Blog

When I was very young, I was a huge Microsoft and Windows fan. I used Virtual PC to toy with multiple versions of Windows all day after school.

Then after two years failing at YouTube with moderate “success” form pirated copies of Phineas and Ferb recorded over cable TV, I got very heavily into open source, most specifically FreeBSD. I learned to love Unix and hate Windows. I started self-hosting servers and running networks at home. Open source and self-hosting was part of my DNA.

It became so much a part of me that even when I joined Microsoft I never grew to love Windows or Microsoft. I always secretly preferred non-Microsoft products. But that’s not the real reason why I left Microsoft.

Going back to high school, I had a “science research” project of a “Big Data File System” which was an ill-fated attempt to speed up “Big Data” applications using a stripped down file system.

But when I learned what Big Data is, I realized “this isn’t what I want to work on” and “this is aiding surveillance.” And even if surveillance wasn’t an issue, can you really convince sysadmins to use your new “Big Data File System” instead of Linux’s ext4? But what I didn’t know is it would set me up on a track to specialize professionally in Big Data, something I didn’t want.

I knew I wanted to rebel, so I installed CyanogenMod on my then-phone, a Sprint Samsung Galaxy S3 as an ill-fated attempt to “degoogle” and prevent Google from having my information.

By the time I graduated, I shelved the Big Data File System and decided to pursue other activities. Until I got an internship at NYU’s Center for Urban Science and Progress where I was asked for a copy of the paper. I searched my self-hosted email server for a draft copy and sent it.

What does this have to do with Microsoft you may ask? Well, because of “Big Data” experience from CUSP, I was placed in the “Viva Insights” team which basically worked on workplace surveillance, despite having had an internship at the failed crypto startup CacheCash which I hoped would get me out. That combined with the inability to easily internally transfer, the hard LeetCode-style interviews and now the poor economy made me stuck.

I realized I couldn’t take it anymore. I’ll always be mediocre since I lost passion for coding 2022-ish where my only open source contributions became either packaging (FreeBSD and later Fedora/EPEL) or documentation (Rocky Linux). I turned back to the servers and networks stuff which dominated my high school leisure time because I no longer wanted to code on surveillance tools. I only barely stayed afloat at work.

I remember telling my mom that I hate working on surveillance. I got told:

• “you’re autistic. you won’t survive anywhere else.”
• “don’t make your job your focus. find other hobbies.”
• “you’re so lucky you work for microsoft.”

These arguments fail miserably. I have a specific set of values, and privacy is one of them. I wanted to leave not because of a career focus but because of a privacy focus. Privacy is too important to me. Just because I’m autistic doesn’t mean I can’t have stuff I stand up for.

Imagine telling Greta Thunberg to keep her head down to not anger Big Oil, but instead she is fighting for climate action and I give her credit for that. Or telling Edward Snowden (who’s probably not autistic) that he shouldn’t leak because he has a “stable government job” (well, not so stable now thanks to “DOGE”).

Even if privacy wasn’t a concern, Microsoft focuses on a “kitchen sink” approach whereas I prefer streamlined software that one person can configure instead of needing tons of MSPs and partners to be able to manage. Yes, Fedora and GNOME and OpenBSD are right for breaking backwards compatibility, and so is Apple is not for the tight walled garden.

And working on a software stack I hate to spy on employees is certainly bad for my morale. I got into a shopping and browsing addiction because it’s the only alternative to facing the music of working on a heinous product. But even if I worked at a “Linux shop” instead it wouldn’t necessarily free me from working on surveillance tech.

So I’d rather make half of what I made just to not work on surveillance again. If my new IT startup takes off, great. If not, maybe I’ll get a CCNP or RHCE and work in traditional IT.

Sure, I could stay in software engineering. But I can’t. I was never the best coder, but during NYU days I had a burning passion. I was stupid for believing it would last forever, which it didn’t.

Passion for content creation didn’t last forever, I dropped my interest in video and got a passion for FOSS. Passion for FreeBSD didn’t last forever either, I turned to different operating systems with better hardware support including the Fedora laptop I wrote this post on or the Mac I use for my startup stuff.

