Category Archives: Networking

OpenVPN: Let’s Encrypt DNS verification on AWS Route53 and OpenVPN Access Server SSL certificate auto update
0 (0)

24 May 2019

In addition to the OpenVPN: SSL and hostname configuration post about OpenVPN Access Server, set up and configuration. So, three months passed and it’s time to renew Let’s Encrypt SSL certificate (see. Prometheus: Alertmanager и blackbox-exporter — проверка срока действия SSL и нотификация в Slack, Rus). I could use a well-know for me scheme with… Read More »

Loading

AWS: VPC peering DNS resolution and DNS settings for OpenVPN Access Server
0 (0)

17 May 2019

We have a VPC with OpenVPN Access Server running. This VPC is connected with other VPCs in our AWS account. The issue is that currently when a user is connected to VPN for the DNS resolution into EC2 instances private IPswe are using dnsmasq service on the VPN-host which has a /etc/dnsmasq.hosts file where are manually… Read More »

Loading

Redis: Sentinel – bind 0.0.0.0, the localhost issue and the announce-ip option
0 (0)

10 April 2019

Originally, in a Sentinel’s configs, I have used the bind 0.0.0.0 to make them accessible from external hosts. Because of this when I started rolling out this setup on a real environment faced with an issue when Sentinels could not determine a Master host and other Sentinel hosts. In this post – such an issue… Read More »

Loading

Terraform: creating a project with an AWS EC2, VPC, and AWS cross-region VPC peering connection
0 (0)

18 March 2019

One of the disappointing surprises in my AWS CloudFormation experience was the fact that it wasn’t able to automatically create cross-region VPC-peering connections. Note: this post originally was written in Rus on 28 June 2018 but now CloudFormation can do it, check the PeerRegion parameter of the AWS::EC2::VPCPeeringConnection resource. As a result – it tries… Read More »

Loading

Prometheus: blackbox-exporter probe_http_status_code == 0 and its debug
0 (0)

6 March 2019

Today I decided to upgrade Grafana to already released version 6.0 and all other Docker images as well. Upgrade was successful – Loki eventually started displaying previously missed log-file names and other tags, just – immediately I got a bunch of CRITICAL alerts in our Slack from the blackbox-exporter which is used to check every… Read More »

Loading

Arch Linux: OpenVPN – resolv.conf is not updated
0 (0)

2 March 2019

On an Arch Linux setup – local resolv.conf not updated after connection to OpenVPN AS. As far as I know – the problem is specific to Arch Linux and its “child’s” like Manjaro Linux installations. Local openvpn installed via pacman – see the OpenVPN: OpenVPN Access Server set up and AWS VPC peering configuration post for… Read More »

Loading

OpenVPN: SSL and hostname configuration
0 (0)

26 February 2019

We already have our OpenVPN AS running in Production, so a few more posts about last steps in its configuration. For now – need to configure SSL to avoid alerts in clients browsers. OpenVPN AS documentation for SSL setup – here>>>. Let’s Encrypt Install Let’s Encrypt client: [simterm] root@openvpnas2:~# git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt [/simterm] Open… Read More »

Loading

OpenVPN: OpenVPN Access Server set up and AWS VPC peering configuration
0 (0)

21 February 2019

OpenVPN Access Server is ready to use OpenVPN server which requires minimal configuration. The free version allows you to have two clients. If you need more – you can buy additional licenses. Infrastructure description Currently to access our resources such as Jenkins, Nexus etc we are using Allow Rules in AWS Security Groups where each user… Read More »

Loading