OpenVPN systemd CapabilityBoundingSet breaking notifications with exim4

At work we employ a openvpn server when working remotely and wanting to access firewall restricted locations. At some point a colleague of mine started facing disconnects to the server. We tracked down the issue being the feature of protecting against SWEET32 attacks, introduced in openvpn client version 2.4. We thus decided to upgrade our openvpn server too and bring version 2.4 from jessie-backports. When a client successfully connects to the VPN server a script is executed and sends email notifications to the LDAP user’s email about the VPN session details, such as the remote IP address used: [Read More]

Linux Networking for Ganeti Clusters, explained

Here is a presentation I made at work regarding how we employ Linux powers to establish the networking base for the Ganeti clusters powering ViMa and ~okeanos cloud installations at GRNET.

I plan on writing a detailed blogpost about how IP-less routed networks work and allow us to provide public IPv4 and IPv6 addresses to virtual machines without the burden of sharing the broadcast domain.

Why kernel is dropping frames?

Kernel is dropping packets At work, when we did setup prometheus alerting we started getting nofitications like this: description = ok10-01.okeanos.grnet.gr:9100 is dropping frames at a rate of 0.10340541666666667 frames per sec To output this alert, prometheus-node-exporter reads /proc/net/softnet_stat filepath, which contains a line for every CPU. The 2nd column of each line counts dropped frames in hexadecimal. A nicer output can be provided if we query prometheus directly from within the host: [Read More]

Revive this blog, fall 2017

What?

After several years of inactivity I decided to revive this blog of mine. I had originally used this blog to host posts regarding my GSOC involvement back in 2014.

In the meantime lots of things have changed. I’m still messing with computers and technology, both for fun and for profit. And I realised that some of the things I’m playing with at work, may be of public interest. Or perhaps it’s just vanity.

So here it is, a shiny new hugo blog hosted with gitlab pages.

I’ll try to fill it with content, interesting to fellow hackers and boring to managers.

\o/