Posts tagged Security
What is a WiFi Controller?
Jan 25th
Debugging IPSec VPNs in FortiGate
Jan 20th
Debugging IPSec VPNs in FortiGate
Debugging what is going wrong with a VPN setup is difficult. The IKE protocol is “chatty”, and negotiates back and forth between the two ends for several rounds. The GUI offers not much help, it is either UP or Down. Most of the real debugging happens inside the CLI.
One problem in particular that has always bugged me is that you need access to the end machines involved to initiate traffic across the link. The network admin typically doesn’t have direct access on the computers on either side of the VPN in order to initiate that traffic. I’ll show you a method that can be used to initiate traffic from that network as well.
More >
Kickstart your Linux install
Dec 30th
I’ll admit it, I’m not a huge fan of Red Hat Enterprise Linux. I’ll administer it, I’ve worked with it. It’s a good distribution. I just have a bad taste for RPM based distributions based on my first forays into Linux back in my Mandrake days. I also first started to professionally work with Linux during the last couple of years of RHEL 5, when things were getting long in the tooth. Red Hat’s release schedule also conflicts with what most of my users want and expect; it’s far more suited to an corporate environment where having the latest features is not nearly as important as having consistent software versions. That being said, Red Hat has some fantastic tools; Anaconda and Kickstart being my favorite. So I was overjoyed when I discovered Ubuntu had support for Kickstart files! The Ubuntu installer can take Debian style preseed directives but in my opinion is overly complicated.
A Kickstart file basically answers the questions that pop up in the installer as the installer goes removing the need for human interaction. If an question isn’t answered, the installer pops up with the proper dialog, takes user input, and continues. I can pick and choose what information I want to populate automatically and which information dialogs I want the customer to answer. In my auto install ISOs I prompt the customer for a username and password as I want the users to enter that information.
When I was tasked with making an auto installing ISO for our customers I was able to create one quickly by using a kickstart file.
More >
uncomplicated firewall
Dec 2nd
ufw, or uncomplicated firewall, is the default host firewall tool for Ubuntu and is designed to be easy to use.
unless you don’t realize that its been enabled for you, in which case you’re likely to spend an hour bashing your head into something trying to get nfs to work. ufw is normally driven from the command line, although a GUI is also available.
you’ll need to have root privileges to run ufw.
Setting up L2TP over IPSec VPN for VM Forge Customer Managed FW – Part 1
Nov 18th
Wow thats a mouthful of a title isn’t it.
When you have a VMForge VDC and control your own area of the FortigateFirewall in front of your VDC, you can setup a secure VPN connection with several different technologies.
If you want to use the built in VPN client in Windows or Mac OSX without installing any other VPN Client software, then L2TP over IPSec is the way to go. Although you will need to escape out to the CLI of the FW to complete this setup.
