VLANs allow to introduce network segmentation to our environment. After we make sure the machines sit in separate VLANs, we might want to provide some sort of inter-VLAN routing as well as some sort of a firewall (UTM) that will make sure only desired traffic gets through from VLANs to VLANs.
Hypervisor networking using Open vSwitch – Part 2 – Introducing VLANs
In last article we introduced the basic concept of a virtual switch. Now is a good time to introduce VLANs and how we can integrate them with LibVirt. This will allow us to segregate VMs just like we would segregate physical machines and devices using traditional managed switches.
Hypervisor networking using Open vSwitch – Part 1 – Setting up basic vSwitch
Lately I’ve been toying around with the idea of finally putting more effort into learning ins and outs of CheckPoint VSX systems. Basic deployment technically allows us to rely only on physical interfaces to set up the chassis but I wanted to make sure I have something that reflects most common setups (because in 99.9% of cases you will encounter VSXes simply connected to a switch over a trunk port and very little physical cabling).
In this article you will learn how to add a basic virtual switch, as well as to move some of your interfaces to it.
Route-based VPN between OPNSense and StrongSwan
Today I’ve spent a little bit of my time to figure out how to move away from policy-based VPN in favour of a route-based one instead. I was eyeing the concept for a while now and wanted to use it in my home lab to solve a couple of problems I was trying to turn a blind eye to. Without further ado, please follow the guide below to set up a route-based VPN between a StrongSwan-based peer (on RPi 3+) and an OPNSense appliance.
Route VPN traffic between two 3rd parties using CheckPoint
Let’s imagine we have two separate VPNs established to some 3rd parties and they’ve asked us to allow them access to each other’s resources.
This guide will show you how to easily allow routing between VPN communities and what our 3rd parties will have to do in order to get the connection up and running…