OPNsense Forum
English Forums => Zenarmor (Sensei) => Topic started by: JonStuart on August 08, 2023, 12:23:36 pm
-
I just updated several OPNsense boxes to 23.7 from 23.1.11_1 and with that update came the Zenarmor Engine 1.14.1 update. The previous version (1.13...) worked just fine. Suddenly I'm only able to Allow based on Categories. Anytime I try to block any one item in a category.....the entire category is blocked. I have tried uninstalling Zenarmor completely and rebooting and re-installing with no luck. This is happening on 3 boxes. The only way to allow anything is to add it to the white-list.
Example:
(Tried with all available database options. None made a difference
1. Fresh vanilla install of Zenarmor
2. Edit the default policy category "Search" by blocking say "Bing"
3. All other search engines in category list are also blocked
This message is in the "Notifications" section of Zenarmor:
Engine configuration error
Cannot read any worker configuration from workers.map
Source: engine
Any ideas on what I'm doing wrong or did I miss something. Anyone Else Having this issue?
EDIT: None of the boxes are using the default HTTPS port 443 for the WebGUI and all of them forward to the modified HTTPS port via the OPNsense GUI settings interface. Don't know if that makes a difference or not but they can't use port 443 anyway as there are other services on that port.
-
Same issue here, I switched to Passive mode (reporting only).
-
I've had to just block whole categories I want nothing from and leave the rest open. At least this way something is better than nothing. I'm just hoping someone at Sunny Valley reads these forums. This is a pretty huge break in their plugin. I would take many hours to configure what the categorization would take care of easily. Is there some place to go and notify Sunny Valley about it?
-
Just use the Feedback button within the OPNsense GUI; it sends a mail to them including relevant system info and config files. They reply usually withing a working day or so.
-
Same thing here :
I've only Blocked in Network Management
DNS over TLS
DNS over HTTPS
and now DNS and NTP is not working (they are in allow mode like the rest ...)
-
Hi,
A new bugfix will be shipped today.
-
Same here. Worst upgrade experience so far...
I am lucky that this only affects my homelab... This would escalate quickly at a customer site!
-
:)!!!!SUCCESS!!!! :)
I have installed and tested the new update to 1.14.2 from 1.14.1 and can confirm this fixed the issue. I have tested with and without VLans and all looks good. It's a shame this wasn't caught before release but I am glad there was such a fast response to get it fixed and the fix was done right. Thank you for your efforts and the new interface looks very good!
To the person with the home lab @dotlike . Generally you should always test an update in a lab environment before deployment to a client. In the open source world it's a pretty well known law as well as backup EVERYTHING before you deploy regardless. I simply put a little too much trust in this plugin without testing and shouldn't have. I will now for the future. You have to understand that beta testing is for paid products because it cost time and time is money. Anyway, hope my advise helps....you can always test with a vm like virtual box. It provides snapshots and works with just about any modern pc. In contrast to that being said, and I don't really know, if this issue found itself into the paid version I would be VERY upset as that is exactly why I would pay for it so I wouldn't have that headache. If it did, then shame on Sunny Valley....they should 100% know better and they are killing their brand for no reason if it did.
-
My issues were also resolved by the new update :)
@JonStuart: I had Veeam-backups and configuration backups for the Opnsense-VM. So I could step back easily. I have a Zenarmor Home Edition subscription (so a paid version) and was a bit disappointed, that the QA-team of Sunny Valley haven´t tested the upgrade in more detail.
But as I am working in the IT industry I get in contact with software/firmware-bugs quite a lot - so no suprise ;D
That being said I am still a big fan of Zenarmor and it´s features.
