Documenting settings to get IPv6 setup within the configuration for OpenVPN, plus forwarding all IPv6 traffic through the VPN. This has no explanation of how you obtain IPv6 address prefixes frrom your ISP or how it works differently from IPv4, just simply how to get it working within OpenVPN. Will update if needed.
Category: Technology Page 2 of 17
Update: for a newer version of this information set within the Config Tree portion of the web interface of the EdgeRouter 4, read this post, with pictures and all! 🙂 https://davidwesterfield.net/2021/03/enabling-ipv6-prefix-delegation-on-att-internet-for-a-second-firewall/
I’m archiving this information for future reference because I (or others) may need it. This was extremely helpful in getting AT&T’s allotted IPv6 subnet(?) (properly called: delegated prefix) setup in my EdgeRouter 4, although I wound up having to use the web interface and configuring the same settings within the Config section. Without further ado (or a whole lot of ado below) here is Bradley Heilbrun’s explanation.
“For the first time in a long time, I believe that we can speak the words of truth into an issue that can have true and lasting effects on how tools like AI are developed and used in our world. The benefits of this technology are great, but the dangers are real. Just as electricity changed everything about our society, AI is due to change even more in a shorter period of time. We are entering a new age of AI where everything about your life and our communities will be different. The church has the unique opportunity and obligation to speak boldly to a watching word with a word of hope and peace that who you are is not tied to what you do, rather your dignity is tied to the One that created the entire world. No matter how advanced AI might become in the future or how dependent our society already is on the technology, nothing can change who you are as an image bearer of God. This guiding ethic drives everything we do as Christians and has life-altering applications to the issues that AI is presenting to our homes, communities, and world.”
After working through a number of WordPress sites over the years and either preventing hack attempts or intervening in cleaning up hacked sites, I’ve “engineered” a free way to keep your site secure with the use of these plugins in conjunction:
- iQ Block Country: This plugin will prevent certain countries that you set from accessing either the front-end of your site, or (in the cases I use it for almost exclusively) the back-end. For the purposes of the sites I manage, I block all except the United States on the back-end and leave the front-end open to all.
- Jetpack: this is a great plugin to utilize anyway just for stats collection, image/CDN offloading, but included within this plugin is the ability to turn on brute force login protection. Another very helpful prevent if these other tools don’t catch something.
- WordFence: this free tool (that actually does have a subscription service for even better protection) is a web application firewall for use directly within WordPress. One of the big things it prevents are brute force login attacks, XSS attacks and SQL injection attacks, amongst others. Now, a web app firewall (like ModSecurity or some other hardware appliance like a Barricuda or Cisco firewall) in front of the application itself would work even better at preventing attacks before they even got to your WordPress site (if setup correctly), but can be quite advanced to install and configure. Regardless, this plugin is a great way to keep those kinds of attacks at bay.
- Invisible reCaptcha: this utilizes the newer version 3 of Google’s reCaptcha to prevent automated bots from either spamming the comment sections of your posts or pages or from brute force attempts to login to your site as admin.
None of these methods are fool proof from attacks getting through some other threat vector, but I’ve found this to catch quite a bit of junk on all the sites I’ve set them up on.
And one last thing: make sure and secure your site with SSL?!? 🙂
The following commands enable, follow in real-time and disable the querylog entries for when you’re trying to troubleshoot or watch the connection.
1. Enable: sudo rndc querylog
2. Follow: sudo journalctl -f
3. Disable: sudo rndc querylog
From an interview with James Cameron, director of the Terminator and Alien movies, amongst many others, and Tim Miller.