The University’s mail relays and encryption

By the time this post has been published, the Oxmail relays will most likely be using opportunistic encryption to encrypt outgoing emails, in response to actions by cloud mail providers. However, we would like to make it clear that we … Continue reading

Posted in Mail Relay, Message Submission | Tagged , , | 4 Comments

DNS Resolvers – DNSSEC

We are approaching deployment of a new fleet of DNS resolvers and there are a few questions that we would like feedback from the wider ITSS community. Specifically this post is broaching the subject of DNSSEC. Just to be clear, … Continue reading

Posted in DNS | 6 Comments

FreeRADIUS, sql_log, PostgreSQL and upserting

While this is superficially a post for creating an upsert PostgreSQL query for FreeRADIUS’s sql_log module, I felt the problem was general enough to warrant an explanation as to what CTEs can do. As such, the post should be of … Continue reading

Posted in eduroam, Uncategorized | Tagged , , | Leave a comment

Linux and eduroam: RADIUS

A service separate from, but tightly coupled to, eduroam is our RADIUS service. This is the service that authenticates a user, making sure that the username and password typed into the password dialog box (or WPA supplicant) is correct. Authorization … Continue reading

Posted in eduroam, Linux | Tagged , , , | 3 Comments

Linux and eduroam: Monitoring

For the past few months my colleague John and I have been trying to explain the inner most details of the new eduroam service, how it’s put together, how it runs and how it’s managed. These posts haven’t shied away … Continue reading

Posted in eduroam, Productivity | 1 Comment

Linux and eduroam: NAT logging, perl and regular expressions

This is a continuation of the series of posts examining the inner workings of eduroam and in particular Linux’s involvement in it. I had originally intended for this to be a post on both logging and monitoring. I now realize … Continue reading

Posted in Uncategorized | 6 Comments

Linux and eduroam: Building for speed and scalability

When upgrading the eduroam infrastructure, there was one goal in mind: increase the bandwidth over the previous one. The old infrastructure made use of a Linux box to perform NAT, netflow and firewalling duties. This can all be achieved with … Continue reading

Posted in eduroam, Firewall, Linux | Tagged , | 3 Comments

Linux and eduroam: link aggregation with LACP bonding

In previous posts, I discussed the roles of routing and NATing in the new eduroam infrastructure . In one sense, that is all you need to create a Linux NAT firewall. However, the setup is not very resilient. The resulting … Continue reading

Posted in eduroam, Linux | Tagged , , , | 8 Comments

Linux and eduroam: Routing

This is a continuation of the series of blog posts describing the Linux servers in the middle of the new eduroam infrastructure. Packets sent by your eduroam client eventually end up on one of the Linux boxes in the eduroam … Continue reading

Posted in eduroam | Tagged , | Leave a comment

Linux’s role in the new eduroam infrastructure

People within Oxford University may be aware that the eduroam service has recently been upgraded to increase its bandwidth, which was saturated on the old infrastructure. This included the replacement of two Linux servers which provide services key to the … Continue reading

Posted in eduroam, Linux | Tagged , | Leave a comment