The number of network devices in our house has increased significantly recently. With two Apple TVs, a wii, iPad, two iPhones, a Kindle, an xbox, two laptops, a desktop and a nettop, my creaky old AirPort Extreme was struggling to cope, particularly streaming media across the network. I also need to bridge two sections of wired network and as I need to reach the work network from several devices at home, I wanted to share a VPN connection into the office. All of this took some figuring out and some heavy googling, so in the interests of helping out anyone with a similar problem, here’s what I did.

Network Layout

Hardware Requirements

• A simultaneous dual-band wireless-n router at the gateway
• A normal dual-band wireless-n router to bridge to the LAN
• Gigabit switches at both ends
• dd-wrt support on both devices (PPTP support at the gateway, and bridging or WDS at the LAN)
• Same chipset on both routers for compatability

I ended up with a Cisco Linksys WRT610n for the gateway router, and a Cisco Linksys WRT320n for the LAN bridge. Both second-hand/refurbished models from eBay. Total cost £80.

Gateway Configuration

1. Flash the WRT610n with dd-wrt.
2. Create two wireless networks. The 2.4GHz carries 802.11b/g/n for maximum compability. The 5GHz carries 802.11n for maximum bandwidth.
3. Add a virtual interface to the 5GHz network with its own SSID to carry the inter-router link.
4. Set WPA2 AES encryption on all networks with pre-shared key.
5. Connect to the cable modem, reboot and check that internet connection is established by connecting with the iPad to each of the wireless networks in turn and web surfing.

LAN Bridge Configuration

I wanted to use WDS to link the two routers but I ran into some problems. I could establish a connection, but the link bandwidth fluctuated significantly, and I also couldn’t get PPTP traffic to tunnel successfully. Data transfer over the VPN stalled for larger packets. This is a classic symptom of incorrect network MTU but despite resorting to packet sniffing, I couldn’t get this working properly. I ended up using dd-wrt Repeater Bridge mode which solved these problems straight away. The steps were:

1. Flash the WRT320n with dd-wrt.
2. Disable the WAN connection and give the router a static IP address (192.168.1.2) with the gateway router’s IP as the gateway address.
3. In “Advanced Routing”, set the Operating Mode to “Router”.
4. In Wireless Basic Settings, set the Wireless Mode to “Repeater Bridge”, and the Wireless Network Mode to “N-Only (5 GHz). Give it the same SSID as the inter-router link in step 3 of “Gateway Configuration”
5. Add the appropriate Security Mode, WPA Algorithm and WPA Shared Key in the “Wireless Security” section.
6. Under “Services -> Services”, Disable DNSMasq (which turns off the DNS and DHCP servers).
7. Reboot, connect the desktop PC to the gigabit switch on the bridge router, check it picks up an IP address from the gateway DHCP server and that it can reach the internet.

At this point, I added the rest of the wireless and wired devices to the network and checked that things were working properly. AirPlay working from an iPhone to one of the Apple TVs, streaming audio and video from the PC to the TVs and download content from the internet were all evidence that dd-wrt was correctly bridging between the different networks and things were behaving properly.

The final stage was the VPN, and this is where information online started to run a bit thin.

DD-WRT, PPTP VPN, routing DNS queries correctly and handling unqualified hostnames

The requirements for the VPN connection were:

1. The gateway router establishes the VPN connection and handles routing.
2. Only work traffic crosses the VPN – everything else gets routed straight to the Internet.
3. Home LAN access to the work LAN is NATted to remove the need to add routes back to the home LAN.
4. Unqualified hostnames are in use both on the host LAN and on the work network.
5. DNS resolution for the work domain should be handled by the work internal DNS servers; DNS resolution for the home LAN should be handled locally; everything else gets handled by my ISP’s DNS servers.
6. All LAN client configuration is done via DHCP, so that all devices including the iPhones and iPad will work immediate on connection.

Steps 1 to 3 are straightforward:

1. On the Gateway router, under Services->VPN, enable the PPTP Client.
2. Use the IP address rather than the DNS name for the server – this will not change frequently, and makes DNS configuration more straightforward.
3. Configure the remote Subnet and Subnet Mask as appropriate – my work uses an RFC1918 Class A address space.
4. I changed the MPPE Encryption settings to “mppe required,no40,no56,stateless”. This was in the middle of my “trial and error” phase of trying to troubleshoot WDS – it might not therefore be necessary but if it works, it won’t hurt!
5. Leave MRU and MTU as the defaults. Enable NAT and complete the User Name and Password fields as appropriate. NB if this is authenticating against a Windows domain, you need to put username in the form DOMAIN\\username.
6. Hit “Apply Settings”. Reboot the router.

If all is well, you should now be able to ping IP addresses of machines on your work network from client machines on the home LAN. traceroute should also show that this traffic is being carried across the VPN, where traceroute to www.bbc.co.uk goes via your gateway and across your ISP’s networks in several hops.

