Then we are going to deploy basic firewall rules to block all inbound and outbound traffic except the following: I’ll leave that one for a further analysis down the road. Put in to place basic firewall rulesįirst things first, we’re going to ditch firewalld because it’s tragic and terrible. You can verify forward is enabled by doing cat /proc/sys/net/ipv4/ip_forward which should return 1 if its enabled. Save the file, then run sysctl -p to load the changes. Enable IPv4 ForwardingĮdit /etc/nf and add the following lines
#Viscosity vpn google authenticator password
Since we’re on CentOS make sure to change UsePAM no to UsePAM yes in the configuration otherwise the SSH server will complain because of Red Hat customizations.īy default my SSH config requires a public key + password to login to the system via SSH and does not allow root SSH logins. Afterwards restart the SSH server with systemctl restart sshd. Grab my hardened SSH config and adapt it to your purposes. Useradd -U -G wheel -m -s /bin/zsh tristor 2. But this is optional and you are welcome to use /bin/bash instead. I use ZSH, so its the first thing I install. In this case, the focus is on using separate instances in DigitalOcean for each service to provide separation and ensuring strong access controls. I’ll skip over quite a bit here although I’ve written on the topic of server security some before.
If I get around to writing the rest of it, I’ll cover setting up Viscosity in Part 3 of my OS X Set Up Guide. On iOS I recommend OpenVPN Connect which is the official iOS client for OpenVPN.
On OS X I recommend using Viscosity ($9) or Tunnelblick (FREE). Of course to connect you need a VPN client. That second point is why we’re going to set up our own VPN server rather than using some random VPN service. The downside of course is that there’s some overhead which makes your connection somewhat slower and that you have to trust the server on the other side. What this means is nobody locally can snoop your traffic and you can appear logically on the Internet to come from anywhere you can get a VPN. All the traffic that would typically go to the Internet gets redirected down this tunnel and reaches the Internet from the other side, as if it was originating on the server rather than on your computer or your phone. What does a VPN do?Ī VPN, simply put, creates an encrypted tunnel between your computer (or phone) and the VPN server. To do this, I’m using a droplet from DigitalOcean that’s just $5/mo and doesn’t have to be shared with anyone else (from an IP/network perspective anyway). As part of my overall stance on privacy, it’s essential I take steps to secure my communication while traveling, the primary of which is using a VPN for basically everything on both my laptop and my phone. During that time I’ll likely be making use of numerous public Wi-Fi access points, not to mention whatever dodgy cellular providers are available in each location I travel to. Pretty soon I am about to leave on a trip for a year.
0 kommentar(er)
