How to setup OpenVPN server on debian? part2

We continue previous post about creation of site to site vpn between multiple branch offices and central office of company.

  1. Install latest Debian Linux (better from network installer). During the installation choose:
    • ssh server
    • std system utilities
  2. Configure IP address for the server. For example nano /etc/network/interfaces:
iface eth0 inet static
address 192.168.0.2 # it is considered that 192.168.0.1 is used as dgw in central 
Read the rest

How to create site to site VPN for SMB with low IT budget. part1

It’s commonplace to connect multiple company branches and central office by VPN. For my customers for example it’s needed to :

  1. implement Active Directory (for small companies with single IT team – only one AD domain and multiple AD sites, everywhere if possible one AD DC)
  2. integrate into one DB all Time Attendance machines – one Zkteco application for accountant at central office connects thru vpn
Read the rest

How i configured Wifi mesh with 4 Google Wifi devices

At first sight there is no problem at all to configure mesh with Google Wifi devices – just follow instructions.

But keep in mind several pitfalls:

  1. The devices are officially supported only in USA, Europe and …, but not in Mongolia for example. If you use Android mobile device you find Google Wifi Application without any problem. But for iphone if your country settings in AppStore is Mongolia – no Google Wifi application πŸ™ (Google tech support confirmed it). To change AppStore country without entering bank card details – don’t use USA, but for example Canada – then there
Read the rest

How to auto renew “Let’s encrypt” free certificate extending 90 days limit.

In the previous post i recommended for non-critical web services to start using free certificates from “Let’s encrypt”.

Many people refuse to use this kind of certificates thinking that it’s not good enough and moreover it’s only for 3 months and that it would be annoying to prolong it manually each 3 months and not forget about it. As for “not good enough” – even if you don’t trust free SSL certificates for web server authentication it’s always better to have enabled SSL than to go without SSL – at least channel will be encrypted (unlike free self-signed certs which … Read the rest

WannaCry and XP

Microsoft stopped the support for XP, but for WannaCry attack they made exclusion:

 

If you have too many XP as a pos stations you can use registry hack to enable again Windows Update for extra 5 years.

 

 … Read the rest

If you need temporary VPS hosting (for testing, for development and so on)

Sometimes temporary, moreover free VPS hosing for 1 year is great and generous opportunity. Usually it’s very handy for testing (for example to install linux, configure lamp, wordpress, 2fa, freeSSL, plugins and so on ), web development, personal blogs, short-term projects like election events and so on.

Amazon Web service suggests it for whole 1 year. Just be VERY careful to not trespass limits of free tier (for example AWS automatically has done EBS snapshots during import of my vmware ova to AWS AMI and later on to free tier instance — although 09 cents were generously forgiven by AWS … Read the rest

Free ComodoSSL, free “Let’s encrypt” certificates

Strange that the main national domain registrar (http://manage.datacom.mn) yet don’t use SSL for own management console. Mobinet, national cloud provider even don’t have DNS registration for own services asking to create hosts file records for vps-mgnt.mobinet.mn. Mobinet who resells Comodo SSL doesn’t have valid SSL forΒ https://vps-mgnt.mobinet.mn/ (and looks like self-signed SSL is created to conflict with vmware cert namespace).

SSL providers suggest DNS (email) validation for certificate CSR, so vulnerable web DNS manager (not protected by SSL) can compromise issued SSL certs and finally web sites with online banking, payment systems and so on. I suggest for

