Ricky in Melbourne - Enjoy Learning

How to upload SSL certificate to Asus router

When it comes to home network security, people always saying I don’t need to worry about that since it’s my home network, not a corporate network. However, your home network is still connecting to the internet which means exposed to the attackers.

One of a good example is some people remote back in home’s network, like your router, NAS or even FTP etc. If you only using HTTP, anyone who just had a simple traffic capture can see all of your whole paint text traffic, included your password.

In today’s world, not only enterprise need a better security, home network as well. and encrypt your traffic is not that hard, just by enabling HTTPS.

So last time I had my NAS remote HTTPS enabled, today I will use the same free public SSL certificate to upload to my Asus router.

No matter what firmware you are using, the upload SSL process should be the same since the core is a linux system

OK, let’s get started.

 

1. Prepare your public SSL certificate

The certificate format has to be a PEM certificate, which may has the extension by .pem, .crt, .cer, .key

If you would like to know more about differernt certificate format and wants to convert between them, you can found here

Here’s what my certificate looks like

clip_image002clip_image004

 

2. Enable SSH on Asus router

Navigate to Administration->System, just enable SSH and apply

Note: I do not recommend enable SSH for WAN, although SSH is a secure protocol, but less ports (doors) to your home is always better

clip_image006

 

3. Enable HTTPS login for router

Navigate to Administration->System

clip_image008

 

4. Login to SSH

To login to SSH, a free tool called “PuTTY” is your friend

Just open PuTTY and type in your router’s IP and port

clip_image010

 

5. Follow the steps below or here to upload your certificate

—————–Verify that https_crt_save is off—————————-

ricky@Ricky-AC87U:/tmp/home/root# nvram get https_crt_save
0

——————Enable https_crt_save and verify that it was set correctly——————

ricky@Ricky-AC87U:/tmp/home/root# nvram set https_crt_save=1
ricky@Ricky-AC87U:/tmp/home/root# nvram get https_crt_save
1

ricky@Ricky-AC87U:/tmp/home/root# cat >/etc/key.pem

—————-Open your key file in Notepad and paste here, do NOT use “Word Wrap”—————–

clip_image012

——————–Hit Ctrl+D to save and exit cat command———————————-

ricky@Ricky-AC87U:/tmp/home/root# cat >/etc/cert.pem

———————-Open your cert file in Notepad and paste here, do NOT use “Word Wrap”—————————-

———————–Hit Ctrl+D to save and exit cat command———————–

——————————Verify https_crt_file is empty—————————

————————–You should see empty here—————————-

ricky@Ricky-AC87U:/tmp/home/root# nvram get https_crt_file

ricky@Ricky-AC87U:/tmp/home/root#

ricky@Ricky-AC87U:/tmp/home/root# nvram get https_crt_file

================You will see your new certificate file like below——————–

clip_image014

———————Restart httpd———————–

ricky@Ricky-AC87U:/tmp/home/root# service restart_httpd

—————————Reboot———————-

ricky@Ricky-AC87U:/tmp/home/root# reboot

 

6. Verification

After the reboot, let’s test the result

clip_image016

That’s my own SSL certificate, no warning anymore

By rickygao on March 1, 2015 | Network, Tech | 9 comments

关于冰箱那点事

冰箱这个大件是我们每天生活所必不可少的,尤其是当你一旦在一段时间内没有冰箱的时候你肯定能发现冰箱的重要性。

虽然大家每天都在使用冰箱,但是以下几个问题你知道答案吗?

1. 冰箱的冷藏室应该调整成什么温度最合适?

2. 冷冻室应该调整成什么温度最合适?

3. 什么样的食物不适合放在冰箱里呢?

 

看似简单的问题不一定人人都知道答案吧?如果你也想知道答案,那么请往下看:

1. 冰箱的冷藏室应该调整成什么温度最合适?

2. 冷冻室应该调整成什么温度最合适?

这个问题牵扯到食物在什么温度下容易变质的知识,有很多相关科学研究和文章可以看

  • 美国 Department of Health and Human Services

Are You Storing Food Safely?

  • 澳洲 Food Safety Information Council

Fridge and freezer food safety

  • 澳洲权威家用电器评测网站 Choice

What’s the ideal temperature for your fridge?

结论: 冷藏室温度应该保持在4°C以下,而冷冻室应该保持在-18°C以下

 

3. 什么样的食物不适合放在冰箱里呢?