Next step is to confirm that you can reach your work DNS servers. Ping them first, and then attempt a hostname lookup: our intranet server is called “intranet” so “nslookup intranet <WORK DNS IP>” should return the correct IP address. To complete requirements 4-6, we need to use the dd-wrt DNS/DHCP server DNSMasq to manage home LAN DNS registrations, pass off work DNS queries to the work servers over the VPN, to send the rest to the ISP and to send appropriate search domain information to all LAN DHCP clients so unqualified hostname resolution will still work. I have to admit that these settings were reached through some trial and error so there could be a better way of doing this. But at least this works:

1. In “Services->Services”, under “Services Management” “DHCP Server”, add a local value to LAN Domain. I use “marlow.org.uk” here. This will be added to the hostnames of your LAN devices while they’re on the home network to give them an FQDN.
2. DNSMaq should already be enabled, but you should enable “Local DNS” and disable “No DNS Rebind”.
3. In “Additional DNSMasq Options”, add the following (changing the bits in red):

   dhcp-option=15,"workdomain.com homelandomain.org.uk"
   strict-order
   no-resolv
   no-poll
   server=/workdomain.com/ipaddressofworkdnsserver
   server=yourispprimarydnsip
   server=youridpsecondarydnsip

4. Hit “Apply Settings”
5. Renew the DHCP lease of one of your home LAN clients and check that DNS resolution is behaving as expected by pinging www.bbc.co.uk, followed by the unqualified hostname of a machine on the work network and then one of the clients on your home network.
6. Pour yourself a stiff drink.

Where were we? Oh yes: pre-eclampsia. The causes of this condition aren’t well-understood; the management of it is. Shortly after my last post on the subject, the midwives and obstetricians at the Rosie Hospital in Cambridge started to manage Nessa’s pregnancy more closely, and we found ourselves in and out of hospital every couple of days. By Maundy Thursday they’d decided to admit her, and because her blood pressure had continued to rise, on Easter Sunday they decided to induce the baby.

He didn’t want to come and so after a very uncomfortable night for Nessa, a caesarian section was booked for the afternoon of Monday 13 April. I’m not going to scare anyone with tales of the management of pre-eclampsia; nor of how unpleasant a c-section is, but after 20 minutes of hard work, Daniel Benjamin Isaac Marlow was born at 4:38pm, weighing 5lbs 14.5oz. He was taken to the Lady Mary ward first, and then transferred to the Special Care Baby Unit as his oxygen saturation was too low. Meanwhile, Nessa was transferred back into the delivery unit where she had to stay for 24 hours after the birth. Being separated from Danny for all this time was horrible; I tried to fill it by running between the two of them with my digital camera but it wasn’t a good substitute.

Eventually, Nessa was moved onto Lady Sara ward, which is adjacent to SCBU, and could visit him at any time. He was still a tangle of wires and tubes at this point – oxygen through his nose; a canula and glucose drip into his arm; a pulse and O2 saturation sensor on his toe, and a feeding tube up his nose. But by the third day, he’d had some “kangaroo care” or skin-skin contact with Nessa.

This was a surreal time for us. The first few days were absolutely horrible; it was very difficult to hold our baby; he was fed hourly through a tube on a 24-hour cycle and day blurred into night. He was four weeks early and being delivered via c-section meant that the fluids hadn’t been squeezed from his lungs. All the while, the medical staff attempted to eliminate other causes for his low oxygen saturation – lumbar punctures to detect infection; chest xrays; ultrasound. But every day he got a bit stronger and a little less dependent on the external support.

Still, it was nearly two weeks before he could come home and almost three weeks until he met his older brother and sister.

Douglas Adams compared a child’s early development to a computer booting up, and this is what we see with Danny. His awareness of what’s around him gets wider each day.

Working out how old he is, is also difficult and even confuses the medical staff. A GP was concerned that he’d not started smiling by six weeks old; the hospital confirmed that these development checkpoints in the first year can all have four weeks added on to account for his prematurity. Still, no problem with smiling now.

He’s now doubled his birthweight and it’s interesting to compare him to his cousin, Charlie, who was only a week old at the time this photo was taken.

He’s becoming a lot more aware of his own body and has started to grab for his knees and his toes with his fingers.

He’s also become a lot more facially-expressive.

So Danny’s now nearly four months old and we’re well into the routine of having a young baby in the house. Time to go and sterlise the breast pump!

My wife is 34 weeks pregnant. We’re into the end-game, but her blood pressure has got a little high, so we’ve had two trips in three days to the Maternal Fetal Assessment Unit, where the staff have attempted to ascertain her blood pressure. It’s not as easy as it sounds. They’re most interested in her diastolic pressure (the lower of the two – the background pressure). A close eye needs to be kept on pregnant women with a diastolic pressure greater than 90 mmHg.

Weirdly, nobody can tell if it’s greater than 90 mmHg. Over the last few days, her blood pressure has been measured manually and automatically probably 20 or 30 times, and it’s varied from 79 mmHg to 114 mmHg. Although there’s a possibility of White Coat Hypertension I find it difficult to believe that her diastolic pressure has varied so much and so do the medical staff. So what’s going on? Possibilities include experimental error, over-sensitive equipment or poorly-calibrated equipment.

Most of the readings have wobbled around the 90 mmHg mark which is a problem – it’s too low to take action, but too high to ignore. It seems that the only option is to schedule a midwife visit every couple of days to take the readings, and to return to the MFAU if they appear high. This has happened twice this week already and if there’s anything likely to raise your blood pressure, it’s driving through cross-town traffic in Cambridge – and paying for parking at Addenbrooke’s hospital. Fortunately, I’m the designated driver.