Portuguese Citizen Card (e-ID) and ROCA
A newly discovered vulnerability in generation of RSA keys used by a software library adopted in cryptographic smartcards, security tokens and other secure hardware chips manufactured by Infineon Technologies AG allows for a practical factorization attack, in which the attacker computes the private part of an RSA key. The attack is feasible for commonly used key lengths, including 1024 and 2048 bits, and affects chips manufactured as early as 2012, that are now commonplace.
Configuring a secure OpenVPN 2.4 server with Docker
UPDATE (2017-12-31): added instructions for running tls-crypt alongside tls-auth.
UPDATE (2017-12-31): added instructions on how to dynamically switch between LZO and LZ4 (v2) depending on the OpenVPN client version (2.3 vs 2.4).
UPDATE (2017-12-02): disabled the block-outside-dns push directive as it is specific to Windows clients.
UPDATE (2017-11-21): expanded instructions on running a PKI outside the running server container and added some comments from @OpenVPN.
I’ve been looking to switch to OpenVPN 2.
Setup ProtonVPN with auto-login on macOS and iOS
Proton AG, the company behind the ProtonMail service which protects the life of activists, journalists and other individuals, has has recently launched ProtonVPN, its VPN service. To further cement their role on protecting Internet users from abusive practices, they offer a free tier available to everyone.
If you don’t feel like rolling your own VPN server using OpenVPN or IPsec (e.g. via Algo), then you may want to consider a commercial alternative like this one.
Fix TUN/TAP not available on a Synology NAS
If you’re looking into running OpenVPN on your Synology NAS, you may have come across the following error:
ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2) Let’s try to fix it!
Check the tun module status Check if you have the tun module installed:
❯ lsmod | grep tun If the result comes out empty, try installing it:
❯ insmod /lib/modules/tun.ko If everything went fine, move on to the next test.
Automating network location switching on macOS
macOS has offered network locations on the Mac ever since OS X v10.6. By default, the Automatic location is selected on all Macs but it’s not that intuitive what it really means. In fact, unlike what the name suggests, it’s just a setting that makes your Mac search for a network or internet connection on all network interfaces available.
On a future macOS update, I wish the location feature is connected to the actual geolocation of the Mac so that changing physical locations allows me to trigger specific automations.