Thursday, 22 June 2017

Dogecoin resync using Blockchain bootstrap file

In an earlier post, I mentioned that I had been mining Dogecoin back in 2014. In total I had accumulated 139,780.49113397 Dogecoin over the course of just under 3 months.

With the rise in value of the coin, I wasn't going to let that go to waste and had the intention of exchanging it for other coin that looked like it potentially for higher growth.

Prior to packing my PC into the shipment for the move, I had tried to get the blockchain up to date, but that was taking an eternity as it was over 3 years out of date. I gave up and packed up the PC anyway.

On my laptop, I used a back up of the wallet file and then tried to re-sync the blockchain, however again, this was painfully slow. All the transactions were visible in the wallet, but were listed as 'Conflicted' and the balance did not show. This is because the blockchain was not yet in sync.

It was at this point I though it must be possible to download a blockchain snapshot to at least get it up to date quicker. And of course, it was time to search Google. Simply searching for Dogecoin Blockchain File, provide a result taking me to which also had instructions on what to do.

Leaving the download overnight, as it said it was 7.5GB, in reality it was 13GB the next morning I copied the file into the correct Dogecoin folder, opened up the wallet app and left it to do its thing.

You can see in the image below [A] the progress in the main window, and in the debug window, where it clearing states importing from disk, in [B] you can see the transactions which are now confirmed as they have synced with the blockchain, and in [C] the transactions still listed as 'Conflicted' as the sync hasn't reached those transactions yet.

After about 4 hours of doing the block import from the bootstrap file,  I noticed it then switched to Network Sync with over 1.5 years still to sync. The bootstrap cannot have been updated for a while. Still probably gave me a good head start, just no telling how long the remainder will take!
Switching to the network view of the debug window, you can see how much data has been download. The graph below is set for a 30 minute window, and after approx 15 minutes it has downloaded 1GB.

Unfortunately, after about an hour, the network performance dropped significantly, with frequent drop outs. This really slowed things down. This wasn't an issue with the Dogecoin network, but local internet. The IPTV services we were watching at the same time were also affected. So after about 9 hours after the network sync started and another ~11GB download it is complete!

Once the blockchain had fully sync'd, I could then simply send the coin to the exchange where I could convert them to another currency or cash out if I wanted it. The reality is though, I was going to put this to use and convert the coin to Ripple (XRP). Ripple is a "Global Settlement Network" and the underlying coin is used as the transaction payment mechanism. It is currently the 3rd largest cryptocurrency with a market cap of just over $11 billion.

I decided I was going to give Changelly a try, and this was a case of setting up a transaction for the amount of Dogecoin I wanted to convert, which coin I wanted to convert to, and of course the destination wallet address for the received coin. It was simply a case of sending the amount to specified Changelly address. Just remember to factor in any transaction fees on the originating network, as I forgot about that the first transaction I set up, and the amount I would have sent would not have matched the amount Changelly was expecting. I guess that first transaction will just timeout when it never sees the transaction amount come in. Anyway, the second transaction was sent, received and verified by Changelly, converted to XRP and deposited in the destination wallet. The whole process only too a few minutes. It is when you can how quick things like this can happen that you see how poor current financial and trading platforms are. Could you imagine how long it would take to sell some shares, wait for it to clear, then buy some other shares. You would be talking days.

With regard to Dogecoin, there is now a new client wallet available which does not need the full blockchain to be downloaded onto your PC, so I could always move the coin to a new address and use the new light wallet. I did try and recover the wallet files between the two, but these were not compatible, so was forced to go down the full re-sync route.

Remember: Always keep copies of the wallet files on another medium/location and never work with the original, just in case something deletes or corrupts them.

If you were to be starting new with Dogecoin, unless you wanted to do mining etc. there would be no need to use a full client, and the light wallet would be sufficient. You could of course simply use an online hot wallet if you were not storing any large volume/value.

I guess keeping track of all the wallets and addresses is probably the hardest thing. As more multicurrency 'wallets' become mainstream, things should get easier.

