See also SSL client vs server certificates and bacula-fd. I use OpenVPN since at least 2008 – now going on 13 years. I find it to be reliable and stable. A few days ago, I added another client to a VPN. I run this particular network with self-signed certificates which I create using ssl-admin – …
Today I added a OpenVPN client to a recent laptop I acquired. It was for my mom, but COVID19 has prevented that trip. Sometimes a task is so rarely performed that the steps are unfamiliar or even unknown. This is what I had to do today. The client zip package I create with ssl-admin works …
I encounter edge cases. It’s not fun. This particular situation caused OXS Mail.app to crash when using a VPN. The outline This particular edge case involved the following: OSX 10.11.1 (15B42) Tunnelblick 3.5.5 (build 4270.4461) Mail.app When running Mail.app, it would crash within 5-10 seconds. The full dump of the crash has been sent to …
OSX Mail crashes when using TunnelBlick and setting DNS/WINS Read More »
I had a power failure at home tonight. The clients did not react well to the outage. They aren’t at home. They’re out there on the internets. Jul 9 01:02:49 tallboy openvpn[40792]: UDPv4 link local (bound): [AF_INET]10.233.228.194:1194 Jul 9 01:03:51 tallboy openvpn[40792]: UDPv4 link local (bound): [AF_INET]10.233.228.194:1194 Jul 9 01:04:53 tallboy openvpn[40792]: UDPv4 link local …
OpenVPN clients don’t react well when the server goes down Read More »
With this new server, I am taking a new approach. Each jail will have at least three IP addresses: The public IP4 address, used by internet facing services (e.g. http or https) The public IPv6 address, similar to the above A VPN address, used for system administration and private services (e.g. nrpe) In this article, …
I have an exciting project ahead of me. I will soon be configuring a new server. It will be ZFSROOT running a pair of mirrored 500GB disks. I plan to use a configuration tool for management of this server. The final choice of tools is yet to be decided. The services provided by this server …
I am a big fan of OpenVPN. I’ve been using it since 2008. It’s been extremely reliable and stable. Out of the box, at least on FreeBSD, it runs as nobody:nobody (not really, but that’s how most people configure it). I can’t point to am immediate security issue with this situation. However, I’d prefer it …
running OpenVPN as something other than nobody:nobody Read More »
My laptop’s hostname is dent. I want my DNS records to point to that laptop whether I’m connected to my LAN directly (via WIFI or ethernet cable) or via OpenVPN (my VPN of choice). SIDE NOTE: You will see references to nsupdate -k below. Note that in recent versions of this program, the option you …
Here are a few posts for future reading: How to add a jailed server to OpenVPN? Running OpenVPN in a ezjail jail Restarting OpenVPN in jail erase tun0 configuration OpenVPN Client in a jail
I’ve been meeting a few challenges with running an instance of bacula-fd in each of my jails. Most of them are related to networking. Perhaps my deployment strategies are imposing too many restrictions. The challenges arise on the jail hosts which are not behind my firewall at home. Each of those servers is accessible through …