• Posts
CI / CD Jenkins
• CI / CD practice with Jenkins
• Workshop 1 Ortho-rector of markdown documents (test)
• Workshop 2 Valid HTML5 check and surge.sh deployment (test and deploy)
• Workshop 3 Continuous integration of django application (Test)
Database
• Install MariaDB in Debian
• Interconnection of database servers
• Oracle 19c installation under Debian 12
• PostgreSQL installation in Debian 12
• Remote access configuration in Oracle
• Remote access in MariaDB
Docker
• Docker Compose Installation on Ubuntu 24
• Docker Installation on Ubuntu 24
• Workshop 1 Storage and networks in Docker
• Workshop 2 Multicontainer Scenarios in Docker
• Workshop 3 Image creation Docker
Firewall
• Fortinet CLI
• Perimetral with Fortinet I
• Perimetral with Fortinet II
• Perimetral with Nftables I
• Perimetral with Nftables II
Linux Drivers
• Drivers Nvidia
• How to choose which graph to use on my laptop with Linux
Networks
• Android GNS3-KVM
• Basic IPv6 scenario
• GNS3 and Wireshark installation
• GNS3 installation in Debian 12
• GNS3 switch configuration
• IPV6 Tunnels
• NAT in Cisco and Linux
• Network monitoring commands
• OpenStack routing
• Protocol ARP
• Underworld
• Underworld evolution
Observability
• Metrics
  • Prometheus
    • Installation of Prometheus with Docker Compose and Node Exporter on Debian 12
Security
• Forensic computer
• HTTPS
Services
• Apache
• DHCP
  • Installation and Configuration of a DHCP Server on Linux
• DNS
  • BIND9
    • Configuring a Slave DNS Server with BIND9
    • Installation and Configuration of BIND9 on Linux
  • DNSMASQ
    • Local Server with DNSMasq
• FTP
• NAT with iptables
• SSH
Systems
• Active Directory in Ubuntu
• Centralized collection of logs journald
• Compilations in LINUX
  • Compilation of a C-program using a Makefile
  • Compilation of a kernel
• Creation of an automated installation system
• Install and configure samba in Debian
• Linux Command
  • Kernel parameter modification exercises
  • Linux processes
  • Module management exercises
  • Package management
  • Packaging and compressors
  • Paid management exercises
  • Task programming
• Migration in Linnux
  • File system
  • Migtation from CentOS stream 8 to CentOS stream 9
  • Systemd elimination
  • Transformation instance cloud
• NFS in Debian
• SELinux activation configuration
• Share resources in Windows
• Ssh service in Windows
• Storage Spaces in Windows Server
VPN
• OpenVPN and Wireguard Comparative
• OpenVPN remote access
• Remote access Ipsec StrongSwan
• Site-to-Site IPsec Cisco
• Site-to-Site IPsec Fortinet
• Site-to-Site OpenVPN
• Site-to-Site Wireguard
• Wireguard remote access
Web applications
• LAMP stack installation
• LEMP stack installation
• WordPress LAMP
• WordPress LEMP

Comparative between OpenVPN and Wireguard

The goal of this post is to compare the different VPNs software most used by seeing which is faster, for which we will support in speed test using iperf3. [NOTE] The comparative part of the posts in this section in which we mount each type of VPN. Speed without VPN I’m gonna start by comparing the speeds of these 2 systems, using iperf3. For this I have removed the cisco router as I had it configured with FastEthernet interfaces and changed it to a Linux router with GigabitEthernet interfaces.

• VPN
• LINUX
• DEBIAN
• WIREGUARD
• OPENVPN

Thursday, March 28, 2024 | 9 minutes Read

Remote access VPN with Ipsec StrongSwan

StrongSwan is a VPN (Virtual Private Network) implementation based on IPsec, open source, multiplatform, complete and widely used. It works on operating systems such as Linux, FreeBSD, OS X, Windows, Android and iOS. Mainly, it is a key exchange demon that supports Internet Key Exchange protocols (IKEv1 and IKEv2) to establish security associations (SA) between two pairs. [NOTE] I will start from the VPN post remote access with OpenVPN, so you may refer to this during this article. If you want to have the same scenario go first to this.

