Month: March 2018

As Asian Market Growth Continues, West 7 Center Ready to Enable International Connectivity

Los Angeles – March 29, 2018 – Rising Realty Partners (Rising), a full-service investment platform specializing in creating world-class commercial and industrial properties, announces that its West 7 Center is strategically positioned to support carriers, OTTs and enterprises looking to expand into growing Asian markets. With over 16 global and domestic carriers on site and 172,000 square feet of space available, the Tier III facility offers prospective clients an attractive and reliable gateway to Asia.

Experts predict that, by 2019, the Asia-Pacific region will generate the most web-traffic in the world – double the volume generated in North America. As a result, data centers like West 7 Center will serve a critical role as reliable colocation partners, providing mission-critical infrastructure and support for the flow of data from the US across the Pacific Ocean.

“As Los Angeles’ largest purpose-built data center, West 7 Center is perfectly situated as an Asian gateway,” says Tyson Strutzenberg, Chief Operating Officer of Rising Realty Partners. “With direct access to One Wilshire, a primary transit center for internet traffic from the US to Asia, we offer the redundancy our customers need for their data and mission-critical applications. Backed by two central plants with N+1 redundancy and 70,000 gallons of fuel, West 7 Center can provide ongoing uptime in case of emergency or power outages.”

“When we were looking to add to our presence in Los Angeles, we specifically chose West 7 Center because of their round-the-clock security and engineering services,” says Arman Khalili, CEO of Evocative, which recently signed a 42,000 square foot lease in the facility. “Our clients include small start-ups and Fortune 500 companies – each in need of a high level of flexibility, service and low latency connectivity. This is one of the best data centers from an infrastructure perspective and it rivals some of the major carrier hotels and disaster recovery sites on a global scale. We are confident that our customers will benefit from West 7 Center’s capabilities as a data storage and colocation facility with easy access to subsea cables that travel to Asia.”

To learn more about West 7 Center’s infrastructure and services, please visit www.west7center.com.

###

About West 7 Center

West 7 Center is a Tier III datacenter facility built with mission critical infrastructure, 24/7 on-site engineering and security support in the heart of Los Angeles. The facility has nine (9) floors of office space and 340,000 RSF of datacenter space on three (3) subterranean levels that are supported by the Building’s two (2) central plants with a total of 16.9 MW of generator backed power, 3,000 kW of Building UPS power and 9,000 tons of cooling capacity for telecom, mission critical, co-location and datacenter operations.

Currently, West 7 Center has approximately 13 MW of emergency power and 172,000 sq ft of space available. The building has undergone significant upgrades in order to keep up with the ever-changing technology environment. For more information, please visit www.west7center.com.

 

About Rising Realty Partners

Rising Realty Partners is a full-service investment and operating platform specializing in creating world-class commercial and industrial properties. With over 3M SF under management, Rising approaches real estate investing and operating by focusing on three fundamental areas of impact that have proven to create value: environmental, technological, and social. Rising’s team of entrepreneurial, innovative facilitators has a depth of understanding and surpassed track record in identifying prime investment opportunities. Please visit risingrp.com for more information.

 

About Evocative

Evocative it a North American company and an owner and operator of secure, compliant, highly available data centers. We are the trusted guardians of our clients’ Internet infrastructure. To tour an Evocative data center or receive additional information on data center services, please visit http://www.evocative.com.

 

The post As Asian Market Growth Continues, West 7 Center Ready to Enable International Connectivity appeared first on Evocative Data Centers.

Ensure Application Security with Zend Server and RIPS

Zend Server is the ultimate and most secure software platform for deploying, monitoring, debugging, maintaining, and optimizing enterprise PHP applications. It also helps to keep the technology stack up-to-date and to avoid security risks that stem from outdated components.
However, most of the daily web attacks try to exploit security bugs in the applications’ source code. Popular vulnerability types such as SQL injection and cross-site scripting can enable attackers to steal sensitive user data from the server.
Cross Compile a missing package (fping) for OpenWRT/LEDE Reboot 17.01.04

Cross Compile a missing package (fping) for OpenWRT/LEDE Reboot 17.01.04

Sadly in LEDE Reboot 17.01.4 (latest OpenWRT release) the package fping is missing. It was already included in previous releases, but it’s missing in this stable. It’s already readded to the master branch for future releases. But if you need the fping binary now, it is not available in the opkg installer for 17.01.4. So we have to build it manually.

Download SDK

OpenWRT provides for each router target with the firmware downloads also the Software Development Kit with an already prepared Cross Compile Toolchain. It’s of course possible to create own Cross Compile ToolChain explained explained int the Build System Documentation. But the SDK is already available, so i’ll just use it.

