SHARIFUL's TECH BLOG

Today we will have a look at how to run dynamic routing protocol over Wireguard. Due to some design choices how Wireguard works, there is no good mechanism of running directly dynamic protocols like OSPF over Wireguard tunnels when more than two (2) sites are involved in the routing domain. Readers are welcome to have  a look at this to know more about about it and the warning -  Warning: The protocol design of WireGuard requires that 'allowed-ips' must not overlap on a single interface. To add another OSPF link to the server, you will need to create wg02 on a different port. Instead we will use our good old friend - GRE to the rescue. We will use the concept of passenger/carrier protocol. Routing or data traffic will be encapsulated in GRE (passenger), then it will be encrypted and carried by Wireguard to the final destination. When we are doing two levels of encapsulation, it was always better to know about the protocol overheads involved, so that we can avoid ...

There is a new kid of VPN is in town which is Wireguard . Recently it has been accepted into the linux kernel code.  So, it may be soon that different vendor start implementing in their networking products. Today I will try to explore it from the perspective of running it as an alternative of SSL/L2TP/PPTP remote access vpn, for accessing central resources from a home network through wireguard vpn tunnel. It is called another name - road warrior setup. I will not go deep into how wireguard works. But introduce it briefly. Interested readers are welcome to google about it. Wireguard is based on UDP protocol and default port is 51820. It authentication is based on private/public key pair. Let's say we have two peers in our road warrior setup - one is wireguard client (remote user) and one is wireguard server (router/firewall running wireguard). A peer will encrypt data with is private key, then the receiving peer will decrypt the data using the sending peer's public key. So...

I always like to work with open source tools. As a network engineer, we need to maintain a device configuration management system where we take backup of configuration for different networking devices like routers, switches, firewalls etc. We want to have our backups ready so that we can restore a device configuration when a device fails or replace with new one or for auditing purpose to track recent configuration changes. Today I will talk about such a open source tools named - Oxidized. Interested readers can have a look at it's GitHub page . It is a network configuration management tool with support for diverse networking equipments. Oxidized is developed with programming language Ruby. It is very configurable, extensible and can be integrated with management tools like Librenms . I will do a two part blog about Oxidized. In this part I will cover basic setup of Oxidized and start taking configuration backup of networking equipments. Network Topology Our topology l...