Involved components Involved certificates/CAs CAs Certificates Preparations/configuration for android clients Exporting/Importing certificates In order to make the OPNsense CAs/certificates usable by android devices, they require some minor tweaks: The exported CA certificate needs to be converted to DER format: Client certificates/keys need to be in PKCS12 format (and protected by password, otherwise android devices will […]
Category: Network
As soon as the radius daemon on my OPNsense box was responding properly I decided to add radsecproxy. But before doing so I had to get an idea how things work together. So keep in mind, all I have right now is a basic freeradius setup that can authenticate users against LDAP (at least with […]
The main challenge to do so, is to make this change permanent (as the OPNsense web frontend does not support that kind of config modification). So here’s a short wrap up of the things required: Now edit custom.users: Rebuild the template files and restart freeradius: And the tests results look like this: In my case […]
Due to some hardware problems with my switches (cheap Chinese ones) I recently decided to switch my core home network to Ubiquity systems. Only 3 weeks later I had to realize that my old FritzBox had lost its 2.4 GHz WiFi (seems to be quite common and may obviously go unnoticed for a long time […]
Docker hub recently announced an upcoming request limit to their registry. So in order to reduce the amount of requests issued there, the idea of a caching proxy solution comes to mind. Possible solutions Fortunately there are some projects already working on that problem. However there are different approaches. Some of the projects I found […]
Categories
Wifi-Calling & firewall fun
I had observed odd firewall log entries from my cell phone and now I finally found some time to look into it. So here are my findings – maybe they help someone out there 😉 Traces in firewall logs So what did I observe: First of all my firewall complained about certain connections from my […]
What is IEEE 802.1X anyway? More and more companies run a shared desk strategy. Combined with the possibility of home office this often means that employees use their laptop both at home and at the office. The shared desk strategy however forces them to work at different work spaces (and connect to different network ports […]
As shown in my last post using wireguard over TCP (with a little help of proxyguard) isn’t that hard (once you understood how things work). However most VPN solutions come with certain limitations: They often use their specific ports and protocols and therefore can be filtered by firewalls (either by choice or even sometime by […]
Some time ago I tried to get eduvpn working with wireguard over TCP. As you might remember I wasn’t able to make it work reliably so I skipped that attempt for the time being. Now some time has passed and I decided to start over with a more basic approach to get a feeling about […]
Wireguard is a very nice and fast VPN solution, however it comes with some drawbacks: Most of all it only supports UDP traffic. On an open network this is not a problem, however some networks may deny UDP traffic or may even allow only very specific traffic (like (TCP based) http(s)). So to increase the […]