Win10 + Kali 2025 Dual Boot UEFI

This is just a warning what you shouldn’t do.

Kali installer will offer to make partitions automatically. (if you chose to use all empty available space which is obvious choice if you have Windows 10 already installed, and you leave some empty space for linux).

And in this case you get something like this. 2 EFI partitions which leads in…. didn’t try, but it can be only one EFI partition

So, you have to chose manual partitioning. Select existing EFI partition, tell installer to use it and put a boot flag. (do not format) Then, make ext4 and swap partitions. That’s all. Click to write partition table. It should meke and format EXT4 and SWAP ONLY

nVidia drivers on Kali 2025 – gtx1060 Razer Blade 14

Razer Blade 14 2017 nvidia GTX1060 – how to install nvidia driver on Kali 2025. After some digging this worked for me

sudo rm -rf /var/lib/dkms/mok.*
sudo dkms remove nvidia/550.163.01 --all
sudo apt purge nvidia* -y && sudo apt autoremove -y

sudo apt update
sudo apt install -y linux-headers-$(uname -r) nvidia-driver
sudo reboot

### it should compile the driver ###


### other way I didn't try ###
# 1. update, not upgrade (just update + install headers)
sudo apt update
sudo apt install -y linux-headers-$(uname -r)

# 2. Install NVIDIA driver + OpenCL all at once (this is the key!)
sudo apt install -y nvidia-driver nvidia-opencl-icd ocl-icd-libopencl1

# 3. (Optional, but recommended)
sudo apt install -y nvidia-prime

# 4. Reboot
sudo reboot

OpenVPN server (debian,ubuntu,kali,raspberry pi) + IOS13 – IOS16 … IOS26 client

Update: this is still working on December 2023 with IOS16

Update: ….still working! April 2026with IOS26

apt install openvpn easy-rsa
cp -r /usr/share/easy-rsa /etc/openvpn/
cd /etc/openvpn/easy-rsa
vim vars

/etc/openvpn/vars content

export KEY_COUNTRY="Serbia"
export KEY_PROVINCE="RS"
export KEY_CITY="Belgrade"
export KEY_ORG="LinuxWin"
export KEY_EMAIL="[email protected]"
export KEY_OU="OpenVPN"

Initialize PKI

./easyrsa init-pki

Build the CA without a password

./easyrsa build-ca nopass

Generate the server key

./easyrsa gen-req server nopass

Sign the server certificate

./easyrsa sign-req server server

Build a Diffie-Hellman key exchange

./easyrsa gen-dh

Generate a HMAC signature

openvpn --genkey --secret ta.key

Copy all the certificate and key to the /etc/openvpn

cp ta.key /etc/openvpn/
cp pki/ca.crt /etc/openvpn/
cp pki/private/server.key /etc/openvpn/
cp pki/issued/server.crt /etc/openvpn/
cp pki/dh.pem /etc/openvpn/

Generate Client certificate

./easyrsa gen-req client nopass

Sign Client certificate

./easyrsa sign-req client client

Copy client certificate and key to /etc/openvpn/client/

cp pki/ca.crt /etc/openvpn/client/
cp pki/issued/client.crt /etc/openvpn/client/
cp pki/private/client.key /etc/openvpn/client/

/etc/openvpn/server.conf file

port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key  # This file should be kept secret
dh /etc/openvpn/dh.pem
;dh none

server 192.168.10.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 208.67.220.222"
keepalive 10 120

;tls-auth ta.key 0 # This file is secret
tls-crypt /etc/openvpn/ta.key 0

auth SHA256
cipher AES-256-GCM

user nobody
group nogroup
persist-key
persist-tun

tun-mtu 1500

status /var/log/openvpn/openvpn-status.log
log         /var/log/openvpn/openvpn.log
log-append  /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1

enable IP forwarding

vim /etc/sysctl.conf
###uncoment following line###
net.ipv4.ip_forward=1

###save and exit###
sysctl -p

### the other way is to do the same ###
echo 1 > /proc/sys/net/ipv4/ip_forward

Firewall rules

### for server behind NAT ###
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
### or just...###
iptables -t nat -A POSTROUTING -j MASQUERADE