You can find the SDK at the end of the Firmware Download Pages, precompiled and ready to use.

In my case i use at the moment a TP-Link WDR4300 (N750) which contains an Atheros AR9344 CPU @560MHz with MIPS 74Kc Instruction Set, 8 MB NAND Flash, 128MB RAM, Serial, 5x GigE Ports, VLAN capable.

The Firmware can be obtained from https://downloads.openwrt.org/releases/17.01.4/targets./ar71xx/generic/. The SDK Download is at the end and named https://downloads.openwrt.org/releases/17.01.4/targets/ar71xx/generic/lede-sdk-17.01.4-ar71xx-generic_gcc-5.4.0_musl-1.1.16.Linux-x86_64.tar.xz.

Prerequisites and Dependencies

To use the SDK, the same tools must be available as when the Cross compile Toolchain is created. Check the instructions from Install Buildsystem Documentation.

For Debian following installation procedure should be enough:

  • Debian 7 Wheezy:

    apt-get install libncurses5-dev zlib1g-dev gawk
  • Debian 8 Jessie:

    sudo apt-get install build-essential libncurses5-dev gawk git subversion libssl-dev gettext unzip zlib1g-dev file python
  • Debian 9.3 Stretch:

    sudo apt install build-essential libncurses5-dev gawk git subversion libssl-dev gettext zlib1g-dev

     

Locate FPing on Master Branch

The FPing packages is available in the master Branch here: https://github.com/openwrt/packages/tree/master/net/fping

Cross Compile

Documentation on Using the SDK to cross compile packages for a specific target without compiling the whole system from scratch.

  • Extract the SDK on your system.

Package Feeds

After decompressing the SDK archive, edit the feeds.conf.default file to add your packages, by default it has LEDE feeds, and you can add your own feeds, local or remote.

For example, you can add all packages you have in a local folder by adding this line

src-link custom /full/path/to/the/local/folder

Load package lists

./scripts/feeds update -a command will refresh the package lists. It will download from github the LEDE feeds, and then it will also download from github or read from your local folder the packages you have loaded in the Package Feeds step above.

cave@laptop:~/openwrt/sdk/lede-sdk-17.01.4-ar71xx-generic_gcc-5.4.0_musl-1.1.16.Linux-x86_64$ ./scripts/feeds update -a
Updating feed 'base' from 'https://git.lede-project.org/source.git;v17.01.4' ...
Cloning into './feeds/base'...
remote: Counting objects: 8382, done.
remote: Compressing objects: 100% (7378/7378), done.
remote: Total 8382 (delta 1034), reused 4265 (delta 360)
Receiving objects: 100% (8382/8382), 10.76 MiB | 3.45 MiB/s, done.
Resolving deltas: 100% (1034/1034), done.
Checking connectivity... done.
Note: checking out '444add156f2a6d92fc15005c5ade2208a978966c'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

