Usually I am using the packages from the official repositories. However, sometimes it’s necessary to use a newer version, I recently had to do this with strongswan and I’m sharing the procedure for other people to try. Get the build dependencies Obtain and build the package
Recently we bought a FortiGate-200D VPN box. I have more good things than bad things to say about this device. Long story short. I had to remove some users and because of some voodoo type of problem I couldn’t do it from UI (I will contact their support that’s for sure), so I had to … Continue reading FortiGate-200D VPN users and groups operations
dnsmasq is a lightweight DNS, TFTP, PXE, router advertisement and DHCP server. It is intended to provide coupled DNS and DHCP service to a LAN. From time to time dnsmasq decided to resolve some hosts over a VPN tunnel to their external IP address instead the internal one. This was quite annoying… After digging a … Continue reading How to disable dnsmasq on ubuntu based distribution
This document describes how to install a OpenVPN server with User/Password authentication with mysql and day control using libpam-mysql. This will be a brief, but a very practical document. Install mysql server Create a mysql user and a database to be used later CREATE DATABASE openvpn; USE openvpn; CREATE USER ‘openvpn’@’localhost’ IDENTIFIED BY ‘lNPg5TAIy82zFpEn’; GRANT … Continue reading How to install a OpenVPN System Based On User/Password Authentication with mysql & Day Control (libpam-mysql)
Setup a socks proxy (check this page for more details) on port 8888 (the port is not that important). Start chrome with the following parameters: Also we can check if this works and run the following command on the SSH server. The tcpdump will show show dns traffic for any activity in Chrome.
As I said with a previous ocasion in China the goverment is filtering the internet traffic (including mobile trafic, dohh) so you can’t access different websites and/or services and this thing is very annoying. Well, what do you have to do if you want to navigate to youtube.com for instance? Hmmm… you will have to … Continue reading Encrypt your traffic from your Android device using a ssh tunnel
This is useful if you are behind a restrictive firewall that uses SPI to block services rather than plain old port blocking. An SPI firewall is able to distinguish between one packet type and another, without just checking the port that is in use. You’ll need root access to the OpenVPN Server, as you have … Continue reading OpenVPN through SSH
Recently I accepted a job proposition in Shenzhen/China. So, China here I come. Things are great here, western propaganda has nothing to do with what’s going on here, except one thing: internet filtering. Google results are censured, so only “accepted” results are displayed, sites like facebook.com, twiter.com, youtube.com, thepiratebay.org, openvpn.net and so many more… What … Continue reading Encrypt your web browsing session in one command
This is a step by step guide for setting up a VPN using pppd and ssh. To accomplish this you will need two Linux boxes, one acting as server and the second one as client. The “server” must have a static IP address or dynamic dns name. The firewall on both boxes must allow traffic on … Continue reading How to setup a VPN using ssh and pppd
This document describes the required steps to make a fully functional L2TP/IPSEC PSK VPN PSK (with pre-shared keys) on debian squeeze. L2TP/IPSec is an advanced protocol formally standardized in IETF RFC 3193 and now the recommended replacement for PPTP where secure data encryption is required. The L2TP payload is encrypted using the standardized IPSec protocol. … Continue reading Setting up a L2TP over IPSec VPN on Debian on 10 steps