Author Archives: Urs

How to use OpenVPN over an IP over ICMP tunnel (Hans)

Introduction The very first question may is why to tunnel IP over ICMP at all? Sometimes you may find yourself in a situation where you have network, but no access to the Internet because of annoying restrictions. That f.ex. could be a proxy which requires authentication, a captive portal like in hotels or the ports you need simply are not … Continue reading

Posted in CentOS, Linux, Mac, OpenVPN, VPN | Tagged , | 5 Comments

Setup an OpenVPN server with certificate and two-factor authentication on CentOS 7

Introduction My goal was to have an OpenVPN server running, to which i can connect using different ports and by pipping it over an IP over ICMP tunnel (the latter will follow in another post). Ports i want to use: 1194/udp – The default OpenVPN port 53/udp – If im lucky and the network has DNS open by default… 1195/udp … Continue reading

Posted in CentOS, Firewalls, Linux, OpenVPN, Security, VPN | Tagged , , | 2 Comments

Check if the certificate of a domain was revoked

Just had the need to quickly check if the certificate of a domain was revoked or not, and found this tutorial:  OpenSSL: Manually verify a certificate against a CRL Well done, but two problems: If the server doesn’t send all certificates (including the root CA), the verify process will fail Too much to type… So i quickly created a bash … Continue reading

Posted in Bash, Linux, Security, SSL/TLS | Tagged , , , , , , | Leave a comment

CentOS – Set machines IPv6 source address

If you have configured multiple IPv6 addresses within a CentOS machine, it shows the strange behavior that it sets the last IPv6 address in IPV6ADDR_SECONDARIES as its default source address for outgoing connections, which can end up in quite annoying problems. For example, firewalls may expects the main IPv6 address and not a secondary, which changes if you add another one … Continue reading

Posted in CentOS, Linux | Leave a comment

Nethack.ch is SSL only now – Let’s Encrypt FTW!

Last week i received access to Let’s Encrypts beta, and therefore was able to generate some certificates which are fully accepted by any modern browser. Because of that, nethack.ch will be SSL only from now on. Let’s Encrypt should be GA around the 16th of November 2015. So, get ready to deploy SSL to your sites.

Posted in Security | Tagged , , , , | Leave a comment