If you thought HPE support was bad, ASRock Rack support is 100x times worse. But for my startup Fourplex branded servers have become cost-prohibitive post-COVID-19. I remember when HPE servers were actually affordable for a homelab.

That being said Fourplex is planning to expand into VPS hosting and I have one 1U2S-B650 (using the B650D4U motherbord) and have three more shipping.

One of the problems with the B650D4U is that the stock BIOS does not recognize Ryzen 9000 CPUs, nor can you flash from USB without booting the system first.

Sadly, you’ll need a Ryzen 7000 CPU to bootstrap the server and initially update the BIOS. A 7600X is good enough for this bootstrap, so if you have one put the heatsink on it, and boot up the system. While a 7600X is normally $299USD but I got it on sale for $229USD at Best Buy.

Next, you’ll have to get the updated BIOS firmware from ASRock’s website in the Beta Zone and download the 20.02 UEFI. Unzip the file and place the B650D4U_20.02.ROM file on a FAT32-formatted USB drive.

Next, when the server is booting up with the 7000-series CPU, press F6 for Instant Flash during the POST. Subsequently navigate to the ROM file and update the UEFI.

After the UEFI has been updated, unplug the server and install the newer Ryzen 9000 CPU. I am using a 9900X as the “stock” CPU and it works after the UEFI update and the 7600X “boostrap”.

Now if only the ASRock Rack IPMI wasn’t so unreliable. It was unreliable on a X470D4U and a Ryzen 3700X and still is unreliable even now.

In my high school days, I was a huge server and networking person. My homelab was basically my identity, and not even a good one: consumer-level networking gear running Tomato and a then-7-year-old homebuilt desktop PC running FreeBSD.

Then I joined NYU’s Tandon School of Engineering for Computer Science. It was a full 180 into software engineering. I didn’t just code for assignments, I started with toy projects and went to major Tor contributions writing very complex patches, had two internships and ultimately a job at Microsoft.

Primarily due to “Big Data” experience at NYU CUSP, Microsoft placed me on the Viva Insights team. I’ve always hated the product, feeling it was unnecessary surveillance. I wanted out.

In fact, the disdain of Viva Insights was big enough to make me lose passion for coding and get into obsessive browsing and shopping because facing the music of working on a surveillance product would bother me even more. Open source work outside of package maintenance went to zero.

I’ve tried to discuss this with my mom, and she kept telling me how “lucky” I am for working at Microsoft saying “it’s big tech” and “you’re neurodivergent” and “you won’t survive at a smaller company.” She even bought into the marketing material telling me how it’s “not surveillance.”

I’ve decided that in the shitty job market, it’s not worth being a software engineer even if I make much less. Part of it is being “specialized” in over-glorified surveillance so even if I change employers, what’s the guarantee I won’t be working on another surveillance product. Assuming I can even get another job.

In fact, I’ll just live off dividend income and try to get my new IT startup Fourplex off the ground. Sure, I won’t be able to buy shiny homelab equipment as often as I did in the past, but I at least have the guarantee I’m not working on an unethical product.

While six figures is certainly nice, it’s only nice if it’s ethically done. I’d much rather flip burgers or bag groceries than work on surveillance for six figures. After all, Edward Snowden had a “stable” federal government job (not so stable now thanks to “DOGE”) and he gave it up to stand up for the right to privacy.

And I care more for my values than the name or salary. It’s not like I use Windows at home, I haven’t since 2012. I kept self-hosting email despite having worked at Microsoft 365 and still do even now. And I sacrificed job performance for my values of strong privacy.

Little did I know that my father (who was previously a big Big Data and AI advocate) would come out to hate Viva Insights. He says it’s “bullshit” and nobody uses it. Even when I worked at Microsoft I never used it. Not even once. It’s bloatware. Microsoft is 100% better off porting Office apps to Linux (despite me using a Mac now) or beefing up cybersecurity.