git checkout -b new_branch_name

Create index file './feeds/base.index' 
Collecting package info: feeds/base/package/firmware/lantiq/dsl-vrx200-firmware-Collecting package info: done
Collecting target info: done
Updating feed 'packages' from 'https://git.lede-project.org/feed/packages.git^cd5c448758f30868770b9ebf8b656c1a4211a240' ...
Cloning into './feeds/packages'...
remote: Counting objects: 57751, done.
remote: Compressing objects: 100% (25080/25080), done.
remote: Total 57751 (delta 31196), reused 55736 (delta 29454)
Receiving objects: 100% (57751/57751), 13.89 MiB | 3.49 MiB/s, done.
Resolving deltas: 100% (31196/31196), done.
Checking connectivity... done.
Switched to a new branch 'cd5c448758f30868770b9ebf8b656c1a4211a240'
/home/cave/openwrt/sdk/lede-sdk-17.01.4-ar71xx-generic_gcc-5.4.0_musl-1.1.16.Linux-x86_64
Create index file './feeds/packages.index' 
Collecting package info: done
Collecting target info: done
Updating feed 'luci' from 'https://git.lede-project.org/project/luci.git^d3f0685d63c1291359dc5dd089c82fa1e150e0c6' ...
Cloning into './feeds/luci'...
remote: Counting objects: 104191, done.
remote: Compressing objects: 100% (29395/29395), done.
remote: Total 104191 (delta 61227), reused 101632 (delta 59436)
Receiving objects: 100% (104191/104191), 25.29 MiB | 3.85 MiB/s, done.
Resolving deltas: 100% (61227/61227), done.
Checking connectivity... done.
Switched to a new branch 'd3f0685d63c1291359dc5dd089c82fa1e150e0c6'
/home/cave/openwrt/sdk/lede-sdk-17.01.4-ar71xx-generic_gcc-5.4.0_musl-1.1.16.Linux-x86_64
Create index file './feeds/luci.index' 
Collecting package info: done
Collecting target info: done
Updating feed 'routing' from 'https://git.lede-project.org/feed/routing.git^d11075cd40a88602bf4ba2b275f72100ddcb4767' ...
Cloning into './feeds/routing'...
remote: Counting objects: 6622, done.
remote: Compressing objects: 100% (4253/4253), done.
remote: Total 6622 (delta 2668), reused 5194 (delta 1977)
Receiving objects: 100% (6622/6622), 1.60 MiB | 2.59 MiB/s, done.
Resolving deltas: 100% (2668/2668), done.
Checking connectivity... done.
Switched to a new branch 'd11075cd40a88602bf4ba2b275f72100ddcb4767'
/home/cave/openwrt/sdk/lede-sdk-17.01.4-ar71xx-generic_gcc-5.4.0_musl-1.1.16.Linux-x86_64
Create index file './feeds/routing.index' 
Collecting package info: done
Collecting target info: done
Updating feed 'telephony' from 'https://git.lede-project.org/feed/telephony.git^ac6415e61f147a6892fd2785337aec93ddc68fa9' ...
Cloning into './feeds/telephony'...
remote: Counting objects: 6939, done.
remote: Compressing objects: 100% (4836/4836), done.
remote: Total 6939 (delta 3808), reused 3734 (delta 1921)
Receiving objects: 100% (6939/6939), 1.31 MiB | 0 bytes/s, done.
Resolving deltas: 100% (3808/3808), done.
Checking connectivity... done.
Switched to a new branch 'ac6415e61f147a6892fd2785337aec93ddc68fa9'
/home/cave/openwrt/sdk/lede-sdk-17.01.4-ar71xx-generic_gcc-5.4.0_musl-1.1.16.Linux-x86_64
Create index file './feeds/telephony.index' 
Collecting package info: done
Collecting target info: done

I have not used custom src-link in the feeds.conf.default file. I just added the package from master to the downloaded feed.

I added the parts from https://github.com/openwrt/packages/tree/master/net/fping to the path ./feeds/packages/net in the sdk directory.

Select Packages

./scripts/feeds install will load the package and its dependencies in the SDK

Then open the SDK menu again, find the package you want to build and select it by pressing “m”, this will also select all the dependencies, and you will see that they are all tagged with “” in the menu.

cave@laptop:~/openwrt/sdk/lede-sdk-17.01.4-ar71xx-generic_gcc-5.4.0_musl-1.1.16.Linux-x86_64$ ./scripts/feeds install fping
Installing package 'fping' from packages

Compile Package

Before we compile, let’s check make menuconfig.

cave@laptop:~/openwrt/sdk/lede-sdk-17.01.4-ar71xx-generic_gcc-5.4.0_musl-1.1.16.Linux-x86_64$ make menuconfig

*** End of the configuration.
*** Execute 'make' to start the build or try 'make help'.

As Asian Market Growth Continues, West 7 Center Ready to Enable International Connectivity 1As Asian Market Growth Continues, West 7 Center Ready to Enable International Connectivity 2As Asian Market Growth Continues, West 7 Center Ready to Enable International Connectivity 3As Asian Market Growth Continues, West 7 Center Ready to Enable International Connectivity 4

Now let’s build the package fping.

cave@laptop:~/openwrt/sdk/lede-sdk-17.01.4-ar71xx-generic_gcc-5.4.0_musl-1.1.16.Linux-x86_64$ make -j7
...
#
# configuration written to .config
#
 make[1] world
 make[2] package/compile
 make[3] -C package/toolchain compile
 make[3] -C package/linux compile
 make[3] -C feeds/packages/net/fping compile
 make[2] package/index
...

Package and Install

In ./bin/packages/mips_24kc/packages in the sdk directory should be the compiled output.

cave@laptop:~/openwrt/sdk/lede-sdk-17.01.4-ar71xx-generic_gcc-5.4.0_musl-1.1.16.Linux-x86_64$ ls -lh ./bin/packages/mips_24kc/packages 
total 28K
-rw-r--r-- 1 cave cave 15K Mar 25 20:47 fping_4.0-2_mips_24kc.ipk
-rw-r--r-- 1 cave cave 719 Mar 25 20:48 Packages
-rw-r--r-- 1 cave cave 473 Mar 25 20:48 Packages.gz
-rw-r--r-- 1 cave cave 822 Mar 25 20:48 Packages.manifest

scp the package to your openwrt device and install with opkg install ./fping_4.0-2_mips_24kc.ipk

root@openwrt:~# opkg install ./fping_4.0-2_mips_24kc.ipk 
Installing fping (4.0-2) to root...
Configuring fping.