Monday, 19 June 2017

CryptoCurrency - Exchanges, Wallets and Mining

Following on from my last blog entry, Blockchain re-awakening.......and of course the crypto-currencies, in this blog, we will look at the various exchanges, wallets and mining options I considered.

Let's start with Exchanges

These are no different to the stock market or currency exchanges at the airport. You can simply hand over a lump of cash and get it exchanged for crypto currency. Likewise, you can also sell your crypto and convert back into cash. Note: Tax laws may be applicable in your location, so you need to be aware of any implications.

There are a huge number of exchanges out there. All with slightly different features, fee structures, supported payment methods, and of course varying crypto currencies you can trade. You can search Google, but here are just a few to start you off;
In the end, the one I have started off with is Coinbase, as it appears to have a pretty good reputation, although they have had some load capacity issues lately due to the sudden spike in interest in the whole arena. A lot of exchanges have also suffered, which doesn't come as a surprise.

Depending where the exchanges are located they required different levels of validation of who you are. This is obviously upsetting a lot of privacy advocates, about how it is removing the anonymity within a decentralised system. However, from a fraud and crime prevention point of view you can see why they are doing this and it is probably helping to keep the legislators off their backs. along with the different levels of validation, comes different levels of account limits. i.e. if you have been validated with government documents, e.g. a passport, you can have higher purchasing limits.

The exchanges also act as a 'hot wallet' for storing your crypto currency, whether you wish to hold your currency with the exchange or move it out to another wallet is up to yourselves, but you have to factor in transaction costs etc.

Purchasing was as simple as entering a payment method, selecting the crypto you want and how much you want and this is then deposited in your account once the transaction has been verified through the blockchain. More on this later.

What about Wallets?

Wallets are essentially public key cryptography stores that hold the necessary key to validate and claim ownership of any coin on the blockchain. Holding references to addresses, transactions, keys, so it is pretty important you look after them. Just like if you lost your wallet in the street containing real cash, if you lost access to your crypto wallet, or someone else found the keys, you could lose all your funds.

Hot wallets, are typically online, at an exchange or other wallet provider. You can also have Cold Wallets, Vaults, Desktop, Mobile, Hardware wallets and Paper wallets. In the end, security is what ultimately matters, and many recommend you only keep a minimum about of currency in a Hot Wallet, i.e. enough for your day to day transactions.

Each type of wallet comes with its pro's and con's, and again, it is worth investigating your wallets. There is a big push towards Hardware Wallets, like the LedgerNano S, see, but as demand is high, these are hard to get hold off without having to wait a couple of months for the next production run or pay some serious markup online.

Other than just keeping currency in Coinbase, I have also used Jaxx, which is a multi-platform wallet that you can syncronise across a number of devices. There has been some noise lately that these are vulnerable and not secure. The reality is, that someone has to gain physical access to your device to gain access to your wallet, to then compromise the seed. So providing you maintain a high level of security across your computers/mobiles with strong passwords and pins where appropriate. as you should anyway, then the risk is minimal. Think of it like your ATM card, you need a pin to spend on that don't you?

Different wallet providers also support different crypto currencies, whether it is Bitcoin, Ether, Litecoin, Monero, ZCash, and all the others.

Send or receiving currency is as simple as entering an amount and entering the relevant wallet address. The wallet addresses are long strings of characters, so it is always recommended to copy and paste the address or scan the barcode to minimise the risk of a mistake and your currency heading of to a complete stranger. You can effectively say you have lost the currency if you send it to the wrong address!

And Mining?

Mining is the process of validating transactions on the blockchain. Transactions are bundled into a block and distributed through the peer-to-peer network. The mining equipment then processes the blocks to validate them. Miners are rewarded with new coins for their effort in maintaining the network. The process of mining is computationally intensive and can cost a lot of money. Particularly if you live in an area where electricity costs are high. Individuals can participate in Mining Pools, where they work together and share the rewards. Over time the reward for mining decreases and the difficulty level increases and depending on which coin is being mined, a limited number of coins will ever be generated.

GPUs are currently in high demand for building mining rigs, and this has resulted in many online retailers being completely sold out of them. Individuals are selling their GPUs for elevated prices on the likes of Ebay, or are selling pre-built mining rigs for thousands of dollars.