With Bluesky’s apparent rise after the elections, I’ve heard a lot of criticism about Bluesky on the Fediverse. I’m starting to feel the Mastodon vs Bluesky war is a new standards war, one that is analogous to the cellular standards war.

While Gen Z readers are used to LTE and 5G phones which is based off the historically more popular GSM branch, there was another cellular technology CDMA which was a fierce rival and chosen by carriers like Verizon pre-4G days.

The Fediverse (Mastodon, Threads, et al.) is GSM: the open, Europe-centric social media protocol. In many ways, it’s clunky but it also has a big ecosystem. There are many client and server implementations.

Instead of using Mastodon-proper, I self-host via Akkoma. Heck, the reason why I didn’t join Threads is because I (hope I) could just use self-hosted Akkoma to reach Threads users. And if you don’t want to self-host, you can join a public server like mastodon.online or hachyderm.io or any other server, the way (outside of carrier locked phones) you could take your GSM phone almost anyehere.

Bluesky is CDMA: the so-called “open”, centralized American social network protocol controlled by one company. CDMA was controlled by Qualcomm the way Bluesky is controlled by Bluesky itself. A lot of “normies” who rejected Mastodon have joined Bluesky, but that is analogous to CDMA having better radio tech than GSM and CDMA being historically more popular in the US.

Many of us know Bluesky originated from Twitter which I feel is like CDMA being backwards compatible with AMPS cellular networks making it an easier fit for people who grew up on Twitter (or for carriers AMPS), but good luck trying to move your AMPS/CDMA phone to a competitor.

There were also other platforms, the way I like to see it is:

• Twitter/X is AMPS: the first-generation, corporate but rather shitty platform/technology. Once upon a time it was your only real option, but will eventually die.

• Nostr is WiMAX: a rather obscure but truly decentralized technology without much of an ecosystem, the way WiMAX was internet-centric as opposed to telephone-centric yet failed.

There is still a difference between cellular tech and social media protocols: I grew up with CDMA phones and could still call and text my dad who got a GSM phone from work. Mastodon users cannot directly see Bluesky users’ posts without a bridge.

But with cellular protocols the lowest common demoninator is the PSTN which standardized phone calls. IP doesn’t specify how higher-level protocols should work which is why Mastodon and Bluesky are incompatible. This is also how we also had Gopher vs HTTP, even when HTTP eventually won.

That’s not to say that Bluesky can’t win, after all ATM networks lost to IP and Ethernet, or cloud computing is mostly in the domain of Big Tech despite the best efforts of OpenStack. It could also be like Linux vs BSD where despite the fact that Linux “won” BSD never died, and maybe Bluesky will become the major platform while the Fediverse is a niche technology.

After a disasterous experiment with Ubiquiti UniFi APs, I decided to sell them on /r/homelabsales (because I’m not allowed to return) and buy MikroTik wAP ax APs. Interestingly, the Wi-Fi experience on MikroTik beats the UniFi one despite technically being “inferior” and the EU model.

But one issue with CAPsMAN is how hard it is to configure, especially with a home network full of VLANs (actually three at home). So how do you configure it?

First off, if you haven’t done so already, you’ll need a bridge interface on the interface connected to the VLAN-trunking switch, due to how MikroTik designed CAPsMAN:

/interface bridge add name=lan
/interface bridge port add bridge=lan interface=sfp-sfpplus2 

Replace sfp-sfpplus2 with your trunking port.

Secondly, set up the VLANs in the Wi-Fi datapath:

/interface wifi datapath
add bridge=lan name=MainSSID-DP vlan-id=2
add bridge=lan name=GuestSSID-DP vlan-id=3 

Replace the information with what corresponds to your network.

Third, set up the Wi-Fi passwords/RADIUS:

/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk name=MainSSID-sec passphrase=password
add authentication-types=wpa2-psk,wpa3-psk name=GuestSSID-sec passphrase=password 

Replace the information with what corresponds to your network.

