Category Archives: Security

How to use OpenVPN over an IP over ICMP tunnel (Hans)

Introduction The very first question may is why to tunnel IP over ICMP at all? Sometimes you may find yourself in a situation where you have network, but no access to the Internet because of annoying restrictions. That f.ex. could be a proxy which requires authentication, a captive portal like in hotels or the ports you need simply are not … Continue reading

Posted in CentOS, Linux, Mac, OpenVPN, VPN | Tagged , | 5 Comments

Setup an OpenVPN server with certificate and two-factor authentication on CentOS 7

Introduction My goal was to have an OpenVPN server running, to which i can connect using different ports and by pipping it over an IP over ICMP tunnel (the latter will follow in another post). Ports i want to use: 1194/udp – The default OpenVPN port 53/udp – If im lucky and the network has DNS open by default… 1195/udp … Continue reading

Posted in CentOS, Firewalls, Linux, OpenVPN, Security, VPN | Tagged , , | 2 Comments

Check if the certificate of a domain was revoked

Just had the need to quickly check if the certificate of a domain was revoked or not, and found this tutorial:  OpenSSL: Manually verify a certificate against a CRL Well done, but two problems: If the server doesn’t send all certificates (including the root CA), the verify process will fail Too much to type… So i quickly created a bash … Continue reading

Posted in Bash, Linux, Security, SSL/TLS | Tagged , , , , , , | Leave a comment

Nethack.ch is SSL only now – Let’s Encrypt FTW!

Last week i received access to Let’s Encrypts beta, and therefore was able to generate some certificates which are fully accepted by any modern browser. Because of that, nethack.ch will be SSL only from now on. Let’s Encrypt should be GA around the 16th of November 2015. So, get ready to deploy SSL to your sites.

Posted in Security | Tagged , , , , | Leave a comment

Increase SSL and TLS security on nginx and Apache by enabling PFS and HSTS

The default configuration of SSL is fine on most Linux distributions (you will get an A-Rating at SSL Labs), but still could be done a lot better and more secure. Goals we want to achieve: Enable Perfect Forward Secrecy (PFS) Enable HTTP Strict Transport Security (HSTS) Disable SSLv2 and SSLv3 PCI compliant FIPS-ready (optional) Don’t break IE… NOTE: the configuration below will … Continue reading

Posted in Apache, CentOS, Linux, nginx, Security | Tagged , , , , , , , , | 3 Comments