Over time, jumpNet's VPN servers became bottleknecks regarding bandwidth. Currently, the best VPN server in jumpNet offers 20MBit/s upstream, which is okay but not sufficient for large file transfers like backups. In this article, I describe how to build a L2TP/IPSec VPN server with OSPF rotuing capability.
jumpNet is fine - no question. But it's small and some how I got used to it. There is little new to discover (maybe I'm going to realize a point-to-point radio link this summer, but that's another story) and so I decided to follow up an old plan: Connecting the jumpNet to dn42.
Some time ago I moved from Zähringe Straße to Merzhauser Straße. What a lucky coincidence, that I moved into the appartment of one of the jumpNet participants. Time to change the topology of the jumpNet a bit.
The jumpNet grows, so do the logs. A little tired of grepping and tailing and lessing it came handy that I needed a solution for a customer with similar needs. After doing some research in the internet, I came across the so called ESK stack. Elasticsearch, syslog-ng and Kibana. Sure, I heared about Elasticsearch and Kibana, but till then I thought this is some hipster IT crap and - I never was so wrong. (Yeah, there is some prejudice coming with age and experience...)
As you propably know, the jumpNet has a redundant VPN infrastructure and is using OSPF. To improve the network design futher, I investigated the possibility of equal-cost multi-pathing. Doing so I needed to tackle a little with the stateful firewall.
I just configured some IPSec tunnels to connect the management network to our company's local network and stumbled over a well known problem: I can ping hosts "behind" the router doing IPSec, but I cannot ping the router itself. Read why and how to circumvent this issue.