Here are a few posts for future reading: How to add a jailed server to OpenVPN? Running OpenVPN in a ezjail jail Restarting OpenVPN in jail erase tun0 configuration OpenVPN Client in a jail
Interesting jail/OpenVPN reading Read More »
I’ve been meeting a few challenges with running an instance of bacula-fd in each of my jails. Most of them are related to networking. Perhaps my deployment strategies are imposing too many restrictions. The challenges arise on the jail hosts which are not behind my firewall at home. Each of those servers is accessible through a VPN, but the individual jails on those servers are not. The backup of the jail host is
Accessing every jail from a VPN Read More »
A server was decommissioned lately. It was running on a VM. Given that I do not have physical control over the HDD, I will be revoking the certificate for that server. This certificate was used for VPN access. That’s something I don’t want to be used by anyone else. Here is how I revoked it. I do not know why I had to enter 5 twice.
ssl-admin: revoking a certificate Read More »
People often talk about security. There are many different types of security. Personal security. Security theater. Physical security. In this post, we’ll talk about securing communications channels so that others cannot listen in, and so that others cannot connect. In this article, I’ll talk about using a toolkit, ssl-admin, to create a certificate authority, create self-signed certificates, and use them for both backups (via Bacula) and for a VPN (using OpenVPN). We will
I’ve started seeing these messages recently: openvpn[2688]: latens.example.org/10.99.36.17:60467 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #999 ] — see the man page entry for –no-replay and –replay-window for more info or silence this warning with –mute-replay-warnings After reading the man page, I decided to add the following and restart openvpn: replay-window 64 20 We’ll see….
I’m sick of dealing with dynamic IP issues. My broadband connection at home has a dynamic IP address. I can always find out what my home IP address is. I’m using dns/noip to manage a hostname which points to home. I can always ssh home via the hostname. The problems arise when I try to restrict access to services provided at home or access to services on external servers. For example, the web
Avoiding dynamic IP address woes with a VPN Read More »