The article reads like open source is dangerous because people can find vulnerabilities in publicly known source code… t.co/Fw0XLfqnG…
Die Regierung will also, dass wir mehr verschlüsselt kommunizieren, VPNs und Tor benutzen und immer schön unsere Updates machen…
Gerade eine “Pink ist eine Mädchenfarbe und die anderen lachen weil ich Frozen gesehen habe”-Phase hier zu Hause :/
Recommendations for a soundboard-app on the iPhone? I need to have a way to import custom sounds and it should be a 64-bit-app…
Hoffentlich meldet sich da niemand.
Mal abgesehen davon: haben die nicht ne ganze Reihe Angestellte, die sie für den Test nutzen können? t.co/eDuPXLVr3…
How is Ruby Different in Japan? — Appfolio Engineering t.co/RzMo1Iop5…
There are sites nowadays that sell laptops with Linux pre-installed and on which everything should just works. Exists the same for BSDs?
What does a new design of twitter and the harassment-problem have to do with each other? The frontend-designers won’t solve the 2nd prob
Tja, nehme ich den Laptop mit oder nicht. An sich hab ich genug Entertainment. Mit dem Laptop hättenich aber vielleicht Edutainment…
Playing with my Tankstick is such a different experience. Really happy that it works with my Recalbox :D
Current status: t.co/7dUOXigH9…
One of these days I will not only delete the Twitter-client from my phone but will go cold turkey and also delete my accounts…
I actually like systemd but the stuff that’s coming up recently makes it more and more unlikeable. Well, I want to move to some BSD anyways…
I search a good science fiction-book. Suggestions? Last books I enjoyed: All Systems Red, Neptune’s Brood, Walkaway, Homeland,Nexus-trilogy
Ich sehr wahrscheinlich auch nicht. t.co/DhGIFrIEF…
I blogged: OpenVPN, pf and alias-IP-adresses t.co/ddyp5SUlZ…
OpenVPN, pf and alias-IP-adresses
Recently I had to build an OpenVPN-server on a FreeBSD-machine that uses already port 443. But I wanted to use port 443 because its reachability is usually guaranteed. So I added a second IP-address to the interface. Let’s say for this example the adresses are 10.10.10.1 and 10.10.10.2[footnote]Yes, I know…the original host has routable adresses there[/footnote]. And then I followed the few hints I found on the net for NATing through the interface. Since it is FreeBSD and I have pf available, I use it of course. And after that I opened up certain hosts to 10.10.10.2 on the other hosts.
What is the rule you find when you google?
nat on $ext_if inet from $vpn_clients to any -> $ext_if
ext_if is your interface to the outside world. In my case the one with the two IP-adresses. $vpn_clients is the openvpn-network[footnote]by default 10.8.0.0/24[/footnote].
And then I was up to a surprise. When I connected to the VPN and then tried to connect to the hosts I wanted to reach through the NAT via ssh the following happened: ssh host1 - connection denied, ssh host1 - please log in. If I waited a short moment instead of trying to connect immediately a second time the connection was denied again. And some other strange behavior like that was observable.
What happend? FreeBSD NATed all the time through either address 1 or address 2 but never through the same.
What you can do is define the address for the NATing you want to rewrite to. So it becomes:
nat on $ext_if inet from $vpn_clients to any -> $vpn_nat_ip
In this case vpn_nat_ip is 10.10.10.2.
Another side-note: you don’t want to add a second interface for the second IP-address but use an alias-IP on the first network card. Otherwise you have to start use routing tables etc. for getting your traffic correctly moved through your system.
I recently built by accident a Nazi-OpenVPN. Its network was 10.8.8.0/24 m) I changed it now to 10.8.7.0…
Aber warum zur Hölle mit dem üblen Atari 2600-Pacman bebildert‽ t.co/GXS1WtAMa…