VPN – Why? What? How?

In this series of posts I will show how to use IPSEC technology and VPN to secure data when roaming in public access hotspots with your mobile devices and then how to implement your own VPN server or connect your home network so some traffic will be forwarded to the VPN and the rest will be forwarded through your ISP network. This post will introduce the VPN basic concepts.

Protecting your data with VPN technology

A few days ago I went with my son to a 5 team water-polo tournament (by the way his team won all 4 of their matches :-)) and at the swimming pool there was an open hotspot, no password no security. (more…)

Your Data in a Connected World

In this post I will lay the ground explaining the need to deploy VPN and some considerations about the so-called cloud services and implies trusting them with your data

Data Transport Issues

We expect our data to be always available wherever we are. Most of the time data is not physically on our device: it will have to transit across a network connecting our device (more…)

Create cfg file for your YubiRadius DomU

In this post which is part of the series on how to import YubiRadius, a Free Radius appliance implementing OTP validation, into Xen Open source Hypervisor, we will finally create the .cfg file needed by the Hypervisor to create the virtual machine and boot it

As we saw earlier most of the work is already been done by the Xen.tools, which would already have created the cfg file (more…)

Modify Yubiradius image to boot in Xen

In this post which is part of the series on how to import YubiRadius, a Free Radius appliance implementing OTP validation, into Xen Open source Hypervisor, we will modify the image we have built in order to have all the bits and pieces to correctly boot under Xen Hypervisor environment as a paravirtual domain
The image we created in the previous post would not boot as a Xen paravirtual host, but it would (eventually) boot in a fully virtualized domain. It would be extremely inefficient (more…)

Build the Xen usable .img file

In this post which is part of the series on how to import YubiRadius, a Free Radius appliance implementing OTP validation, into Xen Open source Hypervisor, we will build an .img file containing a filesystem, mount it and then copy the Virtual Appliance files into it
The first step consist in creating a file of the proper size with

dd if=/dev/zero of=/workdir/empty.img bs=516096c count=#cyl

This statement sets (more…)

Extract YubiRadius from VMware image

In this post which is part of the series on how to import YubiRadius, a Free Radius appliance implementing OTP validation, into Xen Open source Hypervisor, we will extract the files from the VMware image and build a .tar file to eventually unpack it in a DomU .img

Yubico distributes its YubiRadius appliance in 2 formats: OVF and VMware. I was able to extract the appliance (more…)

Building a functional DomU with XEN

This post is part of a series of posts on how to import YubiRadius, a Free Radius appliance implementing OTP validation, into Xen Open source Hypervisor.
This first step in our quest to build our authentication server, actually has little to to with YubiRadius but a lot with running a para-virtual guest domain. We will then use the resulting (more…)

HOWTO Convert YubiRadius for Xen

This post introduces a series of posts on how to import YubiRadius, a Free Radius appliance implementing OTP validation, into Xen Open source Hypervisor.

Introduction

Yubico makes available a preconfigured appliance called YubiRadius that allows Authentication and Authorization using their Yubi Key token and implements the Radius protocol (which can be used by other devices to exchange AAA information).

This appliance is based on FreeRadius, Apache, Open LDAP and runs on a Debian Squeeze distribution.
The appliance (more…)

Authentication and One Time Password

This post set the foundation concepts for strong authentication methods for their perspective implementation through the conversion of YubiRadius, a VMware appliance based on Free Radius end implementing OTP validation, into Xen Open source Hypervisor.

Do we need strong authentication?

Bottom Line Up Front (more…)