Your browser (Internet Explorer 6) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.
X

Archive for May, 2012

Aside

Embedding Certificates into OpenVPN Config

I found out a very cool configuration trick for OpenVPN while doing some read-up on OpenVPN encryption key size.

In the middle of the thread, one of the user, “300000”, posted his/her configuration settings.
The part that caught my eye was the chunk of Base64 encoded certs.

I never knew you could embed the certs directly into the config file!

All these while I’ve been using the respective keywords to define the path to the individual cert files. This have made the distribution of configuration to each user quite a pain, since in addition to the config file, I have to send them the cert and key files and also to instruct them on where to put the individual files.

Now, I can just pass them a single .ovpn file and tell them where to place it and they are good to go. No more additional steps like telling them to download the cert files and placing them in a specific directory.

To embed the certs, simply place the Base64 encoded cert text into the respective <ca> </ca>, <cert> </cert> and <key> </key> tags in your .ovpn config file and comment out the “ca”, “cert” and “key” keywords.

client
remote my-server 1194
proto udp
dev tun
persist-key
persist-tun
resolv-retry infinite
nobind
#ca ca.crt
#cert client.crt
#key client.key
comp-lzo
verb 3
<ca>
-----BEGIN CERTIFICATE-----
***Paste CA Cert Text Here***

-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
***Paste Your Cert Text Here***

-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
***Paste Your Cert Private Key Here***

-----END PRIVATE KEY-----
</key>

There, simple.

Image

Brace Yourselves, (by-)Election is Coming

Brace Yourselves, (by-)Election is Coming

Aside

Why we can’t have nice things

Brainfart.SG was taken down for almost a month since last April, due to my VPS being exploited. The reason I believe is due to a misconfiguration of the webserver.

Somebody managed to install a backdoor in the VPS and then installed a script to launch a DoS attack.
My VPS was only suspended at first, but after recovering my VPS, it was again compromised to launch DoS attack. Which resulted in me being banned from BuyVM.

Since then, I have moved to Virpus and have spent a considerable effort to harden the VPS.
I’ve installed APF, rkhunter, ZB Block, among other things. And not to mention closing the security hole for nginx + PHP.
Looks like I’ll have to be on an active lookout for vulnerabilities and also solutions…

It seems like in a perfect world, you can leave your doors unlock at night and you also need not worry about your webserver much. But since we live in a imperfect world, we’ll have to lock up our doors, harden our webservers, deploy SSL for our web connections, etc.

And this is why we can’t have nice things.