RU RU

IT support for startups and developers

All Posts

OpenVPN: setting up Ubuntu server and Keenetic client

September 11, 2025

#OpenVPN #Ubuntu #Keenetic #VPN #iptables

🛠 OpenVPN Setup: Ubuntu (server) + Keenetic (client)

In this guide, we’ll go through setting up an OpenVPN server on Ubuntu and connecting a Keenetic router to it. This setup is useful if you need to provide access to your home network or forward services (e.g., PBX or web server) through VPN.

1. Preparing the Ubuntu server

1.1 Installing packages

sudo apt update
sudo apt install -y openvpn easy-rsa iptables-persistent

1.2 Creating PKI (Easy-RSA v3)

make-cadir ~/easy-rsa
cd ~/easy-rsa
./easyrsa init-pki
./easyrsa build-ca nopass

Server keys

./easyrsa gen-req server nopass
./easyrsa sign-req server server
./easyrsa gen-dh

Client keys (for Keenetic)

./easyrsa gen-req keenetic nopass
./easyrsa sign-req client keenetic

TLS key (specifically tls-auth, not tls-crypt)

openvpn --genkey secret ta.key

1.3 Distribute keys

  • In /etc/openvpn/server/:

082 | Firewall Basics: UFW — Simple and Powerful Protection

August 14, 2025

#UFW #firewall #security #Linux #iptables #nftables #network #administration

Introduction: The First Line of Defense for Your Server

Before thinking about complex intrusion detection systems such as Fail2ban or CrowdSec, you need to build the first and most reliable line of defense—a firewall. A firewall controls all network traffic entering and leaving your server and blocks unauthorized connection attempts.

Traditionally, Linux servers have used iptables to manage firewalls, but its syntax can be complicated and confusing. Fortunately, there is a simpler and more intuitive tool — UFW (Uncomplicated Firewall).

080 | Classic Brute-Force Protection: Fail2ban

August 12, 2025

#fail2ban #security #server #iptables #nftables #protection #brute-force #SSH #logs

Introduction: Server Security — The First Line of Defense

Once you deploy any server or virtual machine, one of the first and most important tasks is ensuring its security. Even if your server doesn’t contain critical data, it can still be targeted by automated bots constantly scanning the internet for vulnerabilities. The most common type of attack against any server is brute-force password guessing, typically aimed at SSH access, FTP services, or web control panels.

MTU Issue on reg.ru and Its Solution via iptables

August 5, 2025

#Docker #MTU #OpenStack #reg.ru #iptables #network #troubleshooting #DevOps

Introduction: A Hidden Network Issue

Developers and system administrators using servers on the OpenStack platform (for example, the C*-M*-D* hosting plans from reg.ru) sometimes encounter mysterious network problems. The internet seems to work, but when trying to transfer large amounts of data or establish connections to certain services, requests may hang or fail due to timeouts.

The provider explains this issue as a feature of their infrastructure:

Servers on the OpenStack platform use VxLAN technology, which reserves 50 bytes for service information. Because of this, the maximum transmission unit (MTU) on the server’s main network interface (ens3) is 1450 bytes.