Author: Ryan Parker

I'm a former captain of the Cyber Defense team, Current Infrastructure Security Specialist. I also have a side job helping small to medium business with anything technology doing everything imaginable. One of my hobbies is building out infrastructures for myself, friends, and clients. I current maintain a homelab with about 400GB of RAM, 100+ TB of storage, and tons of CPU cores.

Step-CA: Run as a systemd service

Ryan Parker Linux September 15, 2022

Create /etc/systemd/system/step-ca.service Fill it with this, make sure your directories are correct in the ExecStart line: [Unit] Description=step-ca After=syslog.target network.target [Service] User=step Group=step ExecStart=/bin/sh -c '/bin/step-ca /home/step/.step/config/ca.json --password-file=/home/step/.step/pwd >> /var/log/step-ca/output.log 2>&1' Type=simple Restart=on-failure RestartSec=10 [Install] WantedBy=multi-user.target Next, populate the pwd file with the plaintext intermediate CA password. I put mine in /home/step/.step/pwd Next, configure the
Read More »

Step-CA: Change Certificate Authority and Intermediate Authority Encryption type and key size

Ryan Parker Linux September 15, 2022

Step-CA is a decent CA management program but it has one issue, its annoying to set the algorithm on the CA and intermediate CA. So I spent the day figuring it out. Here are the results. Choosing the Right Key Type There are 3 supported key types : EC (elliptic curve), OKP (octet for “Ed25519”
Read More »

OpenSSL CA: make a certificate signing request work on Arch Linux

Ryan Parker Arch, Linux September 15, 2022

#edit /etc/ssl/openssl.cnf Find [ ca ] and make sure this matches: #################################################################### [ ca ] default_ca = CA_default #default ca section #################################################################### [ CA_default ] dir = /etc/ssl # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database =
Read More »

VFIO: Tuning your Windows gaming VM for optimal performance

Ryan Parker Kernel, libvirt, Linux, Virtualization, Windows July 22, 2022

This will be a guide on advanced tuning for a VFIO gaming VM. If you’re starting from scratch, read through the Arch Wiki guide on PCI passtrhough via OVMF. It is a great starting point and covers all of the basics. I’d recommend using libvirt instead of straight QEMU. Host hardware configuration Before we begin,
Read More »

PFsense 2.6.0: Fix pf-att bypass mode

Ryan Parker Uncategorized February 17, 2022

As of Writing this (2/17/22), there is a bug in the latest version of pfSense with the Intel if_em.ko driver. This is causing the pf-att script to not work. Thanks to the work of neydah700 on github, the fix was found by replacing the kernel driver with a newly compiled binary that has the issue
Read More »

iDrac 7 and 8: Lower fan noise on Dell Servers

Ryan Parker Uncategorized January 1, 2022

I have a Dell R720xd and its default fan curve is… aggressive. Here is how i found to lower the fan speeds so its not a constant vacuum cleaner in my living room. Enable SSH on iDrac. Connect then connect to it and run: racadm set system.thermalsettings.FanSpeedOffset 255 racadm set system.thermalsettings.ThirdPartyPCIFanResponse 0 racadm set system.thermalsettings.ThermalProfile
Read More »

Pfsesne: Create a “DMZ” network for use with Video games and IOT Devices

Ryan Parker BSD, Firewall, pfSense December 12, 2021

Before we begin, know that This subnet is NOT SECURE and should only be used for certain things that absolutely require Open NAT and UPNP like game consoles, old PC games, or other insecure things. I would strongly advise setting up an Intrusion Detection system or Intrusion Prevention System like suricata. It will allow any
Read More »

How to install ElasticSearch and Logstash (and Kibana for ELK) in a TrueNAS Core Jail

Ryan Parker BSD, ELK, FreeBSD, FreeNAS, TrueNAS September 19, 2021

Before we begin, lets see what a ELK stack is made of. ELK stacks are comprised of ElasticSearch, Logstash, and Kabina with each of these services preforming different jobs. This diagram from Logz.io explains its the best Beats are installed to each host to collect the various metrics used by these services. Logstash is responsible
Read More »

Dell R710 Last SUU / SUM Bootable ISO

Ryan Parker Uncategorized March 12, 2021

Since dell so rudely removed the updates from SUM, Here is the last iso you could build from it. Just boot into it and it should install all of the firmware updates, like idrac, lifecycle controller, raid card, etc. Just be warned… it will take awhile. Enjoy https://drive.google.com/file/d/1zMoOsYS9X63TaIlHVD0uE13M4QhPcmQZ/view?usp=sharing or (If link is broken) https://angrysysadmins.tech/wp-content/uploads/2021/04/DellR710_LatestSUU.iso

Edgerouter / EdgeOS IPsec Site to Site Troubleshooting

Ryan Parker EdgeOS, VPN December 6, 2020

I have a client setup with multiple Edgerouter’s in an IPSec Site to Site configuration. I’ve setup a Policy based IPsec site to site configuration using this guide here. However, sometimes they just refuse to connect, with no real reason as to why. Edgerouters use StrongSwan for its VPN, so some of its troubleshooting information
Read More »