IPv6 link-local to the rescue
Today I decided to finally update my home LAN. I've had my main subnet set as a /16 for maybe 6+ years. It has always urked me that I made this choice, and I'm unsure the original idea behind selecting it; However, I just couldn't be bothered to change it until today. I also finally intend on installing a local dns instance soon. I guess this inertia could be explained by the old saying,
The shoemaker's son always goes barefoot
The reason why today was the day, was due to us recently moving apartments, causing me to have less small devices connected with their static IP's. Secondly, I just built a new workstation at home... and it happened to be assigned a DHCP IP outside of the very small /29 I allocated for my remote access VPNs. Instead of setting a static IP, I figured it was time to update the subnet & dhcp settings.
So I made this change, very quickly, and was satisfied with how seamless it was..... until.... I went to log into my router and was greeted with:
ssh: connect to host erx port 22: Connection refused
ay Dios Mio, as my wife would say, I forgot the ill fated lines:
( ͡ಠ ʖ̯ ͡ಠ)
Yes, indeed, I was royally fucked. The reason why I was royally fucked is that I haven't taken a backup of my config in who knows how long. Once again, my LAN is said shoemaker's son.
Suddenly I was in a panic... do I have the keys for my VPN tunnels? Would I have to go through the effort of rebuilding them from scratch? Suddenly, it came to me. The boys at UBNT had a solution for me... SSH recovery via IPv6 link-local .
The concept is simple. After your router boots up & the SSH daemon comes online, you have about a minute or two to login via the link-local address on your lan, which bypasses the firewall on the device.
Since my connectivity through the device was fine, I knew I had the mac address to deduce the link-local:
Now let's get the link-local (I mean, this can be calculated without but cmon, copy-paste-til-I-die. We just have to ping IPv6 all-nodes multicast address:
Okay, now I just power cycle the device.
ping -6 the IP and keep trying SSH until....
Now all I had to do was
set the new IP's and
delete the old ones. Bam, I was in!
I then fixed up my VPN and only had to apologize to my wife softly that I took down our LAN, interrupting her Sunday morning browsing session in bed.
Time to take a backup.....