Hero Image
VPN site to site Wireguard

[!NOTE] I will start from the VPN post remote access with Wireguard, so you may refer to this one during this article. Key generation The first thing we will do is to install both the Wireguard package in both machines: root@servidor1:~# sudo apt update && sudo apt install wireguard debian@servidor2:~$ sudo apt update && sudo apt install wireguard Let’s generate the pairs of keys that will be used to encrypt the connection. We will need a key for the server and a couple of additional keys for each client.

Thursday, March 28, 2024 | 5 minutes Read
Hero Image
VPN site to site with IPsec Cisco

In this post I’m going to mount an IPSEC VPN using swan routers. [!NOTE] This post details the configuration of R2 and R3 routers, however R1 is explained in the post of “VPN OpenVPN remote access.” If you want to see the configuration of the latter, look at the section preparing the stage. # Stage configuration As I have changed stage, the 2 new routers have to be set up on the R2 and R3 network.

Thursday, March 28, 2024 | 6 minutes Read
Hero Image
VPN site to site with IPsec Fortinet

In this post I will mount an IPSEC VPN using Fortinet firewalls, for which I will visualize them on GNS3. Stage preparation To create the VPN I will add a new Fortigate to the stage. So let’s proceed to set it up, the first thing will be to know the IP that the DHCP has given you: FortiGate-VM64-KVM login: admin Password: You are forced to change your password. Please input a new password. New Password: Confirm Password: Welcome! FortiGate-VM64-KVM # get system interface physical port1 == [onboard] ==[port1] mode: dhcp ip: 192.168.122.22 255.255.255.0 ipv6: ::/0 status: up speed: 1000Mbps (Duplex: full) FEC: none FEC_cap: none This IP you’ve given me for DHCP will be configured as static.

Thursday, March 28, 2024 | 3 minutes Read
Hero Image
VPN site to site with OpenVPN and x509 certificates

Riding the stage To perform this exercise I have mounted the following scenario on GNS3: Swan router configuration Let’s give each interface the corresponding network configuration: #Interfaz que nos dará internet R1#configure terminal R1(config)#interface fastEthernet 0/0 R1(config-if)#ip add dhcp R1(config-if)#no shut R1(config-if)#exit #Interfaz red Servidor 1 R1(config)#interface fastEthernet 1/0 R1(config-if)#ip add 90.0.0.1 255.255.255.0 R1(config-if)#no shut R1(config-if)#exit #Interfaz red Servidor 2 R1(config)#interface fastEthernet 1/1 R1(config-if)#ip add 100.0.0.1 255.255.255.0 R1(config-if)#no shut R1(config-if)#exit #Ruta por defecto para internet R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.122.1 #Guarda la configuración R1#write #Configuración de SNAT R1#conf term R1(config)#access-list 1 permit 90.0.0.0 0.0.0.255 R1(config)#access-list 1 permit 100.0.0.0 0.0.0.255 R1(config)# ip nat pool NAT-Pool 192.168.122.127 192.168.122.127 prefix-length 24 R1(config)#ip nat inside source list 1 pool NAT-Pool overload R1(config)#interface FastEthernet0/0 R1(config-if)#ip nat outside R1(config)#interface FastEthernet1/0 R1(config-if)#ip nat inside R1(config)#interface FastEthernet1/1 R1(config-if)#ip nat inside Server Configuration 1

Thursday, March 28, 2024 | 16 minutes Read
Hero Image
VPN Wireguard remote access

First I will configure the server machine as a VPN remote access and server server as a VPN client. I will then set up a Windows and Android client. The first thing we will do is to install both the Wireguard package in both machines: root@servidor1:~# sudo apt update && sudo apt install wireguard debian@servidor2:~$ sudo apt update && sudo apt install wireguard Let’s generate the pairs of keys that will be used to encrypt the connection. We will need a key for the server and a couple of additional keys for each client.

Thursday, March 28, 2024 | 9 minutes Read
Hero Image
Compilation of a C-program using a Makefile

Introduction The compilation of programs in programming language C is a fundamental process in software development. It allows the source code written by the programmers to be translated into computer-friendly instructions. One of the challenges associated with the compilation is the efficient management of the project files and units, which becomes even more crucial when working on large and complex projects. This work aims to explore one of the most used mechanisms to compile projects in C: the use of a Makefile file. A Makefile is a configuration file that describes how to compile the source files of a project and how to manage the units between them. In addition, it allows to automate the compilation process and facilitates the task of maintaining and updating the code.

Wednesday, November 29, 2023 | 4 minutes Read
Hero Image
Compilation of a kernel

Introduction For the practice I will choose the kernel 6.4.4 that I have downloaded from the backports repository: To download the source code we will use apt source: It will create us a directory with the source code If we list the contents of the directory with the source code, we will see that the structure is the same as to compile a package in C.

Wednesday, November 29, 2023 | 4 minutes Read
Hero Image
Creation of an automated installation system

Automatic installation of an iso On the official debian page we will download a debian image, in my case I have selected a netinstall: Once you download the debian image, we will copy its content into a folder to then make some modifications. To do this we will mount the iso as a loop device: Once mounted we can see its content: We’re going to make a copy of the files we’re going to use to a directory of ours to make changes to them, once we do this we can dismount the image:

Wednesday, November 29, 2023 | 3 minutes Read
Hero Image
Kernel parameter modification exercises

1.Disable apparmor in boot. 2.Disable if possible the Kernel Mode Setting (KSM) of the graphics card. We add the following line in the group configuration: We update the grub to apply the changes: 3 Change the swappiness provisionally so that your equipment swap is activated when more than 90% of the RAM is used. 4 Make swappiness change permanent. You have to run sysctl -p sudo to be applied. 5.Show the value of the forward bit for IPv6.

Wednesday, November 29, 2023 | 1 minute Read
Hero Image
Migtation from CentOS stream 8 to CentOS stream 9

Update the packages Before migrating, make sure your CentOS Stream 8 system has all the latest packages and updates. Eliminate unnecessary packages that appear to us when using the next command as they are orphaned packages Update to CentOS9 Install CentOS 9 repositories: Now let’s update the packages to CentOS 9: When the installation is finished, some packages may be removed: We update the database of the local packages:

Wednesday, November 29, 2023 | 2 minutes Read
Hero Image
Module management exercises

1.Check the loaded modules on your computer. 2.Count the number of modules available in the kernel you are using. 3 Connect a USB pencil and watch the output of the dmesg sudo instruction. We see how the kernel detects the usb device and the necessary modules are loaded for it: We see how the number of modules loaded has increased: 4.Eliminate the module for some non-essential dispotive and check what happens. Put it back on. If we download it we will not be able to make use of exfat file systems:

Wednesday, November 29, 2023 | 2 minutes Read
Hero Image
Packaging management

Indicates the steps to be followed to modify DHCP network configuration to static To configure the ens1 interface with a static IP address (e.g. 192.168.122.10), you must modify the / etc / sysconfig / network-scripts / ifcfg-ens1 file: To apply the configuration we restart the Network Manager: Update the system to the latest versions of the installed packages Install the additional EPEL repository. Install the bash- completion package.

Wednesday, November 29, 2023 | 1 minute Read