When my infrastructure grew to a certain level of complexity, I realised I was having to remember a lot to keep it all together. For some time I’d been (and still am) a big fan of Zim Desktop Wiki however this is less than practical for using multiple machines and doesn’t work at all if you’re connecting over a remote connection, really I needed something web based. MediaWiki is a . . .
This project came off the back of a requirement to create a single gateway which provided an encrypted tunnel which could act as a gateway to all traffic on a network, rather than setting up a client VPN on each endpoint. There are better ways to do this, I’m a particular fan of pfsense which provides functionality to configure an OpenVPN endpoint inside the application and route all traffic, however . . .
This project came from the back of my desire to learn more about public key certificates ahead of deploying a two tier PKI for an enterprise network, ahead of this I thought it would be prudent to try something a little smaller scale and see how the nuts and bolts worked and try and deploy a simple single tier PKI at home and see how it could be leveraged. Cryptography . . .
After seeing this configuration deployed in enterprise I struggled to understand how it worked, so I picked up a UniFi AC-AP access point second hand and set around seeing how to do it using open source platforms. Knowing that this required a certificate authority to work and RADIUS I figured I could eventually get it to work, but having never used RADIUS it wasn’t without it’s pain, but eventually I . . .
Once upon a time I used to rely on nothing but a Secure Shell for access to my internal network, however this became more and more impractical the more things I stood up on the network and the more things I needed access to from my phone the less time I spent carrying a laptop with me. Given my long time favouritism for OpenVPN and how much the platform had . . .
Update: The host mentioned in this infrastructure has since been replaced with another the upgrade process is covered here. My personal infrastructure has gone through a number of iterations. Starting as a 450mhz Pentium 3 Ubuntu 7.04 server running SMB on a single 5400 RPM IDE disk cobbled together through a BT home hub and some cheap megabit switches, it later became an Ubuntu 14.06 host on a laptop with . . .
Recently I’ve been trying to deal with two age old problems that shouldn’t be problems and seem to be here forever…. Microsoft documentation is fractured beyond belief and is rarely centralized Microsoft products seldom seem to actually be built to integrate with each other This once again reared its head upon attempting to integrate Azure MFA with Microsoft’s RADIUS implementation as offered in Network Policy Server. Anyone who knows me . . .
Over the years I’ve encountered the same problem from huge corporations to small businesses when changing a domain name to another registrar. This seemingly innocuous task frequently ends in disaster, particularly when working with a fly-by-night registrar (though the bigger players are often just as guilty, as are private ISPs) and a lack of understanding somewhere along the lines of who holds DNS records is always the killer. The problem that . . .
Netbox is an incredible tool and I’ll happily say I don’t know how I worked before I was introduced to it, scrabbling around in leviathan (non version controlled) spreadsheets and SharePoint pages that try to perform IP address management, or even worse the notes on a scrap of paper or book on someone’s desk. There are other tools on the market, but they cost an arm and a leg for . . .
One of Ansible’s most brilliant features is Privilege Escalation, the ability to enter the context of a more privileged user following an initial connection to either your local or remote node, however a bizarre little caveat of this is something I haven’t been able find documented anywhere and it refers to the use of a system account (by default named awx) on the localhost. What the hell is AWX anyway? . . .