Hop Counts featured image

1&1 DSL Routing: Hop Counts unterschiedlich

Seit über einem Jahr zeichne ich die Anzahl der Hops von einer Reihe DSL-Anschlüssen auf (siehe hier). Mein Monitoring-Server läuft dabei hinter einem statischen Anschluss der Telekom, während die privaten Internetanschlüsse von diversen Anbietern (1&1, Kabel Deutschland, Telekom) kommen. Nun habe ich leider nicht im Detail die Ahnung davon, wie diese Anbieter ihren Traffic routen, zumindest scheint aber 1&1 irgendetwas Komisches bei sich verbaut zu haben, da sehr oft nach der nächtlichen Zwangstrennung ein deutlicher Unterschied in der Anzahl der Hops zu sehen ist.

Continue reading 1&1 DSL Routing: Hop Counts unterschiedlich

FortiGate Policy Route featured image

Policy Routing on a FortiGate Firewall

This is a small example on how to configure policy routes (also known as policy-based forwarding or policy-based routing) on a Fortinet firewall, which is really simple at all. Only one single configuration page and you’re done. 😉

Continue reading Policy Routing on a FortiGate Firewall

S2S VPN FortiGate - FritzBox

IPsec Site-to-Site VPN FortiGate <-> FRITZ!Box

Hier kommt ein kurzer Guide wie man ein Site-to-Site VPN zwischen einer FortiGate Firewall und einer AVM FRITZ!Box aufbaut. Anhand von Screenshots zeige ich die Einrichtung der FortiGate, während ich für die FRITZ!Box ein Template der *.cfg Konfigurationsdatei bereitstelle.

Continue reading IPsec Site-to-Site VPN FortiGate < -> FRITZ!Box

ownCloud2

Yet another ownCloud Installation Guide

If you want to use you own ownCloud installation, you can find several documentation on the Internet on how to set up this server, e.g. the official ownCloud documentation, or installation guides such as this or that or here. But none of these page alone provided enough information for installing a secure server completely from the beginning.

So here comes my step-by-step guide which surely won’t be complete, too. 😉 However, hopefully it will help other people while searching for their way to install ownCloud. Additionally I am showing how to upgrade an ownCloud server.

Continue reading Yet another ownCloud Installation Guide

ntopng featured image

Out of the Box Network Analyzer “ntopng”

Some time ago I installed a new firewall at the customer’s site. Meanwhile the customer was interested in the flows that are traversing through the firewall right now. Oh. Good question. Of course it is easy to filter through log messages of firewalls, but theses logs are only for finished sessions. Yes, there are “session browsers” or the like on all firewalls, but they are not nice and handy to analyze the sessions in realtime.

The solution was to bring a network analyzer on a mirror port near to the firewall. I decided to use ntopng running on the live Linux distribution Knoppix. Great choice! An old notebook with two network adapters fits perfectly. A handful commands and you’re done:

Continue reading Out of the Box Network Analyzer “ntopng”

F5 Single DH use

F5 SSL Profile: “Single DH use” not working?

In the paper of the Logjam attack, a sentence about the F5 load balancers confused me a bit: “The F5 BIG-IP load balancers and hardware TLS frontends will reuse g^{b} unless the “Single DH” option is checked.” This sounds like “it does NOT use a fresh/ephemeral diffie-hellman key for new connections”. I always believed, that when a cipher suite with EDH/DHE is chosen, the diffie-hellman key exchange always generates a new b for computing g^{b}. Hm.

Therefore, I tested this “Single DH use” option on my lab F5 unit, in order to find out whether the same public key (as noted in Wireshark) is used for more than one session.

Continue reading F5 SSL Profile: “Single DH use” not working?

PPP Featured Image

Telekom Dual-Stack Verbindungsaufbau

Bis neulich hatte ich einen normalen DSL-Anschluss von 1&1: Per PPPoE eingewählt und eine IPv4-Adresse bekommen – fertig. Das kann neben der FRITZ!Box natürlich auch jeder vernünftige Router oder Firewall.

Jetzt habe ich endlich einen richtigen Dual-Stack (IPv4 und IPv6) Anschluss der Telekom (Glasfaser “MagentaZuhause M” ohne Fernsehen, siehe hier). Juchu! 😉 Bevor ich jedoch den mitgelieferten Speedport durch diverse andere Testgeräte ersetze, wollte ich mal vernünftig mitschneiden, welche Protokolle denn bei einem Verbindungsaufbau genau eingesetzt werden. Vor allem die Prefix Delegation über DHCPv6 interessierte mich…

Continue reading Telekom Dual-Stack Verbindungsaufbau

jw-nb10.cfg-192.168.120.10-cpu-ys-l2

BOINC Load depends on Processor Type

I am running two old notebooks in my laboratory for several server purposes. Last year, I started to support the World Community Grid project with the idle times on these laptops. Nothing interesting so far. However, it is interesting to track the load of the CPUs since they vary on both laptops due to the projects that require different CPU types.

Continue reading BOINC Load depends on Processor Type

Basic IPv6 Messages - Featured Image

Basic IPv6 Messages: Wireshark Capture

When explaining IPv6 I am always showing a few Wireshark screenshots to give a feeling on how IPv6 looks like. Basically the stateless autoconfiguration feature (SLAAC), DHCPv6, Neighbor Discovery, and a simple ping should be seen/understood by any network administrator before using the new protocol.

Therefore I captured the basic IPv6 autoconfiguration with a Knoppix Linux behind a Telekom Speedport router (German ISP, dual-stack) and publish this capture file here. I am using this capture to explain the basic IPv6 features.

Continue reading Basic IPv6 Messages: Wireshark Capture

Ping DSL vs. Glasfaser featured image

Ping Times/Latency: DSL vs. Glasfaser, IPv4 vs. IPv6

Seit wenigen Tagen bin ich glücklicher Kunde eines Telekom Glasfaseranschlusses. Mit satten 50/10 MBit/s rasen die Daten bei mir ein und aus. Neben der deutlich höheren Geschwindigkeit war ich aber auch an den Latenzen der beiden Anschlüsse interessiert und habe entsprechende Tests gemacht. Hier kommen die Ergebnisse.

Continue reading Ping Times/Latency: DSL vs. Glasfaser, IPv4 vs. IPv6