Category Archives: Security

OpenVPN: Running OpenVPN and a Webserver at same TCP Port

Hi,

OpenVPN has the ability to act like a HTTP Reverse Proxy Server. This feature is called port sharing. Means if OpenVPN detects non VPN traffic it proxy the connection to an specific host and port.
Continue reading OpenVPN: Running OpenVPN and a Webserver at same TCP Port

OpenVPN: A default config template for server and client

Hi,

these are just 2 templates for a OpenVPN Server and a clients based on the post.

The Server side, based on Debian Linux 8. Copy Key, Certificate & CRL to the right place and create the diffie hellmann key for key exchange.

# Root Directory of the CA
export CA_ROOT_DIRECTORY=${HOME}/openvpn/CA
# The common directory
export CA_COMMON_DIR=${CA_ROOT_DIRECTORY}/common
# Directory for Server Certificate
export CA_SERVER_DIR=${CA_ROOT_DIRECTORY}/Server
# The CRL
export CA_CRL=${CA_COMMON_DIR}/crl.pem
# The Environment variable where openssl looking for its config
export OPENSSL_CONF=${CA_COMMON_DIR}/openssl.cfg
# Move default config
mv /etc/openvpn/server  /etc/openvpn/server.old 2> /dev/null
# Copy Key & Certificate
mkdir /etc/openvpn/vpnsrv
cp $CA_SERVER_DIR/server.p12 /etc/openvpn/vpnsrv
cp $CA_CRL /etc/openvpn/vpnsrv
# Create Diffie Hellmenn key for key exchange
export OPENSSL_BIN=`which openssl`
$OPENSSL_BIN gendh -out "/etc/openvpn/vpnsrv/dh.pem" 2048
# Create a Logfolder
mkdir -p  /var/log/openvpn

Continue reading OpenVPN: A default config template for server and client

Windows: Identify a WPBT binary in the ACPI Table of BIOS/UEFI

Hi,

to identify a Windows executable in the ACPI Windows Platform Binary Table entry of a BIOS or UEFI fimware start a live linux distribution from a CD, DVD or USB Stick.

Continue reading Windows: Identify a WPBT binary in the ACPI Table of BIOS/UEFI

OpenVPN: Built a certification authority from scratch with openssl

Hi,

these are the steps to build your own CA (Certification Authority) and all requiered certificates for a OpenVPN instance (Client and Server) on Linux.

Define your environment. Always set these variables in the shell before executing openssl commands. Adjust it to your needs.
Continue reading OpenVPN: Built a certification authority from scratch with openssl

Windows: Enable Bitlocker without a TPM module

Hi,

by default Bitlocker could only activated when a TPM chip is physically present.

If you want to use Bitlocker without a TPM module you must change your (local) policy. Open the Group Policy Object Editor (gpedit.msc), navigate to
Continue reading Windows: Enable Bitlocker without a TPM module