Site-to-Site VPN Firewall Rules

When adjusting settings for a site-to-site VPN, don’t forget to update the firewall rules. Make sure the appropriate subnets for your networks are covered. In /etc/ufw/before.rules: # OpenVPN Rules *nat :POSTROUTING ACCEPT [0:0] # Allow traffic from OpenVPN client to ens32 -A POSTROUTING -s -o ens32 -j MASQUERADE -A POSTROUTING -s -o ens32 … Read more

Settings for SAMBA Shares to Play Nicely with MacOS

Add the following to the global section: min protocol = SMB2 ea support = yes vfs objects = fruit streams_xattr fruit:appl = yes fruit:metadata = stream fruit:model = MacSamba fruit:veto_appledouble = no fruit:posix_rename = yes fruit:zero_file_id = yes fruit:wipe_intentionally_left_blank_rfork = yes fruit:delete_empty_adfiles = yes fruit:locking = netatalk In the individual shares if you want to … Read more