 

Integrate Security Checks with RIPS CLI

Getting started Installation The installation of rips-cli is described in detail in our documentation. You can download the PHAR build of our CLI tool into your bin directory and make it executable with the following commands:
1 2 sudo wget https://github.com/rips/rips-cli/releases/download/1.1.1/rips-cli.phar -O /usr/bin/rips-cli sudo chmod 755 /usr/bin/rips-cli The only requirements to run rips-cli are the PHP command line interface and the Zip extension to start scans.

Let’s Build a Great Digital Library Together…Starting with a Wishlist

We are looking for partners to help us build a great physical collection of books to be preserved, digitized, and made available through our Open Libraries project. Working with more than 500 library partners, the Internet Archive has already helped make more than 3 million public domain books available online for free access through archive.org. We have also brought more than 500,000 in-copyright books online to provide full access to those with print disabilities.

Our goal is to bring 4 million more books online, so that all digital learners have access to a great digital library on par with a major metropolitan public library system. We know we won’t be able to make this vision a reality alone, which is why we’re working with libraries, authors, and publishers to build a collaborative digital collection accessible to any library in the country.

Building a great library starts with great books. We have already gathered more than 1.5 million books in our physical archive. We aspire to have one copy of every book, but enroute to that dream we have created  a “wishlist” to help prioritize preservation and access. This wishlist was compiled using data and assistance from several great projects:

Download the wishlist here.

We are using these datasets to help define a collection of books that has wide appeal and impact for libraries across the US and the patrons they serve. This wishlist is a work-in-progress and will evolve as we incorporate more datasets and review our approach with community input. We’ve made 3 versions our wishlist available to help facilitate use within the library and publishing communities, featuring ISBN-13, ISBN-10, & OCLC identifiers.

Here’s how you can help! We are looking for libraries, authors, publishers, and individual book lovers to help us build this collection. You can help in the following ways:

  • Donate books
    • You can donate books on our wishlist to our physical archive. If you are a library, a publisher, or have a private collection with more than 1,000 books to donate, please contact Chris Freeland, Director of Open Libraries, at chrisfreeland@archive.org. If you have a private collection or small number of volumes to donate, please use this form to begin the donation process.  We will add these books to our digitization queue and they will become ebooks available through Open Libraries as funding becomes available.
    • If you already have digital versions of these books, we would love to add them to our print-disabled collection.
  • Scan books
    • If you have books on our wishlist but don’t want to donate them to our physical archive, we offer scanning services and can digitize your books in one of our regional scanning centers.
  • Identify books
    • If you are an author who would like to add your own books to the list, you can donate physical copies, and/or contact us to let us know you’d like us to ensure that your work will be preserved and available to future generations. If you’re a librarian, educator, or other book lover and would like to help us continue to curate the wishlist to ensure that it includes the most useful, important and culturally diverse books, please reach out to us.

And of course, if you don’t have any books to donate but would like to help offset digitization expenses, please donate today! All monetary donations made by April 30, 2018, will be matched by a Challenge Grant from the Pineapple Fund.

If you are interested in participating, or have questions about our program or plans, please contact Chris Freeland, Director of Open Libraries, at chrisfreeland@archive.org.

OpenVPN Routed Client Config for OpenWRT

OpenVPN Routed Client Config for OpenWRT

In this case i want to access a remote network where also an OpenWRT Router is in use as the OpenVPN Client. This is a post in a series of OpenVPN Tutorials on this blog.

Network Topology

                    +------+
                    |      |
                    | IPv4 |
                +---+      +---+
                |   +------+   |
                |              |
+---------------+-+          +-+---------------+
| Router A        |          | Router B        |
|                 |          |                 |
| 192.168.68.0/24 |          | 192.168.34.0/24 |
| 192.168.68.1    |          | 192.168.34.1    |
+-+---------------+          +-^---------------+
  |                            |
  |                            |
+-v-------------+            +-+-------------+
| OpenVPN Tun   |            | OpenVPN Tun   |
| 172.16.0.0/29 |            | 172.16.0.0/29 |
| Server        |            | Client        |
| 172.16.0.1    |            | 172.16.0.2    |
+---------------+            +---------------+

I want to be able to reach net 192.168.34.0/24 from 192.168.68.0/24 and the other direction.

Creation of Client Certificates

See BlogPost Creation of RootCA Certificates. This Blogpost is on the ToDo list.

