Some time ago I moved from Zähringe Straße to Merzhauser Straße. What a lucky coincidence, that I moved into the appartment of one of the jumpNet participants. Time to change the topology of the jumpNet a bit.
In my last post, I described how to set up a ESK stack (Elasticsearch, syslog-ng, Kibana). I also mentioned that the provided setup is not ideal from a security perspective. In this post I'll show you, how to use nginx as HTTP reverse proxy with HTTP basic auth to protect the Kibana web frontend.
The jumpNet grows, so do the logs. A little tired of grepping and tailing and lessing it came handy that I needed a solution for a customer with similar needs. After doing some research in the internet, I came across the so called ESK stack. Elasticsearch, syslog-ng and Kibana. Sure, I heared about Elasticsearch and Kibana, but till then I thought this is some hipster IT crap and - I never was so wrong. (Yeah, there is some prejudice coming with age and experience...)
As you propably know, the jumpNet has a redundant VPN infrastructure and is using OSPF. To improve the network design futher, I investigated the possibility of equal-cost multi-pathing. Doing so I needed to tackle a little with the stateful firewall.
I just configured some IPSec tunnels to connect the management network to our company's local network and stumbled over a well known problem: I can ping hosts "behind" the router doing IPSec, but I cannot ping the router itself. Read why and how to circumvent this issue.