Import certificate for Firepower Remote Access VPN

This guide uses a DigiCert certificate, but any certificate bundle would work.

The easiest way to do this is using a PKCS12 file. The certificate CSR, key, and PFX file are generated in Linux. Save settings as needed.

First we need to create a CSR to use with Digicert to issue our certificate in Linux. The following command will generate two files, domain.key and domain.csr. Use the contents of domain.csr to generate the certificate in Digicert.

openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr

Download the certificate file from Digicert using the “A single .pem file containing all certs”. Use the following command to generate a PKCS12 bundle. domain.pem is the certificate file you downloaded from Digicert. domain.pfx is the file you will import to the Firepower FMC. domain.key is generated using the first command.

openssl pkcs12 -export -out domain.pfx -inkey domain.key -in domain.pem

Navigate to Objects → PKI → Cert Enrollment → Add Cert Enrollment

Choose PKCS12 file in the Enrollment Type dropdown. Select domain.pfx and click Save.

Navigate to Devices → Certificates → Add

Select your target device and enrollment that you created in the previous steps and click Add.

Navigate to Devices → VPN → Remote Access and edit your target device.

Click on the Access Interfaces tab.

In SSL Global Identity Certificate and IKEv2 Identity Certificate, select the Enrollment Cert you created in the previous steps.

Save and deploy.

· 2021/10/26 09:01 · 2021/10/26 09:24

Enable Melanox Connect X support in OPNsense

Support for Mellanox Connect-X NICs aren't enabled on OPNsense by default.

The following line has to be added to /boot/loader.conf.local.

mlx4en_load="YES"

However this did not work for me and I had to add this from the web interface, System → Settings → Tunables.

· 2021/08/05 18:22 · 2021/08/05 18:26

Install telnet, ftp on MacOS

telnet and ftp have been removed from Mac. While people shouldn't be using insecure versions of these protocols, I use telnet often to diagnose connections issues. The solution to this is to install inetutils.

You can install inetutils using Homebrew or MacPorts, but I prefer compiling from source. It is more straight-forward and does not require installing additional packages.

Download and Extract

First off, dowload your preferred version of inetutils from https://ftp.gnu.org/gnu/inetutils/.

curl https://ftp.gnu.org/gnu/inetutils/inetutils-1.4.0.tar.gz -o inetutils-1.4.0.tar.gz
tar xzvf inetutils-1.4.0.tar.gz

Compile and Install

cd inetutils-1.4.0
./configure
make
sudo make install

Profit!

inetutils should now be installed!

· 2021/07/05 17:27 · 2021/08/05 18:35

Install Apache, FreeRadius, daloRADIUS, and MariaDB on Ubuntu 20.04

This quick guide assumes you are root or using sudo on a fresh install of Ubuntu Server 20.04.

Install apache2, MariaDB, and PHP

Install Apache

apt install apache2

Install PHP

sudo apt install php libapache2-mod-php php-{gd,common,mail,mail-mime,mysql,pear,db,mbstring,xml,curl}

Install MariaDB

apt install mariadb-server mysql_secure_installation

Install FreeRADIUS w/ MariaDB

Install FreeRADIUS

apt install freeradius freeradius-mysql freeradius-utils systemctl enable –now freeradius

Use MariaDB with FreeRADIUS

Login to MariaDB with the password you just created (Remember to replace password with your own password.

mysql -u root -p

Create database and database user

MariaDB [(none)]> CREATE DATABASE radius; MariaDB [(none)]> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY “password”; MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> quit

Import FreeRADIUS schema into MariaDB

mysql -u root -p radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql

Link to the SQL module

ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/

Edit the FreeRADIUS config file at /etc/freeradius/3.0/mods-enabled/sql

  • Change dialect = “sqlite” to dialect = “mysql”.
  • Comment out driver = “rlm_sql_null” and uncomment driver = “rlm_sql_${dialect}”
  • Comment out the entire tls section. We will not be using TLS here.
  • Uncomment the Connection info: section and fill out the database details using the values you created previously.
  • Uncomment read_clients = yes.

Fix file ownership

chgrp -h freerad /etc/freeradius/3.0/mods-available/sql chown -R freerad:freerad /etc/freeradius/3.0/mods-enabled/sql

Restart FreeRADIUS

systemctl restart freeradius.service

*this is unfinished*

Mount Windows Share On Boot in Ubuntu 20.04

These steps assume you are root or using sudo.

Install cifs-utils

apt install install cifs-utils

Save your credentials in /root

Create /root/.smbcredentials with the following contents …

username=username
password=password

Change username and password to your username and password.

Add fstab entry to mount on boot

Edit /etc/fstab and add the following line to the end.

//192.168.1.111/software /mnt/clyde cifs vers=3.0,credentials=/root/.smbcredentials

192.168.1.111 should be changed to your host and software should be changed to your share. /mnt/clyde is the location where the remote share is mounted. This folder must already be created.

Make sure networking is started before mounting

systemctl enable systemd-networkd-wait-online

Restart

· 2021/05/18 05:18 · 2021/05/18 11:54

Older entries >>