lunes, 13 de junio de 2016

Learning while building a site-to-site VPN

So many things that I still learn. One important piece is to learn the theory, and another completely different matter is to apply this knowledge into practice, which turns into wisdom.

I´m speaking about building a site-to-site VPN. I started trying with IPSec but decided to use a known solution by my friend Gabriel Orozco (aka @Redimido) helped me out with this setup.

So far what I´ve learned from this exercise was:

  • You only need to enable a OpenVPN server on one of your subnets and a OpenVPN client on the other side of your subnets
  • Windows will treat any 169.254.XXX.XXX as a failed DHCP lease and hence won´t work at all
  • Your netmask is pretty important, because if using a 16 bit (class B network) the requests sent from a machine inside a subnet won´t reach the default gateway and hence no communication is possible between the two subnets using the VPN
Also, thanks a lot to my friend Galileo Martínez that taked lot of ownership when helping me out to debug the issue between the 20 and 10 subnets. 

I owe you both a lot of time. 

Correct fail2ban filter for sshd on Amazon Linux

Fail2ban does not catch the regular expression for Invalid or Illegal ssh logins on Amazon Linux. So far the fix goes like this: Not match...