case study

OpenVPN is a reliable and time-tested VPN protocol that allows organizing secure remote access to a local network. MikroTik RouterOS supports OpenVPN in server mode starting from version 6.x (TCP), and from version 7+ — also UDP, but with a number of architectural limitations:

• mandatory authentication by username/password even when using certificates;
• limited list of ciphers and algorithms;
• absence of some features of “classic” OpenVPN.

Despite this, OpenVPN on MikroTik remains a popular solution — especially in scenarios where clients do not support WireGuard or compatibility with legacy systems is required.

When working on real projects (CDN change, migration, refactor) you often need to bulk-replace one URL with another.

At first glance the task seems trivial: sed -i 's|old|new|g' **/* — and done.

In reality that approach is Russian roulette.

A careless replacement leads to:

• 💀 Corruption of binary files (images, pdf, archives);
• 📉 Garbage in git history (binaries marked as changed);
• 🚫 Inability to cleanly roll back if a backup wasn’t made.

In this note we’ll cover a production-grade algorithm: change only text, don’t touch binaries, make a targeted backup.

Jitsi Meet works out of the box very well for video conferencing. The Jitsi Meet + Jibri bundle allows you to record meetings — and many installations stop there.

But as soon as Jitsi is used not occasionally, but as part of a working process, questions arise very quickly:

• Where should recordings be stored centrally?
• How can links be automatically published for the team?
• How can we get rid of heavy MP4 files and move to streaming playback?
• How can recordings be served over HTTPS without exposing the directory structure?
• How can all of this be done automatically, without manual administrator involvement?

Below is a full production pipeline with code: from Jibri finalizing a recording to publishing in Notion and asynchronous MP4→HLS transcoding with delivery via Caddy.

Mikrotik routers are rightly valued by system administrators for their incredible flexibility.
A unique feature of this hardware is that a budget home hAP lite and a powerful enterprise router costing thousands of dollars run the same operating system — RouterOS.

That means once you learn to configure one device, you can manage any equipment from the brand.
In this article we’ll go over the fundamental steps to set up a Mikrotik from scratch to a fully working state.

If I were sent to a deserted digital island and allowed to take only one networking utility — I would unhesitatingly choose Netcat.

The official documentation (man nc) dryly states: “a utility for reading from and writing to network connections using TCP or UDP.”
In practice it’s the Swiss army knife of the network engineer, replacing dozens of specialized programs.

The article uses examples for OpenBSD netcat — this is the one that ships by default in Ubuntu 20.04+, Debian 10+, Fedora, Arch, Alpine and most modern distributions.

Read more

Do you have an application spread across hundreds of client devices? Or a fleet of IoT sensors sending telemetry? Sooner or later the question arises: “What’s actually happening over there?” And right after it — “How do I collect logs without bankrupting myself on Splunk or Datadog?”

If your clients can send HTTP requests, you already have ninety percent of the solution. HTTP(S) is a universal and firewall-friendly protocol. All we need is a listener (endpoint) that will accept these logs.

Introduction: A Hidden Network Issue

Developers and system administrators using servers on the OpenStack platform (for example, the C*-M*-D* hosting plans from reg.ru) sometimes encounter mysterious network problems. The internet seems to work, but when trying to transfer large amounts of data or establish connections to certain services, requests may hang or fail due to timeouts.

The provider explains this issue as a feature of their infrastructure:

Servers on the OpenStack platform use VxLAN technology, which reserves 50 bytes for service information. Because of this, the maximum transmission unit (MTU) on the server’s main network interface (ens3) is 1450 bytes.

Read more