Decided at 11:30pm to re-IP my home network to permit a meshed VPN layout through the office.... About 2.5 hours later, all was well. What a pain. About 8 years ago, I decided that 10.1.1.0/24 was a great IP range to use for my own network. This has presented myriad problems over the past few years, but I hadn't bothered to fix it. Then Matt and I wind up on the same RoadRunner cable segment. At one time, there Decided at 11:30pm to re-IP my home network to permit a meshed VPN layout through the office…. About 2.5 hours later, all was well. What a pain.About 8 years ago, I decided that 10.1.1.0/24 was a great IP range to use for my own network. This has presented myriad problems over the past few years, but I hadn’t bothered to fix it. Then Matt and I wind up on the same RoadRunner cable segment. At one time, there were no intra-subnet access blocks on the RR network; apparently, this changed about a week after we both got our cable connections. Handily, this means that we cannot directly access each other’s systems without running through an intermediary to route around. What a pain. So, RoadRunner begat my re-IP to mesh our VPNs through the office, begat me trying to remember what the hell I did on my quasi-LRP firewall, which is mostly custom code now, plus the FreeS/Wan-patched kernel, the hacked-together dhclient daemon to get an address, and so on. I haven’t touched this firewall box in several months, and haven’t done anything serious to it in years. Took me 5 minutes to recall that I’d superformatted the floppy to 1.6MB (which was ultimately pointless, since I have a ZIP drive in the firewall box to hold the bigger packages, such as sshd, ipsec, etc). More time lost picking through an extremely misleading debug message from freeS/WAN, and the fact that the changes made to the shared keys on the firewall didn’t get saved. Oh, did I mention that I rebooted the firewall box? Bad idea. If I’d looked just a little closer at why the tunnel wouldn’t come back up, I’d have noticed the incorrect netmask application post-dhclient by a forgotten line in a boot script that caused pluto to tell me “eth0 and eth0 have the same address: …”. Blindingly obvious.The firewall is a liability only if you lack a sense of adventure, or have little time. I don’t lack the former, but I embody the latter. Perhaps I break down an pick up a PIX 501. Of course, the LRP box will now run for hundreds of days without a problem. Before I rebooted it, it had passed over 50GB since the last reboot in December. Sheesh.