http://billauer.co.il/ipmasq-html.html
IP Masquerading using iptables
Reply
Category Archives: Howto
The Beginner’s Guide to iptables, the Linux Firewall
https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/
Tutorial: Installing OpenVPN on Ubuntu 16.04
https://blog.ssdnodes.com/blog/tutorial-installing-openvpn-on-ubuntu-16-04/
To configure iptables look here:
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04
How to Configure OpenVPN Access Server to Tunnel Traffic
https://linode.com/docs/networking/vpn/configure-openvpn-access-server-to-tunnel-traffic/
Install OpenVPN Access Server on Linux for Secure Communications
https://linode.com/docs/networking/vpn/install-openvpn-access-server-on-linux/
How to Create Windows 10 System Recovery Partition
How To Use Crayon Syntax Highlighter Plugin
Client-side SSL
Client-side SSL
For excessively paranoid client authentication.
Using self-signed certificate.
Create a Certificate Authority root (which represents this server)
Organization & Common Name: Some human identifier for this server CA.
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Create the Client Key and CSR
Organization & Common Name = Person name
openssl genrsa -des3 -out client.key 4096
openssl req -new -key client.key -out client.csr
# self-signed
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
Convert Client Key to PKCS
So that it may be installed in most browsers.
openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
Convert Client Key to (combined) PEM
Combines client.crt and client.key into a single PEM file for programs using openssl.
openssl pkcs12 -in client.p12 -out client.pem -clcerts
Install Client Key on client device (OS or browser)
Use client.p12. Actual instructions vary.
Install CA cert on nginx
So that the Web server knows to ask for (and validate) a user’s Client Key against the internal CA certificate.
ssl_client_certificate /path/to/ca.crt;
ssl_verify_client optional; # or `on` if you require client key
Configure nginx to pass the authentication data to the backend application:
- Client Side Certificate Auth in Nginx, section “Passing to PHP.”
- SSL module documentation
Using CACert Keys
- Get client key from CACert
- Install client key in client device.
- Install CACert root certs in server and client device.
- Configure nginx, as above.
Original posting: https://gist.github.com/mtigas/952344#client-side-ssl
IMPASSA Self-Contained 2-Way Wireless Security System (model SCW9057)
This wireless security system is widely used by ADT and companies providing security.
Useful links:
IMPASSA Self-Contained 2-Way Wireless Security System
DSC – IMPASSA Self-Contained 2-Way Wireless Security System – User Video English
DSC IMPASSA 2 Way Wireless Security System
How to Change Master and User Code on DSC Powerseries
How to Program DSC Neo Proxy and PG9939 Keyfob
Default master/installer code
The default code is 1234 or 5555.
It might be changed on your system and if you make few wrong attempts the keyboard will be locked temporarily.
How to reset to factory settings
If you do not have the master code or installer code you are limited in what you can do with the system.
You can do a factory reset and will be able to set your own master code.
NOTE: If you do a factory reset all settings will be lost including any zones, sensor information, etc.
To do a factory reset do the following:
- turn the AC power off (unplug the transformer)
- open the front panel (check the user manual on how to do it) and disconnect the battery pack
- connect IO1 and IO2 with a wire
- Power the device with AC only. Keep it power for 10 to 20 seconds
- Power off the device
- remove the wire between IO1 and IO2
- connect the battery
- Turn the AC power on
Now you device is factory reset. You need to configure everything including set the date and time.
The default master/installer code is 1234
Programming
If you have the master/installer code you can do things like
- adding a new user code for a family member or the cleaning lady
- adding new sensors
- programming new wireless remote
Add new user
[*][5] [1][2][3][4] [<][>] [*] [9][7][1][3] [#]
master code select user to access code new user code exit
Delete user
[*][5] [1][2][3][4] [<][>] [*] [*] [#]
master code select user to access code delete exit
Letsencrypt + Certbot
Letsencrypt provides free SSL certificates
Certbot automates re-newal and installation of the certificates
Install Certbot:
$ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-apache
Generate and install the certificate
$ certbot --apache
Generate the certificate only
$ certbot --apache certonly
Generate wildcard certificate
$ sudo certbot certonly --manual --preferred-challenges=dns --email yourname@yourdomain.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.yourdomain.com
Renewal
The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature.
$ sudo certbot renew --apache