How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi

by gyp on May 17, 2016 in Business, Computers with 4 Comments
be-aware-safety-always-fallout

In a corporate environment shared key encryption is rarely used due to the problems associated with distributing the appropriate keys. In the corporate wireless world many organisations prefer to use 802.1x or Radius authentication so that their users can log on to the wireless networks with their domain credentials.

I was recently asked to set up just s system with Unifi access points and controllers on Windows Server 2012 with Microsofts own Radius solution NPS (or Network Policy Server) and 802.1x. There is plenty of information out there but I found that some of it was out of date and others were missing some fairly key components. So I present this tutorial to hopefully helps others get this up and running as quickly as possible.

Continue reading →

Steam & Valve IP Ranges

by gyp on January 8, 2016 in internet with No comments
classic-locomotive-steam

After spending a fair amount of time trying to find the IP subnets which Steam uses I came up a blank, so I went to Arin.

Continue reading →

Easy(ish) IPSec VPN with Shared ECDSA Certificates for Host to Host Connections

by gyp on October 22, 2015 in internet with No comments
cat-on-the-wire

Let me start off by saying that using certificates for your IPSec VPNs adds another layer of complexity onto your connections. However what I’ve tried to do is to make this how to guide as easy to follow as I possibly can.

By using certificates we can negate the requirements to use pre shared keys and thus are considered more secure and if we have lots of tunnels it means we don’t have to worry about having a separate key for each connection therefore providing a great deal of scalability.

Continue reading →

Configuring Suite B, VPN-A and VPN-B in IPSec with Strongswan

by gyp on October 13, 2015 in Computers, internet with No comments
swan

Many vendors have got the various IPSec standards already implemented within their products for ease of use.  This is my configuration for matching these standards with Strongswan.

It’s always nice to use a standard; they come from RFCs so have some level of scrutiny and make things interoperable.  These suites in my experience tend to be the ones which are implemented most widely.  As a security professional I’m happy that someone has investigated the best solutions with which to use.

Continue reading →

How to Create a Site to Host VPN on Ubuntu for AWS, Azure and Linode with pfsense

by gyp on October 3, 2015 in Business, internet with 2 Comments
pretty-fluffy-clouds

This tutorial will guide you through setting up a VPN from your pfsense firewall router, to your Ubuntu server hosted in the cloud.  Many of these vendors have the capability to setup a site to site VPN through the control panels, but this tutorial doesn’t require anything except for an external IP address on your Linux box.
Continue reading →

← Older Entries