There is also a whole industry now set up associated with mining. You do not have to go to the hassle of buying, building and maintaining a mining rig, or dealing with the associated electricity bills. You can in fact buy mining contracts. These again need some research as there is also a lot of misinformation out on the net.

With me in the current process of moving house/moving country, my computing rig is currently boxed up and sitting in a warehouse waiting for shipment overseas, so I cannot mine myself at the moment. If you remember from my previous blog, I had mined Dogecoin back in 2014, and recently upgraded the PC to GTX1080ti GPUs for the purpose of video editing, but this could easily be used to generate coin as a mining rig. Depending on what the electricity costs are at the destination, and how computationally 'difficult' the various coins are to mine, then I may set it up to do this again. Not sure what coin though. There are calculators to work out returns, for example see this

As an alternative, I decided I would take a cloud miner for a spin. These are companies that sell you mining power for a price. I have heard many times, "why don't they just mine for profit themselves, it must be a scam", well, nobody knows what the price will do, or how quickly the difficulty rating of the mining increase or other factors such as geopolitical will influence the outcome. Would you spend millions of dollars building a mining farm and then take all the risk yourself?

I came across Genesis Mining in my search, and they had Ethereum contracts available. There other contracts for Bitcoin, Monero, ZCash were all sold out. When you do the math, there 2 year fixed price contract at current coin market value and difficult level of mining gave approx 2.5 month ROI, leaving the other 21.5 months to generate value. Of course, once again RISK plays a big part. If there is a collapse in the value of the currency, or the difficulty rating dramatically increases, you returns may be less or lower than your investment. If the price of the coin increases sharply in value, then ROI will be quicker and rewards may be higher.

I invested in a 100MH 2 Year contract (actually initially took a 50, then increased this too 100 a few days later), and currently see around 0.06 Eth generated daily, this does fluctuate. So put this against current market price of Ether and that isn't too shabby a daily return.

If you are tempted to take them for a spin, you can get a 3% discount off your contract cost using my affiliate code 'UFain1'. I have been with them for 10 days now and generated 0.51002079 or a spot value at time of writing of $180

For interest, here is a video on Ted of the founder of Genesis-Mining, talking about the formation of the company and a look inside the facility in Iceland (low electricity cost!)

The blockchain is the ledger of all transactions for that particular coin, you can see this information using sites such as you can see what is going on. This one is for Ethereum, and there are others for the other crypto currencies.

Another tool for Ethereum is this gives you and overview/snapshot on the status of the network.

As I have said before, do your research, calculate what risk you willing to take and always don't invest what you cannot afford to lose. There are several cloud miners, wallet providers, exchanges out there and it is a 'minefield', so read, read and read some more to make your own informed decisions.

When I get my PC back from shipment, I'll maybe popup a blog on mining with it, or offline wallets or something like that!

Sunday, 18 June 2017

Blockchain re-awakening.......and of course the crypto-currencies

If you have stumbled across this post, it is probably because you have been searching for something to do with blockchain or crypto-currency or more than likely, if you are new to it all, it will be Bitcoin that you would have heard most of all.

I remember when Bitcoin made its appearance or at least I noticed it in 2009, and spent a little bit of time looking at it, understanding what was going on underneath, then got bored and moved on. Getting bored and moving on is probably something I should have not done.

A few years later, 2014, I started looking again, and spent a few months mining Dogecoin. Dogecoin was release in late 2013 as a 'joke' currency, and over the course of the time I actually had my PC mining it, I generated around 100,000 Dogecoin. I remember at the time, the currency was 'valued' at about 25 USD.

At the time I started playing with mining Doge, Bitcoin had just been through its first bubble just after the price dropped from about 1100USD to around 600USD and thought I should maybe 'get in'. However, I didn't......

Over the next year the price of Bitcoin slowly fluctuated, but around the summer of 2015 it was hovering around the 250USD level.

