A simplified way to securely move all the bits.

 2016.22.12 -  Jeffrey Forman

A while back, I wrote a post about setting up an L2TP/IPSec VPN on my home firewall/router. It required two daemons and a bunch of configuration that had hard coded IP addresses. While this solution used firmly-established practices (L2TP/IPSec), it felt too brittle. What happens when my dynamic IP address changes? Now I need to update config files, restart daemons, etc. There had to be a better way. Enter IKEv2. IKEv2 is a successor implementation to Internet Security Association and Key Management Protocol (ISAKMP)/Oakley, IKE version 1.

Read more…

LACP, VLANs, always stay connected.

 2016.26.10 -  Jeffrey Forman

I was bored last weekend, so I configured a two-port LACP bonded trunk from my FreeBSD-running NAS connected to my HP Procurve switch. Why? I could? I had all these spare Ethernet ports on my NAS, and they seemed bored. More seriously: high availability. One interface serving all my storage traffic just seemed ripe for failure. Imagine serving all your VMs over NFS to a VM server across the network over one NIC, and that one dies.

Read more…

Get off my lawn, DMZ edition.

 2016.07.10 -  Jeffrey Forman

I recently changed Internet providers from Comcast Business to Verizon Fios connection. As part of the Fios package, are TV Set Top Boxes (STB) which use coax for Video, and Internet via MOCA for the guide data. It made me curious, what kind of traffic were these things sending on the network? What would they be trying to access? And how hard would it be to DMZ these things off from the rest of my wired/wifi network given I have no idea what they are up to.

Read more…

Github

 2016.14.09 -  Jeffrey Forman

Read more…

I wrote my own network latency monitoring agent in Go

 2016.27.02 -  Jeffrey Forman

For a while I had used Smokeping to generate pretty graphs of network latency between various hosts on my network. The downside with Smokeping was always getting it working. Did I configure my webserver just right? Did I remember to save the webserver configs so that the next time I set this up, things just worked? Did I install all the right Perl modules (and the right versions of each) so that Smokeping’s binary worked?

Read more…

A brand new blog for 2016

 2016.23.02 -  Jeffrey Forman

A new year gave me an itch to scratch. For years I had been running a pretty standard setup when it came to blogging. Linode Apache Wordpress MySQL It was as vanilla a setup as one can get, running on a $10/month Linode instance out of their datacenter in Atlanta. I never used the VM much other than for keeping what was an almost-completely static blog. I never had any issues with it.

Read more…

From 0 to an OpenBSD install, with no hands and a custom disk layout

 2015.10.05 -  Jeffrey Forman

No one likes to do repetitive OS installs. You know the kind, where you are just clicking through a bunch of prompts for username, password, and partitioning scheme as fast as you can to quickly get to the point where you can get some work done. This scenario happens to me every time OpenBSD releases a new errata. As my OS of choice for firewalls/routers, I use a fresh OS install as the baseline for building a -stable branch of install set files.

Read more…

All the bits, from anywhere.

 2015.26.04 -  Jeffrey Forman

Problem Statement: While OpenVPN has served me well over the past few years both for site-to-site and road-warrior style VPN connections, it always bugged me that I had to hack a config file, juggle certificates, and use a custom client that isn’t part of the base OS to bring up the links. My Android phone has a built-in L2TP/IPSec VPN client. My Macbook Pro OS X 10.9 laptop has both an IPSec and L2TP VPN client GUI wrapped around racoon.

Read more…

Family Tech Support: Vacation Edition

 2015.20.02 -  Jeffrey Forman

This was an epic visit home, tech-wise. Just so I don’t forget, and can hold it over my folks’ head for a while: Upgraded two five-year-old Linksys E2000 AP’s to Netgear r6250’s. Those old ones were just not reaching the entire length of the house anymore. Upgraded the firewall/router from OpenBSD 5.5-stable to OpenBSD 5.6-stable. It just so happens I’m home every six months to stay relatively close to the most-recent errata.

Read more…

Third time’s a charm? Gitolite, Git, Nagios, and a bunch of hooks

 2014.16.11 -  Jeffrey Forman

I was hoping with my past posts on this topic, I would have enough examples to just copy-and-paste along to configure my Gitolite+Nagios monitoring setup. Not so true. It looked like there were semi-colon’s missing in my past examples. After looking at the huge number of changes in Gitolite, I had to re-do everything. Not to mention I always wanted a better way to manage the hooks as opposed to editing them directly on the host.

Read more…