IPsec – My LAN, Your LAN, Our LAN

For about a year I have wanted to get an IPsec tunnel between me and my parent’s.  This will allow me to drop a server there and store offsite information.  More importantly, it helps me troubleshoot their issues.  Multi-vendor IPsec never is easy, given IPsec is a standard it will always work.  I’ve been slowly learning Ubiquiti’s EdgeOS (Vyatta).  The command structure is very similar to Juniper’s JunOS.  Given that I’m not 100% familiar with EdgeOS, I’ve been using templates and code snippets from across the internet.  Like any, one cannot simply copy/paste.  These generic rule’s might not be efficient in everyone’s case.  I have modified my install heavily.  For example, I use WA8LIV.com as one of the host’s.  On consumer grade internet, my IP address could change.  Dynamic DNS updates and the tunnel fixes itself.  My parent’s are also now using Dynamic DNS.

Continue reading

Establishing a DMZ

I have now completed my DMZ!  In adding a real firewall to my network, I wanted to take the opportunity to create a proper DMZ.

What is a DMZ?

DMZ stands for Demilitarized Zone.  A DMZ is an area of your network that is semi-trusted because it is accessible from the public internet using specific white listed or allowed ports.  It’s semi trusted because of this access and the sheer fact that it is accessed by people daily.  Typically, and in this setup, a DMZ can be accessed from your LAN or using Jump Servers.  Hosts on the DMZ cannot access the LAN as connections must be established from the LAN side or white listed ports. Continue reading