That warm feeling that you contributed to the community when you find your bug report in an official release notes 🙂 There is a new firmware release EdgeRouter ER-8/ERPro-8/EP-R8: Firmware v1.9.1 that reports as fixed an issue first reported by me for the 1.9 firmware. The issue was reported in the thread Update to 1.9… Read More »
The following is an example on how to generate a certificate directly on a Linux server using keytool, then sign it by a windows CA. The example assumes we are regenerating a certificate for a glasfish domain. STEP 1: Delete the old certificate In glasfish in each domain where security is activated we have a… Read More »
I already have several posts related to security of an exposed Internet site. They were all summarized in the post Blog Links: Web site security As we know, the Internet threats are constant and evolving so to maintain the same level of security we constantly have to update the configurations of a secure installation. In… Read More »
I already had several posts related to constructing a secure website that can be released in the wild world-wide web. The following are several resources and links that will give a good idea on what one can do in order to secure a web site. First we need a way to analyse how secure our… Read More »
An EdgeRouter firmware update from 1.8.5 to 1.9 broke my L2TP based VPN. After the update my l2tp connection to local subnets was no longer working. Note that I have a load balancing setup with eth0 and eth1 being the load balanced WAN interfaces. It seems that due to the changes done for the l2tp… Read More »
After seting up Security Onion as my home data center IDS (see https://blog.voina.org/data-center-ids-solution-using-security-onion/) I started to integrate monitoring of other resources to it. The first idea was to add the monitoring of my EdgeMax routers. Security Onion has a syslog-ng service that is able to receive client syslog data. Then we can visualize this data… Read More »
An enterprise environment has to be monitored for external threats. There are a lot of very expensive IDS (Intrusion Detection System) that do this for you but you can set up in a production environment a very good solution for zero cost. The strength of an IDS is given by the IDS threats database, a… Read More »
Because the number of my systems increased moving all my stuff to a rack was the right decision to avoid cable spaghetti and administration hell. But when you have a rack you need to have an administration console for it. Looking on the market (the deals market) the cheapest console I could find was some… Read More »
Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol (IP) networks. Because I have site-to-site OpenVPN and IPSEC tunnels between my primary and remote sites I ended up defining lots of static routes. The environment started to be complex enough to justify the use of OSPF that is supported by EdgeRouter. The… Read More »
The following are the steps I used to perform to set up an IPSEC VPN with a vti (virtual tunnel interface). The advantage is that using a vti gives us a route-able interface so making it easy to work with the IPSEC tunnel. The current setup looks like: Primary Site: ER-8 (with load-balancing WAN1 and… Read More »