/bin/

sudo mkdir /usr/lib/jvm/java-11-openjdk-arm64/lib/aarch64
sudo ln -s /usr/lib/jvm/java-11-openjdk-arm64/lib/server /usr/lib/jvm/java-11-openjdk-arm64/lib/aarch64/

Installing Omada Controller

Now, let’s get the Omada Controller on your Pi:

cd /home/pi
wget https://static.tp-link.com/upload/software/2023/202303/20230321/Omada_SDN_Controller_v5.9.31_Linux_x64.deb
sudo dpkg --ignore-depends=jsvc -i Omada_SDN_Controller_v5.9.31_Linux_x64.deb

Accessing the Controller Interface

You can now access the Omada Controller’s web interface through your browser using:

  • HTTP: http://192.168.0.4:8088
  • HTTPS: https://192.168.0.4:8043

Keeping Things Updated

Keep your system and MongoDB updated:

apt list --upgradable
sudo apt-mark hold mongodb-org mongodb-org-server mongodb-org-shell mongodb-org-tools mongodb-org-mongos mongodb-org-database-tools-extra

Final Checks

Ensure everything is running smoothly:

sudo tpeap status
sudo tpeap start

If you need to stop the Omada Controller:

sudo tpeap stop

And always double-check MongoDB’s status:

service mongod status

With your very own Omada Controller up and running on your Raspberry Pi, you’re now equipped to effortlessly manage and optimize your TP-Link Omada access points. Enjoy the convenience of centralized control and efficient network management!



Booting Raspberry Pi via PXE: A Guide to Network Booting

Title: Booting Raspberry Pi via PXE: A Guide to Network Booting

Introduction

Raspberry Pi, with its versatility and affordability, has become a favorite among tech enthusiasts for various projects. One of the most intriguing applications is using PXE (Preboot Execution Environment) to boot Raspberry Pi devices over the network, eliminating the need for local storage. This method can simplify management and deployment in various scenarios. In this guide, we’ll walk you through the steps to set up PXE boot for your Raspberry Pi.

Prerequisites

Before diving into the PXE boot setup, ensure you have the following:

  • Raspberry Pi board(s)
  • Network access
  • A NAS (Network-Attached Storage) or server for storing boot and root images
  • Basic knowledge of Linux commands

Setting Up PXE Boot for Raspberry Pi

  1. Find Serial Number for PXE Boot Begin by finding the serial number of your Raspberry Pi. Open a terminal and enter the following command:

   vcgencmd otp_dump | grep 28: | sed s/.*://g

  1. Install Necessary Software Install the nfs-common package on your Raspberry Pi by running:

   sudo apt install nfs-common

  1. Configure Network Booting Use raspi-config to enable network booting:

   sudo raspi-config

In the advanced boot options, enable network booting and set the boot order to boot from the network if the SD card boot fails.

  1. Create Directories On your Raspberry Pi, create a directory in /rpi-tftpboot using the serial number obtained earlier. On your PXE server, create a directory with the hostname of your Raspberry Pi.

   mkdir /nfs/boot /nfs/root

  1. Mount NAS Mount your NAS or server to the created directories:

   sudo mount -t nfs -o proto=tcp,port=2049 192.168.0.11:/volume1/rpi-tftpboot/8eb2f324 /nfs/boot
   sudo mount -t nfs -o proto=tcp,port=2049 192.168.0.11:/volume1/rpi-pxe/RPI4GB /nfs/root

  1. Copy Boot and Root Images Copy the boot image to the /nfs/boot directory and the root image to the /nfs/root directory:

   sudo rsync -av /boot/* /nfs/boot
   sudo rsync -av --exclude '/nfs' / /nfs/root

  1. Modify Command Line Edit the cmdline.txt file in the /nfs/boot directory to adjust the mount point and other parameters:

   sudo nano /nfs/boot/cmdline.txt

Modify the console, root, and nfsroot parameters to match your setup:

   console=serial0,115200 console=tty1 root=/dev/nfs nfsroot=192.168.0.11:/volume1/rpi-pxe/RPI4GB rw ip=dhcp elevator=deadline rootwait

  1. Update /etc/fstab Edit the /etc/fstab file on the Raspberry Pi to update the mount points for the boot and root directories:

   sudo nano /nfs/root/etc/fstab

Update the entries with the appropriate paths:

   192.168.0.11:/volume1/rpi-tftpboot/8eb2f324  /boot           nfs    defaults          0       2
   192.168.0.11:/volume1/rpi-pxe/RPI4GB  /               nfs    defaults,noatime  0       1

Conclusion

By following these steps, you’ve successfully set up PXE boot for your Raspberry Pi devices. Network booting offers flexibility, scalability, and centralized management for your projects. This method can be particularly valuable for large-scale deployments or when you want to minimize the reliance on physical storage. Enjoy the benefits of network booting and explore new possibilities for your Raspberry Pi projects!



