Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - wfx3

#1
Hardware and Performance / Re: Qotom hardware
May 28, 2022, 02:34:35 PM
these fanless mini pc x64/amd64 are too pricey, power hungry, overheated, so better idea to move to arm64/aarch64. 

maybe rpi usb router or cm4 module with gbe carrier board. 

Quote from: john_matrix on May 21, 2022, 10:05:04 AMCan someone give me some hints to compile a build for Compute Module 4?
#2
Hardware and Performance / Re: Qotom hardware
April 14, 2022, 02:54:50 PM
i'm looking for a second unit, any experience here with the new Q1000X models?

https://qotom.net/product/91.html
#3
i need some help with initial setup of suricata 6.0.4 on opnsense 21.7.6 ..

Quote from: pankaj on September 11, 2021, 07:54:25 PM
For those wanting to get started with IDS/IPS, this is an excellent tutorial - https://www.youtube.com/watch?v=_yIq3GM4gjA&t=6s

is the youtube tutorial from last year now outdated? i tried:

Interfaces > Settings > Network Interfaces
hardware acceleration x3 turned off

Services > Intrusion Detection > Administration > Settings
enabled
IPS mode off so IDS will alert only
Interfaces > LAN only because Firewall > NAT > Outbound is Automatic

Administration > Download
enabled and downloaded/updated the test ruleset OPNsense-App-detect/test

Administration > Rules
7999999   alert   opnsense.test.rules   bad-unknown   OPNsense test eicar virus

Administration > Schedule
enabled default daily update

2021-12-02T19:50:48 suricata[27873] [100250] <Notice> -- all 1 packet processing threads, 4 management threads initialized, engine started.
2021-12-02T19:50:48 suricata[26200] [100160] <Notice> -- This is Suricata version 6.0.4 RELEASE running in SYSTEM mode


$ curl http://pkg.opnsense.org/test/eicar.com.txt

but no luck getting the client download of eicar.com.txt to trigger an alert

Administration > Alerts
No results found!

so i tried adding a policy but still no luck

Services > Intrusion Detection > Policy
enabled
priority: 0
rulesets: opnsense.test.rules
action: alert
rules classtype: nothing selected
new acton: alert

#4
i am thinking this is an asymmetric routing issue, because the gateway (ddwrt) is on the internal LAN interface. 

there is this article https://www.netgate.com/docs/pfsense/firewall/troubleshooting-blocked-log-entries-due-to-asymmetric-routing.html under "gateway set when it should not be set" which talks about the ill effects of pfsense. 

i am not sure how the adb protocol works though.  the DF flag in some of the blocked packets makes me think there is some fragmentation/MTU issue. 
#5
my first time working with android adb and i can't figure out why the LAN firewall rule to port 5555 is firing inconsistently.  the 2.220 host (tinkerboard) is behind a gateway (ddwrt).  any ideas why the second and third packets below would skip the rule entirely?


$ ifconfig | grep inet
inet 192.168.1.232 netmask 0xffffff00 broadcast 192.168.1.255
$ adb connect 192.168.2.220         
failed to connect to 192.168.2.220:5555
$ ping 192.168.2.220
PING 192.168.2.220 (192.168.2.220): 56 data bytes
64 bytes from 192.168.2.220: icmp_seq=0 ttl=63 time=10.513 ms
64 bytes from 192.168.2.220: icmp_seq=1 ttl=63 time=8.080 ms




 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
__timestamp__11/18/18 17:55:5411/18/18 17:55:5411/18/18 17:55:53
ack190817746190817746
action[pass][block][block]
anchorname
datalen000
dir[in][in][in]
dst192.168.2.220192.168.2.220192.168.2.220
dstport555555555555
ecn
id005636
interfaceigb2igb2igb2
ipflagsDFDFnone
labelUSER_RULE: allow LAN to tinkerboardUSER_RULE: default block IPv4 LANUSER_RULE: default block IPv4 LAN
length644040
offset000
proto666
protonametcptcptcp
reasonmatchmatchmatch
ridentifier000
rulenr122124124
seq39013041843330648330
src192.168.1.232192.168.1.232192.168.1.232
srcport499654991049910
subrulenr
tcpflagsSRAA
tcpopts
tos0x00x00x0
ttl646464
urp6553520582058
version444
#6
General Discussion / firewall aliases in live view?
November 15, 2018, 02:13:24 PM
hello i think i remember reading about alias enhancements in one of the recent releases ..

is there some way to translate ip addresses back to aliases or local domain names in the Firewall: Log Files: Live View?

or can i set up remote logging to do this somehow?
#7
18.7 Legacy Series / openvpn client disconnects
September 29, 2018, 06:59:10 PM
hello i am trying to replace a ddwrt/atheros router with opnsense/esxi/x86.   to provide openvpn client to nordvpn.  i followed these pfsense configuration instructions (https://nordvpn.com/tutorials/pfsense/pfsense-openvpn/) as closely as possible.  the openvpn client connects but then disconnects .. any advice what i can try?


