Messages

1

19.1 Legacy Series / OpenVPN - tls renegotation

« on: July 16, 2019, 09:36:17 pm »

Hello guys,

I would like to ask you if the OpenVPN in OPNsense is hardened against the attacks on TLS Renegotation?

Is it compliant with RFC 5746?
Is it possible to disable TLS Renegotation?

Thanks a lot!

Kind regards,

Marek

2

19.1 Legacy Series / Re: Local account configuration

« on: July 16, 2019, 09:33:22 pm »

Hi Franco,

My version is:
ersions    OPNsense 18.1-amd64
FreeBSD 11.1-RELEASE-p6
OpenSSL 1.0.2n 7 Dec 2017

I assume it is quite old, right?

Thanks for reply!

Marek

3

19.1 Legacy Series / Local account configuration

« on: July 08, 2019, 09:01:14 pm »

Hello guys,

I am reading the documentation and they write there that: Settings for handling login via local accounts can be set by going to System ‣ Access ‣ Servers, then clicking the ‘Edit’ icon (a pencil) for ‘Local Database’.

I am logged as root and there is no "Icon(a pencil)" for local database. The icon is present only for "TOTP server" but is is based on the token length which is fine but I would like to define the complexity for local database as well.

Thank you very much for any advice!

Kind regards,

Marek

4

19.1 Legacy Series / Re: Password secure encrpytion/hashing

« on: July 08, 2019, 08:55:59 pm »

The most accurate technical documentation is the code:
function local_user_set_password(&$user, $password = null)
{
    $cost = 10;

    if ($password == null) {
        /* generate a random password */
        $bytes = openssl_random_pseudo_bytes(50);
        $password = pack('H*', bin2hex($bytes));
    }

    $hash = password_hash($password, PASSWORD_BCRYPT, [ 'cost' => $cost ]);
    if ($hash !== false) {
        $user['password'] = $hash;
    }
}

If i understand that right all loval users use bcrypt2 with 2^10 rounds and 50 bytes salt.

Hey, thank you very much.

Can you please ping me the link where is the source code documentation?

Thanks a lot!

5

19.1 Legacy Series / Password secure encrpytion/hashing

« on: July 08, 2019, 05:01:38 pm »

Hello,

I was trying to find the information about security of the passwords for OpnSense and OpenVPN but I was not successful.

Can you please let me know what is the password security for the mentioned two technologies? Does is use masked password, salting, stretching, etc? Where can I find this kind of technical documentation?

I was trying to look to the https://docs.opnsense.org/intro.html but I was not successful.

Thank you very much for your help.

Kind regards,

Marek

6

19.1 Legacy Series / OpnSense/OpenVPN lock-out settings

« on: July 07, 2019, 11:19:14 pm »

Hello,

I am using OpnSense community edition and I would like to ask you, if there is any option how to set:

Account lockout (for eg. for 5 failed logons) for administration to OpnSense(access to administration) and for OpenVPN (in case of wrong password/sending of wrong certificate).

In case that the accounts will be locked, is there any option to set the account lockout timer for unlocking of the accounts?

Thank you very much in advance for any guidance in here.

Kind regards,

Marek

7

19.1 Legacy Series / Logging of configuration changes

« on: July 04, 2019, 05:02:25 pm »

Hello,

I would like to log all the changes in OpnSense administration to the remote server. I found the logging options to remote server in system settings however for eg. I add a new user admin privileges and I would like to see this action in a lot but there is no record in any log anywhere. Or did I miss anything?

Is it possible to log such admin tasks and forward that info to the remote log server?

Thanks a lot for your input.

Kind regards,

Marek