![[RSS]](https://tweakimg.net/g/if/v2/icons/rss_small.png){kind=icon}
Security & privacy related stuff
DNS-based AdBlock on OpenWRT
Router-based ad-blocking has advantages that all connected clients are protected. Also, it might speed up connections because filtering is done upstream (i.e. not on client but on the router). However this might be offset by relatively slow hardware of routers.
Read more »
Read more »
On-demand iOS VPN using Configuration Profiles
After setting up an IKEv2 VPN on my raspberry-pi, I wanted my iPhone to connect to it automatically and on-demand.
Read more »
Read more »
Setting up an A+-grade nginx SSL server
Because I don't want to expose smarthome dashboards (like domoticz or grafana) directly to the internet, I've set up a separate server to publish data beyond my local network. For this I've chosen nginx using let's encrypt certificates renewed by certbot, enabling hsts and fixing the logjam vulnerability.
Read more »
Read more »
StrongSwan IKEv2 VPN on Raspberry pi
Guide to set up road warrior VPN server (i.e. road warrior = mobile clients connecting to static server, vs e.g. site-to-site connection) using IKEv2 using strongswan on a raspberry pi. This guide is largely based on this digitalocean guide combined with ready-made strongswan configurations.
Update 20181224: added algo VPN configurator
Update 20190223: added cipher analysis / recommendation, clarified eth0 interface use on server, ESP/AH forwarding, added password generation one-liner.
Read more »
Update 20181224: added algo VPN configurator
Update 20190223: added cipher analysis / recommendation, clarified eth0 interface use on server, ESP/AH forwarding, added password generation one-liner.
Read more »