compression: enabled without adaptive

advanced options:

vtls-client;
remote-random;
tun-mtu 1500;
tun-mtu-extra 32;
mssfix 1450;
persist-key;
persist-tun;
reneg-sec 0;
remote-cert-tls server;
auth-retry nointeract;


Sep 29 12:44:41 openvpn[49048]: MANAGEMENT: Client disconnected
Sep 29 12:44:41 openvpn[49048]: MANAGEMENT: CMD 'status 2'
Sep 29 12:44:41 openvpn[49048]: MANAGEMENT: CMD 'state all'
Sep 29 12:44:41 openvpn[49048]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Sep 29 12:44:31 openvpn[49048]: Initialization Sequence Completed



#8
Hardware and Performance / Re: Realtek 8168C
September 23, 2018, 07:04:21 AM
extension cable fits barely above the speaker mount.
#9
Hardware and Performance / Re: Realtek 8168C
September 23, 2018, 07:02:47 AM
so now i have two more ethernet ports to work with.  the mini pcie extension from adt-link works very well with the jetway/intel card.  at some point i will try to mount the cards inside the chassis.  if anyone else tries this, i would recommend longer than 15cm extension.  maybe 30cm or more so you can mount the full size mini pcie card at the back.  there isn't enough space at the front unless you remove the usb and audio card.

#10
General Discussion / Re: Firewall: Log Files: Live View
September 12, 2018, 09:53:59 PM
thank you that's exactly what i was looking for.

System: Settings: Logging
Log Firewall Default Blocks    
XLog packets matched from the default block rules put in the ruleset   
XLog packets matched from the default pass rules put in the ruleset

#11
General Discussion / Re: Firewall: Log Files: Live View
September 12, 2018, 07:50:28 PM
or maybe there is a way to disable logging for 'anti-lockout rule' and 'block all ipv6'?  the log fills with these and i can't see logging for my user rules.  i always have to change the default from 25 to 250 or 500.  so it would be nice if this were reconfigurable somehow.
#12
hello is it possible to change the defaults (25, auto refresh) for the live view? thank you
#13
18.7 Legacy Series / Re: openvpn vs ipsec ikev2
September 09, 2018, 07:16:19 AM
i got pretty close by following the point to point setup to add tunnel settings (https://wiki.opnsense.org/manual/how-tos/ipsec-s2s.html) ..

but still something wrong with UDP encapsulation and the install route:

Sep  9 01:01:24 opnsense charon: 00[DMN] signal of type SIGINT received. Shutting down
Sep  9 01:01:37 opnsense charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.3, FreeBSD 11.1-RELEASE-p13, amd64)
Sep  9 01:01:37 opnsense charon: 00[KNL] unable to set UDP_ENCAP: Invalid argument
Sep  9 01:01:37 opnsense charon: 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
Sep  9 01:01:37 opnsense charon: 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
Sep  9 01:01:37 opnsense charon: 00[CFG]   loaded ca certificate "XXXXXXXXXXX"XXXXXXXXXXX"XXXXXXXXXXX"XXXXXXXXXXX'
Sep  9 01:01:37 opnsense charon: 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
Sep  9 01:01:37 opnsense charon: 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
Sep  9 01:01:37 opnsense charon: 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
Sep  9 01:01:37 opnsense charon: 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
Sep  9 01:01:37 opnsense charon: 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
Sep  9 01:01:37 opnsense charon: 00[CFG]   loaded IKE secret for XXXXXX@XXXXXX
Sep  9 01:01:37 opnsense charon: 00[CFG] loaded 0 RADIUS server configurations
Sep  9 01:01:37 opnsense charon: 00[LIB] loaded plugins: charon aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519 xcbc cmac hmac gcm attr kernel-pfkey kernel-pfroute resolve socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls eap-ttls eap-peap xauth-generic whitelist addrblock counters
Sep  9 01:01:37 opnsense charon: 00[JOB] spawning 16 worker threads
Sep  9 01:01:37 opnsense charon: 05[CFG] received stroke: add connection 'con1'
Sep  9 01:01:37 opnsense charon: 05[CFG] added configuration 'con1'
Sep  9 01:01:37 opnsense charon: 16[CFG] received stroke: route 'con1'
Sep  9 01:01:37 opnsense charon: 16[KNL] can't install route for 192.168.2.0/24 === XXX.XXX.XXX.XXX/32 out, conflicts with IKE traffic

#14
18.7 Legacy Series / Re: openvpn vs ipsec ikev2
September 09, 2018, 04:52:34 AM
thanks .. i have the new box up now and finally getting to the vpn config..  i would appreciate advice on how to configure ipsec/ikev2 strongswan.   

i would like to set up a vpn client running on the local router which would allow local machines (maybe restricted to a separate subnet on OPT1 or a particular VLAN) to access remote lan resources through a ipsec/ikev2 tunnel.
#15
Hardware and Performance / Re: Qotom hardware
September 08, 2018, 01:58:17 PM
so far the qotom cpu peak temperatures are not too bad .. only about 35C .. hopefully no heat sink shenanigans will be required.

i tested the NAT throughput of qotom/opnsense using iperf between wan and lan ports .. without filtering it's easily doing true gigabit 900+ Mbps.