Over time, jumpNet's VPN servers became bottleknecks regarding bandwidth. Currently, the best VPN server in jumpNet offers 20MBit/s upstream, which is okay but not sufficient for large file transfers like backups. In this article, I describe how to build a L2TP/IPSec VPN server with OSPF rotuing capability.
jumpNet is fine - no question. But it's small and some how I got used to it. There is little new to discover (maybe I'm going to realize a point-to-point radio link this summer, but that's another story) and so I decided to follow up an old plan: Connecting the jumpNet to dn42.
Some time ago I moved from Zähringe Straße to Merzhauser Straße. What a lucky coincidence, that I moved into the appartment of one of the jumpNet participants. Time to change the topology of the jumpNet a bit.
In my last post, I described how to set up a ESK stack (Elasticsearch, syslog-ng, Kibana). I also mentioned that the provided setup is not ideal from a security perspective. In this post I'll show you, how to use nginx as HTTP reverse proxy with HTTP basic auth to protect the Kibana web frontend.
The jumpNet grows, so do the logs. A little tired of grepping and tailing and lessing it came handy that I needed a solution for a customer with similar needs. After doing some research in the internet, I came across the so called ESK stack. Elasticsearch, syslog-ng and Kibana. Sure, I heared about Elasticsearch and Kibana, but till then I thought this is some hipster IT crap and - I never was so wrong. (Yeah, there is some prejudice coming with age and experience...)
As you propably know, the jumpNet has a redundant VPN infrastructure and is using OSPF. To improve the network design futher, I investigated the possibility of equal-cost multi-pathing. Doing so I needed to tackle a little with the stateful firewall.