Next, set up the Wi-Fi SSIDs for 2.4GHz and 5GHz:

/interface wifi configuration
add country="United States" datapath=NeelWifi-DP name=MainSSID-2G security=MainSSID-sec ssid=MainSSID
add country="United States" datapath=NeelWifi-DP name=MainSSID-5G security=MainSSID-sec ssid=MainSSID
add country="United States" datapath=MooWifi-DP name=GuestSSID-2G security=GuestSSID-sec ssid=GuestSSID
add country="United States" datapath=MooWifi-DP name=GuestSSID-5G security=GuestSSID-sec ssid=GuestSSID 

Replace the information with what corresponds to your network.

Subsequently, set up the CAPsMAN:

/interface wifi cap set discovery-interfaces=sfp-sfpplus2
/interface wifi capsman set ca-certificate=auto enabled=yes interfaces=lan 

Replace sfp-sfpplus2 with your trunking port.

Finally, enable the SSIDs for the MainSSID and GuestSSID SSIDs:

/interface wifi provisioning
add action=create-dynamic-enabled master-configuration=MainSSID-2G slave-configurations=GuestSSID-2G \
    supported-bands=2ghz-g,2ghz-n,2ghz-ax
add action=create-dynamic-enabled master-configuration=MainSSID-5G slave-configurations=GuestSSID-5G \
    supported-bands=5ghz-a,5ghz-n,5ghz-ac,5ghz-ax 

Replace the information with what corresponds to your network.

Abridged configuration:

/interface bridge
add name=lan
/interface bridge port
add bridge=lan interface=sfp-sfpplus2
/interface wifi datapath
add bridge=lan name=MainSSID-DP vlan-id=2
add bridge=lan name=GuestSSID-DP vlan-id=3 
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk name=MainSSID-sec passphrase=password
add authentication-types=wpa2-psk,wpa3-psk name=GuestSSID-sec passphrase=password
/interface wifi configuration
add country="United States" datapath=NeelWifi-DP name=MainSSID-2G security=MainSSID-sec ssid=MainSSID
add country="United States" datapath=NeelWifi-DP name=MainSSID-5G security=MainSSID-sec ssid=MainSSID
add country="United States" datapath=MooWifi-DP name=GuestSSID-2G security=GuestSSID-sec ssid=GuestSSID
add country="United States" datapath=MooWifi-DP name=GuestSSID-5G security=GuestSSID-sec ssid=GuestSSID
/interface wifi cap set discovery-interfaces=sfp-sfpplus2
/interface wifi capsman set ca-certificate=auto enabled=yes interfaces=lan
/interface wifi provisioning add action=create-dynamic-enabled master-configuration=MainSSID-2G slave-configurations=GuestSSID-2G \
    supported-bands=2ghz-g,2ghz-n,2ghz-ax add action=create-dynamic-enabled master-configuration=MainSSID-5G slave-configurations=GuestSSID-5G \
    supported-bands=5ghz-a,5ghz-n,5ghz-ac,5ghz-ax 

EDIT: I had to add a country="United States" to the /interface wifi configuration section because the prior configuration had issues with Wi-Fi, and a family member complained about it.

EDIT: It seems that the U7 Pro mentioned in this article was buggy in general. I’ve heard that Ubiquiti likes to release half-baked products hoping to “fix it later”. The HP mentioned in this article also had no issues with a Wi-Fi 6 UniFi AP in a hotel.

About two months ago, I was thinking “why not get Wi-Fi 7” and got myself two Ubiquiti UniFi U7 Pro access points? Just to realize the experience sucked.

In fact, my family has faster browsing on a subjectively “inferior” access point, the MikroTik wAP ax which is being used now, as well as the prior HPE Instant On AP25.

Ubiquiti is often compared to Apple, and the UniFi dashboard goes look pretty damn good. After all, Ubiquiti’s founder and CEO worked for Apple. In comparison, Instant On is “okay” and MikroTik is definitely very uninviting.

UniFi has an excellent dashboard, while it needs no introduction, it’s simply the best Wi-Fi dashboard I ever had.

