Security & privacy related stuff

DNS-based AdBlock on OpenWRT

By Atomstar on Saturday 23 February 2019 13:13 - Comments (4)
Category: Security, Views: 2.064

Router-based ad-blocking has advantages that all connected clients are protected. Also, it might speed up connections because filtering is done upstream (i.e. not on client but on the router). However this might be offset by relatively slow hardware of routers.

Read more »

On-demand iOS VPN using Configuration Profiles

By Atomstar on Saturday 23 February 2019 12:25 - Comments (2)
Category: Security, Views: 604

After setting up an IKEv2 VPN on my raspberry-pi, I wanted my iPhone to connect to it automatically and on-demand.

Read more »

Setting up an A+-grade nginx SSL server

By Atomstar on Sunday 27 January 2019 15:25 - Comments (7)
Categories: Linux, RaspberryPi, Security, Views: 3.794

Because I don't want to expose smarthome dashboards (like domoticz or grafana) directly to the internet, I've set up a separate server to publish data beyond my local network. For this I've chosen nginx using let's encrypt certificates renewed by certbot, enabling hsts and fixing the logjam vulnerability.

Read more »

StrongSwan IKEv2 VPN on Raspberry pi

By Atomstar on Monday 24 December 2018 01:08 - Comments (7)
Categories: Linux, RaspberryPi, Security, Views: 5.985

Guide to set up road warrior VPN server (i.e. road warrior = mobile clients connecting to static server, vs e.g. site-to-site connection) using IKEv2 using strongswan on a raspberry pi. This guide is largely based on this digitalocean guide combined with ready-made strongswan configurations.

Update 20181224: added algo VPN configurator
Update 20190223: added cipher analysis / recommendation, clarified eth0 interface use on server, ESP/AH forwarding, added password generation one-liner.

Read more »