Installing OPNSense on PCEngines’ APU2

I have been looking for a good alternative which could handle my gigabit internet connection and I believe I made a good choice going with PCEngine’s APU2 embedded system.

I tried following various tutorials dedicated for installing both pfSense and OPNsense on this device, however they didn’t quite work on the APU (or in my case), so I tried a personal method which worked successfully.

Configuring static IP address and virtual interfaces in Webmin

When assigning multiple IP addresses to a single server by using virtual interfaces on the same single main interface it is necessary to switch to a static IP configuration.

Doing network configuration remotely is a bit risky but with the correct sequence of steps it is possible to switch from DHCP to static IP without any downtime.

Disable BIND recursion while keeping local queries resolvable

For security and efficiency reasons, a hosting system DNS server should not answer recursive queries (solve DNS requests for domains it is not authoritative for).
However, the DNS server needs to accept recursive queries for the services hosted on the same system for these services to work correctly and be able to resolve forward and reverse hosts/IPs.

Clean up older installed kernels on CentOS

Linux generally keeps multiple versions of the kernel installed. This is done to maintain backwards stability and allow the selection of an older (tried and tested) kernel if the latest update fails in any way.

On a small system all these kernel versions can quickly add up and waste valuable space. In such case keeping only the needed versions (the latest and the one currently booted, if different) is an acceptable risk to take.

Control Apache’s public server information

By default Apache displays information about itself in the server signature included with reply headers and sometimes auto-generated pages. This information can give away important clues, like the exact version number of a module or Apache itself.

While obscurity never increases security since exploits can be attempted on the service regardless, knowing exact version information and running modules certainly provides a potential hacker with useful clues and eases the task.

How to configure IPSec/L2TP VPN server in CentOS 6

I had to look for an alternate VPN system to use when I need to dial back to my home network while on the move to access my media library or when I require a trusted connection or a whitelisted IP.

The next best thing (and least complicated to set up going from PPTP) is IPSec/L2TP, which has built-in support in most current operating systems (including Windows, Linux and Android). Due to its double-encapsulation nature (L2TP performs the tunnelling of data and IPSec provides the encrypted channel), L2TP/IPSec has a more complex setup and configuration procedure, both for the server and the client.