Posts

Introduction In this post, I will show you how to use policy-based routing in Unifi to route specific traffic through a VPN client (I use Private Internet Access) on pfSense. This setup allows you to retain complete control of your devices and subnets via Unifi’s Network app while taking advantage of pfSense’s ability to host a VPN client. With this setup, I am getting my full ISP speeds on devices using a VPN for encryption. Depending on your hardware, you should be able to get full speeds as well. ...

#UPDATE 11/05/2022 Original post date: 2021-04-05 This update contains specific configuration options to use 4096 bit RSA keys, SHA256 Auth digest algorithm, and AES256 encryption. The original post used the default key length of 2048 from PIA, SHA1, and allowed for AES128. Throughout the post, I will tag updated information with #Update. Introduction This post aims to show you how to use pfSense within a Unifi network behind a Unifi Gateway [in my case, the gateway is the Unifi Dream Machine Pro (hereafter referred to as UDMP)]. I will explain my current network configuration including applicable subnets, VLANs, and wireless SSIDs needed to make this setup successful. The end goal is to be able to add a client on my Unifi network to a particular VLAN either by joining this client wirelessly to a particular SSID or by tagging the client’s physical port to that VLAN. This VLAN will be tied to a subnet that sends data through the pfSense machine which is acting as a VPN client (I use Private Internet Access). This method allows the UDMP to continue to act as the DHCP server for these clients while allowing pfSense to anonymize and encrypt the data of the clients in question. ...

Introduction For this tutorial, I will show you how to run a Dockerized version of MacOS on Unraid. The project we will use is sickcodes/Docker-OSX, which is intended for conducting MacOS security research in containerized environments on Linux and Windows. For this tutorial, I will show you how to use Unraid’s Docker-Compose functionality to manage the container. We will also be building a special VNC-compatible image, which is required for Unraid. If you are not using Unraid, building the default image will likely work better for you. ...

Introduction In this previous post, I detailed my transition from WordPress to Hugo static sites. This post discussed hosting the site locally in a Docker container web server and exposing ports 80 and 443 to a reverse proxy on my DMZ network. Today, I will show you how you can host your Hugo static site on Cloudflare–FREE. This will absolve your responsibility to host the site, expose ports to the public, and deal with SSL certs. Cloudflare will automatically take care of all of this for you, and Clouflare will even automatically build your site from a Git repo when changes are pushed. ...

Introduction This post will cover how to set up a Docker container of Cloudflared on your internal network to provide a private tunnel from Cloudflare to your internal resources. After setting up the Cloudflared tunnels, you will no longer need to expose ports 80 and 443. This post assumes you currently have a vibrant and functioning internal network with a reverse proxy (in my case, Nginx Proxy Manager) already configured. Additionally, this post assumes you have a Cloudflare account with the ability to modify DNS records for your domain(s). ...