I hereby claim:
- I am timodjatomika on github.
- I am timo_dwins (https://keybase.io/timo_dwins) on keybase.
- I have a public key ASDtfaDH6-wP3gekhCTF_GwvjXaW7YI2LPihGZfK2Xnl9Qo
To claim this, I am signing this object:
TimoDJatomika TimoDJatomika
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ipsec.conf - strongSwan IPsec configuration file | |
| # basic configuration | |
| # hier stellt man nur das Logformat ein | |
| # es wird in die Datei /var/log/syslog geschrieben | |
| config setup | |
| charondebug="ike 4, knl 4, cfg 4, net 4, esp 4, dmn 4, mgr 4" | |
| # diese Parameter gelten fuer alle "conn" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@strongswan:~# ls -lah /etc/ipsec.d/ | |
| total 44K | |
| drwxr-xr-x 11 root root 4.0K Dec 26 19:48 . | |
| drwxr-xr-x 93 root root 4.0K Dec 26 19:48 .. | |
| drwxr-xr-x 2 root root 4.0K Apr 5 2016 aacerts | |
| drwxr-xr-x 2 root root 4.0K Apr 5 2016 acerts | |
| drwxr-xr-x 2 root root 4.0K Apr 5 2016 cacerts | |
| drwxr-xr-x 2 root root 4.0K Apr 5 2016 certs | |
| drwxr-xr-x 2 root root 4.0K Apr 5 2016 crls | |
| drwxr-xr-x 2 root root 4.0K Apr 5 2016 ocspcerts |
TimoDJatomika
/ output
Created
December 26, 2016 20:15
Output from ls -lah /etc/letsencrypt/live/your-domain/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@strongswan:~# ls -lah /etc/letsencrypt/live/vpn.brainoftimo.com/ | |
| total 8.0K | |
| drwxr-xr-x 2 root root 4.0K Dec 26 20:13 . | |
| drwx------ 3 root root 4.0K Dec 26 20:13 .. | |
| lrwxrwxrwx 1 root root 43 Dec 26 20:13 cert.pem -> ../../archive/vpn.brainoftimo.com/cert1.pem | |
| lrwxrwxrwx 1 root root 44 Dec 26 20:13 chain.pem -> ../../archive/vpn.brainoftimo.com/chain1.pem | |
| lrwxrwxrwx 1 root root 48 Dec 26 20:13 fullchain.pem -> ../../archive/vpn.brainoftimo.com/fullchain1.pem | |
| lrwxrwxrwx 1 root root 46 Dec 26 20:13 privkey.pem -> ../../archive/vpn.brainoftimo.com/privkey1.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@strongswan:~# ipsec statusall | |
| Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-57-generic, x86_64): | |
| uptime: 3 minutes, since Dec 26 20:47:26 2016 | |
| malloc: sbrk 1642496, mmap 0, used 561136, free 1081360 | |
| worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0 | |
| loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp lookip error-notify certexpire led addrblock unity | |
| Virtual IP pools (size/online/offline): | |
| 10.30.30.0/24: 254/0/0 | |
| Listening IP addresses: | |
| 207.154.207.69 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@strongswan:~# dig A vpn.brainoftimo.com | |
| ; <<>> DiG 9.10.3-P4-Ubuntu <<>> A vpn.brainoftimo.com | |
| ;; global options: +cmd | |
| ;; Got answer: | |
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23467 | |
| ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 | |
| ;; OPT PSEUDOSECTION: | |
| ; EDNS: version: 0, flags:; udp: 512 |
TimoDJatomika
/ keybase.md
Created
July 8, 2017 19:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| backend "file" { | |
| path = "/vault/filestorage" | |
| } | |
| listener "tcp" { | |
| address = "0.0.0.0:8200" | |
| tls_disable = "true" | |
| } |
TimoDJatomika
/ consul-backend.hcl
Created
July 9, 2017 13:47
Example: Vault using Consul as Backend
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| backend "consul" { | |
| address = "127.0.0.1:8500" | |
| token = "398073a8-5091-4d9c-871a-bbbeb030d1f6" | |
| path = "vault/" | |
| } | |
| listener "tcp" { | |
| address = "0.0.0.0:8200" | |
| tls_disable = "true" | |
| } |
TimoDJatomika
/ init-server.sh
Last active
December 12, 2018 15:38
Erstellen von drei AWS EC2 Instanzen für den Aufbau eines Hochverfügbaren Vault Clusters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # author: Timo Stankowitz <timo.stankowitz@inf.h-brs.de> | |
| # create date: 2017-11-04 | |
| # last change: 2018-12-12 | |
| # version 5 | |
| # this script creates 3 servers in 3 different AZ's in EU-Central (aka. Frankfurt) | |
| # make sure you have the following variables set in your .bashrc or declare it in this script | |
| # - AWS_ACCESS_KEY_ID |
TimoDJatomika
/ acl-ro-hbrs.hcl
Created
November 7, 2017 22:16
Read Only Access Controll List for HBRS Students
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| path "secret/hbrs/*" { | |
| policy = "read" | |
| } |