Network

Evolution of Remote Access

Traditional VPN services, which most of us are familiar with, work on the “hub-and-spoke” principle (star topology). This means that all traffic from the client to the protected network passes through a central server. This approach has drawbacks:

• Configuration complexity: Manual setup, port forwarding, and key management are required.
• Performance: All traffic, even between two remote clients, must go through the central server, which increases latency.
• Single point of failure: If the central server goes down, the entire network stops working.

A new concept — Zero-config VPN — solves these problems by using a mesh network architecture.

Dynamic Routing on Keenetic: BGP and OSPF

When Static Routing Isn’t Enough

In most home networks, routing is simple: all traffic is sent through a single ISP. In such cases, static routing is sufficient. But what if you have a complex network with multiple routers, redundant connections, or you want to experiment with advanced networking? This is where dynamic routing protocols come into play.

KeeneticOS includes built-in support for these protocols, allowing it to automatically exchange routing information with other routers, adapt to network changes, and ensure failover capabilities.

Keenetic: A Router Whose Main Asset Is Its Operating System

A Quick Look at Keenetic

In the world of home routers, where most devices come with proprietary, bloated firmware, Keenetic stands out with its unique approach. Instead of competing solely on hardware, the company focuses on its own operating system — KeeneticOS. This makes their devices not just routers, but flexible, stable, and expandable network platforms.

KeeneticOS: Modular and Reliable Core

Under the hood, Keenetic runs a Linux-based system topped with a unique modular operating system. This approach offers two key advantages that tech-savvy users will appreciate:

Introduction: The First Line of Defense for Your Server

Before thinking about complex intrusion detection systems such as Fail2ban or CrowdSec, you need to build the first and most reliable line of defense—a firewall. A firewall controls all network traffic entering and leaving your server and blocks unauthorized connection attempts.

Traditionally, Linux servers have used iptables to manage firewalls, but its syntax can be complicated and confusing. Fortunately, there is a simpler and more intuitive tool — UFW (Uncomplicated Firewall).

Introduction: A Hidden Network Issue

Developers and system administrators using servers on the OpenStack platform (for example, the C*-M*-D* hosting plans from reg.ru) sometimes encounter mysterious network problems. The internet seems to work, but when trying to transfer large amounts of data or establish connections to certain services, requests may hang or fail due to timeouts.

The provider explains this issue as a feature of their infrastructure:

Servers on the OpenStack platform use VxLAN technology, which reserves 50 bytes for service information. Because of this, the maximum transmission unit (MTU) on the server’s main network interface (ens3) is 1450 bytes.

Read more

Redundancy of Interoffice Links (Site-to-Site VPN, MPLS, Dark Fiber)

We’ve already discussed how to ensure reliable connectivity within a single building. Now let’s look at a more complex but equally critical topic: redundancy of communication links between geographically distributed offices or branches. This is crucial for companies where employees across locations need to exchange data, access shared resources (such as a central CRM, file servers, or IP telephony), and work as a unified whole.

In today’s world, where every aspect of business depends on IT, and downtime is measured not only in lost revenue but also in missed opportunities and reputational damage, connection stability becomes a critically important factor. From email and internal CRMs to online sales and cloud services — all of it requires constant and reliable network access.

This is where network link redundancy comes into play. It’s not just “insurance” — it’s a fundamental part of your business continuity and high availability strategy for your IT infrastructure.

Many thanks to Mikhail for the work, I am very pleased with the result. I especially thank him for the recommendations during the setup process — from my rather muddled brief (and I know little about servers) Mikhail, with clarifying questions and suggestions of his own, formulated a clear understanding of what tasks the final build will solve and how to organize everything in the best way. I recommend!

Reply: Thank you for the feedback!
Glad to help!

In the world of networking, there’s often a need to bridge two remote LANs so they behave like a single local network—even when separated by different routers. For MikroTik users, the concept of EoIP (Ethernet over IP) is familiar: it’s a proprietary tunneling protocol that allows creation of a virtual Ethernet interface (Layer 2) over an IP network.

Good news for Keenetic users: since firmware NDMS v2.10, Keenetic routers also support EoIP! This opens up exciting possibilities for advanced network designs.

In the world of Linux and networking technologies, there are many subtle but critically important kernel settings. One such setting is rp_filter. This parameter, often overlooked, plays a key role in network security and correct packet routing. Let’s explore what it is, how it works, and why understanding it is essential for every system administrator.

What is rp_filter?

rp_filter stands for Reverse Path Filtering. It’s a Linux kernel mechanism that checks incoming network packets to verify whether they arrived on the interface through which a reply to the sender’s IP address would be routed.