OpenWRT Config Settings – Routed Client

From /etc/config/openvpn

config openvpn 'cyber'
        option enabled '1'
#Protocol
        option client '1'
        option remote 'vpn.domain.tld 1194'        
        option dev_type 'tun'
        option dev 'cyber_tun0'
        option proto 'udp'        
        option topology 'subnet'
        option resolv_retry 'infinite'        
        option nobind '1'        
        option 'float' '1'
#Routes 
        option pull '1'
#Encryption
        option ca '/etc/ssl/certs/vpn.cavebeat.lan.ca-chain.cert.pem'
        option cert '/etc/ssl/certs/client1.vpn.cavebeat.lan.cert.pem'
        option key '/etc/ssl/private/client1.vpn.cavebeat.lan.key.pem'
        option tls_crypt '/etc/ssl/private/tls-auth.key'
        option cipher 'AES-256-CBC'
        option ncp-ciphers 'AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC'
        option auth 'SHA512'
        option tls_client '1'
        option tls_version_min '1.2'
        option tls_cipher 'TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384'
        option remote_cert_tls 'server'
        option verify_x509_name ‘vpn.domain.tld name’
#Logging
        option log '/var/log/openvpn.log'
        option status '/var/log/openvpn-status.log'
        option mute '5'
        option verb '4'
#Connection
        option compress 'lzo'
#Connection Reliability
        option persist_key '1'
        option persist_tun '1'
#Permissions
       option user 'nobody'
       option group 'nogroup'

Client Config

Most of the settings are already explained in the previous post OpenVPN Server Hardening – OpenWRT TUN Device. I’ll cover only the Client specific Settings which are new. For example the client config does not contain a DiffieHellman-Parameter setting.

--client 
  A helper directive designed to simplify the configuration of OpenVPN's client mode.  
--remote host [port] [proto] 
 Remote host name or IP address.  
 On the client, multiple --remote options may be specified for redundancy, each referring to a different OpenVPN server.  
 Specifying multiple --remote options for this purpose is a special case of the more general connection-profile feature.  
 See the  documentation below. 
--resolv-retry n 
  If hostname resolve fails for --remote, retry resolve for n seconds before failing. 
  Set n to "infinite" to retry indefinitely.
--nobind 
  Do not bind to local address and port.  
  The IP stack will allocate a dynamic port for returning packets.  
  Since the value of the dynamic port could not be known in advance by a peer, this option is only suitable for peers which will be initiating connections by using the --remote option. 
--float 
 Allow remote peer to change its IP address and/or port number, such as due to DHCP (this is the default if --remote is not used). 
 --float when specified with --remote
 allows an OpenVPN session to initially connect to a peer at a known 
address, however if packets arrive from a new address and pass all 
authentication tests, the new address will take control of the session. 
 This is useful when you are connecting to a peer which holds a dynamic address such as a dial-in user or DHCP client. 
 Essentially, --float tells OpenVPN to accept authenticated packets from any address, not only the address which was specified in the --remote option. 
--pull 
  This option must be used on a client which is connecting to a multi-client server.  
  It indicates to OpenVPN that it should accept options pushed by the server, provided they are part of the legal set of pushable options (note that the --pull option is implied by --client ). 
  In particular, --pull allows the server to push routes to the client, so you should not use --pull or --client in situations where you don't trust the server to have control over the client's routing table. 
--tls-client 
  Enable TLS and assume client role during TLS handshake. 
--remote-cert-tls client|server 
  Require that peer certificate was signed with an explicit key usage and extended key usage based on RFC3280 TLS rules. 
  This is a useful security option for clients, to ensure that the host they connect to is a designated server.  
  Or the other way around; for a server to verify that only hosts with a client certificate can connect. 
--verify-x509-name name type 
  Accept connections only if a host's X.509 name is equal to name. 
  The remote host must also pass all other tests of verification. 
  Which X.509 name is compared to name depends on the setting of type. 
  type can be "subject" to match the complete subject DN (default), "name" to match a subject RDN or "name-prefix" to match a subject RDN prefix. 
  NOTE: Test against a name prefix only when you are using OpenVPN with a custom CA certificate that is under your control. 
  Never use this option with type "name-prefix" when your client certificates are signed by a third party, such as a commercial web CA. Client Config Dir on Server

