Sincere Sales Approach: The buying process is always about our customer, we listen sincerely without an agenda.

Innovative Strategies - A man convinced against his will is of the same opinion still, make the sales is all about building a trustworthy win-win relationship.

Unique Customer Experience - At KEVRON It’s always about leaving people with a good feeling about our business.

Our Blog

Set Up a ZeroTier Network on OpenWRT

Mirrored from: https://kysonlok.github.io/2020/06/12/Set-Up-a-ZeroTier-Network-on-OpenWRT/

In this test, we set up Zerotier on Asus OpenWRT routers. To use ZeroTier service, you need to create your own ZeroTier account. Sign up for an account here: https://my.zerotier.com/login.

Important: Stop other VPN service on the router before you start is recommended

Login your ZeroTier account. Go to Network menu and click on Create button
to create a new network.

Next you should see the configuration page of your network. Please jot down the Network ID which will be used later.

Setup ZeroTier on router

Installation

SSH to the router, and execute the following commands to install ZeroTier package:

opkg update
opkg install zerotier
opkg install ipset

Configuration

ZeroTier

You should edit the configuration file /etc/config/zerotier to enable ZeroTier
and join into a network. It looks like:

# cat /etc/config/zerotier
config zerotier 'sample_config'
	option enabled '1'
	list join 'd5e5fb6745219a7d'

Please replace the code above d5e5fb674521a7d with your own Network ID.

Firewall(optional)

If you want to access the router’s LAN, you have to configure the firewall as
well. Please edit the firewall configuration file /etc/config/firewall. Add
below lines into it.

config zone 'vpn_zone'
	option name 'zerotier'
	option input 'ACCEPT'
	option forward 'REJECT'
	option output 'ACCEPT'
	option device 'zt+'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option dest 'zerotier'
	option src 'lan'

config forwarding
	option dest 'lan'
	option src 'zerotier'

Start ZeroTier Service

/etc/init.d/zerotier restart
/etc/init.d/firewall restart

Go back to your Zerotier’s web console and you will see the device which you just joined. Check the checkbox of “Auth?”, otherwise, your device may not be able to get an IP address from ZeroTier.

After authentication, the network interface will obtain an IP address. Check it
out via ifconfig, it looks like:

# ifconfig 
ztwdjh372k Link encap:Ethernet  HWaddr 7E:BD:F0:B6:4E:87  
          inet addr:10.241.143.3  Bcast:10.241.255.255  Mask:255.255.0.0
          inet6 addr: fdd5:e5fb:6537:869a:7d99:9327:7681:2b7c/88 Scope:Global
          inet6 addr: fce2:6361:1827:7681:2b7c::1/40 Scope:Global
          inet6 addr: fe80::7cbd:f0ff:feb6:4e87/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:2800  Metric:1
          RX packets:39 errors:0 dropped:0 overruns:0 frame:0
          TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1638 (1.5 KiB)  TX bytes:4368 (4.2 KiB)

Managed Routes(optional)

You can manage route in ZeroTier’s web console. For example, I add a static route on Managed Routes, so that I can access the router’s LAN.

OpenWRT – Change LAN IP in LuCI (to an IP on a different subnet)

Issue: Can’t change LAN IP in LuCI. After applying the changes, it fails and comes up with some dialogue box.

Root cause: This happens if the new IP is on a different subnet. It’is known and in fact deliberately designed to prevent the user from accidentally locking themselves out.

Solution: If you are confident that the new IP is correct, you have a few options:

  • Choose Apply Unchecked in the dialogue box*/. This will apply the settings without checking if you can access the new IP or not, so double check the IP.
  • If you prefer to not to bypass the check then you can do one of the following immediately (within 30 seconds) after changing the IP and applying the settings:
    1. Make your PC get a new IP (for example by disconnecting and reconnecting the cable or the WiFi, or via the terminal), then quickly edit the router IP in the browser Window to the new IP.
    2. Have prepared two static IPs for your PC LAN interface (one on the old IP range and the other in the new IP range), then after applying the settings in LuCI you quickly edit the router IP in the browser Window to the new IP.
  • Connect with SSH and issue the commands: 
    uci set network.lan.ipaddr='10.0.0.1' ; uci commit network ; service network restart

Fix Network Printer Error 0x0000011b on Windows 11/10

CVE-2021-1678 mitigation is one of the reasons why you could be seeing Error Code 0x0000011B, this is not a permanent solution but while you are waiting for Windows to release a fix for this problem, you can try this.

Open Registry Editor from the Start Menu. Go to the following location.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print

Right-click on Print and select New > DWORD(32-bit) value. Name the newly created value “RpcAuthnLevelPrivacyEnabled”, and set the Value data to 0, and click Ok.

run services.msc and restart print spooler

Ensure that the registry is installed in both windows 11 and 10 machine that you are doing sharing together

TM Unifi, Maxis and Digi Fibre VLAN Setting at Router

Unifi Fibre
LAN1 INTERNET VLAN 500
LAN2 INTERNET VLAN 500
LAN3 INTERNET VLAN 500
LAN4 IPTV VLAN 600

Maxis Fibre using Unifi Infra
LAN1 IPTV VLAN 823
LAN2 INTERNET VLAN 621
LAN3 INTERNET VLAN 621
LAN4 VOIP VLAN 822

Digi Fibre using Unifi Infra
INTERNET VLAN 629

PPPOE Username : *@digi.home.tm
Internet Vlan/VID : 629 (Under LAN menu > IPTV)
MTU: 1492
Enable Multicast Routing : Yes (Under LAN menu > IPTV)
IPV6 : Native
IPV6 Interface: PPP
DHCP-V6 : Enable
The rest: default value

Disable X1 Carbon Auto Power On

This had to do with Lenovo Power Smart, turn off from Registry edit:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power]
“CsEnabled”=dword:00000000

Enable Guest Access in SMB2 for Windows 10

If you want to enable insecure guest access, you can configure the following Group Policy settings:  

Computer configuration\administrative templates\network\Lanman Workstation “Enable insecure guest logons”  

Note By enabling insecure guest logons, this setting reduces the security of Windows clients. 

Extracted from MS Support

Windows 10 IPV6 UNC Path Name

Literal IPv6 addresses in UNC path names

In Microsoft Windows operating systems, IPv4 addresses are valid location identifiers in Uniform Naming Convention (UNC) path names. However, the colon is an illegal character in a UNC path name. Thus, the use of IPv6 addresses is also illegal in UNC names. For this reason, Microsoft implemented a transcription algorithm to represent an IPv6 address in the form of a domain name that can be used in UNC paths. For this purpose, Microsoft registered and reserved the second-level domain ipv6-literal.net on the Internet (although they gave up the domain in January 2014). IPv6 addresses are transcribed as a hostname or subdomain name within this name space, in the following fashion:

2001:db8:85a3:8d3:1319:8a2e:370:7348

is written as

2001-db8-85a3-8d3-1319-8a2e-370-7348.ipv6-literal.net

This notation is automatically resolved locally by Microsoft software, without any queries to DNS name servers.

If the IPv6 address contains a zone index, it is appended to the address portion after an ‘s’ character:

fe80::1ff:fe23:4567:890a%3

is written as

fe80--1ff-fe23-4567-890as3.ipv6-literal.net

Extracted from https://en.wikipedia.org/wiki/IPv6_address#Literal_IPv6_addresses_in_UNC_path_names

Open chat
Hello 👋
How can I help you?