Configuring your OPNsense router for Internode NBN HFC

I have just upgraded (finally) from TPG ADSL2 internet to NBN using HFC infrastructure. My ISP is Internode.

Installation went pretty smooth. Technician visited today, drilled a few holes to install a new HFC outlet in our house, and pulled the (slightly odd) HFC coax cable trough the wall. He also handed me an NBN ‘modem’.

I use OPNsense (a FreeBSD based firewall) as my router and intended on using it for my NBN connection as well. Key things to note:

  • Internode use PPPoE for their NBN HFC connections
  • You need to configure it your PPPOE vlanid 2. This is critical, otherwise the connection will not work

I took the following steps in OPNsense to set it up. Note my interface is bge1 — you need to use the correct network interface which is connected to the LAN port of the NBN HFC modem.

  • Interfaces – Other Types – VLAN = [ interface: bge1, tag: 2, PCP: 0 ]. Creates new interface bge1_vlanX.
  • Interfaces – Point-to-Point – Devices = [ Iface: re0, Iface(s): bge1_vlanX ]. Fill in login/password here. Creates new interface pppoe0
  • Interfaces – Assignments – WAN = pppoe0
  • Interfaces – WAN – IPv4 Configuration Type = PPPoE
  • Reboot. Check in Interfaces – WAN, that login/password been populated from pppoe0.
  • Check Dashboard WAN and Gateway/WAN_PPPOE for populated IP addresses.
  • Check Interfaces – Point-to-Point – Log file if you experience any errors.

Update: Thanks to ICBM on Whirlpool for inspiration and initial instructions.

Installing postgres on Ubuntu

I have installed Ubuntu 18.10 and needed to figure out how to install a postgres database server. Below are the steps. First we install the server components, then we check that the server is running using psql, and finally we change the default password for postgres to ‘securePassword’.

# Update package repo and install
sudo apt update
sudo apt install postgresql postgresql-contrib

# Check that database is running and that you can connect:
sudo -i -u postgres

# Exit and secure password of postgres user:
sudo -u postgres psql -c "ALTER USER postgres PASSWORD 'securePpassword';"

Installing Anaconda on Windows Subsystem for Linux

Windows Subsystem for Linux (WSL) is a great way of running a Unix environment on a Windows machine. I tend to work on cases involving large scale data science, but am, like most corporate users, tied to a Windows machine. Having access to a fully-fledged Unix environment is key to productivity and work pleasure. In this guide I will show you how to install Anaconda on WSL from scratch.

Anaconda is the environment and package manager for Python. It enables you to install and manage the typical Python’esque data science tools such as TensorFlow and numpy. It is available as a Windows installer, but running anaconda from the Windows command line is clunky and doesn’t feel right (at least not after ~18 years of Unix muscle memory). For me, it helped installing conda inside of WSL in order to continue working with my favorite tools.

Step 1: enable WSL feature in Windows 10

First step is to install WSL itself if you haven’t already done so. Installation has two parts – first you enable the WSL in Windows 10, then you install your Linux distribution of choice, which plugs in to the WSL shell. WSL is responsible for translating the Linux (POSIX) syscalls into something the NT kernel can understand and vice versa.

Open powershell.exe and enable the WSL feature:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

This should take a while, so grab a cup of coffee.

Step 2: install Ubuntu

Once done, you can install Ubuntu in two ways: via the Microsoft Store or by running bash.exe. For the later, [ress Windows-key + R, enter ‘ bash.exe’ followed by enter. This will install the Ubuntu on top of WSL.

Step 3: download and install Anaconda

Once installed, open browser and go to

Pick 64-bit for Linux (not Windows). I prefer Python 3.7 as 2.7 is old, but you may need it for specific / good reasons.

Instead of downloading in the browser, right-click the button and select ‘copy link’. Go back to the terminal window and download the installer from the command line. We want to do this as it is easier than copying the file into your Linux home directory from your Windows downloads directory.


Resolving (,, 2606:4700::6810:120a, ...
Connecting to (||:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 684237703 (653M) [application/x-sh]
Saving to: '’
100%[===================================================================================================================================================================================================>] 684,237,703 19.5MB/s   in 39s
2019-01-17 14:09:03 (16.6 MB/s) - '’ saved [684237703/684237703]

Make the file executable and run it:

  chmod +x

Some text will fly by. Grab another cup of coffee after you have answered a few questions. If you use bash, remember to key ‘yes’ to add conda to your path, so you can resolve the binary from within your path (usually inside ~/anaconda).

Step 4: create a new environment and install packages

Create a new environment and install your desired packages into it:

conda create -n newenv
conda activate newenv
conda install tensorflow

And you are done. Happy coding!

Thoughts on the new Assistance & Access bill

A few people have asked me about my views on the recent Assistance & Access (A&A) bill passed by the the Australian parliament. A&A, an amendment to the Telecommunications Act of 1997, gives new powers to ASIO and other law enforcement and intelligence agencies to circumvent end-to-end encryption in technology (such as WhatsApp) and wiretap suspected criminals, e.g. terrorists.

In short, intelligence agencies can now compel companies such as Facebook, Apple, and Google to secretly install backdoors in their software in order to enable wiretapping. It is allegedly the first of its kind in any democratic country, providing powers greater than those of the UK Investigatory Powers Act, which was considered incompatible with EU civil liberties and privacy laws.

Whilst I wholeheartedly agree with the need to fight terrorism, giving government authorities the ability to install trojans and other backdoors in hardware and software is not the solution. There are 5 key reasons for this: 

  • It derails the trust in one of our greatest sources of future prosperity in Australia: our technology industry. Australian technology start-ups are booming, as evidenced through Xero, Atlassian, and Canva. Prospects of government-funded backdoors could severely hurt their reputation. In addition, we run the risk of large technology companies such as Google and Facebook, significant employers of Australian talent, pulling the pin on local presence in order to avoid the new legislation. 
  • It undermines our democratic rights to privacy. In an open, democratic society, people have the right to privacy and free speech without fear of government surveillance. If we keep chipping away on our democratic rights, we end up being no better than the totalitarian regimes we set out to fight in the first place.
  • It is insecure by design, opening the door for criminals to leverage the same backdoor. Security holes, backdoors, and mathematics in general do not discriminate who the user is, because they can’t. The backdoors imposed by government officials are secretive, until they are not. Yes, there are legal provisions that make it illegal for anyone to leak information about an introduced backdoor, but everytime a new update is pushed unexpectedly by a software vendor, we can expect malicious attackers to start scanning applications for security holes. 
  • It is ineffective, only addressing a subset of use cases. Yes, criminals can no longer use / trust WhatsApp and similar proprietary services with operations on Australian soil. However, the legislation doesn’t consider how copylefted and open source software such as Linux, OpenSSH, or critical infrastructure libraries such as OpenSSL will work? Theoretically, if a backdoor is introduced in open source, it will be visible to everyone immediately, rendering it useless. Will the Government fly officials to Canada to tell Theo de Raadt to install government backdoors in order to avoid criminals communicating secretly via an SSH tunnel?
  • It is a non-technical solution to an inherently technical problem – square peg, round hole. The debate and public commentary suggests that the majority of politicians did not understand the context and ramifications of what they are voting on. It’s great that they agree on the broad outcome required (we need better access to wiretaps), but it doesn’t make the underlying technical go away (the law of mathematics). Adding to this, the law as rushed through without due debate and broad consultation.

I will end this post with a quote from ProtonMail’s write-up on A&A

On Thursday, the Australian government and its Labor partners rammed a shockingly invasive anti-encryption law through Parliament, over the objections of experts, businesses, and civil rights groups.”