Tag: networking

Default route via VPN while keeping LAN & services available

OpenVPN is working great and all, but I was having trouble getting my other LAN hosts to connect to the OpenVPN client system (a Raspberry Pi) while also keeping the services I normally run on it available from the internet. On the remote server, I was using redirect-gateway def1, which works but makes some assumptions

Tunnelblick disconnect fails to remove route

Tunnelblick is an awesome OpenVPN client, which I have been using a lot lately on my Mac. I had a problem where it would connect the first time just fine, but then would never reconnect; it would seem to hang while trying to handshake with the server. I could get it to work again if

Debian server DNS bogosity

Note: I’m running my Raspberry Pi as a server, and NetworkManager is not installed. I discovered that if you want to manually assign search and nameserver entries in your /etc/resolv.conf file, you can’t just add the relevant entries to static entry in /etc/network/interfaces: [crayon-5c676c7cde521793121829/] For some unknown reason, the resolvconf utility will still attempt to

Allow webapps to make outgoing requests

I was experiencing a pretty bad slowdown while trying to use the admin pages of a WordPress site recently. The load on the machine was quite low, so I began to suspect that it was trying to call out to external services (facebook, pinterest, etc) that might have been blocked by CSF (configserver firewall). I

Fix for LFD error in syslog

I noticed that I was getting emails from LFD (part of the ConfigServer Firewall package) about failing to find some added check line it was sending to syslog. The syslog message looks like this: lfd[%d]: *SYSLOG CHECK* Failed to detect check line [%s] sent to SYSLOG Of course I’ve replaced the pid with %d and

Switching from APF to CSF

I was enjoying trying out APF on my Raspberry Pi, but I noticed that it wasn’t blocking repeat attackers the way I wanted it to. fail2ban was working the way it was supposed to work, but it only blocks temporarily, and I never figured out why the gamin back-end to continuously monitor log files didn’t

Long Live ControlPlane!

I’ve written about Locamatic before, and while it’s good at what it does, there are some definite drawbacks. For one, the most recent version is alpha quality and stated for use on Mountain Lion since prior versions won’t work anymore on a newer system. But as of this writing, Mountain Lion was two major releases

Fix the broken APF package on Debian/Ubuntu

The Debian / Ubuntu package for Advanced Policy Firewall (APF) seems a bit unmaintained. By default it won’t run without some initial tweaking. Note that they probably want everyone to just download and run the installer from their site nowadays, but that’s not how I roll (usually). [crayon-5c676c7cde766994348040/] In functions.apf, change the line [crayon-5c676c7cde76c372222877/] to

APF, fail2ban & more

APF is wonderful for a good-enough firewall solution for a lot of people. But what if you also want the power of another great tool, fail2ban? The problem is, fail2ban wants to make changes directly to iptables, which APF is maintaining. Rules that fail2ban writes will be overwritten by APF. I found the solution is

The FCC is clueless

This. Here’s the kicker: …but perhaps the most fundamental is a simple misconception, one that persists in the work of the FCC but also of proponents and opponents of network neutrality. It is the false distinction between what they call “edge providers” (YouTube) and “end users” (people who watch videos on YouTube). I really wish

Raspberry Pi SSH cipher speed

I was curious to see how quickly I could transfer files to my Pi using SSH rather than FTP. Obviously using FTP is way faster than almost any other method, but still I wanted to see how fast I could transfer data over SSH. Here’s the time it took to transfer a 50 MB file

Enable X11 Forwarding on Raspberry Pi

The usual suspects failed me last night when the $DISPLAY environment variable wasn’t being set after I logged in via SSH to my Pi. The usual suspects being to make sure that the X11 forwarding options were turned on in /etc/ssh/sshd_config on the server and in ssh_config on the client, or to use the command