Easy(ish) IPSec VPN with Shared ECDSA Certificates for Host to Host Connections


Let me start off by saying that using certificates for your IPSec VPNs adds another layer of complexity onto your connections. However what I’ve tried to do is to make this how to guide as easy to follow as I possibly can.

By using certificates we can negate the requirements to use pre shared keys and thus are considered more secure and if we have lots of tunnels it means we don’t have to worry about having a separate key for each connection therefore providing a great deal of scalability.

Continue reading →

Configuring Suite B, VPN-A and VPN-B in IPSec with Strongswan


Many vendors have got the various IPSec standards already implemented within their products for ease of use.  This is my configuration for matching these standards with Strongswan.

It’s always nice to use a standard; they come from RFCs so have some level of scrutiny and make things interoperable.  These suites in my experience tend to be the ones which are implemented most widely.  As a security professional I’m happy that someone has investigated the best solutions with which to use.

Continue reading →

How to Create a Site to Host VPN on Ubuntu for AWS, Azure and Linode with pfsense


This tutorial will guide you through setting up a VPN from your pfsense firewall router, to your Ubuntu server hosted in the cloud.  Many of these vendors have the capability to setup a site to site VPN through the control panels, but this tutorial doesn’t require anything except for an external IP address on your Linux box.
Continue reading →

Public DNS Servers


Sometimes you need a list of public DNS servers, there are some common ones and some not so common ones, here I present my go to list.  These are in no way endorsed, but I do use them all fairly regularly.  Where I say some services are Alternate Root these servers may give you different results than the rest.

Continue reading →

How to Create a Websense Content Gateway (WCG) on CentOS


When you implement a Websense proxy solution and you don’t guy one of their appliance then you have to setup the proxy components yourself.  This can be fairly easily done on a CentOS install running on VMWare or Hyper-V.  This how to will walk you through getting a Websense Content Gateway (otherwise known as a WCG) with version 8.0.1 on an appropriate virtual host.

Continue reading →