After several months of thinking about it I finally got around to recording a screencast tutorial about setting up the traffic shaping feature in m0n0wall to accommodate VOIP traffic. Phillip Cooper’s series of screencasts were the inspiration for this. In going though his work (thank you!) it occurred to me that documenting the settings that allow my VOIP systems might be useful to others.
I have a new (ish) Comcast cable modem service here in my office, which gave me a testbed to setup another router and go through the setup process from scratch.
The finished screencast is not online yet. I’ve passed it to the m0n0wall project leads for comment & revision before making it public. It should be available in the next few days.
Sometimes its the little things that make life a lot easier. I just found that the latest beta of m0n0wall (v1.3b13) more properly supports the “Next Server” (aka Option 66) feature in the DHCP server. This is really handy for provisioning IP phones.
It appears that Dan Kaminsky’s DNS vulnerability is now out in the open. Or maybe it isn’t. Who knows. There was a lot of noise about vendors and ISPs dealing with patches, etc.
Happily, it appears that m0n0wall is not significantly affected. Manuel Kasper made a post on the user mailing list some time ago announcing v1.3b13-pre with an update to Dnsmasq. I installed this today without incident.
Words cannot express how much I appreciate m0n0wall. It’s simply fantastic for SOHO situations like my office.
I’m not a typical user. I’m an early adopter. I don’t mind putting in some effort to making something work up to its promised potential. I also like open source, but I just don’t see the value in running 3rd party software on a hobbled router platform. It’s just not good use of my time.
Sometimes the apparently simple, little things take longer than you’d expect. In my recent travels I’ve had some trouble when trying to VPN connect back to my home office. This generally happens for one of two reasons;
The ISP at the remote location is blocking related ports
The network at the remote location is on the same subnet range as my home office network
The first cause is something that I simply cannot control, but the second is something that I decided to address today. I moved my entire network onto a new subnet.
The process is simple enough. Make the required changes in the m0n0wall router and reboot just about everything. As much as possible I leave network devices with DHCP enabled and the reserve IP addresses in the routers DHCP server. Even so some things need hand tweaking.
For example, my wife tried to make a call only to find no dial tone on the house phone. It turns out that the Sipura SPA-2002 that we use with that phone had a hard coded DNS server entry. Oops. Gotta change that manually then dial tone returns.
Just to be safe I rebooted a lot of things and confirmed that they were back on the network and working correctly. I expect that we have more on-LAN devices than most homes. The process took a couple of hours.
Rarely do I profess as much devotion to a piece of software as I have for m0n0wall. I’m told that it’s one of the single most successful open source projects and it’s easy to see why. It’s been my primary router for over four years. It’s never let me down, and the user community is very supportive.
I am happy to see that Phillip Cooper has recently created a series of “screencasts” documenting it’s basic setup and configuration. This should help new users a lot. I wish they’d been around when I got started. I further wish that I’d thought to do the screencasts myself. It’s a good idea.