Networking
Happily I ordered the Elgato Key Light Air, as that should provide the light that I was lacking. Assembling and connecting it was very easy, but when it came to adding it to my home WiFi I ran into some unexpected issues. As is customary with this kind of IoT-ish device, the setup is to connect to it’s own WiFi through a management app, in this case the Elgato Control Center, and then use that to connect it to the WiFi of your choice. For the life of me, I couldn’t get the Key Light to connect to my home WiFi, it just timed out with an unexpected error—which is very unhelpful.
I’m a big fan of Public Key authentication for SSH but I recently ran into an issue after adding my Public Key to a couple of new Linux VMs I use. The problem was that macOS kept asking for the SSH passphrase when connecting to them, which kind of defeats the purpose of using Public Key authentication in the first place. Thankfully, the solution is pretty simple.
Some times there is a need to use custom DNS servers for some domains, in my case specifically for access to the new lab environment we are building at work (more on that later, this is one beefy lab!)
One way of doing this, is adding custom DNS servers to /etc/resolv.conf but in macOS you really shouldn’t be editing that file manually, as it often gets overwritten or otherwise edited by VPN clients and such.
Thankfully, there is a better way to create persistent and manageable custom domain specific DNS settings.
As I’ve covered before, I run my home network mostly on Ubiquiti UniFi hardware. Since this offers a lot of nifty possibilities, I figured I should try to isolate all my “IoT”-devices in a separate network, while still making them accessible. After all, you don’t want a security issue on some sensor/automation thing you have in your house to be able to access and encrypt your familiy photos, right? The thing that sits in the corner and controls the color of your lightbulbs, do not need to have access to the same network as your other data.
Some times you might need to create an isolated network, while still allowing that network to access the internet. Ubiquity UniFi offers the easy option of creating a guest network for this, but that limits traffic between the devices in the same network as well, which might not be desirable. My primary use case for creating an isolated network, is to provide my tenant with his own dedicated network, without exposing anything on my own home network — but I still want him to be able to connect his own devices to each other, if he wants to — or even replacing the AP with something else, should he choose to do so. Another use case might be to create a dedicated network for all of those IoT-devices that keep popping up, like Amazon Echo’s, Google Home and Chromecasts as well as Phillips Hue bridges etc.
I’ve recently standardized on Ubiquiti equipment in the new house, and so far I am very happy with it. Wireless is working flawlessly, which is more than I could say for my old setup. A part of the new setup is a UniFi® Security Gateway (USG) that I am using as my gateway/firewall for my fiber connection, so I thought why not use that a my VPN termination as well?