Best posts made by triple9

@scottalanmiller very true and very well explained, but still I really doubt it will make any difference in the future. Linux name is established as it is, and even Linus doesn't bother to make any difference

@gjacobse said in OpenVPN on Android:

@triple9 said in OpenVPN on Android:

@gjacobse said in OpenVPN on Android:

Has anyone used OpenVPN on Android?

I have to add the connection to a client device, but I don't have any (found) documentation on the process.

I have. Basically, you have to import prepared configuration file (profile) into OpenVPN client. I transfer it to Android either via email or via web site. Sometimes, if you copy file from Windows to SD card it gets converted into dos format which causes problems for Android client.
Also, consider using the unified format for OpenVPN profiles which allows all certs and keys to be embedded into the .ovpn file.

Okay - totally not sure about what all that is talking about - BUT - BUT - I think I understand...

I don't have any ovpn files,.. I do have I believe text which could BE the ovpn file. And this information needs to be sent to the tablet and imported to the OpenVPN application - which appears to be pretty straight forward.

sample unified ovpn profile:

client
dev tun
proto udp
remote vpnserver.something.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
verb 1
cipher AES-256-CBC
auth SHA1
dhcp-option DNS 8.8.8.8

# SMB WINS name server if you have one
#dhcp-option WINS 192.168.1.1

# route to multiple networks
route 10.0.0.0 255.255.0.0


# CA cert
<ca>
-----BEGIN CERTIFICATE-----
.... CA content
-----END CERTIFICATE-----
</ca>

# VPN Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
.... client cert
-----END CERTIFICATE-----
</cert>

# key
<key>
-----BEGIN RSA PRIVATE KEY-----
.......key
-----END RSA PRIVATE KEY-----
</key>

it depends on your server setup. Put your CA cert, client cert and private key at appropriate positions. Save it as client.ovpn and import into OpenVPN client.

@scottalanmiller said in Twilio as a SIP provider:

@EddieJennings said in Twilio as a SIP provider:

@scottalanmiller said in Twilio as a SIP provider:

@EddieJennings said in Twilio as a SIP provider:

I'm curious as to how significant "Secure Trunking" is: https://www.twilio.com/sip-trunking/pricing It's nice that the traffic from my PBX to Twilio is encrypted, but that seems a bit useless since once the traffic leaves Twilio there's no guarantee of encryption.

The S7 is not encrypted nor at all secure. But it is also not on the Internet.

Forgive my ignorance: S7?

The phone network. S7 is the protocol of the PSTN. All things we refer to as "normal phone calls" go over it no matter where they originate or terminate.

I believe you were referring to SS7 protocol https://en.wikipedia.org/wiki/Signalling_System_No._7
I used it like 10 years ago, when we were doing interconnection to national telco PSTN.

@jrc https://www.gypthecat.com/how-to-configure-windows-2012-nps-for-radius-authentication-with-ubiquiti-unifi

https://secopsmonkey.com/radius-for-asa-on-windows-server-2012r2.html

@JaredBusch is this SELinux enabled installation? SELinux can cause weird permissions problems

I don't use MMS anymore, but I remember (speaking for my operator) that if recepient did not have MMS enabled service or phone, he would get SMS with URL where MMS could be seen via browser.

@kuyaz said in Best practice partition & LVM for KVM:

/root (ALL remaining space)

/root != /

/root is home directory for root user
/ is root directory

Mikrotik devices are usually very stable, rock solid. However, from time to time, there are serious problems with some models and it can take looooong time until they fix it. Last two fckups that I remember where problem with RB4011 disabling wifi interface for no reason and CCR2004 router rebooting on random. It took over a year in both cases to solve the problems.

@Pete-S never tried it myself but I think it should be doable using uid-owner in iptables

iptables -A OUTPUT -s 127.0.0.1 -d x.x.x.x -m owner --uid-owner <USERNAME> -j ACCEPT/REJECT