CCD – Client Config Dir Settings

Client Config on Server

--client-config-dir dir 
  Specify a directory dir for custom client config files. 
  After a connecting client has been authenticated, OpenVPN will look in this directory for a file having the same name as the client's X509 common name. 
  If a matching file exists, it will be opened and parsed for client-specific configuration options. 
  If no matching file is found, OpenVPN will instead try to open and parse a default file called "DEFAULT", which may be provided but is not required. 
  Note that the configuration files must be readable by the OpenVPN process after it has dropped it's root privileges. 
  This file can specify a fixed IP address for a given client using --ifconfig-push, as well as fixed subnets owned by the client using --iroute.
  One of the useful properties of this option is that it allows client configuration files to be conveniently created, edited, or removed while the server is live, without needing to restart the server. 
  The following options are legal in a client-specific context: --push, --push-reset, --push-remove, --iroute, --ifconfig-push, and --config.
--ccd-exclusive 
  Require, as a condition of authentication, that a connecting client has a --client-config-dir file. 
On your server check the option client_config_dir ‘/etc/openvpn/ccd/’. In the defined ccd directory place a file for each client. The file must be named according to the X509 common name of the client certificate.
root@openwrt_server:~# cd /etc/openvpn/ccd/
root@openwrt_server:/etc/openvpn/ccd# ls
client1.vpn.cavebeat.lan
root@openwrt_server:/etc/openvpn/ccd# cat client1.vpn.cavebeat.lan 
ifconfig-push 172.16.10.2 255.255.255.248 
iroute 192.168.34.0 255.255.255.0

Client Config File

ifconfig-push tells the client the IP address and the netmask. iroute routes the packet from openvpn to the client in combination with route on the server.

--ifconfig-push local remote-netmask [alias]
  Push virtual IP endpoints for client tunnel, overriding the --ifconfig-pool dynamic allocation.
  The parameters local and remote-netmask are set according to the --ifconfig directive which you want to execute on the client machine to configure the remote end of the tunnel. 
  Note that the parameters local and remote-netmask are from the perspective of the client, not the server. 
  They may be DNS names rather than IP addresses, in which case they will be resolved on the server at the time of client connection.
--iroute network [netmask] 
  Generate an internal route to a specific client. 
  The netmask parameter, if omitted, defaults to 255.255.255.255. 
  This directive can be used to route a fixed subnet from the server to a particular client, regardless of where the client is connecting from.
  Remember that you must also add the route to the system routing table as well (such as by using the --route directive).
  The reason why two routes are needed is that the --route directive routes the packet from the kernel to OpenVPN. 
  Once in OpenVPN, the --iroute directive routes to the specific client. 
  This option must be specified either in a client instance config file using --client-config-dir or dynamically generated using a --client-connect script. 
  The --iroute directive also has an important interaction with --push "route ...". 
  --iroute essentially defines a subnet which is owned by a particular client (we will call this client A). 
  If you would like other clients to be able to reach A's subnet, you can use --push "route ..." together with --client-to-client to effect this.
  In order for all clients to see A's subnet, OpenVPN must push this route to all clients EXCEPT for A, since the subnet is already owned by A.
  OpenVPN accomplishes this by not not pushing a route to a client if it matches one of the client's iroutes. 

Route Settings on Server

On the server two route settings must be set. The first one is to tell the Server Router where to send packets for the client network. The push route is to tell the clients where to send packets to the server network.

option route '192.168.34.0 255.255.255.0 172.16.10.1'
list push 'route 192.168.68.0 255.255.255.0'

Firewall

For more details on this part, have also a look at my other VPN Client Tutorial.

Create Unmanaged Interface

As Asian Market Growth Continues, West 7 Center Ready to Enable International Connectivity 5As Asian Market Growth Continues, West 7 Center Ready to Enable International Connectivity 6As Asian Market Growth Continues, West 7 Center Ready to Enable International Connectivity 7Your /etc/config/network should contain now

root@openwrt:~# cat /etc/config/network 
config interface 'cyber_vpn'
 option proto 'none'
 option ifname 'cyber_tun0'
 option auto '1'

Firewal Zones

As Asian Market Growth Continues, West 7 Center Ready to Enable International Connectivity 8As Asian Market Growth Continues, West 7 Center Ready to Enable International Connectivity 9

As Asian Market Growth Continues, West 7 Center Ready to Enable International Connectivity 10

Your /etc/config/firewall should contain now following parts:

cat /etc/config/firewall 
config zone
 option name 'cyber_vpn'
 option input 'ACCEPT'
 option output 'ACCEPT'
 option network 'cyber_vpn'
 option forward 'ACCEPT'

config forwarding
 option dest 'lan'
 option src 'cyber_vpn'

config forwarding
 option dest 'cyber_vpn'
 option src 'lan'

Routing Table and Ping Checks

These routes should show up on Client and Server to be reach able from both ways.

