serverfault.com

I set up OpenVPN server on a Cudy WR3000 router, but I can't get WireGuard to work. The WireGuard handshake on the client shows "Sent" bytes but "0 Received" bytes. What I tested: OpenVPN Works: I enabled the OpenVPN server on the Cudy using port 1194. After forwarding 1194 on the ISP router, it works perfectly. This proves my Static IP and Port Forwarding logic are correct. Cross-Port Testing: I tried moving the WireGuard Listen Port to 1194, instead of default (after disabling OpenVPN), but still no handshake. MTU Adjustments: I lowered MTU to 1280 on both Server and Client to account for potential fragmentation/ISP overhead. Peer Settings: On the Cudy, I set the Peer "Remote Subnet" to 0.0.0.0/0 and "Allowed IPs" to 0.0.0.0/0. My .conf file is: [Interface] PrivateKey = [MY-PRIVATE-KEY] Address = 10.10.10.2/32 DNS = 1.1.1.1, 1.0.0.1 MTU = 1280 [Peer] PublicKey = [MY-PUBLI

I am in the process of migrating my ASP.NET framework application (running in IIS) onto a Microsoft Azure virtual machine. I have run into a problem. TSL version 1.1 is officially deprecated. Nevertheless, we have to support it, because there are Android devices from 2014 that talk to our server. I have found an online testing tool https://www.apivoid.com/tools/tls-version-checker/ that tells me which TLS versions my server supports. My existing server, which is running Microsft Windows Server 2022 Standard, is supporting TLS 1.0 and 1.1. The same application, which is running Microsoft Windows Server 2022 Datacenter Azure Edition, does not support these. And I cannot make it work. Here is what I have tried: Checking the bindings in IIS. The following are unchecked: Require Server Name Indication

I'm trying to access my MySQL database server from a Linux network namespace called application, using a veth pair named veth-application-root and veth-application-ns, located in root and in the application namespace, with IPs 192.168.254.1 and 192.168.254.2 respectively. My mysqld is not bound to any namespaces. The only change to its configuration I have made is: [mysqld] bind-address = 0.0.0.0 mysqlx-bind-address = 127.0.0.1 Yet, when I attempt to connect to it using 192.168.254.1, MySQL does not respond to my SYNs. sudo tcpdump -i veth-application-root port 3306 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on veth-application-root, link-type EN10MB (Ethernet), snapshot length 262144 bytes 20:03:04.782007 IP 192.168.254.2.50302 > redacted-domain-name.mysql: Flags [S], seq 3102422731, win

What options let openssl ca sign the request and preserve values such as basicConstraints = critical, CA:TRUE and keyUsage and perhaps other properties that the requester configured? Or is it required to always go and manually copy the options that you want to preserve into the -config file? I created a few scripts around internal CA management, one of them is "sign a certificate request". Depending on the request, it may be a normal certificate or a sub-CA that needs to be signed. The script prints the request contents, detects whether it's a sub-CA and prompts the user whether they really want this etc., so safeguards are in place. I just need OpenSSL to honor the CSR somehow. How OpenSSL is currently being called (simplified): openssl.cnf: [ ca ] default_ca = CA_default [ CA_default ] name_opt = ca_default cert_opt = ca_default policy = mypolicy private_key =

I have spent many hours trying to configure my kea DHCP server to allocate a fixed IP address to known hosts and dynamically allocate IP addresses to other devices. I have an Arch server with two network cards and two IP addresses 192.168.0.150 and 192.168.4.150. my main network has a pool of 39 IP addresses (192.168.0.61 – 192.168.0.99) for smart phones, laptops and visitor's devices. We are changing to a VoIP telephone system and have purchased 20VoIP phones. these need to connect to the network, but receive an IP address on the second subnet, so that they can use the telephone company’s router (192.168.4.1 – 192.168.4.20). It seems such a simple task, but try as I might, I cannot get it to work properly. Despite identifying the phones by their MAC address and setting up a reservation under the subnet declaration. However, the IP phones receive a dynamically allocated IP on the wrong subnet. I have tried to create a client class of “voip” and