BR
-
@dotlike I'm sorry to hear it made it to any of the paid versions. That really isn't good. I'm also in the IT industry and have been considering using Opnsense with Zenarmor as a replacement for some of my clients Sonic Walls. I have a pretty well built home firewall that I have been test driving for some time now and I too love Zenarmor's features. As I already said, I'm not willing to pay subscriptions to software developers that are not properly testing before releases to PAYING customers. That is just simply a paywall for features but has the same headaches as the free versions. I'm also in the software industry as well an I can for sure tell you. You never let your paying customers suffer and you use your beta tests on the freeware. That's why it's free ;D. Anyway, enough ranting, seriously I love the product but I'm not gonna make my clients pay for it just get a bunch of headaches. They need to get their development tracks setup and streamlined to prevent this from happening in the future. This is my 4th bout with this since the plugin was first released.
-
I just noticed that for my Home subscription, sub-categories were also reset. I only blocked DoT and DoH, now the complete parent category is blocked.
And on top of that, posted a separate topic here for this, that policy disabled itself. Twice now, after Zenarmor got updated I think.
Oh boy, I used to be a big fan of Zenarmor. Now I'm actually considering cancelling my subscription.
Resetting policies, partly or disabling subcategories, that cannot happen on a firewall software I pay for.
-
Oh boy, I used to be a big fan of Zenarmor. Now I'm actually considering cancelling my subscription.
Yeah, I canceled my home subscription. Not really worth it anymore, poor QA along with nerfing features was enough for me.
Who cares about a fancy webui when the core features gets broken.
-
Oh boy, I used to be a big fan of Zenarmor. Now I'm actually considering cancelling my subscription.
Yeah, I canceled my home subscription. Not really worth it anymore, poor QA along with nerfing features was enough for me.
Who cares about a fancy webui when the core features gets broken.
I totally agree, Zenarmor has not only never worked well, but over time it has not worked well either in the free version or in the paid version, which no one in their right mind should pay for. As for the free version, it is just a visually appealing software without any functionality and there are better alternatives such as Adguard.
-
Over the centuries Opnsense will be remembered as an excellent firewall capable of giving incredible control of local network devices with powerful add-ons such as Suricata, Adguard or Wireguard but it will never be remembered for Zenarmor unless we wanted to recommend it to our worst enemy.
-
Over the centuries Opnsense will be remembered as an excellent firewall capable of giving incredible control of local network devices with powerful add-ons such as Suricata, Adguard or Wireguard but it will never be remembered for Zenarmor unless we wanted to recommend it to our worst enemy.
I have to disagree there, Zenarmor works pretty well most of the time and protects my kids and guest network perfectly. A lot of stuff has been blocked in the past.
Suricata is old-fashioned IPS/IDS, definitely not the way to got to really protect anybody nowadays. Adguard only relies on DNS, and with DoH and DoT circumventing it, will be less useful in the future. I am blocking a lot of DoH/DoT ATM, without having it configured anywhere, the opposite is the case actually. Getting rid of it whereever I see it. But apps as well as macOS/iOS have it build in and will use it under certain circumstances.
Zenarmor's DPI is awesome, and does way more than just AD Blocking. E.g. it can block DoH/DoT which is very important to prohibit if you want to keep controling DNS. I have not cancelled my subscription yet BTW, Zenarmor support is looking into my problems ATM. They have great and very responsive support.
-
But does Zenarmor can block VPN ?
I’ve blocked all the proxt categories but my 9 year kid destoyed all mys security just by installing hide.me vpn software on this phone … Same thing for 1.1.1.1 vpn software on ios or android, zenarmor does not block anything regarding VPN (at least to my setup).
So what is the point to block doh or dot (and not always, i’ve tried some doh and dot dns servers anf there are not block by zenarmor too) or to have dpi if a simple free vpn software can bypass all the security of opnsense and zenarmor ? Every VPN on 443 are not seen as VPN by zenarmor …
So i’m really confused …
-
There's a category for hide.me, what does Zenarmor log when you try to connect?
What did it log for the problematic services you described?
Did you file a ticket for your problem?
Mine is blocking DoH/DoT just fine, just verified with https://1.1.1.1/help
Block status,Start time,End time,Protocol,Source IP,Source hostname,Destination IP,Destination hostname,Destination port,Application category,Application,Application protocol,Security category,Packets Outbound,Packets Inbound,Bytes Outbound,Bytes Inbound,Interface,VLAN,Policy
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,1,0,583,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,1,0,583,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,1,0,583,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:46,2023-08-09 20:55:46,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:46,2023-08-09 20:55:46,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:46,2023-08-09 20:55:46,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,
-
It logs Secure Web Browsing for many VPN that I tried.