In 2016, things started to heat up again, and Bitcoin was starting to steadily rise, and by the end of 2016 it was knocking on the door of 1000USD again. I started looking and reading again, and the price was now around 1300USD and I this time, I must get into the market. In something, and this is when I started reading about Ethereum, Another blockchain technology that had the ability to run 'smart contracts' on a de-centralised peer-to-peer global distributed 'computer'. This was a technology that has the ability to radically change everything, and even the major banks, investment houses, technology companies are all really now wakening up to what is going on.

I started to look at different exchanges, different wallet, and eventually settled on a couple just to get a feel for them and dip my toe with a couple of low key purchases.

This is where I hit my first snag......2FA, or 2 Factor Authentication. Having registered for the exchanges, and tried to make a purchase, both the exchange and the credit card clearing houses needed 2FA codes to authenticate and yep they wanted mobile phones which I did not have with me offshore as they are not permitted. So I had to wait until I got back onshore.
This was a painful 3 weeks wait, The price of Bitcoin rose and broke through the 2000USD barrier, then continue to rise to a peak of around 2900USD! Ethereum's underlying currency Ether was also doing the same thing, It had gone from 160USD to 400USD in the same time frame.

So, this is where there is a major RISK that everyone must recognise. Crypto-currency are notoriously unstable, and can have massive price swings and collapses over the space of hours. This isn't much good if you are shorting for profit, unless you catch up upward swing, like on a bounce. If however you look at what the underlying technology provides, how it works, its implications on society/consumerism and the general financial world then it should be the long term we are interested in.

In the last year, Bitcoin has increased by 240%, Ether by 2700%  and Litecoin by 670%. Where they are going.....well that is the mystique of it all!

So what about that lonely little Dogecoin that I mined back in 2014, well, I found that I still had them backed up on my PC. It turns out I actually have 139,000 Doge, and the value, well that has increased from 25USD to 440USD, should I decide to convert them to cash. Maybe I'll just hold at the moment! I do wonder what would be if I hadn't moved on back at the start! No point dwelling on it now....

There are numerous crypto-currencies now out there, some are already dead, others are starting to grow. Litecoin is one of those slowly growing in value, as individuals start to spread risk across multiple coins. In the last 3 days alone it has increased from 25USD to 40USD, but could just as easily turn to junk. Ethereum platform also allows companies to generate there own 'tokens' (or sub-currencies) that sit on the Ethereum blockchain and have been selling these to raise funds for new company startup financing. There has been a flurry of these lately and are know as ICOs or Initial Coin Offerings. Bancor is probably the most famous of these ICOs so far, as it raised 150,000,000 USD (value at time of offering) in the space of 2 hours. Institutions can also use the technology of Ethereum to create their own private blockchain for internal use. 

The most important thing however is to research. There is a lot, and I mean a lot of false information, speculation and general noise out there on the net. And if you do decide to invest/purchase/trade then do not play with anything you cannot afford to lose. The volatility is higher than the stock market, and with increased risk can carry increased reward......but take it on the chin if it all goes wrong!

If it is all new to is Viltak Buterin, the inventor of Ethereum, explaining what Ethereum is;

Here is a primer on Bitcoin;

In the next post, I will take about the exchanges and wallets I have adopted so far, and a little about mining, especially cloud mining with Genesis-Mining.....

Saturday, 17 June 2017

Building OpenVPN Site-To-Site Tunnel on Dynamic Addressing Endpoints

Note: I originally published this article in October 2016 on CodeProject. The original article can be found at:


Back in 2015 after over 25 years of playing in the Oil Industry in the North Sea living in the 'Silver City' and working on the oil platforms in the Forties Field and Beryl Field, I uprooted my family from the very changeable climate of Scotland and headed out to the searing heat and sandy environment of Qatar to work in the Al-Shaheen Field.

In this article we will take a look at how I implemented a OpenVPN tunnel to allow access to my home network in Scotland for gaining access to my CCTV system and NAS boxes and allow the Smart TV etc. to think they were still located in Scotland, but why would we need to do that! Network restrictions will not get in between the wife and her Great British Bake Off!

It wasn't a smooth ride to get there, but took many trial and error attempts and lots of article reading to get my head round it all and fit all the pieces together.