I'm trying to export a block device using NBD and connect to it from another Linux machine. On the server side I'm exporting the device: /dev/sda3 The NBD server is running and listening on port 10809: ss -lntp | grep 10809 The output shows that nbd-server is listening. My configuration file is: /etc/nbd-server/config [generic] includedir = /etc/nbd-server/conf.d allowlist = true [/dev/sda3] exportname = /dev/sda3 The server process is running as root. On the client I try to list the exports with: sudo nbd-client -l <server_ip> But nothing happens and there is no output. The NBD kernel module is loaded. However when I check the block devices: lsblk I see that the device exists but its size is 0B: nbd0 0B My question: How can I verify that the NBD server is actually exporting the block device correctly, and why does the client see a device with size 0B?

I’m looking for some advice around Postfix and whether it can help solve an issue we’re currently facing with outbound email control in Google Cloud Platform (GCP). Our application teams run various workloads on GCP, and whenever these applications need to send email, the traffic is relayed through an NGINX mail proxy hosted in the same environment. Application hosted in GCP → Load Balancer (GCP) → NGINX Mail Proxy (GCP) → IronPort/Backend Mail Server (On-Prem) The load balancer provides availability and failover. The NGINX mail proxy simply relays SMTP traffic to an internal backend mail server. Our backend mail server enforces a limit of 2000 emails per hour. Recently, a rogue application sent 6000+ emails within minutes, causing the backend server to block all mail flow for an hour. We want to enforce tighter outbound controls before traffic reaches the backend—specifically: 100 emails per hour per IP/application Additional controls

I want to configure OSPF on mikrotik, and I’m facing a problem, that I can not overcome. My mikrotik with ros7.12 does not send any ospf hello, no matter what config is. I did not find official mikrotik OSPF document helping, cause more than half of it just explaning how protocols works. There is L3 bidirectionally connectivity between nodes over p2p /31 link, even loopback address of other node is reachable. Other node sends hello, and I can see those in torch. Worth mentioning, Nokia and Cisco establish neigboring with no problem and everythig works. So i think problem is in mikrotik here, but at this moment, I have no clue where to look. Here is my OSPF config: /routing ospf instance add disabled=no name=ospf-instance-1 redistribute=connected router-id=192.0.0.2 /routing ospf area add disabled=no instance=ospf-instance-1 name=ospf-area-1 /routing ospf interface-template add area=ospf-area-1 disabled=no interfaces=ether4 networks=10.0.

I'm dealing with a mess of a mail server that has roundcube with opendkim. When im using roundcube to send emails to other providers the letters are arriving just fine, they arent even send to the spam box despite (according to the mail testing websites) me having issues with DKIM. Testing websites do not report any other issues however. All the dns records seem to be correct(both domain provider and cloudflare), opendkim-testkey doesnt error, dig returns DKIM record, correct selector is chosen in the web panel settings... i have even restarted opendkim to be sure. Now the weird part is that it wasnt a problem before that, i vaguely remember setting up DKIM on this server before and everything working perfectly fine and testing websites like mail-tester reporting a perfect score. Since that the server pretty much didnt change at all(it doesnt have scheduled updates even) besides two things: i've recebtly closed all the telnet (yes, really) ports, updated the web panel

For a long time I have used ipmitool on servers fitted with BMC hardware such as ILO, iDRAC, etc to access other similar servers over a management LAN but I have found that commands such as: ipmitool -U root -H remote-system-ilo -I open chassis power cycle ...actually power-cycles the local server I'm using, not the remote one! What am I doing wrong? I have tried using ipmitool from a Linux desktop PC that lacks any kind of BMC hardware but find that the ipmi_si module won't load if no BMC hardware exists in the PC; although, ipmitool does work if I use options such as -I lanplus where the remote system supports this protocol. Must my local PC have BMC capability for me to fully use ipmitool?