很多人从来没有考虑过这些问题,而是把各种食物全部丢到冰箱里,殊不知其实很多食物放到冰箱里反而会加快它变质的过程

下面列举了几种种常见不宜放冰箱的食物和原因

  • 番茄

番茄放入冰箱后口感会变差,最好将番茄放在室温下但不要超过一个星期,如果需要放入冰箱长期保存,取出冰箱后放在室温下一小时后再吃。

  • 洋葱

洋葱放入冰箱后会变软,还有就是洋葱会把冰箱弄得都是它的味道

  • 土豆

土豆放冰箱会导致土豆失去原有的微甜的味道,而且会加速土豆变黑

  • 牛油果

牛油果放入冰箱会影响其口味和颜色,如果已经切开了的牛油果,无奈之下可以用保鲜膜包裹放入冰箱

  • 大蒜

和洋葱一样,大蒜会变软和影响其他食物的味道

  • 香蕉

香蕉是热带水果,放入冰箱后会导致其迅速变黑,像洋葱和大蒜一样,香蕉也会导致其周围的食物感染上香蕉的气味

  • 黄瓜

黄瓜放入冰箱超过3天后就失水,加速腐烂

  • 蜂蜜

蜂蜜可以在室温下放置很久,所以没有必要放入冰箱,放入冰箱后的蜂蜜会导致其结晶

  • 柑橘类水果

柠檬,橙子之类的水果放入冰箱后会导致其干燥、无味

By rickygao on February 28, 2015 | Daily Life | A comment?

Tuning The Asus Wireless Router To Best Performance

I’ve been really enjoying Asus wireless router at home for years, which I believe is the best home wireless router in the world.

The reason why I’m saying best is because of the following consideration as a home wireless router

  • Coverage
  • Performance
  • Features
  • Compatibility
  • Third party firmware support, like Tomato and DD-WRT

The last Asus wireless router I was using was RT-N16 which is one of the classic router from Asus, it served my home for 2 years without any issues. However, by moving into a bigger house and all of my devices now supporting dual-band network, it seems that I have to buy a new router.

The consideration of the new router will still be the above, especially for the best signal coverage as I don’t want to extend my network by using any WIFI extender and slow down my network.

Lucky, the new Asus RT-AC87U can meet all of my requirements, the only AC2400 4×4 MIMO wireless router in the world with 465m2 coverage premised. More review can be found here,  the longest effective range so far.

image

In case some people need to understand a few performance parameters:

AC2400: the WIFI network speed can reach to 2.4Gb with 600Mbps (Max speed of 2.4GHz network) plus 1734Mbps (5GHz network)

4×4 MIMO: best router capacity, read here

With the best hardware (home router), our next step is to tweak the router to best match our environment since every family may have their own needs.

So the first thing we need to think about is the firmware loaded on the router.

Since Asus router supported various types of firmware, and they all have pros and cons, you can consider by my below matrix

Firmware

RT-AC87U Supported HW Acceleration VLAN Guest Network VPN QoS Per IP Traffic Monitoring Save History to USB Static DHCP Nickname Firmware Quality
Asus Original Yes Yes No Yes Yes Yes No No No Stable
Asuswrt-Merlin Yes Yes No Yes Yes Yes Yes Yes Yes Stable
Tomato No Yes Yes Yes Yes Yes Yes Yes Less Stable
DD-WRT No Yes Yes Yes Yes Yes Yes Yes Less Stable

I also struggling a long time to decide since all of the features are critical for me, especially for a home network with a lab. Although both Tomato and DD-WRT still haven’t support the latest RT-AC87U yet, but I can still flash to it, just lacking the new feature support I believe.

However, the Hardware Acceleration can boost your router a lot, especially for NAT, the internet speed once you have a large number of devices, I don’t want to miss these important feature, so finally I decided to go with Asuswrt-Merlin, which is the one just right build on the original firmware with more customized features. Once Tomato and DD-WRT starting support HW Acceleration, I may switch to them.

To be more clear on the Hardware Acceleration on both Asus original and Asuswrt-Merlin firmware, please refer to below table

  • CTF(Cut Through Forwarding): Software optimization technique to accelerate NAT
  • FA (Flow Accelerator): Hardware NAT acceleration mechanism design for accelerating wired DHCP and Static IP connections

Level 1=CTF Only

Level 2=FA + CTF

Category

Feature

Menu

Support HW Acceleration  Level

QoS

Traditional

Adaptive Qos->QoS

Off

QoS

Adaptive

Adaptive QoS->QoS

Level 1

None of Above

Level 2

Asuswrt-Merlin

Category

Feature

Menu

Support HW Acceleration  Level

QoS

Traditional

Adaptive Qos->QoS

Off

Traffic Monitor

IP Traffic Monitoring

Tools->Other Settings

Off

QoS

Adaptive

Adaptive QoS->QoS

Level 1

None of Above

Level 2

OK, now we are clearly enough on the Hardware Acceleration, let’s start tunning the settings

I will ignore a few basic settings since everybody should knows that Smile, will only focus on the advanced settings

