black hole, somewhere in the internet, swallowing UDP packets

UDP packets sent from specific source port, with public source IP address do not reach specific destination port of the public destination IP address. changing any of the parameters [ usually source port ] – fixes the issue. i’ve observed this phenomenon multiple times for long-running OpenVPN and Wireguard VPNs encapsulating encrypted traffic in UDP ... Read More

openvpn – “OpenSSL: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small” after upgrade to Debina Buster

another thing to adjust after upgrade to Buster. on openvpn endpoint that in it’s config – /etc/openvpn/whatever.conf – had: dh dh1024.pem the vpn service did not start. tail -f /var/log/syslog showed: apparently the new version of openssl no longer accepts 1024 Diffie Hellman group. solution: and change in /etc/openvpn/whatever.conf – from dh dh1024.pem to dh ... Read More

bridging lan segments across untrusted links

we’ve run out of the office space in one of the locations. in short term it was not possible to find a suitable and large enough place to rent so we had to split and relocate some of the staff to another building few kilometers away. it’s possible that we’ll shuffle people and servers between ... Read More

openvpn point-to-point server listening both on v4 and v6

at work i have openvpn between OVH dedicated server and our datacenter. due to varying bandwidth we sometimes use udp over ipv6 and sometimes over ipv4 as an encapsulation method. whenever we did the switch we always had to reconfigure both ends of the tunnel. it turns out that with recent openvpns and kernels it’s ... Read More