But when it came to the radios:

• My HP OmniBook Ultra Ryzen 9 AI laptop had flaky Wi-Fi on Linux, when it didn’t using MikroTik APs

• My mom’s iPhone 13 Pro Max had slow Wi-Fi, even when my M3 Pro MacBook Pro worked fine

• $120 MikroTik Wi-Fi 6 APs had faster browsing than $280 UniFi Wi-Fi 7 APs

Simply, the radios had ultra patchy Wi-Fi.

We are in NYC where Wi-Fi congestion is pretty bad, and we’re just in a 24-unit building. We’re probably moving to a brownstone with less congested Wi-Fi but no Verizon Fios so it’s probably AT&T Internet Air unless/until I get Verizon to wire.

In the past, I’ve tried Ubiquiti EdgeRouters and was certainly no fan of those either. Maybe it’s me but I’m more of a MikroTik person, even if MikroTik isn’t exactly cutting-edge.

Yes MikroTik is hard to configure, but their gear generally works well, including gear shipped from Latvia directly because no US seller sold them. In fact this includes not even designed for North American 5GHz wAP ax but works well in NYC anyways.

This isn’t to say that you shouldn’t buy Ubiquiti gear or that Ubiquiti should become the Compaq or HTC of networking, it’s just that Ubiquiti sucks for me.

After my old Sol Republic earbuds died, all the headphones I daily drive are or have been made by Sony. This includes the WF-1000XM5 earbuds for going out and the WH-1000XM5 headphones I use on my desk or for plane travel.

While Sony headphones generally work well with Linux (I’m looking at you, Apple and Beats), I recently switched my Linux desktop and laptop back to openSUSE Tumbleweed from Fedora.

This came with one interesting problem: Sony Bluetooth headphones won’t connect from GNOME.

The good news is there is a way around it. Open a terminal and:

1. Type in sudo systemctl start bluetooth and then sudo bluetoothctl

2. Power on Bluetooth via power on

3. Scan for devices via scan on

4. Put the headphones in pairing mode, wait for them to come up and then grab the MAC

5. Pair the headphones via pair <MAC>

6. Quit bluetoothctl via quit. This is important otherwise we’d not be able to connect.

7. Open sudo bluetoothctl and then type in connect <MAC>

After that, the Sony headphones should be connected via Bluetooth.

Source: André Sterba’s guide for Arch Linux, albeit with modifications.

Although I now live primarily in Verizon territory, my family has a second home in Frontier-land at least for a few more months. Frontier in Connecticut inherited AT&T’s 802.1X setup so if you’re not on XGS-PON, you are required to use Frontier’s router, in my case an Arris NVG468MQ.

However, if you’re using a MikroTik CCR2004-series router, you can use that connected to the ONT and bridge 802.1X from the Arris. You sadly cannot do this with a RouterBOARD (trust me, I’ve tried), but you may also be able to do this on a CCR2216.

You will need two free Ethernet ports, one for your WAN (obviously) and one for bridging 802.1X from your AT&T/Frontier/AU router.

Note: While I don’t have AT&T Fiber, if you are using AT&T Fiber there are newer bypass methods which aren’t dependent on bridging 802.1X. The 8311 Discord Server has information on this.

So you wanna bypass? First, log into the serial console and paste this:

/interface bridge
add name=WAN admin-mac=00:00:00:00:00:00 pvid=111 auto-mac=no igmp-snooping=yes protocol-mode=none vlan-filtering=yes
/interface bridge port
add bridge=WAN interface=ether1
add bridge=WAN interface=ether2
/ip dhcp-client add dhcp-options=clientid disabled=no interface=WAN use-peer-dns=no use-peer-ntp=no
/system scheduler add name=OnRebootATT start-time=startup on-event=":delay 30\r\n/system script run OnRebootATT"
/system script add name=OnRebootATT source="#\_OnRebootATT\r\n\r\n:log info \"Script: Starting OnRebootStartATTRG\";\r\n:delay 5\r\n\r\n:log info \"Script: Enable Virtual switch for ONT and ATT RG\";\r\n/interface bridge set WAN pvid=111\r\n\r\n:log info \"Script: Ensure ATT RG ether2 is visible to ONT\";\r\n/interface bridge port set bridge=WAN [find interface=ether2] pvid=1\r\n/interface ethernet enable ether2\r\n\r\n:log info \"Script: Sleep for 3 minutes to allow ONT and ATT RG time to sync\";\r\n:delay 180\r\n\r\n:log info \"Script: Ensure ATT RG is NOT visible to ONT\";\r\n/interface bridge port set bridge=WAN [find interface=ether2] pvid=222\r\n/interface ethernet disable ether2\r\n\r\n:log info \"Script: ONT and ATT RG should be in sync. Virtual Switch shutting down. Enjoy your router.\";\r\n/interface bridge set WAN pvid=1\r\n"

