19.10.14

L2TP over IPsec on Cisco IOS

Written in the mid-afternoon in English • Tags: , , , , ,

I wanted to use the OS X VPN client to connect to my home network while on the road. I guess using an OS X server would be the easiest way to get a Mac-compatible VPN server up and running. Using a Cisco running IOS required quite a few lines of configuration.

The OS X VPN client provides terrible feedback. It will happily tell you that there was “no response from the VPN server” when in reality the server responds with a rejection of all the ISAKMP or IPsec transforms proposed by the client. Fortunately both the Cisco debugging messages and verbose output from tcpdump were quite helpful.

In about 3 hours I got it all working, including routing with other VRFs and DMVPN sites. (more…)

»
I was blaming the hotel Wi-Fi for FaceTime getting stuck on “Connecting” and never completing calls. Now I’m guessing FaceTime just doesn’t handle changing phone numbers gracefully. It is the only “change” I can think of that has happened recently. Curiously I’ve only had trouble on iOS. Turning FaceTime off and back on (in Settings > FaceTime) fixed it for me.
»
Helpota ikkunanpesua: pese enimmät liat ensin pois talouspaperilla. (jatkuu…)
»
Nginx version 1.6.2 is now available in pkgsrc as www/nginx. Addresses an SSL session reuse vulnerability (CVE-2014-3616). Enjoy!

17.9.14

SHA-256 SSL certificates

Written late in the morning in English • Tags: , , ,

The technical details of an SSL certificate are up to the issuing CA, which is understandable. I was still surprised when my SHA-256 CSR resulted in a SHA-1 certificate back in April, when reissuing it due to heartbleed. But I didn’t pursue it at the time.

Now that Google announced sunsetting SHA-1-signed certificates by the end of the year, the issue became more pressing. Fortunately instructions for reissuing GeoTrust-based certificates — such as the RapidSSLonline ones — were already available. (more…)

»
Net::INET6Glue version 0.6.2 is now available in pkgsrc as net/p5-Net-INET6Glue. Patched to avoid warnings with the default Perl version 5.20. Enjoy!
»
WordPress 4.0 “Benny” is out!
»
Moving a photo library to a new computer is easy with Picasa. It even does the right thing with the folder naming in Windows 7 vs. Vista (“Pictures” vs. “My Pictures”).
»
MSXML 4 is EOL. Fortunately Alton Blom has perfect instructions for removing it. (more…) (2)
»
GNU Screen version 4.2.1 is now available in pkgsrc as misc/screen. Enjoy! (2)

Copyright © 2014–2026 Kimmo Suominen. All rights reserved.