Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - minime

Pages: [1] 2 3

23.1 Legacy Series / Re: 23.1.5_4 Unbound Whitelist Domains Broken

« on: June 16, 2023, 09:49:14 pm »

Actually, no, I take it back. Doesn't work. I had, how embarrassing, the blocklist functionality unchecked...and hence it worked...so, no, still no joy.

23.1 Legacy Series / Re: 23.1.5_4 Unbound Whitelist Domains Broken

« on: June 16, 2023, 08:25:30 pm »

Thank you for your response.

I was able to solve it. I had to enter:

*.giphy.com
giphy.com

The first entry was needed as giphy is using subdomains for the content delivery.

23.1 Legacy Series / Re: 23.1.5_4 Unbound Whitelist Domains Broken

« on: June 16, 2023, 03:44:48 pm »

Thank you for your response.

That's the first thin I tried and it didn't work...it loads partially the website, but no gifs.

23.1 Legacy Series / Re: 23.1.5_4 Unbound Whitelist Domains Broken

« on: June 16, 2023, 12:49:19 pm »

I have the same on OPNsense 23.1.9

Maybe I am doing it wrongly?

General Discussion / Re: Living in a not so safe country => call for guidance/advice

« on: March 04, 2017, 01:32:57 pm »

Many thanks, this helps. However, may I invite knowledgeable people to chip-in? I am hoping that we could create a howto for my described use-case. The further we lower the bar for people to have a safe environment the better.

17.1 Legacy Series / Re: Using Proxy also through an OpenVPN connection

« on: February 13, 2017, 03:03:06 pm »

Hmmm...not sure, but I think this is not what I mean.

I would like to establish a OpenVPN connection first and then use my squid/proxy to improve performance and also to filter unwanted sites. I am using the OpenVPN server on port 443. Squid is only listening on port 80 (no SSL certificate).

Can I provide further information? What would you need?

17.1 Legacy Series / Re: Using Proxy also through an OpenVPN connection

« on: February 13, 2017, 08:30:25 am »

No, and I start to think that it is not possible as it would break the secure connection... :-/

17.1 Legacy Series / Re: Using Proxy also through an OpenVPN connection

« on: February 12, 2017, 03:43:37 pm »

Anyone? I tried it with Port Forwarding with no effect.

16.7 Legacy Series / [SOLVED] Re: OpenVPN connections keep dropping

« on: February 08, 2017, 08:24:17 pm »

Just for the record, I solved the problem by NOT using "keepalive". Now I have a stable connection.

17.1 Legacy Series / Using Proxy also through an OpenVPN connection

« on: February 08, 2017, 05:16:58 pm »

Hi guys,

Might be a simple question for you, but I can't figure this quite out. I have a working squid for my LAN, but now I would also make use of it when connected through a OpenVPN connection. How can I achieve this?

Many thanks,
Minime

General Discussion / Re: Living in a not so safe country => call for guidance/advice

« on: January 11, 2017, 05:25:37 pm »

Hi,

Interesting information. Would that also be true for SSL? The reason I'm asking this is, that this would more or less affect everything as more and more websites are delivered with SSL end-to-end encryption....

I think I'm going to ignore this potential requirement of getting an import license, defeats a bit the whole purpose of privacy if you announce in a not-so-safe country that you want to keep your privacy, right?

General Discussion / Re: Please Make a Donation to OPNsense

« on: January 11, 2017, 02:41:00 am »

Just donated €100, thanks for this project and the great support we are getting!

General Discussion / Living in a not so safe country => call for guidance/advice

« on: January 10, 2017, 11:52:57 pm »

Hi,

Soon I will relocate to a not so safe country. I already have a OPNsense box at the moment up and running incl. OpenVPN. However, at the moment it is not that much important whether I did a configuration mistake or not, but soon I have at least the perceived feeling that it is critical to get it right. Hence I am asking the expert on this forum for guidance, advice and tips. Any help is much appreciated!

Scenario: Living in a not so safe country and getting a secured connection into a safe country
Goal: Routing ALL internet traffic securely from Country B through Country A, while making sure the OPNsense boxes themselves are secured as well

Country A (safe)

Modem (1gbit symmetric)
Dedicated OPNsense box
NAS connected to the OPNsense box

Country B (not so safe)

Modem (1gbit symmetric)
Dedicated OPNsense box
Wireless Router connected to a Switch that is connected to the OPNsense box

Line of thinking

Creating a site-2-site OpenVPN connection on the two OPNsense boxes
Attaching the Wireless Router to Switch that is connected to the OPNsense box in Country B
Mobile devices directly connect to the OPNsense box in Country A

Questions

Without a OpenVPN connection I can saturate my 1gbit line (achieving ~950mbit), with a OpenVPN I achieve on my current OPNsense box (i5-6200u) ~350mbit. Is that to be expected? What system would allow me to saturate the line with a OpenVPN connection? Any experience?
Inline Intrusion Prevention System is currently deactivated as the performance impact is without a OpenVPN connection already quite high (down to 500-700mbit depending on the activated options). From a security point of view, do you recommend having this feature activated? If yes, in combination with my previous questions, what system would allow me to saturate my line and do you have experience with this?
As the configuration options in OPNsense exceeds my full understanding and I can't make a mistake here, is there any configuration guidance/recipe for a scenario like I have? No frills, just having a secured connection and secured OPNsense boxes (like login/management, certificates/keys, making sure the system can't get manipulated => read-only system, etc.)?

Many thanks for your support!

16.7 Legacy Series / Re: OpenVPN connections keep dropping

« on: January 09, 2017, 09:07:06 pm »

Not stable with:

Remote Access (SSL/TLS + User Auth)
Local Database
tun UDP 443
TLS authentication with static key
Local CA
DH 4096
AES-256-CBC
SHA512
Intel RDRAND engine - RAND
cert depth one (client+server)
Strict User/CN Matching deactivated
Redirect Gateway activated
Concurrent connections empty
Compression: No Preference (if I deactive I can't get a connection established)
Inter-Client communication activated
Duplicate Connections activated
IPv6 is disabled
Dynamic IP activated
Address Pool activated
Topology activated
DNS Default Domain deactivated
DNS Servers defined
Force DNS cache update activated
NTP Servers deactivated
NetBIOS Options deactivated
Client Management Port deactivated
Use common name deactivated
Advanced Configuration: keepalive 150 450
Verbosity level 1
Renegotiate time empty

Client:
OpenVPN for Android 0.6.63 (Arne Schwabe)

16.7 Legacy Series / Re: OpenVPN connections keep dropping

« on: January 09, 2017, 07:50:44 pm »

Interesting, I was just heading to this forum as I'm lost of what else I could do to get a proper working OpenVPN connection.

I am using an i5-6200U, which is usually not at it's limit at all (it can saturate 350mbps over OpenVPN), but I can't get my system to keep the connection up. I have to reconnect to get it working again (it often seems that I am still connected, but in fact it lost it already), which is not a deal breaker, but I wonder why I can't get it to work properly.

I tried a lot of "keepalive" variations and followed a lot of different advice you can find with Google, now I am wondering, am I the only one or not. It seems I am not...

Who gets a stable connection working and with what settings?

Pages: [1] 2 3