Category Archives: CentOS
How to use OpenVPN over an IP over ICMP tunnel (Hans)
Introduction The very first question may is why to tunnel IP over ICMP at all? Sometimes you may find yourself in a situation where you have network, but no access to the Internet because of annoying restrictions. That f.ex. could be a proxy which requires authentication, a captive portal like in hotels or the ports you need simply are not … Continue reading
Setup an OpenVPN server with certificate and two-factor authentication on CentOS 7
Introduction My goal was to have an OpenVPN server running, to which i can connect using different ports and by pipping it over an IP over ICMP tunnel (the latter will follow in another post). Ports i want to use: 1194/udp – The default OpenVPN port 53/udp – If im lucky and the network has DNS open by default… 1195/udp … Continue reading
CentOS – Set machines IPv6 source address
If you have configured multiple IPv6 addresses within a CentOS machine, it shows the strange behavior that it sets the last IPv6 address in IPV6ADDR_SECONDARIES as its default source address for outgoing connections, which can end up in quite annoying problems. For example, firewalls may expects the main IPv6 address and not a secondary, which changes if you add another one … Continue reading
Quick tip: Download all pdf files on a website
After RedHat Enterprise Linux 7 was released this week, which has a bunch of very cool features by the way, I wanted to download all the new documentations as PDF to put them on my iPad. But right-click each of the 30 links and click “save as” definitely wasn’t the way to go. Administrators are lazy guys… URL of the … Continue reading
Increase SSL and TLS security on nginx and Apache by enabling PFS and HSTS
The default configuration of SSL is fine on most Linux distributions (you will get an A-Rating at SSL Labs), but still could be done a lot better and more secure. Goals we want to achieve: Enable Perfect Forward Secrecy (PFS) Enable HTTP Strict Transport Security (HSTS) Disable SSLv2 and SSLv3 PCI compliant FIPS-ready (optional) Don’t break IE… NOTE: the configuration below will … Continue reading