2025-11-03
pfSense — a tank in the world of firewalls.
Is updated less often, but runs for years without surprises.
🏢 Who pfSense is for
- Corporation with 100+ users
- Needs official support
- Has old but reliable hardware
- Value stability
📚 pfSense Features
- Multi-WAN and automatic failover
- Traffic Shaping — bandwidth management
- Captive Portal — guest authentication
- OpenVPN and IPsec — encrypted tunnels
⚙️ Installation
- ISO → USB
- Install → configure WAN/LAN
- In about 10 minutes — a ready firewall
Example HAProxy config:
2025-11-02
OPNsense — it’s like pfSense, but prettier, faster, and with an API.
Want an office firewall you wouldn’t be embarrassed to show your boss? Here it is.
💼 Who OPNsense is for
- Office of 10–50 people
- VPN for all employees
- Backup internet connection
- Modern web interface
🎨 Apple-like interface
- Dark theme
- Real-time graphs
- REST API for automation
- WireGuard out of the box
⚙️ Installation in 5 minutes
- Download the ISO from opnsense.org
- Write it to a USB stick (
dd or Rufus) - Boot → assign interfaces → done!
Auto-update via API:
2025-11-01
Imagine: an old router for 2000 ₽ blocks ads, shares a VPN, works as a Mesh system and doesn’t slow down even with 50 devices.
This is not magic — this is OpenWRT.
🏠 Who needs OpenWRT
OpenWRT turns an ordinary router into a mini-server. If you have at least one item from the list — it’s definitely time to try it:
- Want AdBlock for the whole house
- Need a VPN without a subscription
- Have an old router lying around
- Like to tinker with settings
90% of users install OpenWRT — and forget about the router forever.
2025-10-29
This guide will show how to configure two Linux servers so that all the Internet traffic from a specific local subnet (for example, 10.100.10.0/24) is routed not via its default gateway but through an IPIP tunnel to a remote server, which will then put that traffic onto the Internet.
This is useful if you need services in one subnet to go out to the world with the IP address of another server — for example, to bypass restrictions, centralize NAT, or hide the source.
2025-10-16
The EoIP (Ethernet over IP) protocol from MikroTik is used to create an L2 tunnel over an IP network, allowing you to combine two remote local networks into a single broadcast domain.
If your EoIP tunnel does not establish (no “R” — Running flag), follow this step-by-step checklist.
1. Check IP connectivity (L3)
Before starting, make sure the routers see each other at the IP level.
Ping the remote side:
2025-09-21
This article is compiled as a “cheat sheet” for SOHO/SMB networks: common issues, their symptoms, causes, quick fixes, and diagnostic checklists. Suitable for both engineers and admins who maintain the MikroTik ↔ Keenetic bundle.
📑 Navigation
1) EoIP “freezes” when transferring large files
Symptoms: SMB/FTP hangs, speed fluctuates, RDP drops.
Causes: incorrect MTU/MSS, fast-path with IPsec, NAT/Firewall errors.
2025-09-11
In this guide, we’ll go through setting up an OpenVPN server on Ubuntu and connecting a Keenetic router to it. This setup is useful if you need to provide access to your home network or forward services (e.g., PBX or web server) through VPN.
1. Preparing the Ubuntu server
1.1 Installing packages
sudo apt update
sudo apt install -y openvpn easy-rsa iptables-persistent
1.2 Creating PKI (Easy-RSA v3)
make-cadir ~/easy-rsa
cd ~/easy-rsa
./easyrsa init-pki
./easyrsa build-ca nopass
Server keys
./easyrsa gen-req server nopass
./easyrsa sign-req server server
./easyrsa gen-dh
Client keys (for Keenetic)
./easyrsa gen-req keenetic nopass
./easyrsa sign-req client keenetic
TLS key (specifically tls-auth, not tls-crypt)
openvpn --genkey secret ta.key
1.3 Distribute keys
2025-08-27
The Problem with Certificates at Scale
In previous articles, we discussed that OpenVPN uses certificates for authentication. This method is reliable but has significant drawbacks:
- Inconvenience for users: Each user must manually receive and install their own certificate.
- Complex management: When an employee leaves, their certificate must be revoked, which requires extra steps.
- Lack of centralization: Each service that requires access has its own authorization system.
The solution to this problem is using a centralized identity provider such as Keycloak.
2025-08-26
VPN: Not Just an “On” Button
For many users, a VPN is simply an “On” button. However, when it comes to building your own secure tunnel, it’s important to understand its architecture. OpenVPN is based on two key ideas: the client-server model and Public Key Infrastructure (PKI).
The Client-Server Model
The concept is simple:
- Server — the entry point into your secure network. It constantly “listens” for incoming requests and is ready to accept connections.
- Client — your device (laptop, phone) that initiates the connection to the server.
Once the server and client “agree,” a secure tunnel is created between them, and all traffic passes through it.
2025-08-25
OpenVPN: A Time-Tested Standard
Introduction
In a world where the speed and simplicity of WireGuard have become the new standard, OpenVPN remains one of the most reliable and flexible VPN protocols. It works both on traditional computers and on networking equipment, providing cross-platform compatibility and a high level of security. However, to understand how to use it, it is important to distinguish between the protocol itself and its client applications.
