Search results

See if you can use sshuttle's -x option for each subnet routed by your work vpn. The manpage for sshuttle seems to indicate it isn't very bright about what to proxy and what to pass through. You can get a list of subnets added by your work vpn by checking /sbin/ip route show before and after...

Here's a quotation from the referenced slide: Emphasis mine. Yes, they can decrypt the data, but it still costs processing time and it is probably not realtime. Worried? Use bigger SSL keys for authentication and stronger encryption. I'm sure 2048 bit RSA keys from a private CA and AES256 +...

Probably the same as mine: Manufacturer: Intel Corporation Product Name: DH61AG Version: AAG23736-503 No IPMI on there, unfortunately.

Your offer is tempting. ... :)

(edit: That algorithm is also known as PBKDF2 using HMAC-SHA512 as the PRF and password of salt||password. You got me with "using hashing for passwords" when you meant "using only hashing". And some days I lack the terminology to understand what is said.) On topic, it sucks that OVH was...

This guide I got from google looks right from what I remember: http://www.howtogeek.com/51237/setting-up-a-vpn-pptp-server-on-debian/ Then use the forwarding rules from buyvm's GRE article (or from anywhere, really) and you should be pretty set...

Check your VM's RDNS. I believe that is how debian guesses.

I would appreciate more than a window of 48 hours to renumber my VMs. This is what I suggest for a transition strategy: 1. All current ipv6 allocations are marked legacy. If a user clicks disable in S2, notify them that if they do this, the IP will be deallocated and a new one assigned. 2. Set...

I would recommend either @'s method, which is very common for distribution packages or a script that reads options (with defaults) from the user at runtime in bash or sh, or if your software requires another script interpreter to run, optionally that scripting language. Rarely will I see or use...

In no particular order a vote for each of: ramnode, buyvm. I'd like to vote for anynode, but I haven't been with them long enough to be sure nor have they been around long enough. The rest of my VMs do not count as low-end or are just for toying around.

Cloudflare bot-control makes posting code really annoying. I eventually gave up on it.

Since I'm not using strong/open/freeswan, I'd have to roll my own to do that which is probably the route I will take. Thanks for the input.

Sorry I'm late getting back to you. I would just use similar forward rules to ipv6, except no nat.  So just pass everything through to known good IPs on your VPN and drop the rest, and from VPN to internet, passall. Roughly: ip6tables -X ip6tables -N goodvpnipv6 ip6tables -A FORWARD -i tun0...

ftfy. Ideally it would be using 1x bw + a bit of change. I've found for small installs, using nginx proxy_cache or fastcgi_cache is less of a pain to set up than varnish for similar performance, though vcl is a lot more expressive than nginx's own config language.

/etc/sudoers: %otpw ALL= (root) NOPASSWD: /usr/local/bin/otpw-gen.sh /usr/local/bin/otpw-gen.sh #!/bin/bash #set -x set -o nounset OTPWOPTS="-h 6 -w 79" OTPWGROUP=otpw RMONABORT=1 umask 0037 if [ "$(id -u)" != "0" ]; then   echo "This script must be run from sudo" 1>&2   exit 1 fi if [...

I have an rtl2832u based device (ezcap dvb-t) and a usrp1, which I got for more bw. The rtl2832u has a theoretical bw of ~2.8 MHz but I've found the useable bw to be more like 1.5-1.8 and I wanted 6+MHz for TV OTA decoding (never got this to work right). They're both fully supported by gnuradio...

Oh shi---- *tw covers his naughty bits*

function weaver_admin_header_style() { <- close brace? if (!function_exists("b_call")) { <- same?

I have near on two dozen ipsec endpoints that are pretty much interconnected n-way with some exceptions. I have a file on each endpoint that has IP pairs, local &amp; remote, from which a script generates an /etc/ipsec-tools.conf and /etc/racoon/racoon.conf using templates when those services...

I'm a fan of adding ulimit -v 192000 to /etc/default/varnish on pre-physpages (2.6.18 series) kernels. This will cause varnishd to shut down its child and restart it when it starts using too much virtual memory, preventing your other processes from getting an out-of-memory error. Not needed in...