Pf firewall rules The same tests were made on both machines with pf firewall turn on. You can see the content of /etc/pf.conf file in the next section: ## Firewall rules for IPSec ## ## ———————— ## ## define macro section ## ext_if = “em0” int_if = “em1” #lan_net =…

Test IPSec tunnels On FreeBSD2 run following command: ping  -S 10.2.1.1 10.1.1.1 On FreeBSD1 run following command:           tcpdump –nvi em0 host 10.27.62.169 and dst 10.27.62.18 You must see something like this: 10.27.62.169 > 10.27.62.18: ESP (spi=0x….)  # that means that traffic is encrypted Bandwidth tests and results Iperf will…

Configuration file  /usr/local/etc/raccoon/raccoon.conf On FreeBSD1 path pre_shared_key “/usr/local/etc/racoon/psk.txt”; # “log” specifies logging level.  It is followed by either “notify”, “debug” or “debug2”. #log debug; padding {     maximum_length 20;   # maximum padding length.     randomize off;       # enable randomize length.     strict_check off;    # enable strict check.     exclusive_tail off; …

Install necessary software on FreeBSD1 and FreeBSD2 pkg install ipsec-tools pkg install racoon2 pkg install tcpdump pkg install iperf pkg add pftop Configuration file /etc/rc.conf should look as follows On FreeBSD1 hostname=”fbsd1″ ifconfig_em0=”DHCP” sshd_enable=”YES” ntpd_enable=”YES” # Set dumpdev to “AUTO” to enable crash dumps, “NO” to disable dumpdev=”NO” #em1 definition…

Description In this post I’ll show you how to install, configure and test IPSec on FreeBSD. All tests were made on two machines running FreeBSD version 10.1-RC3  with following specifications: CPU- 4 cores. Memory – 5 GB.   Scenario     In order to have IPSec support in kernel we…

Description You want to manage an ssh server that can be reached by specific IPs and only specified commands will be accessible to the ssh user. Explanation In our example we have 2 hosts located in the same network (to prove the concept) with followings IP’s: 192.168.122.1 (backend) and 192.168.122.157…

Google Authenticator as a second factor authentication Description In this post I would like to share another a solution (in my previous post I was talking about DUO – https://duo.com) that can be used as a second  factor authentication. In this moment on the market there are a few solutions…

Description You have a relatively big infrastructure and you want to make an inventory of your used digital certificates. You need to find out relevant information about your used certificates like: issuer, subject and expiration dates. Explanation – If you are using a Unix like environment you already have necessary…

Description You want to send some sensitive information to somebody who is not part of your network, so the information should no go unprotected through the environment. This post describes the case where you add sensitive data encrypted on a CD, DVD or even on a hard disk, send that…

Blocking unwanted IP addresses on F5 Description A load balancer is a device that acts as a reverse proxy and distributes network or application traffic across a number of servers. Load balancers are used to increase reliability and capacity of the applications. It is very useful to have a solution…