The Challenges

In Scotland, I was running on an BT Infinity connection which was stable around 65Mbs/18Mbs Down/Up. I had replaced the BT provided HomeHub router as it was just horrendous and had a device count limitation in the DHCP addressing. It topped out at 20 devices, which was no use in my household! After sometime, my network in the house was starting to get a bit heavy and needed a big revamp. You can see what the before was like in my CCTV article here:, but we will get onto the hardware later. The main challenge at the UK end was that the BT connection was a Dynamic Address and regularly changed.

In Qatar, I am on a FTTH connection and have a 100Mbs link (upgradeable to 1Gbs should the need, and money, be there!) and again this was on a Dynamic Address and the second problem was that there was a Q-Tel Fibre Gateway that could not be replaced and all traffic had to come through this. The other big challenge in Qatar is the building, it is solid concrete walls. the existing cable conduits in the wall are a bit hit and miss, some of them are blocked, and they don't go where you want them to! Wifi doesn't penetrate well so lots of extenders needed to reach everywhere.

The Hardware

Scotland End

I had completely rebuilt my network at home and packed it into a network rack. The network was also split into a few different subnets for main network, CCTV and Wifi,  It consists of;

Here is what the rack looks like:

Qatar End

This end was a lot simpler, it simply consisted of;

Q-Tel Fibre Gateway:

EdgeRouter POE:

What we are ultimately aiming for is the following setup:

Configuration Time

We are not going to go into every configuration part. The Ubiquiti routers have a couple of basic wizards that get them up and running as basic routers with default firewall rules etc. This article is focusing on getting the tunnel up and running and the necessary routing at the Qatar end to determine where the devices on the network should send the traffic to.

Basic setup wizard screen in the EdgeRouter Pro:

Remote Access Configuration

Before leaving the UK, I had to make sure I had access to my router. To do this the first thing was to open up the RemoteGUI port in the firewall rules. Using the GUI It was simply a case of adding a rule to the WAN_LOCAL ruleset for port 443 and allowed both TCP and UDP traffic.

Firewall rule configuration on the EdgeRouter Pro:

Dynamic DNS

I also had to set-up the DynamicDNS for dealing with the dynamic nature of the endpoints. Both UK and Qatar had ISP supplied dynamic addresses, and both of these changed quite frequently.

Fortunately both of these devices (EdgeRouter Pro and Q-tel) had inbuilt support for DynamicDNS services. The EdgeRouter supported more providers,  but they both support DynDNS. I registered for the service, and set up two domains, one for each end.

This information was then entered on the EdgeRouter,the interface is simply which port on the router had the dynamic address to monitor for changes;

When I arrived in Qatar, I configured the fibre gateway for the other DynDNS address;

For the purposes of this article, let us call the two endpoints and

Establishing a DMZ (demilitarized zone)

The Q-tel box was a bit of a pain, and right at the start I still wasn't sure what ports I was going to need to establish as I still hadn't worked out how I was going to link the two sites. It was easier just to setup a DMZ and route all traffic to the inner router (i.e. the EdgeRouter POE) and let it deal with all the firewall policies and routing. I had configured it (ER-POE) with a static address and its internet port was connected to one of the ethernet ports on the Q-tel gateway. The Q-Tel box itself defaulted to, hence the reason for the address selected on the ER-POE.

The Q-Tel gateway has multiple functionality, it supported Internet, Voice and IP TV and that is why there was a strange WAN name configured on the box.

I could always go back and establish some specific port forwarding rules at a later date, but for the time being I was happy that the firewall on the ER-POE should do its stuff just fine.

EdgeRouter POE Initial Configuration

Again there was a basic wizard that could be applied that put the 'Internet' on Eth0, Lan1 on Eth1 and then Lan2 switched on Eth2, Eth3 and Eth4. Eth0 was connected to the Q-Tel and was configured for the static address

I created two DHCP services on the ER-POE, one to server Lan1 address range and a second for the Lan2 on

Initial Bandwidth Testing

Now I had two routers that were remotely accessible and using DynamicDNS for their endpoints I could carry out a bandwidth test between the two of them.