Keep in mind that:

• Replace 00:00:00:00:00:00 with the 802.1X-speaking router’s WAN MAC address
• Replace ether1 with the interface connected to the ONT
• Replace ether2 with the interface connected to the 802.1X-speaking router
• It will take a while to boot up, since 802.1X has to authenticate via a “bridge” then get shut down
• If you unplug the ONT cable, you will have to reboot your router

After doing that, reboot your router, plug in the 802.1X-speaking router to ether2 and the ONT to ether1, and reboot again. After 4-5 minutes you’ll be online, bypassed! Yay!

For many years, Hurricane Electric was the de-jure IPv6 tunneling platform. If you wanted Netflix, just force Netflix on IPv4. For people without native IPv6, HE.net was truly a godsend.

Then HE.net tunnels became more problematic, now we have multiple streaming services and other services blocking HE.net tunnels under the “public proxy” blanket ban. I remember the pre-COVID and the early-COVID era when only Netflix blocked HE.net tunnels when I lacked native IPv6 until summer 2020. And now, I’m not going to get the hostnames of every streaming service my mom uses to block IPv6 on those.

This led me to think, if someone has an ASN, IPv6 space, and a BGP-capable VPS, why not make it an IPv6 tunnel? I have my own ASN (AS33535), IPv6 space 2602:2e6::/36, a BuyVM BGP-capable VPS and even a /23 equivalent of IPv4, although I’ll give up all those up any day for 100% IPv6 deployment and a IPv4 shutdown.

Going back, since I moved back to the NYC-area, BuyVM made the most sense due to a low price, unlimited bandwidth, great support and most importantly, a NYC PoP. Vultr is another (more expensive) option with a truly global network. There are many other BGP VPS hosts as well.

To get an ASN if you’re in an ARIN region (USA or Canada) you basically need to be a corporate entity to get IP space, but at least for Americans registering a company is so easy my homelab has a LLC, complete with a business bank account and credit card. You don’t even need a LLC, a sole proprietorship is enough for this. You can however lease IPv6 from a company such as Free Range Cloud if you don’t want an “ISP” or “End User” allocation but getting an ASN is a $550 one-time fee.

In Europe or the Middle East, you can use a Local Internet Registry (LIR) to get IPv6 space and an ASN. These are usually affordable subscription services also offered to individuals. RIPE is much better than ARIN for this which makes it easier for people who don’t want the hassle of registering a business. Sure, I might be willing to but most people aren’t and this is where RIPE truly shines.

I’m not sure about other RIRs. I believe APNIC is impossible for leasing IP space but could be wrong. I’m not sure about AfriNIC or LANIC. Do your research.

Also, you don’t need IPv4 space as the VPS IPv4 is enough for the tunnel.

For the software speaking BGP, you can use a router OS such as MikroTik CHR like me, VyOS if you want FOSS, or can roll one from a standard Linux/BSD distro. I do not recommend “firewall” distros such as pfSense or OPNsense for this as they’re not designed to be a “router” or a “BNG” (broadband network gateway) as much as they’re a “firewall”. Remember, our IPv6 “tunnel” is effectively the same thing many ISPs do on a “unbundled” DSL or fiber network. “Firewall” distros are fine for your clients.

Then you need the protocol. Two protocols are 6in4 or L2TP. 6in4 is what Hurricane Electric and other tunnel brokers use, but doesn’t work behind NAT or CGN and requires reconfiguration (whether manually or via scripts) whenever your IP changes. I don’t recommend this for a makeshift IPv6 tunnel if you lack a static IPv4 address, well unless somebody comes up with a update IP script.