1. Wireless->General

imageimage

Option Description Recommendation

Protected Management Frames

Current 802.11 standard defines “frame” types for use in management and control of wireless links. IEEE 802.11w is the Protected Management Frames standard for the IEEE 802.11 family of standards. TGw is working on improving the IEEE 802.11 Medium Access Control layer. The objective of this is to increase the security by providing data confidentiality of management frames, mechanisms that enable data integrity, data origin authenticity, and replay protection. These extensions will have interactions with IEEE 802.11r and IEEE 802.11u

More security, Less compatibility

Disable
Wireless Mode (2.4GHz) Max the 2.4GHz performance since the 802.11 a/b/g connection will slow down the 2.4GHz speed, and it’s hardly to see any a/b/g client now

N only

Network Key Rotation Interval (2.4GHz+5GHz)

The key is automatically generated from the SSID and the password set for the network. Refreshing of this key does not mean that a new password will have to be entered every hour. However, it results into Internet connection being unavailable for some time at regular intervals

More security, connection may lost during key renew

0

2. Wireless->WPS

image

Less security protocol, just turn it off

3. Wireless->Professional

imageimage

Option Description Recommendation

Roaming assistant

Enabled if more than one AP

Disable

IGMP Snooping (2.4GHz+5GHz)

Better streaming TV

Enable
Preamble Type

Preamble Type defines the length of time that the router spent for CRC (Cyclic Redundancy Check). CRC is a method of detecting errors during data transmission. Select Short for a busy wireless network with high network traffic. Select Long if your wireless network is composed of older or legacy wireless devices.

Newer wireless “b” devices using a short preamble typically experience quicker data transfers. Moving from a long to short preamble will not solve poor connection issues or slow Internet speeds. However, moving to wireless “g” and wireless “n” devices increases transfer speed and range. Short preambles work with every wireless type other than older types with limited transmission rates in the 1 to 2 Mbps range.

Better performance, Less compatibility

Short
AMPDU RTS Deal with traffic congestion problems. For example, the throughput of your machine might be suffering when others are doing large downloads or file transfers or streaming media Enable (default)

Enable TX Bursting

Improve transmission speed of g device Enable
Enable WMM APSD WMM APSD is a QoS setting which, when enabled, allows some devices to go into a lower power and higher latency state while others stay as low latency as possible. WMM = QoS and APSD = Automatic Power Save Delivery. Enabled (default)
Reducing USB 3.0 interference Better 2.4GHz performance and range, less USB 3.0 speed Enable
Optimize AMPDU aggregation MPDU aggregation also collects Ethernet frames to be transmitted to a single destination, but it wraps each frame in an 802.11n MAC header. Normally this is less efficient than MSDU aggregation, but it may be more efficient in environments with high error rates, because of a mechanism called block acknowledgement. This mechanism allows each of the aggregated data frames to be individually acknowledged or retransmitted if affected by an error Disable (default)
Optimize ack suppression with no ack is that SSL based communications are more likely to error, very slight bandwidth decrease with it enabled Disable (default)
Turbo QAM Better performance, both router and client must support it Enable (default)
Airtime Fairness With airtime fairness, every client at a given quality-of-service level has equal access to the network’s airtime. This is essential for ensuring predictable performance and quality-of-service, as well as allowing 802.11n and legacy clients to coexist on the same network. Without airtime fairness, router using mixed mode networks risk having legacy clients slow down the entire network or letting the fastest clients crowd out other users Enable (default)
Explicit beamforming The clien’ts WLAN adapter and router both support beamforming technology. This technology allows these devices to communicate the channel estimation and steering direction to each other to improve download and uplink speed. Enable (default)

Universal Beamforming

For legacy wireless network adapter that do not support beamforming, the router estimates the channel and determines the steering direction to improve the download speed Enable (default)
Regulation mode IEEE 802.11h is the IEEE standard for Spectrum and Transmit Power Management Extensions. It solves problems like interference with satellites and radar using the same 5 GHz frequency band. It was originally designed to address European regulations but is now applicable in many other countries. The standard provides Dynamic Frequency Selection (DFS) and transmit Power Control (TPC) to the IEEE 802.11a MAC

It has no useful function as far as we are concerned. However, if left “floating” in an unknown state, it caused association problems

Off (default)

4. LAN->Switch Control

image

Option Description Recommendation

NAT Acceleration

HW Acceleration 

Auto

Enable Jumbo Frame

More compatibility, less performance Disable

5. WAN->Internet Connection

image

Option Description Recommendation

Enable VPN + DHCP Connection

If you enabled VPN service, this must be enabled 

Yes

 

 

 

If you would like to flash the router to Tomato, you can refer to here

By rickygao on February 25, 2015 | Home Lab, Network | A comment?

AD
ADFS
ADRMS
Android
Azure
Certification
Citrix
Cluster