Archive for the ‘VPN’ Category
Posted by jpluimers on 2021/08/09
The chocolatey package for OpenVPN has not been updated for quite a while. It looks like it has to do with the current dependency to verify the OpenVPN signature.
The current [Wayback] Chocolatey Software | OpenVPN 2.4.7 version is both outdated on the major version number ([Wayback/Archive.is] Release OpenVPN v2.5.3 release · OpenVPN/openvpn) and minor version ([Wayback/Archive.is] Release OpenVPN v2.4.11 release · OpenVPN/openvpn). The version 2.4 Windows installers are now called “Legacy Windows Installers”.
Luckily less than a day after the start of the [Wayback/Archive.is] RFM – openvpn · Issue #1024 · chocolatey-community/chocolatey-package-requests, a volunteer stepped forward.
Hopefully by now the package is being maintained again.
–jeroen
Posted in Network-and-equipment, OpenVPN, Power User, VPN | Leave a Comment »
Posted by jpluimers on 2021/06/17
First of all: incoming Fritz!Box VPN behind an Experiabox version 10A fails, because the DMZ implementation of the Experiabox is faulty.
This worked just fine with the Fritz!Box as DMZ host behind a Ziggo Connectbox ([WayBack] Connectbox | Klantenservice | Ziggo).
First a few things to get regular TCP stuff to work: having your Fritz!Box as the DMZ host of an Experiabox.
I had a hart time figuring out some of them, so further below are also quite a few links just in case you bump into simular things.
- On the back of the Experiabox version 10A you find the SSDI and WiFi password on what appears to be a sticker, but is in fact a small piece of cardboard paper.
- Behind that cardboard paper is a sticker with the initial administrator password: shove out the piece of cardboard to reveal the sticker.
- After login (you cannot change the username, which is
ADMIN or KPN) you have to choose a new password, which has these undocumented restrictions:
- It cannot be the old password
- The password must contain at least 1 special character (
!@#$%^&*()_+|~- =\`{}[]:";'<>?,./).
- The password must contain at least 1 number character.
- The password must contain at least 1 uppercase letter.
- Other restrictions I have not bumped into
- The default address of the Experiabox V10a is 192.168.2.254. Do NEVER change it, as KPN totally does not support that scenario and will force you to reset it before starting to help you out with anything. Logon as Administrator to the Experiabox at 192.168.2.254.
- Setting fixed DHCP leases was hard to find (I was looking for fixed DHCP, not DHCP reservation): Network -> LAN -> LAN DHCP (dropdown next to LAN) -> DHCP Reservation (up to 10 computers).
- The DMZ setting was not where I expected it: Network -> Firewall -> DMZ (dropdown next to Firewall)
External port checker: [WayBack] Open Port Checker & Scanner | Test Port Forwarding | Internet Protocol Tools
Related:
- Passwords and SSID on the back of the device:
- Use of your own internal routers behind the Experiabox:
- Incoming SMTP port 25 could be blocked:
- DHCP configuration:
- You can only configure 32 DHCP Bindings (this used be an even more mediocre 10 DHCP bindings), which is a laugh:
- There have been quite a few issues in the past that have been solved with firmware updates; I’m still not sure how to update it apart from doing a hard reset.
- Wall mounting:
- Manuals and such:
- Service tool (be careful: anyone on the internal network can run these if they know the last 3 digits of your bank account!):
- Without Experiabox seems to be only possible for Telfort, not for KPN:
–jeroen
Posted in Network-and-equipment, Power User, VPN | Leave a Comment »
Posted by jpluimers on 2021/04/16
I see lot’s of negative reactions on FortiClient, as it is very closed source, many intermittent issues, and is a product that tries to be a jack of all trades (over a couple of versions, in addition of being a proprietary VPN client, they started doing vulnerability scanning, interfering with anti-virus products, they blocked saving of passwords and allowing password managers to paste them, and I could go on).
Sometimes you have to use it in order to access a FortiGate based VPN server, so the best is to defer starting it until as late as possible.
Here are some links to get that configured correctly:
–jeroen
Posted in FortiGate/FortiClient, Network-and-equipment, Power User, VPN | Leave a Comment »
Posted by jpluimers on 2020/08/28
Still glad I got a few of [WayBack] GL-AR300M – GL.iNet: it makes travel life so much easier when you cannot use tethering.
I got the model GL-AR300M with external antennas (the GL-AR300M only has internal ones with a much shorter range).
Powered over USB, it runs OpenWRT and can NAT a local network towards an external network on the WAN, WiFi or (via USB) 3G/4G modem.
Despite doing only 2.4Ghz, it was a life saver in many occasions (there is a 5Ghz model, but it has over heating issues).
Read the rest of this entry »
Posted in Development, Ethernet, GL-AR300M, GL.iNet, Hardware, Hardware Development, LifeHacker, Network-and-equipment, Power User, Raspberry Pi, routers, VPN, WiFi | Leave a Comment »
Posted by jpluimers on 2019/01/16
With the advent of WebSockets, it looks like TCP tunnels over HTTP/HTTPS are gaining more ground and I need to put some research time in them.
Some old to new links:
CONNECT requests are not supported by many HTTP proxies, especially in larger organisations, so chisel and crowbar have a much bigger chance there.
And of course there is SoftEtherVPN/SoftEtherVPN: A Free Cross-platform Multi-protocol VPN Software. * For support, troubleshooting and feature requests we have http://www.vpnusers.com/. For critical vulnerability please email us. (mail address is on the header.).
However, that is a VPN solution which is much broader than just a single TCP tunnel. You can so similar things with OpenVPN, but over HTTP/HTTPS, also requires CONNECT:
SoftEtherVPN seems to be more versatile though. I blogged about that before, but back then didn’t have needs for it yet. VPN over HTTPS: Ultimate Powerful VPN Connectivity – SoftEther VPN Project.
–jeroen
via: [WayBack] VPN through only http – Server Fault answer by [WayBack] neutrinus
Posted in Communications Development, Development, HTTP, https, Internet protocol suite, Network-and-equipment, OpenVPN, Power User, TCP, VPN, WebSockets, Windows-Http-Proxy | Leave a Comment »
Posted by jpluimers on 2018/07/13
People are (rightfully) freaking out about their privacy as the Senate voted to let internet providers share your private data with advertisers. While it’s important to protect your privacy,…
Interesting: easy setup allows for creating disposable VPN servers.
–jeroen
Posted in *nix, IPSec, Network-and-equipment, Power User, VPN | Leave a Comment »
Posted by jpluimers on 2017/08/07
sslh accepts connections on specified ports, and forwards them further based on tests performed on the first data packet sent by the remote client.
Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are implemented, and any other protocol that can be tested using a regular expression, can be recognised. A typical use case is to allow serving several services on port 443 (e.g. to connect to ssh from inside a corporate firewall, which almost never block port 443) while still serving HTTPS on that port.
Hence sslh acts as a protocol demultiplexer, or a switchboard. Its name comes from its original function to serve SSH and HTTPS on the same port.
sslh supports IPv6, privilege dropping, transparent proxying, and more.
Interesting…
–jeroen
Posted in *nix, https, Linux, OpenSSL, OpenVPN, Power User, Security | Leave a Comment »
Could only find one reference using 
The Wiert Corner - irregular stream of stuff 