Building a simple VPN with WireGuard with a Raspberry Pi as Server

Now that wireguard will be part of the upcoming Linux 5.6 Kernel it’s time to see how to best integrate it with my Raspberry Pi based LTE-Router/Access Point Setup. What is my scenario? Raspberry Pi 3 with a LTE hat, using a public IP address. This will be the VPN server (called edgewalker in this post) An Android Phone that should use the VPN for all communication when connected An Linux Laptop that should use the VPN only accessing network services that are exposed to the VPN Each device connected to the VPN should be able to connect to all other devices, e.

Read More

2019 redux, what to expect in 2020

2019 was a year in which I expanded my comfort zone and forced myself to face some fears. I haven’t always been victorious, there’s enough to face next year. I see progress and hope; I do not feel trapped in my situation but rather see a comfy base from which I can explore further. I shed some possessions, mostly donated them or gave them away to friends. This calms my mind tremendously.

Read More

Closing down my company

After 15 or so years I’m finally closing down my own company (it was a small one-person vehicle, in Austrian Einzelpersonenunternehmen or EPU). How so? I’ve been self-employed since I’ve started to study at university. Mostly I did software engineering for various research projects at AIT. There was a short side-project (a failed startup that I created with friends of mine), after that more web development with other friends of mine.

Read More

Adding advertisement-filtering and spotify support to a Linux-based Access Point/Router

The last weeks I’ve tried to improve upon my Raspberry Pi based LTE-Router/Access Point. Normally I would heave tons of software on it, try it out and let it simmer on. I did that this time too: the ELK-Stack (too little memory) and HomeAssistant (too little SmartHome-devices in my flat) only had a short intermezzo on this hardware. What stuck? Before that a small note: originally I was using a IKEA USB charger; its spec should be sufficient but I kept getting “Undervoltage detected” error messages in dmesg/syslog.

Read More

FH-Lecture: Secure Operating Systems (SecOps)

Nach dem guten Feedback meiner Studenten auf meine Web Application Security Vorlesung lies ich mich überreden, im Wintersemester 2019 einen Teil einer weiteren Vorlesung zu halten: SecOps — Secure Operating Systems, also quasi Security Themen für Administratoren. Mein Part umschloss Linux, Virtualisierung und (sehr kurz) Mobile Systeme. Mein BrainDump dieser Vorlesung kann hier bezogen werden. Es ist noch in einem frühen Stadium, aber ich hoffe es kann schon weiteren Personen helfen bzw.

Read More

Einführung in die Web-Security

Diese Unterlagen entstanden zeitgleich während einer von mir gehaltenen Vorlesung an dem Technikum/FH Wien. Nach dem positiven Feedback der Stundenten wurden die Unterlagen überarbeitet und ich hoffe, dass sie auch von anderen Personen genutzt werden können. Inhalt Der Inhalt orientiert sich grob an den OWASP Top 10: Allgemeine Einführung in Sicherheitskonzepte Authentication und Authorization-Fehler Injection-Angriffe XSS-Angriffe Clientseitige Angriffe Sicherheit der Datenübertragung Das Skript kann heruntergeladen werden. Auf Anfrage hin ist das Buch auch als Amazon Kindle-Version verfügbar.

Read More

Building a secure torrent download station by combining Private Internet Access (PIA), OpenVPN and transmission through docker

Sometimes I want to work on client assignments (penetration-tests) from home, if I do that I am using my company VPN so that all traffic is routed thorugh their public IP address (which is white-listed by the client). I do not want for traffic to ever leave that VPN as that would look like as if I’d be performing cyber attacks from my private home IP address. The same requirements arise for different use-cases, e.

Read More

How to create a (good-looking) PDF and Kindle eBook from LaTeX

So I held a lecture on “Web Application Security” for the FH/Technikum Wien last spring and wrote a small booklet for my students (partially because I wanted to avoid discussions during the final exam). I did volunteer for a anonymous feedback round which turned out very positive for me, the booklet was repeatatly mentioned positively. So I distilled and refined it, tried to improve its focus. As I will do the same lecture next year, I am in dire need of feedback so that I can improve it, so I went to dark places and published it on reddit.

Read More

LTE uplink for Raspberry Pi: Huawei E3372 vs Waveshare SIM7600E-H

I spent some time playing around with various LTE-options for my Raspberry Pi Access Point/Router setup. My Huawei E3372 USB LTE modem works find but only implements a fake network card. This means that a virtual network card is emulated, all traffic is NATted over a virtual router located behind that virtual network card. This happens in addition to the network translation (NAT) that my Raspberry Pi access point already does.

Read More

Books and influences of mine

Most of you (and there are a couple of thousands of you) come for my tech-posts, but it seems that some of you get lost reading my non-techie posts too. Time to add on of those, it’s been a while.. I breathe books, they give my brain constant input to thrive on. Recently I went through my goodreads list of reread-good-books to check what influences me and started to reread some of them.

Read More