Mirrored Ports with Open vSwitch

After adding some new SSD storage to my home server I had purged a lot of the older VMs that I didn't use frequently in my previous 'Spring Cleaning' effort to make space. One of the VMs that I had purged but now wanted to get back online and running was a Security Onion VM. I won't go into much detail here about SecOnion, there is a lot of good documentation and tutorials already out there on how to set it up. Security Onion requires at least two network interfaces; one for administrative control, and at least one more that …

more ...

Access Git repo over SSH behind jumpbox

I recently ran accross the situation where I wanted to push changes to a repo that was stored on my personal Gitlab server. The issue was that I had recently restructured my homelab and the only way to get to the gitlab server via SSH was through a jumpbox. These were the steps I took to be able to use the normal git workflow while still keeping my network design / security choices intact.

On dev machine

First we will create a new SSH key for the hop from dev machine --> jumpbox.

ssh-keygen -t ed25519 -C "gitlab multihop" -f ~/.ssh/multihop …
more ...

Install RDP on Debian 10 (Buster)

Start off with a freshly updated system and install the requirements:

apt update
apt upgrade
apt install -y xrdp xfce4 xfce4-terminal gnome-icon-theme-full tango-icon-theme

Make xfce4 our default xsession:

echo xfce4-session >~/.xsession

Make xfce4 the default for by editting the following file: :::bash nano /etc/xrdp/startwm.sh

Replace what is in there with this:


if [ -r /etc/default/locale ]; then
  . /etc/default/locale


Restart xrdp for changes to be made effective.

service xrdp restart
more ...

GPG random-entropy

This is was the workaround that I had to do to get gpg keys to be generated on a kvm debian machine. After doing it several times and having to hunt to figure out how I got it working the first time I decided I should write it down.....

sudo apt-get install rng-tools
sudo rngd -r /dev/urandom
more ...

Road Warrior VPN

This is a dead simple way to get an OpenVPN server up and going with individual client certificates.

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
# https://github.com/Nyr/openvpn-install
# Copyright (c) 2013 Nyr. Released under the MIT License.

# Detect Debian users running the script with "sh" instead of bash
if readlink /proc/$$/exe | grep -q "dash"; then
    echo "This script needs to be run with bash, not sh"

if [[ "$EUID" -ne 0 ]]; then
    echo "Sorry, you need to run this as root"

if [[ ! -e /dev/net/tun ]]; then
    echo …
more ...