Latest Server related questions

I'm creating an SSH tunnel to a remote service through one of our servers. This server has 3 network interfaces, and the remote service has interface-specific restrictions in place based on IP and MAC address.

Local Machine --> Server --> Remote Service

Let's say the interfaces to the Server have an IP ending in .37, .38, and .39. The interface with .37 is facing the corporate network, thus acce ...

I cannot get Strongswan, networkmanager-strongswan (client) work on your Arch-PC. My vpn-strongswan server (hereinafter deb (server)) has been configured for a long time, any devices (such as android, windows), except for my arch linux (hereinafter arch (client)) are successfully connected to it.

When I try to connect to my vpn deb (server), I get an error that the user data is invalid. I am usin ...

In our enterprise, we have roughly 30 users that access our networks through a VPN connection. The topology, is as follows: Apple End User Device ( iOS, macOS ) <--> Juniper SRX Firewall <--> RADIUS <--> Microsoft NPS ( Windows Server 2019 ).

All of these VPN connections work without incident for the users, with the exception of my personal user account - this fails to connect e ...

Is Vault the correct tool to store sensitive information about users, eg. theirs pay rate or personal id?

"Normal" employee/user must only have access to his own data but the users with accountancy role must have access to everyone data. Users are authenticated with ldap so I thought Vault would be a good option since it can integrate with ldap and I could use its policies to restrict access.

I cann ...

I am redirecting wildcard subdomain to a external domain using .htaccess

following is the .htaccess

Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /

RewriteCond %{HTTP_HOST} ^(.+?)\.example\.com$ [NC]
RewriteRule ^ https://newexample.com/%1%{REQUEST_URI} [P]

I believe I have to enable mod_proxy but not able to find the correct way to do it.

in my 000-default.co ...

Let's say I have a policy that sets specific encryption settings for our servers. We don't want SSL 3.0, insecure, ciphers, etc for example. After this change machines must be restarted for the changes to take affect.

1. existing machines should be restarted at specific time off hours
2. future machines will need to be restarted after policy is applied

What is the ideal approach for handling this situat ...

My NGINX config has a single server defined, and in server-name I have both my domains listed. However, I'd like to keep their SSL certificates separate if possible. I tried using certbot twice, once for each domain, but it seems certbot changes the server's ssl_certificate path in the NGNIX config to match the second domain and overwrites the first domain. Is there a way around this?

Thanks!

I'm upgrading some Ubuntu 18.04 hosts to Nginx v1.20. The available version in the official repos for Ubuntu 18.04 is 1.14, which has some advisories out for it, so I'm adding the "official" Nginx repo to my 18.04 hosts.

The libnginx-* mods seem to be a Ubuntu thing only. Are these modules automatically compiled into the nginx.org package somehow? For instance, apt shows the libnginx-mod-http-geoip

I try to test the connection to the Google Workspace LDAP server. I follow this help page: https://support.google.com/a/answer/9190869?hl=en#ldap-query&zippy=%2Cldapsearch

But when I run the suggested commands, I get this error:

root@debian:/etc/freeradius/3.0# LDAPTLS_CERT=/etc/freeradius/3.0/certs/ldap-client.crt LDAPTLS_KEY=/etc/freeradius/3.0/certs/ldap-client.key ldapsearch -v -H ldaps://lda ...

I have 3 DCs on my domain, (2 on local office, 1 in Amazon AWS), and I would like to move to Amazon and cut off the 2 local DCs.

I have shut down the 2 local DCs, to test if the AmazonDC is working correctly, but then I receive "ERROR_NO_SUCH_DOMAIN" errors using nltest on Client computers, and I am no longer able to login to client computers with domain accounts.

I am not an expert, but I have trie ...

I've established route-based IPSec connection via IPIP tunnel to Amazon (using StrongSwan), and on tunnel statistics I see incrementing discards. On physical interface there was some discards too, but I increased the ring buffer (ethtool -G). So now physical interface is OK.

I can't imagine where could be a problem. Because IPSec tunnel is Up. But increasing discards on that particular interface  ...

I have inherited the administration duties on an EC2 instance with a single EBS volume mounted. The device (xvda) is partitioned, with xvda2 mounted as root (/), but I have no idea what is on xvda1, or why it exists.

$ lsblk<br>
NAMEMAJ:MIN RM  SIZE RO TYPE MOUNTPOINTM
xvda    202:0    0  600G  0 disk
├─xvda1 202:1    0    1M  0 part
└─xvda2 202:2    0  600G  0 part /

When I attempt to m ...

We use phpldapadmin with Openldap on Debian 9. We use Let's Encrypt certificates on Openldap. Since the expiration of the IdentTrust DST Root CA X3, we experienced a shutdown of our LDAP System. We managed to make it work by updating the certificates and truststores but it seems that phpldapadmin does not work since then. When I try to connect to my admin user, I get :

Error: Could not start TLS. P ...

I'm troubleshooting an issue with a SAS vendor. To be clear, this question isn't "how do I fix it?", nor is it "what exactly is causing this problem?" -- rather, it's "how do these technologies work, such that this combination of symptoms is possible?" I have a support ticket open with the vendor already (and I am less-than-patiently waiting for it to be escalated to someone sufficiently capable). The p ...

I am trying to set up my openvpn network but I have a problem.

My LAN configuration is as follows:

• main router Zyxel 192.168.1.1 acting as gateway (vdsl connection) and access point;
• openwrt router TD-W8970 192.168.1.2 acting as access point and vpn server (10.212.79.1)

What I want to do is to create a VPN network with clients that must send internet requests only through my LAN gateway (192.168.1.1) ...