And with VPN, zenarmor will not see the dns request even in doh or dot.
Some dot or doh servers are not detected by zenarmor, I need to find the one I’ve tried few days ago.
-
It logs Secure Web Browsing for many VPN that I tried.
And with VPN, zenarmor will not see the dns request even in doh or dot.
Some dot or doh servers are not detected by zenarmor, I need to find the one I’ve tried few days ago.
Have you tried the actual VPN services, or only visited their websites? If a VPN connection should be blocked and is not, file a ticket. Zenarmor are friendly and fast to respond.
Same goes for missing DoH servers.
-
It logs Secure Web Browsing for many VPN that I tried.
And with VPN, zenarmor will not see the dns request even in doh or dot.
Some dot or doh servers are not detected by zenarmor, I need to find the one I’ve tried few days ago.
Have you tried the actual VPN services, or only visited their websites? If a VPN connection should be blocked and is not, file a ticket. Zenarmor are friendly and fast to respond.
Same goes for missing DoH servers.
Of course i’ve used the official application of hide.me on ipad and iphone, and the one of cloudflare with WARP on ios/android too. And those VPN are not blocked by zenarmor. I’ve almost success by create a blacklist of some domain with Zenarmor and Adguard, but it still DNS blocking and zenarmor use dpi that is normally better.
You can have a try with the 1.1.1.1 application of cloudflare, it does not require a account or credit card. Hide.me need to create a account but no credit card required for the free version.
-
Of course i’ve used the official application of hide.me on ipad and iphone, and the one of cloudflare with WARP on ios/android too. And those VPN are not blocked by zenarmor. I’ve almost success by create a blacklist of some domain with Zenarmor and Adguard, but it still DNS blocking and zenarmor use dpi that is normally better.
You can have a try with the 1.1.1.1 application of cloudflare, it does not require a account or credit card. Hide.me need to create a account but no credit card required for the free version.
I have filed a ticket this morning. It does not recognise/block OpenVPN or Wireguard anymore here. I remember testing that a few years ago and it worked.
No idea whats going on there.
-
The engine works fine though, seems to be a problem with the OpenVPN and Wireguard matching in my case.
I just tried to block SSH on non-standard port 222, to rule out it would simply block by well known ports.
It recognised and blocked SSH on 222 just fine.
I already got a reply from Zenarmor, they are looking into it.
-
Ok thanks.
The main issue is that a lot of modern VPN start to use 443 port ... So i think it will be difficult to globally block 443 port if you want to still be able to use internet :)
-
So I originally started this thread and I need to make a few things clear for me. It is NOT that Zenarmor is a bad product. When it works it works very well at not only blocking by DNS but IP's as well and at the same time. Some of you here are not really familiar with it's capabilities. This is a very capable product for controlling local network traffic when it is outbound to the internet. It is VERY effective if you take the time to learn how to configure it. That is not the issue I have.....The sole problem I have is that they need to do better at testing before release to a paid audience. There is a standard practice for this and I feel like they have a poor implementation of it. That makes it unreliable to deploy for businesses or business clients if you are an MSP (Managed Service Provider). They could GREATLY increase it's use and sale by making it's releases more reliable for working on deployments. Some of you really like to argue for your favorite product in true Linux Tradition. I have tested this plugin in many critical situations and it performs exceptionally well even in free mode. I can't deploy it in critical situations because of this upgrade issue which sometimes seems to break.....when it works it works well.
Sunny Valley....if you are still paying attention to this thread.....PLEASE TAKE THIS TO HEART. You have got to get a better update track in place. I love your product and I want to, and can, sell this to clients I have. I can't do that in good conscience knowing that somewhere one of your updates will break it's functionality and they will have to deal with it. Please take a look at this and let us know here in the public realm know what your plan on this is.