This project came off the back of a requirement to create a single gateway which provided an encrypted tunnel which could act as a gateway to all traffic on a network, rather than setting up a client VPN on each endpoint. There are better ways to do this, I’m a particular fan of pfsense which provides functionality to configure an OpenVPN endpoint inside the application and route all traffic, however . . .
This project came from the back of my desire to learn more about public key certificates ahead of deploying a two tier PKI for an enterprise network, ahead of this I thought it would be prudent to try something a little smaller scale and see how the nuts and bolts worked and try and deploy a simple single tier PKI at home and see how it could be leveraged. Cryptography . . .
After seeing this configuration deployed in enterprise I struggled to understand how it worked, so I picked up a UniFi AC-AP access point second hand and set around seeing how to do it using open source platforms. Knowing that this required a certificate authority to work and RADIUS I figured I could eventually get it to work, but having never used RADIUS it wasn’t without it’s pain, but eventually I . . .
Once upon a time I used to rely on nothing but a Secure Shell for access to my internal network, however this became more and more impractical the more things I stood up on the network and the more things I needed access to from my phone the less time I spent carrying a laptop with me. Given my long time favouritism for OpenVPN and how much the platform had . . .
Update: The host mentioned in this infrastructure has since been replaced with another the upgrade process is covered here. My personal infrastructure has gone through a number of iterations. Starting as a 450mhz Pentium 3 Ubuntu 7.04 server running SMB on a single 5400 RPM IDE disk cobbled together through a BT home hub and some cheap megabit switches, it later became an Ubuntu 14.06 host on a laptop with . . .
Netbox is an incredible tool and I’ll happily say I don’t know how I worked before I was introduced to it, scrabbling around in leviathan (non version controlled) spreadsheets and SharePoint pages that try to perform IP address management, or even worse the notes on a scrap of paper or book on someone’s desk. There are other tools on the market, but they cost an arm and a leg for . . .
One of Ansible’s most brilliant features is Privilege Escalation, the ability to enter the context of a more privileged user following an initial connection to either your local or remote node, however a bizarre little caveat in Tower I haven’t been able find documented anywhere and it refers to the use of a system account (by default named awx) on the localhost. What Is AWX Anyway? Floating around all over . . .