Category: Security
-
Secure access OpenWRT
For openwrt devices exposed directly to the internet such as in a DMZ and need to have ssh access without compromising too much, we will have to follow these steps to achieve some basic security. Internet traffic is very much infested with bots trying to brute force into systems so this is a small but…
-
Wireguard
Using WireGuard on Debian involves several steps, including installing the WireGuard package, configuring the interface, and setting up the necessary keys. Here’s a basic guide to help you set up WireGuard on Debian using the command line: Install WireGuard: Update the package list and install wireguard: Generate WireGuard Keys: Generate a private and public key…
-
Haproxy.cfg configuration for acme challenge – openwrt
Updated configuration file for haproxy in openwrt. The acme-challenge was improved by having dedicated acls for each webserver containing a list of their own domains to redirect certbot traffic to another dedicated backend where those domains get their ssl certificates. Normal https traffic is redirected to individual backends. Explanation of Configuration:
-
sshuttle – Transparent proxy server for VPN over SSH
To create a hassle-free vpn connection to a remote server you need to expose port 22 in the target device. In these examples It is assumed that the remote server is either your edge device, directly connected to an edge device (like a main router) and in a DMZ or or receiving forwarded ssh traffic…
-
haproxy – Reverse proxy ssl pass-through (OSI 4) – OpenWRT
Useful haproxy.cfg file for your reverse proxy needs with some added security. In frontend stats you need to change the default username:password to securely access (locally) the statistics webui at port 9000 or any other port you choose. This configuration is great if you have multiple domains behind a router and was built for openwrt…