Nejko’s randomness

A few weeks ago I saw a presentation from van Hauser titled Recent advances in IPv6 insecurities. He merges three different sources of IPv6 addresses to obtain a database of IPv6 addresses:

• search engines and databases (directories),
• DNS (bruteforcing),
• common addresses.

He shows that this method is quite successful for those who are interested in getting as many IPv6 addresses as possible. So I was thinking – why not put up a public databases of such addresses and provide a way for anybody to contribute them.

The main purpose of such database is to make IPv6 Internet a bit more “enumeratable” for those who would like doing any kind of research on the nature and behaviour of IPv6 Internet. Also, it may convince those who would like to not be listed (I guess for security through obscurity reasons) to actually renumber from <prefix>::1 to something else.

Of course, any ideas about other possible techniques for harvesting IPv6 addresses, are welcome.

The 1.0.5 version is out. It makes RCPFA compatible with RoundCube 0.2-stable. Thanks to Andrey Sharandakov!

OpenVPN is an open, secure and thoroughly tested VPN technology. Our company Infrax d.o.o. also provides OpenVPN clients for customers to be able to access their companies’ networks. We don’t use password-based authentication, but certificate-based one, which means we have our own full-blown Certificate Authority (self signed, of course). We use EJBCA for that and it works beautifully.

However, our customers are expecting simple solutions: a single package with their own config file and certificate. Although EJBCA supports generating OpenVPN packages on the fly on the server, it would be a bit more complicated to make it work, because we need to generate different config files for our customers. Which means we would need a special lookup-table (we could use the EJBCA’s MySQL database) which would link specific fields in certificates’ “distingished name” with corresponding OpenVPN config files. This would be possible, but a bit too complicated for now.

So I decided that we create the packages “semi-manually”, i.e. manually but in “batch” mode. First, you need my package which includes OpenVPN source environment (OpenVPN 2.1 RC7) which will be compiled with NSIS into an executable together with the certificate and config files.

Then you need to obtain the certificates for the clients you want to create the packages for and provide the config file as well. You must also install NSIS and then you are ready. Just run “generate.cmd” file in the “openvpn-generator” directory and the executables will be created in “openvpn-generator/exes”.

If you have problems, questions, just let me know.

Voilà. I just graduated today (actually yesterday, it is early morning when I am writing this). A chapter of my life which lasted for the last 6 years is closed now. And it feels good.

Thanks to everybody who came to my presentation. It is very nice to have friends like you. Also thanks to my mentor, Borut Robič and to my parents who supported me for all those years. Thanks to mom, Janja and Anica who baked all the cookies for the short after-party in the LALG laboratory. Finally, special thanks to my wife Mica and my son Jakob, who felt a bit of stress in the last days too.

You can get my thesis here. It is titled “Improvement of pfSense firewall with user services” or “Nadgradnja požarnega zidu pfSense z uporabniškimi storitvami” (Slovenian translation). For non-Slovenian readers, the text is in Slovenian language, so probably you won’t understand most of it. However, I plan to translate at least the most important parts into English so it could be used by pfSense developers as well. I’ll make a special page called Papers soon, so all my papers will be there some day.

Dear RoundCube and PostfixAdmin users, I just released the 1.0.4 version of RCPFA bridge, which makes RoundCube and PostfixAdmin interoperate. Many people have requested that it would be nice to have RCPFA for RoundCube 0.2beta available, and here it is. So this version doesn’t provide any new features, it only provides compatibility with 0.2beta. Hope it works for you too.