I’m a fan of L2TP. It’s easier on the service side, but is a bit more complex on the client side and has more overhead. Meaning you’ll have to make sure L2TP isn’t used as an IPv4 default route if you want your ISP for IPv4 routing. So far I have MikroTik and FreeBSD clients to my IPv6 L2TP tunnel, both acting as routers to their respective networks.

If you’re interested in my CHR config, a stripped down config is below:

/interface ethernet set [ find default-name=ether1 ] disable-running-check=no
/ip pool add name=ppp-pool ranges=100.75.64.1-100.75.64.255
/ppp profile set *0 local-address=100.75.64.0 remote-address=ppp-pool use-encryption=no
/routing bgp template set default as=33535 router-id=198.98.XX.XX
/interface l2tp-server server set allow-fast-path=yes enabled=yes
/ip dhcp-client add interface=ether1
/ipv6 route add blackhole dst-address=2602:2e6:X::/48 add gateway=2605:6400:XX::1
/ipv6 address add address=2605:6400:XX:X::1/48 advertise=no interface=ether1
/ipv6 firewall address-list add address=2602:2e6:X::/48 list=bgpnet
/ppp secret add name=yser1 remote-ipv6-prefix=2602:2e6:X::/56 service=l2tp add name=user2 remote-ipv6-prefix=2602:2e6:X:XXX::/56 service=l2tp
/routing bgp connection add address-families=ipv6 disabled=no listen=yes local.address=\
     2605:6400:X:X::1 .role=ebgp multihop=yes name=buyvm output.network=\
     bgpnet remote.address=2605:6400:ffff::2 .as=53667 templates=default 

For the IPv4, since I’m not using IPv4 I put in dummy CGN IPv4 addresses for the L2TP but in reality I’m announcing IPv4 too.

Remember when Reddit /r/sysadmin said HPE support blows? Well it does.

I got an open box HPE ProLiant ML110 Gen11 as a NAS. This is my second whereas my first is a compute server. To my surprise, there was no SAS cables in the open box server.

When sourcing the official sources, I was in back and forth conversations with HPE and their “part suppliers” to no avail. And no, I did not get the right SAS cable. The worst part, the ticket is still open.

EDIT: HPE did agree to send out a genuine SAS cable, yay! When will I get it, I don’t know, but I hope HPE isn’t slower than Temu or Shein.

EDIT 2: HPE actually sent out a SAS cable months ago and I installed it just one day before the Amazon return period ended. Now I am not using it because I never used my NAS, I just use it as another “compute” server.

This is something I would expect from Apple, a company making devices with soldiered everything and a history of fighting repair. I don’t expect this from HPE where service guides are published and unlike Macs, solidered everything is nonexistent on ProLiants.

So what did I do? Build a SAS cable myself out of parts on Amazon.

The parts are:

• SlimSAS LP 8X to 2*MiniSAS HD 4X,SFF-8654 LP 74pin to 2*SFF-8643 36pin Cable 80cm for $23.88
• 2xCY PCI-Express 4.0 Mini SAS SFF-8087 to SAS HD SFF-8643 PCBA Female Adapter with Bracket for $59.98
• 6G Internal Mini SAS SFF-8087 to SFF-8087 Cable, 100-Ohms, 0.5-m(1.6ft), 2 Pack for $18.29

And it’s barely above $100. Exactly $102.15 (excluding sales tax) at the time of writing.

Apparently, HPE used a SlimSAS LP (low profile) cable which not widespread is still not proprietary a la Pentalobe screws or Lightning connectors. The SlimSAS cable I used is actually a ripoff Dell cable.

While it barely fits with the fan baffle, it works as my Rocky Linux 9 ZFS NAS and is still $200 cheaper than buying a brand new ML110.

PS: If anyone from HPE is reading this I’d still prefer a genuine 4LFF/8LFF SAS cable, but if you can’t my makeshift cable will work.