Read the rest

БКБ Π·Π°Π±ΠΎΡ‚Ρ‹

НСдавно ΠΏΠΎΡ‚Ρ€Π΅Π±ΠΎΠ²Π°Π»ΠΎΡΡŒ ΠΏΡ€ΠΎΡ‚ΡΠ½ΡƒΡ‚ΡŒ нСсколько дСсятков UTP ΠΊΠ°Π±Π΅Π»Π΅ΠΉ. И Π·Π°Π½ΠΎΠ²ΠΎ ΠΈΠ·ΠΎΠ±Ρ€Π΅Π» вСлосипСд πŸ™‚ – Ρƒ нас Π² Монголии слоТно (Π° Ρ‚ΠΎΡ‡Π½Π΅Π΅ ΡΠΎΠ²Π΅Ρ€ΡˆΠ΅Π½Π½ΠΎ Π½Π΅Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎ) ΠΊΡƒΠΏΠΈΡ‚ΡŒ Π½ΠΎΡ€ΠΌΠ°Π»ΡŒΠ½Ρ‹Π΅ ΠΏΡ€ΠΎΡ„Π΅ΡΡΠΈΠΎΠ½Π°Π»ΡŒΠ½Ρ‹Π΅ ΠΊΠΎΡ€ΠΎΠ±Π° (cable-channel) ΠΈ аксСссуары ΠΊ Π½ΠΈΠΌ. ΠŸΡ€ΠΈΡˆΠ»ΠΎΡΡŒ Π²ΠΎΠ·ΠΈΡ‚ΡŒΡΡ с китайскими Π΄Π΅ΡˆΠ΅Π²Ρ‹ΠΌΠΈ ΠΈ сСрдитыми. Замучался ΠΏΡ€ΠΈΠ΄Π΅Ρ€ΠΆΠΈΠ²Π°Ρ‚ΡŒ ΠΊΠ°Π±Π΅Π»ΠΈ, ΠΊΠΎΠ³Π΄Π° Π·Π°ΠΊΡ€Ρ‹Π²Π°Π» ΠΊΠΎΡ€ΠΎΠ±Π° ΠΊΡ€Ρ‹ΡˆΠΊΠΎΠΉ – ΠΈ Π²Π΄Ρ€ΡƒΠ³ Π² Π³ΠΎΠ»ΠΎΠ²Ρƒ ΠΏΡ€ΠΈΡˆΠ»Π° идСя – Π²Π·ΡΡ‚ΡŒ лишниС бросовыС куски кабСля ΠΈ Π½Π°Ρ€Π΅Π·Π°Ρ‚ΡŒ Ρ†Π²Π΅Ρ‚Π½Ρ‹Π΅ ΠΏΡ€ΠΎΠ²ΠΎΠ΄Π°/ΠΏΠ°Ρ€Ρ‹ ΠΏΠΎ 20 см, ΠΏΡ€ΠΎΠ΄Ρ‹Ρ€ΡΠ²ΠΈΡ‚ΡŒ ΠΊΠΎΡ€ΠΎΠ± Ρ‡Π΅Ρ€Π΅Π· ΠΊΠ°ΠΆΠ΄Ρ‹Π΅ 40-50 см Π΄Π²ΠΎΠΉΠ½Ρ‹ΠΌΠΈ с края ΠΌΠ΅Π»ΠΊΠΈΠΌΠΈ отвСрствиями ΠΈ ΠΏΡ€ΠΎΠ΄Π΅Ρ‚ΡŒ ΠΏΡ€ΠΎΠ²ΠΎΠ΄Π° – Ρ‚Π΅ΠΏΠ΅Ρ€ΡŒ ΠΎΡΡ‚Π°Π»ΠΎΡΡŒ ΡƒΠ»ΠΎΠΆΠΈΡ‚ΡŒ Π² ΠΊΠΎΡ€ΠΎΠ± ΠΊΠ°Π±Π΅Π»ΠΈ ΠΈ ΠΏΡ€ΠΎΠ²ΠΎΠ΄ΠΎΡ‡ΠΊΠ°ΠΌΠΈ Π·Π°ΠΊΡ€Π΅ΠΏΠΈΡ‚ΡŒ Π²Π½ΡƒΡ‚Ρ€ΠΈ ΠΊΠΎΡ€ΠΎΠ±Π°, Ρ‡Ρ‚ΠΎΠ± Π½Π΅ Π²Ρ‹Π²Π°Π»ΠΈΠ²Π°Π»ΠΈΡΡŒ ΠΈ послС этого Π·Π°ΠΊΡ€Ρ‹Ρ‚ΠΈΠ΅ ΠΊΠΎΡ€ΠΎΠ±Π° ΠΊΡ€Ρ‹ΡˆΠΊΠΎΠΉ … Read the rest

Free VEB/Veeam Endpoint Backup solution to backup physical servers

Not everybody knows that recently Veeam starts to support backup of physical servers, workstations directly to the same Veeam Repository in already existing VBR/Veeam Backup and ReplicationΒ  infrastructure.

If you already have ready VBR than it’s logical to backup not to mobile USB hard drive (default target of VEB) and so on, but to VBR repo. To restore i recommend to use WDS – because boot.wim in generated recovery disk easily can be imported into WDS (and all necessary NIC and storage drivers added in std way thru WDS). WDS can be on other server – just during restore process … Read the rest