Messages

1

22.1 Legacy Series / Re: os-ddclient

« on: September 06, 2022, 02:22:18 am »

Using FreeDNS account credentials and server FQDN works
Using the host FQDN & token as the old plugin used to, will not work.

2

22.7 Legacy Series / Firewall NAT & Rules

« on: September 01, 2022, 08:40:36 am »

   Not sure if this behaviour is correct but I noticed the following.
If I create a few NAT Portforward entries, matching NAT rules will be, automatically, created as expected.
   Now when I disable a NAT Portforward entry, should the matching NAT rule match the NAT Portforward state and be disable as well? Or it does not matter?

3

22.7 Legacy Series / Re: Not port knocking but similar

« on: August 05, 2022, 12:12:10 am »

Something like TeamViewer sounds like a fit here

I prefer to stay under the radar and use my own solutions specially after many big systems got hacked. The SolarWinds incident is one recent example. For me, no centralized system. More work but less nerve wrecking.

4

22.7 Legacy Series / Re: Not port knocking but similar

« on: August 05, 2022, 12:01:27 am »

If your in healthcare then you know DONT OPEN RDP to the world... Its a HUGE attack surface.. You wont be able to pass any kind of accreditation/HIPPA security audit with an RDP port open, and I doubt you could even pass PCI... There is literally NO NEED FOR IT... Please use a VPN or some sort of de-centralized entry point.

   Actually, I, sort of, am. These computers are, mainly, in pharmacies and clinics. But that is why I don't have the port forward enabled all the time. What I do is enable port forwarding, RDP, then disabled port forward. Total time <5 seconds. I was told that this is acceptable because it's just for a few seconds and that these port forwardings are on non standard ports (I'm not using the standard 3389 port).
   I would have setup a properly protected point of entry if they were all in 1 or 2 locations.
   I guess for now I'll have to work on only one location at a time using OpenVPN. Not efficient but definitely safer.

5

22.7 Legacy Series / Re: Not port knocking but similar

« on: August 04, 2022, 04:39:43 am »

Instead of doing this... Please please please look at setting up a VPN...

I would suggest one of the newer de-centralized options like Zerotier or Tailscale (especially if you do not have a static IP or have CGNAT)... But at minimal use Wireguard or OpenVPN with a dynamicDNS service.  There will be clients for all platforms to connect, and you wont have to worry about having RDP open to the internet.

   Here's my setup; I have about 50 OPNsense installations in different locations. I'm very familiar with OpenVPN and have it setup for the users who login to these Windows computers on a regular basis.
   Some of these networks use the same subnet 192.168.2.x because of a special device that I can not change its default subnet (pharmacy robot, dentist x-ray, etc...)
   I need to login infrequently to 3, 4 or 5 of these computers and only to fix something. Using OpenVPN in this scenario is, some times, problematic. Using RDP is easier and causes no conflicts.

6

22.7 Legacy Series / Not port knocking but similar

« on: August 04, 2022, 02:08:58 am »

Hi,
   I know that port knocking is not preferable but, at the same time, I don't want a windows computer I RDP to it exposed on the Internet 24x7.
   Is there a way to enable port forwarding to this computer through CLI/SSH then disable this port forwarding again.
   The idea is to have a script (I'm using a Debian LXQT desktop) that will login using SSH (or https), enable the port forward rule, initiate the RDP then disable the port forward.
Thanks,

7

22.1 Legacy Series / Re: os-ddclient

« on: August 02, 2022, 05:56:27 am »

Maybe it would be helpful, if there's a good place to create a wiki.
Because in the old client most accepted services were documentend where to enter what..
I've got Namecheap and Freedns (afraid.org) and the only thing I've struggled was to search where I should enter which things. Which is clearly not clear.
@franco
@AdSchellevis

I, too, am using FreeDNS (afraid.org). I tried a few settings without any luck. I, even, tried looking at the ddclient code for any clues. Still no luck.

Did you get FreeDNS working?

depends maybee also on the freeDNS Setting (did not get it work with token):
check your Settings under https://freedns.afraid.org/dynamic/v2/
The settings which are working:
Service: FreeDNS
Username: your FreeDNS User
Password: your Password
Hostname: Full subdomain name
Check IP: Interface
Force SSL: enabled
Interface to monitor: WAN

Thanks. I tried it and it worked.
However, I noticed in the log that it pulled all 50 hosts in my account before updating the current host (the OPNsense one).
Not sure if getting the plugin to update based on the host name & the token is a huge job or not but I'll take a look at the plugin code

On the other hand, thanks to Franco & the OPNsense team for keeping the legacy plugin available for now till the ddclient matures.

8

22.1 Legacy Series / Re: os-ddclient

« on: July 25, 2022, 12:02:57 am »

Maybe it would be helpful, if there's a good place to create a wiki.
Because in the old client most accepted services were documentend where to enter what..
I've got Namecheap and Freedns (afraid.org) and the only thing I've struggled was to search where I should enter which things. Which is clearly not clear.
@franco
@AdSchellevis

I, too, am using FreeDNS (afraid.org). I tried a few settings without any luck. I, even, tried looking at the ddclient code for any clues. Still no luck.

Did you get FreeDNS working?

9

21.7 Legacy Series / Re: 21.7.5 - FreeDNS not update

« on: November 17, 2021, 02:45:33 am »

   I just updated to 21.7.5 and faced the same problem.
   I, definitely, like the idea of offering both URLs. Not only to resolve this issue but also to help in migrating form one to the other.
   I had a few routers connected to Bell DSL service which actively changes IPs each reboot. I had to call someone behind these routers to give me the new IP address so I can login and use the PW for FreeDNS v2.

10

21.1 Legacy Series / upgrading 21.1.4 to 21.1.5

« on: April 24, 2021, 05:32:56 pm »

I came across a couple of issues when upgrading. They are related to php fatal errors. What is the proper way to report these issues.
Thanks.

11

19.7 Legacy Series / Re: Smart status now yellow "unknown"

« on: August 06, 2019, 05:25:23 am »

Same here

   A few PC Engine APU2C2 with mSATA identified as ada0 still shows Yellow/Unknown under status after upgrading from 19.1.10 to 19.7.2

   This used to work fine before upgrading to 19.7.x series.

12

17.7 Legacy Series / Re: Experiences with OPNSense - on the way to FTTH

« on: February 10, 2018, 11:10:57 pm »

Hi,
   Me too switched from 2-3 mbps DSL to 300d/100u FTTN from BELL. I had so many issues with initial setup. Also, with TLS handshake to some sites (Yahoo mail, BT update server, ...). And, couldn't get more than 60d/60u. At some point I wasn't sure if the old DSL was a better option .

   After a lot of research I found out that all these issues were caused by BELL router homehell3000. Once replaced, I now have 260d/110u. 260mbps could be limited by the USFF i3 computer I was testing with. VLANs works as expected. dslreports site has many helpful posts. I chose the tplink route.

   I have two sites, one uses APU2C2 with built-in Wifi and the other uses APU2C4 with external AP. Both using 17.7.12_1-amd64. Converting the rest to OPNsense.

My two cents ...