The EdgeRouters have iPerf3 built into the firmware, and they provide a GUI wrapper for some of the basic functions from the web interface, but this doesn't really give much away and I have found it to be a bit flaky and prefer to use the command line interface via the web interface.

To facilitate this testing I need to open up the firewalls on both machines for port (can be changed if you wish) 5201

On the far end (Router1), I set this up as the 'Server' using;

iperf3 -s

On the near end (Router2),  I issue the following command which runs in 'Client' mode, for 30 seconds and ignores the first 5 seconds to allow the connection time to spool up.

iperf3 -c -t 30 -O 5

Both consoles will start to output current transfer rates etc. and then output an overall test speed. I found that this can be very variable depending on time of day. This is very typical and I often see drop outs late afternoon early evening in Qatar. However, the example below was when the article was written and not at the actual time I did the initial testing. The output shows that at this time it was around 45Mbs. which isn't too bad considering I am crossing public internet and on residential lines and the distance between the two sites is 5,503 km (based on my lightning detector GPS sensors).

Opening the Tunnel

The first part of the tunnel configuration was generating a secret key to use with the link. This was as simple as opening up the CLI console on Router1 and issuing;

generate vpn openvpn-key /config/auth/secret

Next was to transfer the secret key across to the Router2. I tried copying and pasting via a Notepad session, but was always told that the key was corrupt. In the end I opened up SSH port 22 and pushed the key file across to Router2 using;

sudo scp /config/auth/secret

and entering the password when prompted.

On Router1 the following commands where entered;

Enter configuration mode:


Define tunnel interface and the mode of operation:

set interfaces openvpn vtun0

set interfaces openvpn vtun0 mode site-to-site

Assign the ports (you can change these should you wish, just make the firewall match):

set interfaces openvpn vtun0 local-port 1194

set interfaces openvpn vtun0 remote-port 1194

Next was to assign the address for the tunnel endpoints, this must not be part of any existing subnets on the network and then the public address of the remote tunnel endpoint:

set interfaces openvpn vtun0 local-address

set interfaces openvpn vtun0 remote-address

set interfaces openvpn vtun0 remote-host

Configure the secret key to use and the compression algorithm for the link:

set interfaces openvpn vtun0 shared-secret-key-file /config/auth/secret

set interfaces openvpn vtun0 openvpn-option "--comp-lzo"

Now configure the last of the options for OpenVPN:

set interfaces openvpn vtun0 openvpn-option "--float"

set interfaces openvpn vtun0 openvpn-option "--ping 10"

set interfaces openvpn vtun0 openvpn-option "--ping-restart 20"

set interfaces openvpn vtun0 openvpn-option "--ping-timer-rem"

set interfaces openvpn vtun0 openvpn-option "--persist-tun"

set interfaces openvpn vtun0 openvpn-option "--persist-key"

set interfaces openvpn vtun0 openvpn-option "--user nobody"

set interfaces openvpn vtun0 openvpn-option "--group nogroup"

Now we must configure the remote subnet the tunnel endpoint resides and which interface to use:

set protocols static interface-route next-hop-interface vtun0

Finally, we commit the changes:




Do the same again for Router2, and

Enter configuration mode:


Define tunnel interface and the mode of operation:

set interfaces openvpn vtun0

set interfaces openvpn vtun0 mode site-to-site

Assign the ports (make sure the same as you put in Router 1):

set interfaces openvpn vtun0 local-port 1194

set interfaces openvpn vtun0 remote-port 1194

Next was to assign the address for the tunnel endpoints, this must not be part of any existing subnets on the network and then the public address of the remote tunnel endpoint:

set interfaces openvpn vtun0 local-address

set interfaces openvpn vtun0 remote-address

set interfaces openvpn vtun0 remote-host

Configure the secret key to use and the compression algorithm for the link:

set interfaces openvpn vtun0 shared-secret-key-file /config/auth/secret

set interfaces openvpn vtun0 openvpn-option "--comp-lzo"

