This article will illustrate the rationale behind deploying a user selected (and specifically a Cisco) router, notwithstanding cost and complexity, in a home/small office environment. Many people will rely on the ISP provided router to connect to the Internet. This router is often included in the price of the connection, ISP maintained and often when/if it breaks is replaced for free by the ISP.
Given all the advantages, why would you be willing to spend a substantial amount of money to buy a router and why would you decide to buy a complex, expensive (compared to other “consumer grade”) routers? (more…)
The EZVPN configuration used in the previous article forwards all incoming traffic on the VPN inside interface out to the VPN tunnel. This might be less than ideal, but discussing with Cisco TAC I found out that there is no way around it. In this article I will show how to use a second router to avoid this (more…)
This post is part of the VPN series and it will show how to connect a Cisco IOS device using the EZVPN feature to a Witopia IPSEC gateway
When I left the States it was difficult to make do without accessing a series of services that had been available while connected to the Internet there. When you wish to use those services with a computer the solution is simple: load a VPN client and connect.Doing it with a Wii or an Apple TV is a bit more complex: (more…)
This post is part of the VPN series and I will illustrate the parameters you might want to keep in mind when choosing a VPN provider.
The first thing I did when choosing my VPN provider was to jot down what I was planning to do with it in term of (more…)
In this series of posts I will show how to use IPSEC technology and VPN to secure data when roaming in public access hotspots with your mobile devices and then how to implement your own VPN server or connect your home network so some traffic will be forwarded to the VPN and the rest will be forwarded through your ISP network. This post will introduce the VPN basic concepts.
Protecting your data with VPN technology
A few days ago I went with my son to a 5 team water-polo tournament (by the way his team won all 4 of their matches :-)) and at the swimming pool there was an open hotspot, no password no security. (more…)
In this post which is part of the series on how to import YubiRadius, a Free Radius appliance implementing OTP validation, into Xen Open source Hypervisor, we will finally create the .cfg file needed by the Hypervisor to create the virtual machine and boot it
As we saw earlier most of the work is already been done by the Xen.tools, which would already have created the cfg file (more…)
In this post which is part of the series on how to import YubiRadius, a Free Radius appliance implementing OTP validation, into Xen Open source Hypervisor, we will extract the files from the VMware image and build a .tar file to eventually unpack it in a DomU .img
Yubico distributes its YubiRadius appliance in 2 formats: OVF and VMware. I was able to extract the appliance (more…)
This post is part of a series of posts on how to import YubiRadius, a Free Radius appliance implementing OTP validation, into Xen Open source Hypervisor.
This first step in our quest to build our authentication server, actually has little to to with YubiRadius but a lot with running a para-virtual guest domain. We will then use the resulting (more…)
This post introduces a series of posts on how to import YubiRadius, a Free Radius appliance implementing OTP validation, into Xen Open source Hypervisor.
Yubico makes available a preconfigured appliance called YubiRadius that allows Authentication and Authorization using their Yubi Key token and implements the Radius protocol (which can be used by other devices to exchange AAA information).
This appliance is based on FreeRadius, Apache, Open LDAP and runs on a Debian Squeeze distribution.
The appliance (more…)
This post set the foundation concepts for strong authentication methods for their perspective implementation through the conversion of YubiRadius, a VMware appliance based on Free Radius end implementing OTP validation, into Xen Open source Hypervisor.
Do we need strong authentication?
Bottom Line Up Front (more…)