Due to supply chain issues I’m looking at alternate routers. Quite a few work fine but a lot of them want a single *.ovpn client configuration file. Here is a handy template on how to do that.
Updated to cover Voracle compression attack mitigation; disabling compression. Also fixed inconsistent ciphers. This is the current OpenVPN 2.5+ and EasyRSA v3. BMS VPN Solution; Updated
I have found that Zabbix is indispensable in monitoring infrastructure, however if you followed my previous articles on OpenVPN that setup in particular had a couple unique challenges for monitoring. If you want to monitor the OpenVPN log file there is a rather complex regex query to walk the status log and count the number… Continue reading Using Zabbix to monitor OpenVPN
OpenVPN 2.5+ now includes EasyRSA v3 which changes the way keys need to be generated, which fortunately is much easier now. Ubiquiti also make a couple small changes in recent firmware we can take advantage of too. This post updates and simplifies the process; BMS VPN Solution; Updated
Email presents a variety of problems due to spam filtering and delivery time resulting in unreliable or late alerts to operators. Here I discuss using Pushover to fairly easily get rid of the email weak link the alarm delivery process. Pushover for alerting
For a while now myself and others have been looking into a way to add Let’s Encrypt support to WebCTRL. The underlying Tomcat web server and Windows platform present some unique “challenges” when you look at the Let’s Encrypt ACME client options. ALC support reached out to me with the method below a while back… Continue reading Traefik
Some test results on why I built this BMS VPN solution the way I did along with some speculation on download time impacts. Why did I do that?
My plans to play with a canary this weekend were spoiled while doing some maintenance so unfortunately I’ve had to put that off. I generally go in once a month and “update all the things” in the network and it’s pretty much uneventful but I’ve been hit with issues enough to know why Read Only… Continue reading A storage solution
I’ve been following Thinkst for a while and I love to hear Haroon Meer get interviewed as he has some amazing viewpoints. You can catch him quite a bit on Risky.biz which is worth a listen. I think I would like to deploy one of their canary devices but can’t swing the price at the… Continue reading Passive Defense
These articles make some assumptions and hopefully these are familiar to you; You are a BMS vendor or service BMS systems for your customers. You have BMS equipment on customer networks that you do not control. Point 2 is the especially difficult part that you are likely already very familiar with. Generally many BMS vendors… Continue reading A BMS VPN solution