Now configure the last of the options for OpenVPN:

set interfaces openvpn vtun0 openvpn-option "--float"

set interfaces openvpn vtun0 openvpn-option "--ping 10"

set interfaces openvpn vtun0 openvpn-option "--ping-restart 20"

set interfaces openvpn vtun0 openvpn-option "--ping-timer-rem"

set interfaces openvpn vtun0 openvpn-option "--persist-tun"

set interfaces openvpn vtun0 openvpn-option "--persist-key"

set interfaces openvpn vtun0 openvpn-option "--user nobody"

set interfaces openvpn vtun0 openvpn-option "--group nogroup"

Now we must configure the remote subnet the tunnel endpoint resides and which interface to use:

set protocols static interface-route next-hop-interface vtun0

Finally, we commit the changes:




All going well, this will initiate and open the tunnel.

The tunnel status can be checked using the following commands from either routers command line console:

show interfaces openvpn

show interfaces openvpn detail

show openvpn status site-to-site

If for any reason you need to force a restart of the tunnel, this is achieved by:

restart openvpn interface vtun0

Configuring routing across the Tunnel

At the Qatar end Router2, I do not want all traffic to be routed across the tunnel. All normal traffic on the ER-POE would be routed as normal into the internet, i.e. that is all traffic that sits on the subnet.

I only want the traffic that sits on the subnet to be put across the tunnel. To achieve this we need to use Source Address Firewall Modification rules.

Note: For the next part I actually manually edited by hand the config file and then uploaded it back into the router, but the commands should be the ones below!

The first part of this process is to define two new routing tables (don't forget to enter configure mode):


set protocols static table 1 route next-hop-interface eth0

set protocols static table 2 route next-hop-interface vtun0

Now we create the two rule sets to use these two tables and route the traffic:

set firewall modify SOURCE_ROUTE rule 10 description 'Traffic to internet'

set firewall modify SOURCE_ROUTE rule 10 source address

set firewall modify SOURCE_ROUTE rule 10 modify table 1

set firewall modify SOURCE_ROUTE rule 20 description 'Traffic to tunnel'

set firewall modify SOURCE_ROUTE rule 20 source address

set firewall modify SOURCE_ROUTE rule 20 modify table 2

Apply the changes to the internal interface;

set interfaces eth1 firewall in modify SOURCE_ROUTE



Now, that should be all good, with only the IP addresses in the subnet being routed across the VPN tunnel.

Hooking up a laptop to the ports eth1 and the switched port eth2, eth3, eth4 and obtaining an address by DHCP we could now test the routing. the best way to do this was simply to go to google and type in "Where am I", you would be presented with a map which changed depending on which port you were on....success! Of course, the REAL test was BBC iPlayer....but we won't go into that ;-)

Tunnel Performance

I carried out some further bandwidth tests and managed to achieve around maximum 11 Mbs which is sufficient to watch a streaming movie.

To test the tunnel, we open up the server at the far end in the same way as before, but at the local end, this time we tell it to connect to the remote end point of the tunnel

iperf3 -c -t 30 -O 5

What Is Next?

There are a few things that I can continue to investigate,

DHCP Bridging - it should be possible to have the DHCP addresses allocated by the remote DHCP server.
Performance - I could play around with the different compression algorithms and see which one is the quickest.
Protocols - I could look at changing from TCP to UDP for the tunnel and see how that changes the performance.
However, the link is working, is stable and is currently meeting my why mess about with it and risk breaking it at the stage.

Additional Problem

You may notice in the topology view, that I made reference to 1and1 domain hosting, well this came about because I was at work one day and wanted to remote into the router to check everything was ok. Unfortunately access to the DynDNS domains I had created was restricted. However, I have a few other domains, so simply set up some forwarding subdomains off of one of the these forwarding to the DynDNS domain and problem solved.....


Points of Interest

I couldn't believe how difficult it was to get my head round this at the beginning, after all, I hadn't really used the routers to anything other than default setup.

