https://sleepmap.de/enContents © 2022 <a href="mailto:dave@sleepmap.de">David Runge</a> <a rel="license" href="https://creativecommons.org/licenses/by-nc-sa/4.0/">CC BY-NC-SA 4.0</a>Mon, 12 Dec 2022 10:30:51 GMTNikola (getnikola.com)http://blogs.law.harvard.edu/tech/rsshttps://sleepmap.de/2016/lets-encrypt-it-all/David Runge<div><div class="line-block"> <div class="line">For a couple of months now I have been using <a href="https://letsencrypt.org" target="_blank">Let's Encrypt</a> to generate free and valid certificates for all the services I run.</div> <div class="line">In many places the free <a href="https://en.wikipedia.org/wiki/Certificate_authority" target="_blank">Certificate Authority</a> (short CA) has spread like wild-fire. From small to large scale services, many adopted it and <a href="https://letsencrypt.org/2016/03/08/our-millionth-cert.html" target="_blank">the amount of issued certificates has grown over 1 million in just four months</a>.</div> <div class="line">As a visitor to this website you have probably noticed the small green lock sign next to the address bar. The certificate used for this website is accepted to be valid by your browser (and also by your operating system).</div> <div class="line">If you're up for some background knowledge, just read on. If you're up for some hands-on technical stuff, <a class="reference external" href="https://sleepmap.de/2016/lets-encrypt-it-all/#letsencrypt-howto">jump right on to the howto</a>.</div> <div class="line">Just note: This is a veeeeeeery long article in any case.</div> </div> <p><a href="https://sleepmap.de/2016/lets-encrypt-it-all/">Read more…</a> (16 min remaining to read)</p></div>acmearch linuxcertbotcertificatedovecothidden serviceletsencryptnginxopensslowncloudpostfixprosodyroundcubesecuritysslsystemdtlsvpnhttps://sleepmap.de/2016/lets-encrypt-it-all/Thu, 29 Sep 2016 18:00:00 GMThttps://sleepmap.de/2015/ssh-tunnel-with-single-hop-using-systemd-networkd-and-autossh/David Runge<div><div class="line-block"> <div class="line">Recently I had the pleasure of setting up a <abbr title="Secure Shell">SSH</abbr> tunnel between two virtual machines that share no route and are located in two different subnets.</div> <div class="line">They can however reach each other via SSH, hopping their host.</div> <div class="line">Let's assume the following setup:</div> </div> <ul class="simple"> <li><p><strong>client1</strong> (Arch Linux) has <em>10.0.5.2/24</em></p></li> <li><p><strong>client2</strong> (Arch Linux) has <em>10.0.6.2/24</em></p></li> <li><p><strong>host</strong> (Debian) is <em>10.0.5.1/24</em> to <strong>client1</strong> and <em>10.0.6.1/24</em> to <strong>client2</strong></p></li> </ul> <div class="line-block"> <div class="line">As I needed the two clients to be able to send mail to each other and reach each others' services, I did some digging and opted for a SSH connection using <abbr title="network TUNnel (virtual-network kernel devices)">TUN</abbr> devices (aka. "poor man's <abbr title="Virtual Private Network">VPN</abbr>").</div> <div class="line">The following is needed to set this up:</div> </div> <ul class="simple"> <li><p>root access on both virtual machines (<strong>client1</strong> &amp; <strong>client2</strong>)</p></li> <li><p>a user account on the <strong>host</strong> system</p></li> <li><p>SSH (<a href="http://openssh.com" target="_blank">OpenSSH</a> assumed) installed on all three machines</p></li> </ul> <p><a href="https://sleepmap.de/2015/ssh-tunnel-with-single-hop-using-systemd-networkd-and-autossh/">Read more…</a> (3 min remaining to read)</p></div>arch linuxautosshpostfixsshsystemdsystemd.networkTUNtunnelhttps://sleepmap.de/2015/ssh-tunnel-with-single-hop-using-systemd-networkd-and-autossh/Sun, 01 Feb 2015 18:00:00 GMT