USING FREEIPA CA AS AN ACME PROVIDER FOR CERT-MANAGER
I’m using FreeIPA for authentication services in my home lab. It’s extreme overkill for my situation, as I don’t have many users (mainly just me!) but alas I like overkill. :) I am using FreeIPA’s DNS service to host some DNS subdomains for internal services. The way I have configured these subdomains is through DNS delegations, but since my IPA servers are not accessible from the internet, it breaks both the HTTP-01 and DNS-01 verification challenges from LetsEncypt’s. Yesterday evening, I was playing around with TrueCommand and have it hosted on one of my IPA internal domains, but as I cannot use LetsEncrypt to issue a certificate for it, I decided to use the CA built into FreeIPA since it supports ACME as well.
Read morePLAYING WITH MASTODON, THE OPEN SOURCE, FEDERATED SOCIAL NETWORK
I recently started playing with Mastodon, an open source, Twitter-like social network. In the past, I’ve looked at StatusNet (now known as GNU Social), but at the time it did not seem very intuitive, and had a number of problems which I cannot remember any more. So far I have been using Mastodon for almost a month, and while the community is very small, I’m finding myself using it more than I do Twitter (or any other social media platform for that matter). Mastodon is a federated social network, meaning unlike Twitter, Facebook or Instagram, anyone can run their own instance and be able to interact with users on other instances.
Read moreATHAN ON GOOGLE HOME (VIA HOME ASSISTANT)
I have a Google Home which I have been using for various things as I very slowly build my collection of “smart” devices. One thing I was very interested in making my Google Home do is to have the Athan play when it is time for prayer. Unfortunately, there isn’t any native way to do this with a Google Home at the moment. I have seen people do it using IFTTT, but as I am already using Home Assistant as my automation platform, I wanted to keep everything within it. What is very interesting about doing it using Home Assistant is that while I can get the basic functionality of the Athan playing, I can also perform other automation that may be useful.
Read moreGROWING DATE PALMS FROM SEED
Recently my auntie gave me some Ajwah date fruit she got while she was in Medina in Saudi Arabia. I absolutely love dates and have always heard that dates have a lot of health benefits. While I was enjoying my dates, I decided to Google what the health benefits actually are. Somehow, I came across an article and discovered that it’s actually possible to grow date palms indoors using the seeds. I’m not sure why, but the thought hadn’t crossed my mind that they are grown from seed. Some people have even managed to have some success in crappy weather like we have in the UK.
Read moreCISCO ASA 9.2 ON CISCO ASA 5505 WITH UNSUPPORTED MEMORY CONFIGURATION FAIL
16/11/2015 - It looks like it now works. I am currently running asa924-2-k8.bin on my 5505s, with my 1GB sticks of RAM, and it hasn’t complained! 🙂 The Cisco ASA 5505 officially supports a maximum of 512MB RAM. Last year I wrote a post detailing a small experiment I done where I upgrade both my Cisco ASA 5505s to use 1GB sticks of RAM, double the officially supported value. Since then, it has worked great and both boxes have been chilling out in my rack, but recently Cisco released ASA 9.2. The full list of new features and changes can be read in the release notes, but the feature I was most excited about was BGP support being added.
Read moreSECURING YOUR POSTFIX MAIL SERVER WITH GREYLISTING, SPF, DKIM AND DMARC AND TLS
A few months ago, while trying to debug some SPF problems, I came across “Domain-based Message Authentication, Reporting & Conformance” (DMARC). DMARC basically builds on top of two existing frameworks, Sender Policy Framework (SPF), and DomainKeys Identified Mail (DKIM). SPF is used to define who can send mail for a specific domain, while DKIM signs the message. Both of these are pretty useful on their own, and reduce incoming spam significantly, but the problem is you don’t have any “control” over what the receiving end does with email. For example, company1’s mail server may just give the email a higher spam score if the sending mail server fails SPF authentication, while company2’s mail server might outright reject it.
Read moreHOME LAB: ADDED A CISCO 3845 ISR
Why? Well, I wanted more ISRs in my home lab. That, plus my ISP (Virgin Media), will be upgrading my line from 120 Mb/s to 152 Mb/s in the second half of 2014. Looking at the Cisco docs, the 2851 ISR I am using can only do up to around 112 Mb/s/s. Although there is quite a bit of time before Virgin Media actually go forward with this upgrade, I saw the 3845 going reasonably cheap on eBay, cheaper than what I expect it will be next year when my connection gets upgraded. So, I decided to just buy it now.
Read moreHOME LAB NETWORK REDESIGN PART 2: THE EDGE ROUTERS
As I have never used a Mikrotik router before, there was quite a big learning curve. I’ve only really used Cisco/Juniper like interfaces to configure routers, and I’m a fan of them. Even though I have gotten a little more used to the RouterOS command line, I must say I’m not a huge fan of it. Most of the reasons are quite minor reasons, but some of the reasons I don’t really like it is: I find it silly how the menus are structured. For example, I have to first configure an interface in /interface context first, then switch context to /ip address to add an IP address.
Read moreHOME LAB NETWORK REDESIGN PART 1: THE REMOTE DEDICATED SERVER
As promised, here is a very very basic diagram of my home lab. This is quite a high level overview of it, and the layer 2 information is not present as I suck at Visio, and all the connectors were getting messy on Visio with the layer 2 stuff present! What is not shown in the digram: There are two back-to-back links between the edge routers which are in an active-passive bond. Each edge router has two links going into two switches (one link per switch), both these links are in an active-passive bonded interface. The two edge firewalls only have two links going to each of those switches.
Read moreHOME LAB NETWORK REDESIGN WITH MIKROTIK ROUTERS
I currently have two cable connections from Virgin Media coming into my house due to some annoying contract problems while moving. I originally had one line on the 60 Mb/s package, and the other on 100 Mb/s, but when Virgin Media upgraded me to 120 Mb/s I downgraded the 60 Mb/s line to 30 Mb/s to reduce costs. Since I got into this strange arrangement with Virgin Media, I have been using two separate routers for the connections. A Cisco 1841 Integrated Services Router on the 30 Mb/s line, and a Cisco 2821 Integrated Services Router on the 120 Mb/s line, but I found that I wasn’t able to max out the faster line using the Cisco 2821 ISR.
Read more- 1
- 2