DNS and Geopolicy: Sometimes, you need to go back to basics

There comes a time in life where you enable a high-level protection in your firewall, but you somehow forget the basics and that is where the problem lives..

Useful Zimbra mailbox management Tips and Tricks

These are some of the commands I use most, or, zimbra commands that were relevant to a very specific goal and i had to document them to avoid losing them :)

Creating a site-to-site VPN with dynamic internet IP addresses with OPNSense - part01

Background

This is something that grind my gears: Limitations of the IPSec implementation, and lack of how-tos about the specifics at the title of this post.

That situation lead me to this “not so beautiful” solution, where i use client certificates do identify the peers.

Every time i’ve tried to create a site-to-site environment where the remote office had to forward everything to the main office (basically 0.0.0.0/0) before going to the internet i had to deal with these issues:

• The internet IP Address had to be static.
  • This isn’t a reality on many places in Brazil. Not even CGNATs have fixed addresses that we could rely as Identifier of the remote office;
• Deal with external dynamic DNS solutions, or implement it on bind;
• Have a valid FQDN for server Certificates for Mutual RSA;
• Some compatibility issues with Strongswan and proprietary players;

And after some days of lab, here is my recipe:

How to create a good Mate

Yeah, you are not misreading it. I’m not talking about this Mate. I’m talking about this one ;)

Making a decent chimarrão(mate) is essential to keep you hydrated during the cold winter, and making a not clogged chimarrão is pure art.

About this page