Recently, I looked at all the ways GnuPG can retrieve PGP keys from the internet to see which of these methods are actually useful. This blog post describes a summary of my conclusions. GnuPG modern (2.1.16) can retrieve keys from the internet using the following mechanisms: cert: a DNS CERT PGP record as defined in RFC-4398 pka: a DNS CERT IPGP record, also defined in RFC-4398 or a DNS TXT record, depending on the version of GnuPG.

Read More…

NAT64 for servers

This post details the setup of the additional steps required to deploy a IPv6-only server bedind NAT64 with Tayga. This post uses the documentation prefix (2001:db8::/32), replace this with your own prefix. This can be a ULA prefix. The basis is explained in a post by Luuk Hendriks. Goal The goal is to reach an IPv6-only webserver behind a dual stack router. This is done by using NAT64 on a third device to reach the server.

Read More…

X.509 IPsec on EdgeOS

Configuring X.509 based IPsec on an Edgerouter running EdgeOS.

Read More…

1 of 1