OpenVPN wasn't the first protocol I had tried. I had originally looked at L2TP/IPSec (Layer 2 tunnelling protocol/IP Security) and even tried to follow the video tutorial, but that was just a complete no go. I don't know if it was the additional complications of the Q-Tel router, or the Dynamic addressing, but it just wouldn't work. (

Another interesting thing was the television, a UK model Samsung, the link died one day when the internet appears to have gone belly up, and no matter what I did, it wouldn't recover. In the end, I had to factory reset the TV and when the SmartHub functions started up, it was all in Arabic, with no option to change. Fixing the link and proving it was working with my laptop, then factory reseting the TV again, this time the TV came up in English and allowed me to install the regionally aware apps.

I am sure I had an issue with the DNS configuration originally, which meant it was picking up some cached names on the router, only once I had removed the DNS forwarding for the interface and reconfigured the DHCP to issue the Google DNS IPs instead of the router interface, all was good.

The biggest headache was the cabling. I had originally tried to pull in cat-5 through a few different conduits, but without success. in the end I used Powerline AV adapters to the perform a hop across the ground floor, then a second pair of Powerline AVs to hop across the upstairs floor to where the network gear is.

Overall, this has been an interesting little 'project'........and satisfied with the outcome. I have to admit that the Ubiquiti hardware has been the best networking products I have had to date particularly. They continue to extend the GUI functionality, and there is still a lot you cannot do unless you delve into the command line. I guess finding the balance between 'pretty' and 'functional', a bit like Windows and Powershell!

Time will tell to see how this performs, but so far so good. It has only really been about 4 weeks, and only had one failure, that was with the incorrect DNS configuration. Hopefully that has now been amended, things should be rock solid now.

Thursday, 1 June 2017

MS Office update - Popup Bug

Have you noticed that mysterious window that flashes up on your desktop every hour for a split second and vanishes again....

Apparently a bug was introduced in a recent office update, and it relates to OfficeBackgroundTaskHandlerRegistration

There is a fix on the way, but don't know isn't really causing me any grief, but if you are playing a game or the like in full screen, it may throw you back to the desktop, which would start to get annoying!

You can read about it here.

Saturday, 20 May 2017

WiFi Issue on Windows 10 Creators Update

When I went back to work after leave, I noticed I was having issues with the WiFi, originally I thought it was the corporate network side as they have been doing a lot of changes lately.

Symptoms, were webpages were timing out some of the content, sites were slow, however things like YouTube streaming were fine once the playback had started.

I tried a network speed test using and it was terrible at around 40-50Kbps. as a parallel check my iPad sat next to the laptop was getting ~5Mbps.

I tried updating the laptop wireless drivers, changing the network connected to, forcing which frequency band to use, all the usual stuff, but nothing was working.

At some point during this I had also done a speed test using, and noticed that the upload was significantly less than the download.

I then started searching on Google, and there were as usual lots of 'try this' 'do that' type responses, but couldn't find anything 'official' from Microsoft. There were certainly plenty of people reporting about the issues post update.

One response I did see was to adjust the MTU (Maximum Transmission Unit) size, and I knew that this setting can give the types of symptoms I was seeing.

It was an easy check and change, so that is what I decided to do next.

I opened up an administrator powershell console and entered the following:
PS C:\WINDOWS\system32> netsh interface ipv4 show subinterfaces

As you can see from the output below, the WiFi connection had an MTU of 1500
   MTU  MediaSenseState   Bytes In  Bytes Out  Interface
------  ---------------  ---------  ---------  -------------
  1500                5          0          0  Ethernet 3
  1500                1  225343628   11479174  Wi-Fi
  1500                5          0          0  Local Area Connection* 10
4294967295                1          0    1342258  Loopback Pseudo-Interface 1
  1500                5          0          0  Ethernet

Next, I entered the following to drop the MTU to 1400:
PS C:\WINDOWS\system32> netsh interface ipv4 set subinterface "Wi-Fi" mtu=1400 store=persistent

Then confirmed the setting had changed using the first command again.

I had a download ongoing at the time, and a windows performance window open monitoring the Wifi speed and after a few seconds, the download rate jumped from about 200Kbps to around 2.5Mbps

Looked like the problem was now solved! I visited a couple of websites that I had being having issues with due to the number of http calls, and these were all okay again and things looked back to normal.

The thread that got me to this solution can be found here: