Monday, August 25, 2014

iPhones, iPads Won't Connect to NETGEAR Wireless Router

Been having issues for a while where Apple devices - Macintosh computers, iPhones, iPads won't connect to my Wireless NETGEAR Router.

It seemed that "forget this network" on the iPhone or iPad and re-establishing or releasing and renewing the IP on a Macintosh computer did the trick.

To me this was not a big deal. I had other priorities. Some of those who visited my humble abode, however, found this quite annoying and made quite a ruckus about it - to the point where I spent a whole week end testing things out and searching the web. (I didn't really need the whole weekend - it was an excuse to try out some new network equipment which was fun for a nerd.)

Finally found the culprit. The last update to the NETGEAR firmware has a bug.
 
To fix you can downgrade the firmware on your router.
 
Before you start login to your router and see figure out the current firmware for your router. Typically you can login at http://192.168.1.1. For my model the firmware version is on the advanced tab.

1. Go to Netgear.com
2. Click support at bottom of page
3. Click on for home
4. Click on Browse Products
5. Click on Routers, Modems & Gateways
6. Click on wireless routers & gateway modems
7. Choose your model.
8. Click Select
9. Under Firmware/Software your version likely matches the latest version. Click on Get More Downloads.
10. Scroll down and select one version prior than the one you have. 
11. Download the file, unzip.
12. Find the tab in your router where you can select and choose that file to apply that version to your router.

Sadly, these downloads are not over SSL. HTTPS doesn't work on the download page. There is also no checksum to verify the contents of the file.

But hey, it fixed the problem for me.

Updates and patches are important for security, so keep an eye out for a newer version that lists this issue as fixed in the readme and continue to update at that point.

Sunday, August 24, 2014

Surfboard cable modem won't work with router

When I plugged the router into a Surfboard SB6141 modem, no joy. 

If you don't want to read the story and want a simple fix go to the SUMMARY section at the end of the post. Hoping by sharing someone at Comcast might actually fix things so this process is a bit more seamless.

 Why am I testing out the Surfboard SB6141 instead of using what Comcast provided? Been having random issues with their equipment, costs money to rent, plus read up on DOCSIS 3.0 on web sites like this:

 http://www.cox.com/residential/support/internet/article.cox?articleId=d0168860-e4eb-11e0-dee8-000000000000

 and this:

 http://www.tinkertry.com/sb6141/

Getting all this to work is another matter...calling Comcast is not something I look forward to on most days so doing as much research in advance as possible to minimize the time involved.

I read that when the modem has a device plugged in will be in bridged mode. This means the cable modem will pass the connection through to the connected device to interact with the ISP. Apparently the activation process with Comcast or other ISP ties the computer's MAC address to the ISP connection. The IP stores that MAC for 24 hours or longer. When you unplug the computer with the MAC address the ISP is expecting and plug in another device such as a router you will longer get your Internet connection.

>> update: however, I spoke to someone at Comcast that suggested they no longer use MAC addresses for cable. However he couldn't explain why plugging in the TRENDnet router would not work. If anyone can - technically - explain this to me give me a shout on Twitter. I want nerd level details.

There are presumably a few ways around this MAC issue if you are on a network with such an issue per what I read. I haven't tried any of this:

1. Wait 24 hours to see if the ISP picks up the new MAC Address :) but time is money and this sounds hokey. Not sure would solve the problem. Probably still have to call.

2. Configure the router to look like it is the device with the MAC the ISP is looking for. I don't like this option much personally.

3. Get the ISP to recognize the MAC address of the correct device. This seems like everyone is playing nicely and doing what is expected of them. Apparently easier said than done.

Specific examples -

I tried initially to plug in a cheap TRENDnet router just for fun. It was about $24 at Fry's. This didn't work at all. They suggest cloning the MAC address as noted in the following article:

How to make a TRENDnet router work clone MAC address of computer that registered during activation: http://www.trendnet.com/kb/kbp_viewquestion.asp?ToDo=view&questId=1091&catId=42

As a side note faking a MAC address shows you just how reliable MAC addresses are for authentication of a device (as in not at all).
 
Apparently Cisco routers have a similar issue when not using a Cisco cable modem. However they are more powerful and allow Administrators to program them to do more things. If you are not an admin or trying to become one this can be daunting and frustrating so not recommended for home users who don't enjoy geeking out. 
Cisco instructions to configure a non-Cisco cable modem:
 

But moving along, I unplugged the TRENDnet router and plugged in my NETGEAR wireless router I was using before I swapped out the cable modem. It worked without doing anything - but only for a wired connection from the machine I used to configure the modem to the NETGEAR device. Yes I plugged, unplugged, rebooted, released, renewed, reset, closed and opened. Nothing worked. So unless you only want one device on the network and no wireless this isn't very useful.

Ok now I'm on a mission. I'm going to try some different cable modems. Next up is a NETGEAR modem.

Once again I go through the activation routine. This time it forces me to create a brand new Xfinity account even though I created one yesterday setting up the Motorola Surfboard  modem. The credentials I created yesterday don't work either. Not to mention - I have a business class account and normally I login somewhere else. 

Anyway, only one hiccup in the activation: said it hit an error and had to unplug and re-plug in the modem. Then it said activation was complete. Said to close and re-open browser.

Ah, but no. New browser brings back activation page. Hmm. Let's try turning off modem for longer and a reboot.

Nope.

Have to start over.

Grumble.

On second attempt I don't think I had to enter as much information. It got to the page that said all good. I hit next, modem restarted, no connection.

Close browser. Wait for all the lights to indicate the modem is happy. Open browser. No dice. Hit fix connection which resets the network adapter.

Joy.

Ok now let's try a newer version of NETGEAR router. Old is a couple years old at least. That's ancient in tech years.

Plug NETGEAR router into NETGEAR modem. 

And. It. Works.

The speeds were actually slightly better than the Surfboard though not significantly.

Ok change password, set up wireless. That works too. Sort of.

iPhones have issues with current NETGEAR firmware but that's a topic for another post.

Also I guess will be forced to call Comcast since my static IP is not working. (See below for how that turned out).

So one option is don't buy a Motorola Surfboard or TRENDnet router if using Comcast. Or don't use Comcast. Get a decent NETGEAR modem and wireless router instead if you are looking for a simple option...except for the Apple issue I will explain later. And not if you have a fixed IP.

The Surfboard is getting a lot of hype but apparently it can't work to full potential on Comcast (if at all). Based on the Cox link above doesn't seem the Surfboard is the issue. 

--- Call to Comcast

I actually got someone good on the phone when I called Comcast who put up with all my questions and got me some answers. He couldn't answer everything but he did get info from someone who could explain the static IP issue and the "only approved equipment" and why the Surfboard only has one star on their web site.

You cannot have a static IP unless you use Comcast provided gear. This is because the gear from Comcast is altered and customized to interact with their systems. In the case of a fixed IP address there is certain configuration Comcast owns and manages to interact with their systems. It is proprietary and a security risk to expose this to customer owned devices where customers (and hackers) can do anything they want on that device. Hackers could use their box, or take over yours - and get into the Comcast network. Once in they can do damage to everyone.

If you don't believe all this mumbo jumbo I'd be happy to share a case study I did on the Target Breach. If you understand that you may understand why the security people at Comcast have such paranoia (which I share). I just wish they would explain things a bit better when customers call.

As for the Motorola Surfboard it is "compatible" but not "supported" by Comcast. That means it might work and should work but you have to call the vendor (Motorola) if you have problems. Hence the one star. And as noted won't work with a fixed IP.