Client

root@openwrt_client:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.10.0 0.0.0.0 255.255.255.248 U 0 0 0 cyber_tun0
192.168.68.0 172.16.10.1 255.255.255.0 UG 0 0 0 cyber_tun0
192.168.34.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan

Ping the Server Router from the Client Router

root@openwrt_client:~# ping -c 2 192.168.68.1
PING 192.168.96.1 (192.168.34.1): 56 data bytes
64 bytes from 192.168.34.1: seq=0 ttl=64 time=45.757 ms
64 bytes from 192.168.34.1: seq=1 ttl=64 time=37.271 ms
--- 192.168.34.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 37.271/41.514/45.757 ms

Ping the remote and local OpenVPN IP

root@openwrt_client:~# ping -c 2 172.16.10.1
PING 172.16.10.1 (172.16.10.1): 56 data bytes
64 bytes from 172.16.10.1: seq=0 ttl=64 time=49.015 ms
64 bytes from 172.16.10.1: seq=1 ttl=64 time=55.041 ms
--- 172.16.10.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 49.015/52.028/55.041 ms

root@openwrt_client:~# ping -c 2 172.16.10.2
PING 172.16.10.2 (172.16.10.2): 56 data bytes
64 bytes from 172.16.10.2: seq=0 ttl=64 time=0.289 ms
64 bytes from 172.16.10.2: seq=1 ttl=64 time=0.277 ms
--- 172.16.10.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.277/0.283/0.289 ms

Server

root@openwrt_server:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.10.0 0.0.0.0 255.255.255.248 U 0 0 0 cyber_tun0
192.168.34.0 172.16.10.1 255.255.255.0 UG 0 0 0 cyber_tun0
192.168.68.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan

Ping the Client Router from the Server Router

root@openwrt:~# ping -c 2 192.168.34.1 
PING 192.168.96.1 (192.168.68.1): 56 data bytes
64 bytes from 192.168.68.1: seq=0 ttl=64 time=43.559 ms
64 bytes from 192.168.68.1: seq=1 ttl=64 time=34.661 ms
--- 192.168.68.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 34.661/39.110/43.559 ms

Ping the local and remote OpenVPN IP

root@openwrt:~# ping -c 2 172.16.10.1
PING 172.16.10.1 (172.16.10.1): 56 data bytes
64 bytes from 172.16.10.1: seq=0 ttl=64 time=0.437 ms
64 bytes from 172.16.10.1: seq=1 ttl=64 time=0.282 ms
--- 172.16.10.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.282/0.359/0.437 ms

root@openwrt_server:~# ping -c 2 172.16.10.2
PING 172.16.10.2 (172.16.10.2): 56 data bytes
64 bytes from 172.16.10.2: seq=0 ttl=64 time=42.780 ms
64 bytes from 172.16.10.2: seq=1 ttl=64 time=33.573 ms
--- 172.16.10.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 33.573/38.176/42.780 ms

 

Evocative President and COO Derek Garnier to Speak at Phoenix Data Centers: Communication, Infrastructure & Innovation

Garnier and other panel members will discuss the state of the data center market.

WHO: Evocative President and COO Derek Garnier will speak at Phoenix Data Centers: Communication, Infrastructure & Innovation

Derek Garnier is the President & COO of Evocative and brings with him 29 years of provider experience in data center, network, and compute. Prior to joining Evocative, he served as CEO of Layer42 Networks, which was acquired by Wave Broadband in 2015, with Garnier assuming the position of SVP Data Center Services for Wave.

He has held both management and engineering roles at many top internet infrastructure providers including QTS Datacenters, United Layer, AboveNet Communications, SiteSmith, Global Crossing, Global Center, MFS Datanet, and Cabletron Systems. Garnier frequently moderates industry panels, speaks at both industry events and on radio, and provides consult for investors and companies during M&A processes.

WHAT: Leading the Curve: The State of the Data Center Market

Garnier will join other leading data center developers who are expanding in Phoenix. The panel will discuss how Phoenix is uniquely well-positioned to meet demand from sectors such as technology, banking, financial services, healthcare, retail and e-commerce in 2018.

WHERE: The Camby – 2401 East Camelback Road, Phoenix, AZ 85016

WHEN: March 28, 2018 from 7:30am – 11:00am

Register for Phoenix Data Centers: Communication, Infrastructure & Innovation

For more information on Evocative’s suite of data center services or to take a tour of one of the company’s data centers, please visit http://www.evocative.com.

About Evocative
Evocative is a North American company and an owner and operator of secure, compliant, highly available data centers. We are the trusted guardians of our clients’ Internet infrastructure. For additional information, please visit http://www.evocative.com.

