As an exercise in good network health, I spent some time last month moving all the “Internet of Things” devices in my network onto their own segregated VLAN. I’ve configured things so that by default no traffic can leave the IoT network without my adding explicit rules to permit it. This protects the trusted side of my network from potentially dodgy traffic from the IoT devices with cheap WiFi chips and Chinese hosted servers. (I’m looking at you ThermoGroup.)
Logically, my network ends up looking something like this, with separate networks for the trusted kit, the IoT devices and the guest wireless network.
One wrinkle with this approach is that – by design – each VLAN is its own broadcast domain. That means the devices on my primary trusted VLAN can no longer use multicast to discover devices on the IoT VLAN. The most obvious victim of this was Sonos – none of the controllers could see the Sonos devices once I separated the LANs. Enter igmpproxy running on my router – the UniFi USG-PRO-4.
As bits of hackery go, this is pretty niche. I have a bunch of storage in a Synology Diskstation – this can send various notifications in case disks fail, components get too hot, or other bits of the system break down in ways that require immediate attention. It can send emails, you can use their app to enable push notifications to your phone and if you really want to you can have it send you SMS (actual SMS, in 2017?!). What it can’t do out of the box is send a message to a Slack channel.
I really like Slack. As well as running a paid instance of Slack with my teams at FISCAL, I have a separate (free) one for friends and family and for running experiments with bots and other integrations. So I wanted the Synology, like most of my other house/home automation devices, to talk to Slack. The easy way would be to make the Synology send an email to the Slack email integration – except the email->Slack integration is only available to paid Slack instances. So what to do? Continue reading →
Back in January I wrote about replacing the StartCom SSL cert I previously used on Durdle.com with a certificate from Let’s Encrypt. As I noted then, the certs generated by Let’s Encrypt come with a three month expiry. Today I received a reminder email from their expiry bot: Continue reading →
Long time readers will know that over the years I’ve moved email providers several times, starting out with POP3 mailboxes on Gradwell, moving some of my domain’s users to Google with forwarders, and for a long period running my own Microsoft Exchange server. On each platform I’ve made use of email suffix matching. I’ll quote from my earlier post about that: Continue reading →