SUMMARY
~~~~~~~~~~~~~~~~~
A speed test at speeds I currently pay for showed no difference between Motorola, NETGEAR or Comcast provided gear.

If you really don't want Comcast gear and you don't need a fixed IP the Surfboard connected to my computer OK, but when I logged in can't change any settings. Routers I tried with the Surfboard had issues. Sounds like the MAC cloning may or may not be the problem with TRENDnet + Surfboard.

It was easier for me to set up with a couple hiccups was DOCSIS 3.0 gigabit modem + wireless router from NETGEAR.

I figured out the SMC from Comcast was not the issue for my Apple products. Suspected the wireless router but had to prove it.For someone I know and a free dinner!  :)

Looks like Comcast also has a router from Cisco that is DOCSIS 3.0, 8 channels down, 4 up. Looks pretty good. But their techs have to set it up if you want business class + fixed IP. Note that I was thinking of going for the DPC3008 to have a simple modem that wouldn't conflict with other devices but for a fixed IP they force you to get a wireless gateway device. You can ask them to set this up in bridge mode and turn off the wi-fi.

And while I was on the phone - they've been calling me to upgrade my service for same price. Got that done. Plugged back in the Comcast equipment.

Speed test: 56.95 down. 11.71 up.

 
So there you go. Getting the speed I paid for. Resolved issue with Apple iPads and IPhones not connecting to NETGEAR wireless router and had nothing to do with Comcast.


The only thing I want to check is quality of streaming video which was fuzzier than my friend's TV. Time for a TV test??

Which cable modem is right for you? Take your pick...just go for DOCSIS 3.0 with 8 channel down, 4 channel up if going very high speed and Comcast gear if you need fixed IP.

Update: 8/29/2014 --- Cisco cable modem / gateway

Tried out Cisco provided modem from Comcast Business class.

59.95 down
11.65 up

So pretty much the same as the same as the others but hopefully a Cisco device will play nicely with the other Cisco devices I am about to install.

I was able to ask the tech to turn off the two wireless networks and the wireless hot spot. I am not exactly sure why there is a separate wireless hot spot on top of the other wireless networks but don't want anything connecting to that device over wireless. You can login to that device and change the settings as needed if you want to turn off DHCP, turn on bridge mode, etc. I believe you can do the same with the SMC.
 

Tuesday, August 19, 2014

Installing Fedora in VMWare Fusion to run Git from Linux

Just FYI I'm leaning Mac, VMWare Fusion, ISOs, Linux distros, GIT (and security, Cisco network gear, AWS) all at the same time. Forgive me for not being an expert at everything. I do have a bit of experience.

I decided to install a Linux VM to test running Git from it. I just wanted a Git repo to store some Cisco ASA config files. I never got to the Git part. It took me all the time I had just to get the Linux VM running.

The instructions on web sites I went to were far from obvious. After going through this I think I can boil this down to 12 steps to help the next poor soul who wants to accomplish this feat for the first time:

1. Go to FedoraProject.org
2. Click download
3. Click on Formats in sub menu
4. Click on 64bit DVD option (unless you 
have 32 bit older machine of course).
5. Download starts immediately.
6. Use Windows File Integrity Checker to check the integrity of the file you downloaded: http://websitenotebook.blogspot.com/2014/12/windows-file-integrity-checker-like.html
7. Right click (on downloaded file on Mac) and burn to blank CD
8. Start Fusion. 
9. File, new, choose appropriate Linux options
10. On the top of vm screen click the icon with cd coming out of drive.*
11. Choose disk option and select the file burned to CD
12. Follow prompts to install Fedora on the VM

* If your VM doesn't see the CD Rom drive have to stop the VM and associate the drive with the VM while it is stopped. Then play the VM and choose the file on CD as noted above.

If you want to know the convoluted waste of time I had to go though to figure out those steps, to understand what poor instructions do to people, read on.

1. Download Fedora - hopefully got the right version.
2. Says I need a thumb drive or CD to run. Find thumb drive. Hope has enough space.
3. Download checksum file to same directory
4. Run curl command to Fedora web site which does something
5. Try PGP command which fails because don't have PGP installed
6. Try to install PGP. Apparently bought by Symantec now.
7. Read about PhilipZimmermann.com - cool.
8. Login at Symantec (recover password)
9. Download and install PGP
10. Realize command on Fedora site is is gpg, not pgp
11. Visit OpenPGP.org seeking free version of GNU privacy guard
12. Search and find downloads on various web sites. gnupg.org seems to be official.
13. Get the Mac version. More checksums to verify that.
14. Is meant for email. Wants my address book. No.
15. Command line verification doesn't work with Mac version as written. This is a pain in the ass.
16. Tried the SHA checksum and that didn't work either. Maybe I'll write my own checksum software.
17. Well I'm putting this on a disk to run in a VM so let's skip to that for now. In theory in VMWare won't have access to the host. (not necessarily recommended but I will follow up on this later). 
18. Turns out on Mac you can just right click and burn to disk. Ok forget the USB drive. Go find disk and external drive...(oh yeah there's my Windows 2012 CD in my CD drive...remove and replace with new, blank disc.)
19. Right click on downloaded file, burn, enter some stuff. Wait.
20. Open VMWare Fusion, choose file, new, cd just created, Linux, Fedora, 64 bit, finish, save
21. No worky. Says it can't find boot files.
22. Aparently I downloaded live image which won't work in VM - intended to run from CD. Perhaps requires Internet access. Not what I wanted. Bah. Or maybe I did something else wrong. Search for a different version.
23. Oh...there are the USB instructions. Huh. Later.
24. Let's try downloading the DVD version which creates an ISO and actually installs the OS.
25. Get another blank disk.
26. Burn, Wait....surf the web for Linux training that includes overview of distros, LiveCDs and VMs (already took one security class but that assumes you have the OS installed...)
27. Dang. OS not found. Mouse stopped working. Hosed. 
28. Hard reboot. What? Download not finished. I guess I had multiple downloads going on clicking around the Fedora web site trying to find DVD version.
29. Move all downloads to trash and re-download half finished DVD version. Watch the download bar to make sure it completes this time.
30. Downloads won't complete. Restart machine.
31. Figure out downloads hung up in Safari. Stop all but the one I want.
32. Download working again...wait for full download.
33. Install Google Chrome - going to see if downloads work better just in case Safari hangs again. While I wait.
34. Burn downloaded file to disc. Do some other stuff - 
35. Finally. Try to start VM with instructions above again. Same error when I try to run the VM.
36. FIddle Fiddle Fiddle.
37. Search the web some more and find instructions for old version of Fusion and different version of Linux. No dice. Menus changed. 
38. Finally instructions that indicate creating the vm without installing the OS and going to menus I don't have. Hmm. Clues.
39. Instead of trying to play the vm I click around on all the icons at the top of the vm in fusion and finally see "choose a disk or disk image" when I click the cd drive looking icon.
40. AHA! I choose the ISO file I burned to the CD. Now it looks like it's installing something. Go through steps.
41. On the installation summary page I have to click on installation destination and choose OK. Not sure that's the best option but allows me to click begin installation.
42. Once I got his far following the prompts seemed to work.

--- epilogue --- 
So I went to dinner with a friend and he was chastising me for not looking on YouTube. I explained that I kept thinking I had it figured out but kept getting foiled.

So anyway I looked on YouTube and saw videos but they didn't encompass the end to end process of downloading Fedora and then getting that download into a format (ISO on a disk) that would work in a VM. 

Maybe it's out there but would take some more searching. I'm done :) maybe someone will create one.
Subscribe to: Posts (Atom)