The post Evocative President and COO Derek Garnier to Speak at Phoenix Data Centers: Communication, Infrastructure & Innovation appeared first on Evocative Data Centers.

Share what you’re reading

Share what you’re reading

To bring in the new year, Open Library announced a new feature called the Reading Log which lets you keep track of the books you’re currently reading, have finished reading, or want to read. Over the last two months since we launched the feature, we’ve received promising feedback from our community. Our reading log stats page shows over 53,000 readers have logged more than 100,000 books! It’s even helped us learn which books our community cares most about. The biggest point of feedback we’ve received is that many readers wish there was a way to share their reading log with friends.

As a library, and as readers ourselves, we take reader privacy seriously. We believe everyone should have the right to feel safe and have their privacy respected when they search for and borrow books. So when we launched the Reading Log feature, we decided to make it private by default, so only you can see what books you’re tracking. We also gave readers full control to manage, add, and remove books from their reading lists. We still think this is the right choice and will continue making the Reading Log private-by-default for all new users.

But now, readers have a choice: Announcing the public Reading Log option!

Starting today, users will be able to go to a new privacy page where they can manage their account settings and make their Reading Logs public so they can share it with their family and friends.

How do I make my Reading Log public?

After going to your privacy page, you can click the “Yes” option to make your Reading Log public.

As Asian Market Growth Continues, West 7 Center Ready to Enable International Connectivity 11

You can then visit your Reading Log and use the Share button to generate a link which you can share with your friends!

As Asian Market Growth Continues, West 7 Center Ready to Enable International Connectivity 12

We hope the public Reading Log feature will give your friends inspiration as to what they should read next!

 

who we are and what do we want

who we are and what do we want

As Asian Market Growth Continues, West 7 Center Ready to Enable International Connectivity 13

Manifesto – who we are and what do we want

Manifesto - who we are and what do we want

To begin with, we want everything.

Our aim is to reclaim spaces on the Internet where we can discuss and work on two levels: on the one hand, the right to and need for free communication, privacy, anonymity and access to digital resources; on the other, social projects linked to reality and struggles.

Setting up an independent server seems to us to be a good point to start and reach our goals.

We believe that communication must be free - and for free - and, therefore, universally accessible.

We try to accomplish all this by offering internet services (web sites, e-mail, mailing lists, chats, instant messaging, anonymous remailing, blogs, newsletters, and more) to either individuals and collective projects agreeing to our same aims and sharing our ideals, using our best skills and knowledges to defend users privacy.

Standing outside the commercial attitude of payed services and web spaces, we happily welcome those unresting towards cultural and media censorship, towards the globalized imaginery being prepared, packed and sold us every day.

The services we provide are not intended for (directly or indirectly) commercial activities, for use by organized religion or political parties, or, in short, by anyone who already has means and resources to spread widely its ideas, or who use the concept of representation and (explicit or implicit) delegation in its day-to-day relationships and projects.

The right to and need for privacy and anonymity must be respected.

We guarantee that we keep no logs, that we won’t ask for personal data to grant access to any of our services, and that we will do everything we can to keep our anonymous remailer, anonymizer and everything else that ensures the privacy and confidentiality of your communications running and safe.

Knowledge and resources grow through sharing. That is why we encourage the systematic, organized and completely free distribution of cultural material, self-productions and documentation, and why we fight against traditional copyright and support the adoption free and open-source software and licenses.

We called ourselves Inventati because we strive to find ways to translate in the digital world issues that are part of struggles and their organizing, overcoming the limits and constraints of reality. Ie: a plenum can be made permanent and continuous through the use of a mailing list.

We called ourselves Autistici, instead, for the passion we have for understanding the technical tools and for exposing the politics implicit in the digital world; even if software is created in a virtual world it doesn’t mean it doesn’t have a political impact on reality.

Starting from the technical tools we use we came to develop a clear array of political stances, crucial to both cyber and material world and lives: privacy, anonymity, free sharing of knowledge just to mention a few.

We believe that media and communication should not be the exclusive domain of information professionals. We believe in the value of self-management: this is why we have no sponsors or funding of any kind, apart from voluntary subscriptions by those who believe that our project is important and must survive. None of us earns a cent from this project (in fact, quite the opposite).

We share collectively any decision about technical and political aspects of our servers and projects. We discuss everything through the use of mailing lists, so that all of our debates and process is available and accessible to any single person participating in the collective.

We have no coordinator, and no spokesperson, and decisions are not reached by voting.

Autism with invention generates sharing

autistici / inventati 2002

As Asian Market Growth Continues, West 7 Center Ready to Enable International Connectivity 14