Here’s how to create a site-to-site VPN between StrongSwan and SonicWall. This has been tested with Ubuntu 14.04 and StrongSwan 5.1.2, and SonicWall with SonicOS 5.9 at the other end. Continue reading VPN between StrongSwan and SonicWall
Category Archives: Networking
How To Clear Connections On A Sonicwall Without Restarting
A better way to block brute force attacks on your SSH server
How to prefer IPv4 over IPv6 for some hosts
If an IPv6 address is unreachable, but you can reach the IPv4 one, you can set the preference to IPv4 for that particular address by adding a line such as this in /etc/gai.conf:
1 |
precedence ::ffff:198.145.11.105/128 100 |
That will set the preference for host 198.145.11.105 to IPv4.
See gai.conf(5) for details.
Linux IPv6 Router: RADVD + DHCPv6
Unlike IPv4, which uses DHCP for configuration, IPv6 uses the Neighbor Discovery Protocol to configure addresses and gateways. Unfortunately, originally the protocol had no means of providing addresses of DNS servers to clients, making it necessary to use DHCPv6 for that purpose. Modern Linux and Mac OS X machines are able to use the IPv6 Router Advertisement Options for DNS Configuration (RFC 6106), but to my knowledge, Windows clients are not able at the moment. Here’s how to configure a Linux router using radvd and the ISC DHCP daemon. Continue reading Linux IPv6 Router: RADVD + DHCPv6
Tun/Tap interface tutorial
NIC bonding with Red Hat/CentOS
Here are simple instructions on how to configure network interface bonding on Red Hat based distros. The thing I always forget. There’s also a little script which will create a bonding interface bond0 between eth0 and eth1 and migrate existing IP settings from eth0. You can find it in the bottom of this post.
Continue reading NIC bonding with Red Hat/CentOS
Dynamic IPv6 routing with Cisco IOS and Quagga on OpenWRT
Here’s how to make dynamic IPv6 routing work between a Cisco IOS router and an OpenWRT Linux Quagga router. I couldn’t find a similar howto anywhere, so I decided to write my own.
I am using OpenWRT Kamikaze 7.09 (kernel 2.4) on an ASUS WL-500gP wireless router. Any IPv6 enabled Cisco router should do.
I assume you have already installed the IPV6 kernel modules and userland tools, and set up static addresses for your interfaces (if you haven’t check out the OpenWRT IPv6 Howto).
I am using SixXS for tunneling an IPv6 /48 prefix over IPv4. Continue reading Dynamic IPv6 routing with Cisco IOS and Quagga on OpenWRT
NIC bonding with Ubuntu
Network interfaces can be bonded to provide fault-tolerant operation. Here’s how to do it in Ubuntu. I will assume the interfaces to be bonded are eth0 and eth1.
Limiting the bandwidth of incoming traffic
A backup server was saturating the DSL links of remote offices every time the backups were running. To prevent this, I had to limit the incoming bandwidth of the TCP-connections that were used to back up the remote hosts, but not touch the ones that were used to connect to the servers in the local network. Here’s how to do it.
Enabling security on an HP ProCurve 4200 series switch
I had a chance to configure an HP ProCurve 4208vl switch the other day. The first impression was that the command line interface is heavily influenced by, if not directly copied from, the Cisco IOS command line interface. So if you have experience with IOS, you will probably feel almost at home on an HP switch. There are some differences, though.
The first thing I wanted to do was to enable ssh access and authentication, and disable telnet. Here’s a quick howto.
Continue reading Enabling security on an HP ProCurve 4200 series switch
WPA-PSK authentication with Cisco IOS
When my Linux firewall box died a couple of months ago, I finally decided to by a Cisco router for my Internet connection. Before the Linux box I had an OpenBSD firewall, and I decided it was time to learn yet another platform.