### open udp port 1194 ###
iptables -A INPUT -i eth0 -m state --state NEW -p udp --dport 1194 -j ACCEPT

### allow TUN interface ###
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -j ACCEPT

To save rules to be loaded on boot install iptables-persistent

sudo apt install iptables-persistent

### current iptables rules will be saved to the
### /etc/iptables/rules.v4
### /etc/iptables/rules.v6

Start OpenVPN server service

systemctl start openvpn@server

### check status with..###
systemctl status openvpn@server

.ovpn config file for ios

client
dev tun                             
proto udp          ####tcp if you use tcp protocol
remote 192.168.100.55   ### your server ip address or domain
port 1194     ####1194 only if your vpn server's port is the default port     
resolv-retry infinite
nobind
persist-key
persist-tun

tun-mtu 1500
;link-mtu 1549
mssfix 1300

auth SHA256
;auth-user-pass
verb 5
;comp-lzo  ###(disable compression)
remote-cert-tls server
cipher AES-256-GCM

redirect-gateway def1
;remote-gateway 192.168.6.1
;dhcp-options DNS .8.8.8.8

;route 192.168.6.0 255.255.255.0 192.168.6.1


<ca>
ca.crt  ### copy content here ###
</ca>

<cert>
clinet.ctr  ### copy content here ###
</cert>

<key>
client.key ### copy content here ###
</key>

<tls-crypt>
ta.key   ### copy contet of ta.key here ###
</tls-crypt>

Import .ovpn config file to ios via itunes, mail, google drive, onedrive…

There is a little script I made to automate this last step, (generate config file with all certificates). OVPNconfig

And for make certifictes and config file for more users you can use this script: OVPNclient

Update: renew server cert

cd /etc/openvpn/easy-rsa
./easyrsa gen-req server nopass
./easyrsa sign-req server server

sudo cp pki/issued/server.crt /etc/openvpn/
sudo cp pki/private/server.key /etc/openvpn/

sudo systemctl restart openvpn@server

To check cert expiration dates

openssl x509 -in /etc/openvpn/server/server.crt -noout -dates

openssl x509 -in /etc/openvpn/easy-rsa/pki/issued/client1.crt -noout -dates

openssl x509 -in /etc/openvpn/easy-rsa/pki/ca.crt -noout -dates

Kali Linux 2020 unable to boot after install

If you have more then one drive in your computer with more then one OS you can finish with this:

Error: unknown filesystem
Entering rescue mode...
grub rescue>

At this point you can try to locate kali partition and set root and prefix and try to boot… 

ls
hd0) (hd0,msdos5) (hd0,msdos2) (hd0,msdos1)...etc... hd1) (hd1,msdos5) (hd0,msdos2) (hd0,msdos1)...etc

ls (hd0,5)/
ls (hd0,2)/
...etc, until you locate the kali partiton
then...

set boot=(hd1,5)    (...replace with the right partition)
set prefix=(hd1.5)/boot/grub/
insmod normal

and this finish with:
error: file '/grub/i386-pc/normal.mod' not found.

Even if you find the right .mod to boot, it doesn’t fix the problem.

The problem is quite stupid, more like a bug. This particular laptop has 2 drives. One SSD and one HDD. Different linux distros, detect those drives differently. For Parted Magic, gParted,…etc, SSD is /dev/sda and HDD is /dev/sdb. Even for Kali installer is the same thing. But for Kali 2020, SSD is /dev/sdb and HDD is /dev/sda. So live installer installs grub on sdb, and after reboot, sdb becomes wrong drive.

Solution to this is quite simple. Chroot to Kali installation from Kali live, and reinstall grub.

(replace sda2 with your drive)

mount /dev/sda2 /mnt
mount --bind /dev /mnt/dev
mount --bind /proc /mnt/proc
mount --bind /sys /mnt/sys
chroot /mnt
grub-install /dev/sda
update-grub

exit
umount /mnt/dev
umount /mnt/proc
umount /mnt/sys
umount /mnt
REBOOT
seo reseller