OpenVPN on a Raspberry PI using PiVPN

I recently setup a Raspberry PI as a VPN server using Google’s 2FA (2 factor authentication) – below are the steps used to set this up… The Raspberry PI has Raspbian OS installed. The default username/password for the Raspberry PI is: Username: raspberry Password: pi 1) Set the IP Address & DNS of the Raspberry…




Debugging on a Checkpoint

1) Prepare the debug: [Expert@FW]# fw ctl debug 0  —This defaults (clears) all the kernal debugging options [Expert@FW]# fw ctl debug -buff 32000  —This is the buffer that the kernel users to store debugging messages [Expert@FW]# YOUR DEBUG FILTER HERE 2) Verify the debug [Expert@FW]# fw ctl debug -m fw 3) Start and write the debug to…




NoIP DUC Client on Ubuntu

Installing the Client Run the following commands to install the client: cd /usr/local/src/ wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz tar xf noip-duc-linux.tar.gz cd noip-2.1.9-1/ make install A prompt to login using your No-IP credentials will appear Running DUC Client At Start-Up 1) Create a file called /etc/init.d/noip2 sudo vi /etc/init.d/noip2 2) Paste the following into the file noip2 #!…




Useful ASA commands

Finding objects within an object-group show run object-group network | i object-group|1.2.3.4




Fortinet Sniffing Commands

Important information about the Fortinet sniffing : Some Fortinet architectures (3140B for example) have hardware acceleration. This means that for each session you will try to do sniffing, you only see the beginning of each session. In terms of internal architecture only the first packet of a session go through the CPU, the rest goes…




Cisco Virtual ASA & VMWare Interfaces

Newtork Adapter ID ASAv Interface ID Network Adapter 1 Management0/0 Network Adapter 2 GigabitEthernet0/0 Network Adapter 3 GigabitEthernet0/1 Network Adapter 4 GigabitEthernet0/2 Network Adapter 5 GigabitEthernet0/3 Network Adapter 6 GigabitEthernet0/4 Network Adapter 7 GigabitEthernet0/5 Network Adapter 8 GigabitEthernet0/6 Network Adapter 9 GigabitEthernet0/7 Network Adapter 10 GigabitEthernet0/8




Useful Checkpoint Commands

Entering Expert Shell cpfirewall>expert Exiting Expert Shell [Expert@cpfirewall:0]clish Check FW Version (Expert Mode) fwm ver Check HA Status (Expert Mode) cphaprob stat Check When Policy Last Installed (Expert Mode) fw stat Check Load of Each CPU (Expert Mode) cpstat -f multi_cpu os Check Load of Each CPU Every Minute (Expert Mode) watch -n 1 “cpstat…




Cisco ASA Site to Site VPN using ASDM

(Using most common configuration) 1) – Configuration -> Site-to-Site VPN -> Connection Profiles Allow IKEv1 access on the outside interface 2) Configuration -> Site-to-Site VPN -> Advanced -> IKE Policies Priority 10 Authentication: pre-share Encryption: aes-256 DH Group: 2 Hash: sha Lifetime: 86400 seconds 3) Configuration -> Site-to-Site VPN -> Advanced -> Tunnel Groups Name: IP…




Checkpoint IPSO – Adding/Deleting/Viewing Routes via clish

From clish shell… Adding a route: set static-route <network/mask> nexthop gateway address <gatewayIP> on Deleting a route: set static-route <network/mask> nexthop gateway address <gatewayIP> off Viewing all routes: show routes Examples set static-route 10.1.1.0/24 nexthop gateway address 10.2.1.1 off set static-route 10.1.2.0/24 nexthop gateway address 10.1.1.1 on save config exit  




Cisco ASA Site to Site VPN Configuration (CLI)

(Using most common configuration) 1) Enable IKEv1 on the outside interface: crypto ikev1 enable outside 2) Create the IKEv1 policy – this defines the algorithms used for encryption, hashing, DH group, authentication and lifetime crypto ikev1 policy 10 encryption aes-256 hash sha group 2 authentication pre-share lifetime 86400 3) Create a Tunnel Group and define…