• VPN
• LINUX
• DEBIAN
• STRONGSWAN

Thursday, March 28, 2024 | 6 minutes Read

Remote access VPN with OpenVPN and x509 certificates

One of the two teams (which will act as a server) will be connected to two networks For the authentication of the extremes, digital certificates shall be used, which shall be generated using openssl and stored in the / etc / openvpn directory, together with the Diffie- Helman parameters and the certificate of the Certification Authority itself. Network addresses 10.99.99.0 / 24 will be used for VPN virtual addresses. The address 10.99.99.1 shall be assigned to the VPN server. The server and client configuration files will be created in the / etc / openvpn directory of each machine, and will be called servor.conf and cliente.conf respectively. After the establishment of the VPN, the client machine must be able to access a machine on the other network to which the server is connected. Riding the stage To perform this exercise I have mounted the following scenario on GNS3:

• VPN
• CISCO
• LINUX
• DEBIAN
• OPENVPN

Thursday, March 28, 2024 | 17 minutes Read

VPN site to site Wireguard

[!NOTE] I will start from the VPN post remote access with Wireguard, so you may refer to this one during this article. Key generation The first thing we will do is to install both the Wireguard package in both machines: root@servidor1:~# sudo apt update && sudo apt install wireguard debian@servidor2:~$ sudo apt update && sudo apt install wireguard Let’s generate the pairs of keys that will be used to encrypt the connection. We will need a key for the server and a couple of additional keys for each client.

• VPN
• CISCO
• LINUX
• DEBIAN
• WIREGUARD

Thursday, March 28, 2024 | 5 minutes Read

VPN site to site with IPsec Cisco

In this post I’m going to mount an IPSEC VPN using swan routers. [!NOTE] This post details the configuration of R2 and R3 routers, however R1 is explained in the post of “VPN OpenVPN remote access.” If you want to see the configuration of the latter, look at the section preparing the stage. # Stage configuration As I have changed stage, the 2 new routers have to be set up on the R2 and R3 network.

• VPN
• LINUX
• CISCO

Thursday, March 28, 2024 | 6 minutes Read

VPN site to site with IPsec Fortinet

In this post I will mount an IPSEC VPN using Fortinet firewalls, for which I will visualize them on GNS3. Stage preparation To create the VPN I will add a new Fortigate to the stage. So let’s proceed to set it up, the first thing will be to know the IP that the DHCP has given you: FortiGate-VM64-KVM login: admin Password: You are forced to change your password. Please input a new password. New Password: Confirm Password: Welcome! FortiGate-VM64-KVM # get system interface physical port1 == [onboard] ==[port1] mode: dhcp ip: 192.168.122.22 255.255.255.0 ipv6: ::/0 status: up speed: 1000Mbps (Duplex: full) FEC: none FEC_cap: none This IP you’ve given me for DHCP will be configured as static.

• VPN
• LINUX
• FORTINET

Thursday, March 28, 2024 | 3 minutes Read

VPN site to site with OpenVPN and x509 certificates

Riding the stage To perform this exercise I have mounted the following scenario on GNS3: Swan router configuration Let’s give each interface the corresponding network configuration: #Interfaz que nos dará internet R1#configure terminal R1(config)#interface fastEthernet 0/0 R1(config-if)#ip add dhcp R1(config-if)#no shut R1(config-if)#exit #Interfaz red Servidor 1 R1(config)#interface fastEthernet 1/0 R1(config-if)#ip add 90.0.0.1 255.255.255.0 R1(config-if)#no shut R1(config-if)#exit #Interfaz red Servidor 2 R1(config)#interface fastEthernet 1/1 R1(config-if)#ip add 100.0.0.1 255.255.255.0 R1(config-if)#no shut R1(config-if)#exit #Ruta por defecto para internet R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.122.1 #Guarda la configuración R1#write #Configuración de SNAT R1#conf term R1(config)#access-list 1 permit 90.0.0.0 0.0.0.255 R1(config)#access-list 1 permit 100.0.0.0 0.0.0.255 R1(config)# ip nat pool NAT-Pool 192.168.122.127 192.168.122.127 prefix-length 24 R1(config)#ip nat inside source list 1 pool NAT-Pool overload R1(config)#interface FastEthernet0/0 R1(config-if)#ip nat outside R1(config)#interface FastEthernet1/0 R1(config-if)#ip nat inside R1(config)#interface FastEthernet1/1 R1(config-if)#ip nat inside Server Configuration 1

• VPN
• CISCO
• LINUX
• DEBIAN
• OPENVPN

Thursday, March 28, 2024 | 16 minutes Read

VPN Wireguard remote access

First I will configure the server machine as a VPN remote access and server server as a VPN client. I will then set up a Windows and Android client. The first thing we will do is to install both the Wireguard package in both machines: root@servidor1:~# sudo apt update && sudo apt install wireguard debian@servidor2:~$ sudo apt update && sudo apt install wireguard Let’s generate the pairs of keys that will be used to encrypt the connection. We will need a key for the server and a couple of additional keys for each client.

• VPN
• CISCO
• LINUX
• DEBIAN
• WIREGUARD

Thursday, March 28, 2024 | 9 minutes Read