Optimizing Network Performance: A Quick Guide to Checking Your pfSense Dashboard

In today’s fast-paced digital world, a reliable and speedy internet connection is crucial. If you’re experiencing a drop in your internet speed, there might be a simple solution lurking within your network setup. In this brief guide, we’ll show you how to quickly diagnose potential issues using your pfSense dashboard, ensuring that your network is operating at its full potential.

Step 1: Access Your pfSense Dashboard

To get started, make sure you have access to your pfSense dashboard. You can usually do this by opening a web browser and entering the IP address of your pfSense router. Once you’re logged in, follow these steps.

Step 2: Check Interface Connections

Navigate to the “Interfaces” section of your pfSense dashboard. Here, you’ll find an overview of how your ports are connected. It’s essential to confirm that all ports are configured to their maximum speed. In a network setup with a maximum of 1000baseT full-duplex, ensure that all ports are set to this speed for optimal performance.

Step 3: Verify Port Speeds

If you notice a sudden drop in your internet speed, the first thing to check is whether all ports are still operating at their fastest speed. A simple misconfiguration can cause ports to revert to lower speeds, which can drastically impact your network’s performance. If any ports are not set to the maximum speed, adjust their settings accordingly.

Step 4: Monitor CPU and Memory Usage

Moving on to the pfSense dashboard, keep an eye on the CPU and memory usage. Excessive resource consumption can lead to slowdowns and reduced network performance. Ideally, both metrics should remain within acceptable ranges. If you notice unusually high CPU or memory usage, investigate further to identify any unnecessary processes or activities that might be causing the strain.

Step 5: Streamline Package Installation

While it might be tempting to install various packages on your router/firewall, remember that each added package consumes resources. To maintain optimal performance, only install the packages that you genuinely need. Unnecessary packages can eat up valuable CPU and memory, potentially leading to network bottlenecks and slower speeds.

Conclusion

A quick visit to your pfSense dashboard can often reveal the underlying causes of a drop in internet speed. By ensuring that all ports are configured correctly, monitoring CPU and memory usage, and being selective about the packages you install, you can maintain a high-performing network that meets your needs.

Remember, even the most advanced network setups can encounter issues, but with a little vigilance and these simple steps, you can keep your network running smoothly and enjoy a seamless online experience.



Safeguarding Your Digital Oasis: The Importance of Network Segmentation and Robust Security

Title: Safeguarding Your Digital Oasis: The Importance of Network Segmentation and Robust Security

Introduction

In our interconnected world, the proliferation of Internet of Things (IoT) devices and the need for guest access has become increasingly common. However, the convenience comes with potential security risks that should not be ignored. In this blog post, we will emphasize the critical importance of separating IoT devices from your private network, implementing robust security measures, and maintaining up-to-date systems to create a secure digital oasis for your home or business.

  1. The Significance of Network Segmentation

Isolating IoT devices from your private network is a fundamental security practice. IoT devices often have vulnerabilities, and if compromised, they can become a gateway for hackers to access your personal data and network. By creating a separate network for these devices, you mitigate the risk of unauthorized access and protect your sensitive information.

  1. Implementing Robust Security Measures

Having a strong and well-configured firewall is paramount to safeguarding your network. A firewall acts as a gatekeeper, monitoring and controlling incoming and outgoing traffic, preventing malicious entities from gaining entry to your network. Additionally, utilizing intrusion detection and prevention systems (IDPS) adds an extra layer of security, alerting you to potential threats in real-time.

  1. Securing Guest Access

Offering guest Wi-Fi access is a common courtesy, but it should never jeopardize your private network’s security. It is essential to create a separate guest network with strong encryption and a unique password. Restricting guest access to the internet only ensures that their devices are isolated from your private network, safeguarding your data and devices from unauthorized access.

  1. Keeping Systems Up-to-Date

Maintaining regular updates for your computers, router, and firewall is a crucial practice in network security. Software developers frequently release updates to address security vulnerabilities and enhance performance. By staying current with these updates, you minimize the risk of potential exploits and ensure your network remains robust against emerging threats.

  1. Strengthening Wi-Fi Security

Securing your Wi-Fi access point is vital to prevent unauthorized access to your network. Enable WPA3 encryption, which offers the highest level of Wi-Fi security available, and use a strong, unique password that combines uppercase and lowercase letters, numbers, and special characters. Regularly change your Wi-Fi password to further enhance security.

  1. Guest Network Isolation

To ensure guest privacy and protect your network from any misconfigurations, enable client isolation on your guest network. This feature prevents devices connected to the guest network from communicating with each other, limiting their access to the internet only.

Conclusion

As technology becomes an integral part of our lives, ensuring the security of our networks is of utmost importance. By implementing network segmentation to separate IoT devices from the private network, creating strong security measures with up-to-date systems, and securing guest access, you create a fortress of protection for your digital oasis.

Remember, safeguarding your network is an ongoing process. Continuously update your systems, maintain robust security measures, and educate yourself on emerging threats. With these practices in place, you can confidently enjoy the benefits of technology while protecting your personal data and ensuring a safe digital environment for yourself and your guests.