Category: networking

SSLH – Share A Same Port For HTTPS And SSH

Some Internet service providers and corporate companies might have blocked most of the ports, and allowed only a few specific ports such as port 80 and 443 to tighten their security. In such cases, we have no choice, but use a same port for multiple programs, say the HTTPS Port 443, which is rarely blocked. Here is where SSLH, a SSL/SSH multiplexer, comes in help. It will listen for incoming connections on a port 443. To put this more simply, SSLH allows us to run several programs/services on port 443 on a Linux system. So, you can use both SSL and SSH using a same port at the same time. If you ever been in a situation where most ports are blocked by the firewalls, you can use SSLH to access your remote server. This brief tutorial describes how to share a same port for https, ssh using SSLH in Unix-like operating systems.

Source: SSLH – Share A Same Port For HTTPS And SSH – OSTechNix
Related: Install sslh on Mac OSX

How to Setup a Raspberry Pi Samba Server – Pi My Life Up

In this Raspberry Pi Samba tutorial, we will be showing you how you can share directories from your Raspberry Pi using the SMB/CIFS protocols.

Source: How to Setup a Raspberry Pi Samba Server – Pi My Life Up

How to Use Raspberry Pi as a VPN Gateway

A VPN (Virtual Private Network) protects your privacy by routing all your Internet traffic through an encrypted server that your ISP (or hackers) can’t see. Setting up and using a log-free VPN service from your PC desktop is straightforward enough, but other devices in your home such as your game console and set-top box don’t let you install VPN software.

One solution is to buy a router that can connect directly to a VPN service, protecting all the traffic on your home network a single stroke. But it could be cheaper (and simpler) just to route all your traffic through a Raspberry Pi that remains connected to the VPN at all times.

Source: How to Use Raspberry Pi as a VPN Gateway – Tom’s Hardware

How To Create A VPN Killswitch Using Iptables on Linux

Use iptables to create a VPN killswitch to protect against data leaks.

…..

If you’re connected to a VPN, you need a killswitch. No, it’s not as metal as it sounds. It’s just a mechanism that stops your Internet connection when you’re disconnected from the VPN. It protects you from inadvertently leaking sensitive information onto the Internet when the VPN connection drops.

Source: How To Create A VPN Killswitch Using Iptables on Linux – LinuxConfig.org

Convert an older model USB printer to a networked printer using a Raspberry Pi or other Linux-based computer — also works well for making an older printer compatible with a newer version of MacOS

We originally set out to do this because we were having problems getting an older model laser printer, specifically a Konica Minolta PP1350W, to work with MacOS High Sierra (10.13). With previous versions of MacOS we’d been able to connect the printer directly to the computer, and with some fiddling with drivers and other software, get it to work. But newer versions of MacOS seem to be far less tolerant of this, and we had a spare Raspberry Pi, so the idea came to us to use the Raspberry Pi as a bridge between the printer and any computers on the local network from which we wanted to be able to print. The bonus is that the printer is no longer tethered to a single machine, but instead can potentially be used by any computer on the local network.

You do not need to have a Raspberry Pi to make this work – any computer that can run Linux will do. And of course the Raspberry Pi or other Linux computer can be used for other purposes besides this. We do not guarantee that this technique will work for every older printer out there, but this will work with a surprising number of them.

Source: Convert an older model USB printer to a networked printer using a Raspberry Pi or other Linux-based computer — also works well for making an older printer compatible with a newer version of MacOS – Two “Sort Of” Tech Guys

How To Set Up an OpenVPN Server on Ubuntu 18.04

OpenVPN is a full-featured, open-source Secure Socket Layer (SSL) VPN solution that accommodates a wide range of configurations. In this tutorial, you will set up an OpenVPN server on an Ubuntu 18.04 server and then configure access to it from Windows, macOS, iOS and/or Android. This tutorial will keep the installation and configuration steps as simple as possible for each of these setups.

Source: How To Set Up an OpenVPN Server on Ubuntu 18.04 | DigitalOcean

If your mount.cifs has stopped working, try adding -o vers=3.0

If you have been using “mount.cifs …” or “sudo mount.cifs …” to mount a share located on a Windows machine in Linux, and it stops working after any kind of update or change to your network, try adding -o vers=3.0, or if you are already using some -o options, add vers=3.0 to the list (separated from any existing -o options by a comma). You could also try 2.0 rather than 3.0, but by default it tries to use 1.0 as the SMB protocol version, and Microsoft has removed support for that in some versions of Windows. So if you get a Windows upgrade that removes the 1.0 protocol, your existing mount-cifs invocation line may stop working, but it appears that sometimes other changes in the network can trigger this as well. The vers= option is explained on the mount.cifs man page as follows:

SMB protocol version. Allowed values are:

  • 1.0 – The classic CIFS/SMBv1 protocol. This is the default.
  • 2.0 – The SMBv2.002 protocol. This was initially introduced in Windows Vista Service Pack 1, and Windows Server 2008. Note that the initial release version of Windows Vista spoke a slightly different dialect
    (2.000) that is not supported.
  • 2.1 – The SMBv2.1 protocol that was introduced in Microsoft Windows 7 and Windows Server 2008R2.
  • 3.0 – The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and Windows Server 2012.

Note too that while this option governs the protocol version used, not all features of each version are available.

So, a typical invocation to mount a Windows share accessible by all users of the machine might now look something like this:

sudo mount.cifs //WindowsIPaddress/WindowsShareName /path/to/mountpoint/ -o user=WindowsUserName,password=WindowsUserPassword,vers=3.0,uid=1000,gid=1000

(The bolded part above is all one line.)

Why your game console or home VoIP PBX won’t work with OPNsense or pfSense, and how to fix it

If you have been using a standard router and decide to upgrade to OPNsense or pfSense (I personally recommend OPNsense, solely because of the heavy-handed moderation in the pfSense user forum, where a user can apparently get banned for life for even a small inadvertent infraction), you may find that making a game console or a VoIP PBX work isn’t as simple as just forwarding some ports. The other thing you have to do is shown in this video:

Although the video specifically mentions the PS4 and XBOX, the advice shown is equally valid for other types of game consoles and for home PBX servers. Note the section starting at 3:20 in the video, where the “Static Port” checkbox is checked – this is the key to making it work!

The OPNsense user interface will look a bit different than the one in pfSense but the principle is the same; you still need to make sure the “Static Port” checkbox is checked. And in either case, you may still need to do port forwarding, the same as you did on your previous router, but generally speaking port forwarding alone will not work until the additional configuration shown in the video is applied. Here’s an example of setting up a static port rule in OPNsense (note that the source address field refers to a previously-set alias for the IP address of the Asterisk PBX):

VoIP PBX users, there is one other thing you may need to do, at least in OPNsense, particularly if you find that you have a non-local extension that is unable to connect to your PBX. If you are using a Dynamic DNS address, make sure you go to System: Settings: Administration and put that dynamic DNS address in the “Alternate Hostnames” field.

Recent Posts

Recent Comments

Archives

Categories

Meta

GiottoPress by Enrique Chavez

%d bloggers like this: