2023-December to 2024-January

River Oaks Church - Updated 2024

Portal/WiFi System Updates Dec 5th-10th

Search function added to wifi-access logs
Access logs are now pulled from both of the Type 1 (standard account) RADIUS servers
Fixed an issue where accounts were not immediately updated on the RADIUS servers after an account creation, deletion, or MAC address mapping. (Previously took until the next Monday morning at 6:30a)
Setup graphing for wifi active accounts on Grafana (grafana.ro.church) – You have a login to that somewhere
Created a few dashboards to show people connected to RADIUS, one of which is on HA and it specifically shows Goshen connected humans to RADIUS wifi.
Added database column to keep track of if an account is a human or not. – Not currently used for anything, but is up to date and will be nice to have once implemented
User level access for portal
Can limit access to certain aspects of the portal so that other staff can have access
Added option to the “Users” tab to approve a new user (so that a new staff member can be added to the portal without having to do anything directly on the database)

Coming soon:

Alerts for deactivated users when they try to connect to a RADIUS network
Easier search and filtering functionality for all logs pages
Ability to use the API from Snipe so we can pull data on access points (useful for automatically keeping access points up to date on the new dashboard pages)
Ticketing syste,
]

Network Updates January 21-23, 2024
General:

As of Monday, January 22nd, both campuses are fully up to date on UniFi OS, UXG’s, Access Points, Switches, etc.
Created a Public IP change “checklist” on the Docs site so we can make sure everything that references an IP address gets updated (https://docs.ro.church/en/network/public-ip-change-checklist)

DNS:

Due to Comcast hijacking our outbound DNS, ALL outbound DNS across both campuses is encrypted and goes straight to Cloudflare over TLS so Comcast cannot modify it.
Cloudflare filtering is now fully rolled out across both campuses and works well for test sites, but hasn't been tested on others.
- If a domain needs to be added to the whitelist, go to Zero Trust (on CF), My Team, Lists, RO Domains, add it there. It takes a minute or two but automatically applies
Guest networks (Not secured guest) at Goshen are routed through Cloudflare WARP. This serves two purposes: 1. Still encrypts outbound DNS since we wouldn’t be able to anyway due to internal VLAN firewall rules (Guest can’t talk to internal networks) and 2. Masks Guest network internet traffic so it’s not routed through our public IPs. — Will also route Elkhart through WARP, need to generate another set of WireGuard keys in their CLI

Azure:

All Azure VMs we need (should) be created and ready to go
Still moving over Uptime, will need to completely reset it due to Uptime Kuma no longer supporting backup/restore
VMs are purposely located in different regions for redundancy purposes (primarily in North Central US which is closest to us)
stream1 and stream2 servers are also up and running
Elkhart Web Presenter defaults to stream1, backup server is stream2
Goshen/Espanol defaults to stream1
Any DNS records *.az.1nine89.net is entirely controlled by Azure so that records are in sync with VM IP’s
IPs for VMs are static and are on the whitelist for allowed IPs across our web services
All VMs time zones are set to our timezone so that daylight savings time doesn’t affect backups
*Full Azure config walkthrough will be added to the documentation site in the next month or so once everything is set up.

WiFi:

The 3 RADIUS servers in Azure are still being set up and all traffic is rerouted to them

Network Updates January 26-x