Ubuntu

Managing TTL in Ubuntu: From Theory to Practice

2026-03-04

#linux #ubuntu #iptables #networking #ttl #ipv6 #netfilter

TTL (Time To Live) — is an eight-bit field in the IP header that defines the maximum number of “hops” (nodes) a packet can traverse before being discarded. Each time it passes through any router the TTL value is decreased by 1.

Typical default TTL values

Different operating systems use different initial values. This allows remote OS fingerprinting.

Operating system	Default TTL
Windows (all versions)	128
Linux (Ubuntu, Debian, CentOS, etc.)	64
Android	64
iOS / macOS	64
FreeBSD / Solaris	255

Why change TTL? Usage patterns

The most common scenario. Mobile carriers analyze incoming traffic.

OpenVPN: setting up Ubuntu server and Keenetic client

2025-09-11

#OpenVPN #Ubuntu #Keenetic #VPN #iptables

In this guide, we’ll go through setting up an OpenVPN server on Ubuntu and connecting a Keenetic router to it. This setup is useful if you need to provide access to your home network or forward services (e.g., PBX or web server) through VPN.

1. Preparing the Ubuntu server

1.1 Installing packages

sudo apt update
sudo apt install -y openvpn easy-rsa iptables-persistent

1.2 Creating PKI (Easy-RSA v3)

make-cadir ~/easy-rsa
cd ~/easy-rsa
./easyrsa init-pki
./easyrsa build-ca nopass

Server keys

./easyrsa gen-req server nopass
./easyrsa sign-req server server
./easyrsa gen-dh

Client keys (for Keenetic)

./easyrsa gen-req keenetic nopass
./easyrsa sign-req client keenetic

TLS key (specifically `tls-auth`, not `tls-crypt`)

openvpn --genkey secret ta.key

1.3 Distribute keys

In /etc/openvpn/server/:
Read more