Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - jojothehumanmonkey

Pages: [1] 2

General Discussion / Re: how to mimize disk usage

« on: January 30, 2023, 06:21:24 pm »

thanks,

does anyone run `opnsense` from a read-only source, such as a cd-rom or DiskOnModule?

General Discussion / how to mimize disk usage

« on: January 29, 2023, 01:38:20 am »

hello, thanks,

i am confused, by default, if opnsense using a swap file?
and if so, how to move it to memory, same as "/var/log RAM disk" and "/tmp RAM disk"

from dashboard:
"SWAP usage 0 % ( 0/8192 MB )"

from system_advanced_misc.php, this setting is uncheck.
"Swap file Add a 2 GB swap file to the system"

from /etc/rc.conf, there is no "swapfile=", so does that mean, opnsense is not using swap.

swapinfo -k
Device          1K-blocks     Used    Avail Capacity
/dev/gpt/swapfs   8388608        0  8388608     0%

--------------

also, curious, what else does opnsense write to disk?
--- log files
if this is enabled, where does opnsense save logs?
Local Logging Disable writing log files to the local disk

--- other stuff i would not know about, the so-called "unknown unkowns"

thanks, david

General Discussion / sftp server timesout when loggin in

« on: January 28, 2023, 08:09:47 pm »

hello, thanks, using OPNsense 23.1-amd64

using filezilla, when i try to connect to sftp, i get this, no idea why, please help?

Status:   Connecting to 192.168.62.1...
Response:   fzSftp started, protocol_version=11
Command:   keyfile "C:\data\c\combined\.self\opnsense\keys\root\opnsense-home.private.ssh"
Command:   open "root@192.168.62.1" 22
Error:   Connection timed out after 20 seconds of inactivity
Error:   Could not connect to server

Hardware and Performance / DOM - Disk on Module

« on: January 28, 2023, 07:52:01 pm »

hello, thanks,

an idea popped into my head, to use a DOM, instead of a hard drive.
when i checked the opnsense dashboard,
i was amazed that only this is used [
SWAP usage 0 % ( 0/8192 MB )
Disk usage 1% / [ufs] (5.4G/442G)

here is the output of df


root@OPNsense:~ # df
Filesystem      1K-blocks    Used     Avail Capacity  Mounted on
/dev/gpt/rootfs 463893544 5926272 420855792     1%    /
devfs                   1       1         0   100%    /dev
devfs                   1       1         0   100%    /var/dhcpd/dev

and then i found out at a supermicro dom 16GiB is approx $40.00

so i wanted to know a few things, please
--- has anyone done this, any advice?
--- any other overall comments?

thanks,
david

Virtual private networks / Re: openvpn - need help to change IPv4 Tunnel Network

« on: May 13, 2021, 03:42:20 pm »

i got it working.
1. changed the IPv4 Tunnel Network to 10.11.0.0/24
2. changed the openvpn firewall to pass that ip range.

thanks

General Discussion / Re: how to get fail2ban installed

« on: May 13, 2021, 12:25:08 am »

"shouldnt be necessary"
yeah, that is why i am looking for more protection.

thanks much

Virtual private networks / openvpn - need help to change IPv4 Tunnel Network

« on: May 12, 2021, 08:05:25 pm »

hello and thanks,

i have to connect to another openvpn server that uses.

Code: [Select]

IPv4 Address. . . . . . . . . . . : 10.10.0.21(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 10.10.0.1

my opnsense router for the openvpn connection uses

Code: [Select]

IPv4 Tunnel Network 	10.10.0.0/24

so i need to change the setting for opnsense but not sure what to change it without locking myself out of the router.
would this work?

Code: [Select]

10.11.0.0/24
and if i make that change, do i need to re-export all the client config files?

thanks so much,

General Discussion / how to get fail2ban installed

« on: May 09, 2021, 12:09:44 am »

hello and thanks,

i could not find fail2ban package?

is it not supported or is there a opnsense version or alternative.
i am trying to better protect openvpn server.

thanks,
david

General Discussion / Re: net scan show ports as filtered not closed

« on: May 08, 2021, 11:19:38 pm »

thanks.

from https://www.ipfingerprints.com/portscan.php
i get `23/tcp open|filtered telnet`

as per the opnsense firewall gui, there is not a `drop`.
only `pass, block, reject` where block = `block the packet is dropped silently`

sorry but i am confused about the terminology.
perhaps filtered is the same as blocked?

General Discussion / Re: net scan show ports as filtered not closed

« on: May 08, 2021, 10:03:08 pm »

tcp scan

for example,
https://hackertarget.com/nmap-online-port-scanner/

thanks,

General Discussion / Re: net scan show ports as filtered not closed

« on: May 08, 2021, 09:05:22 pm »

thanks.

just now i added a firewall rule to block telnet from wan

i have tried several online scanners and they all say the port is filtered, not closed or blocked

General Discussion / Re: net scan show ports as filtered not closed

« on: May 08, 2021, 07:05:34 pm »

thanks,

are you sure about that?

if a door is closed, and someone knocks on it.
if i do not open the door, it is closed.
if i ask 'who is there` and ignore the knocker, then that is filtered.

so it this website wrong?
http://www.ipv6scanner.com/cgi-bin/main.py
OPEN An application is listening for connections on that port.
CLOSED No application listening on that port.
FILTERED The port is blocked by firewall or other network obstacle.

General Discussion / net scan show ports as filtered not closed

« on: May 08, 2021, 05:19:43 pm »

hello and thanks,
using opnsense as a home router and working great.

i did a netscan from the internet and noticed that ports such as smtp are `filtered`, not closed.

i am sure there is a logic to that approach but would it not be better to have unused ports closed, to just drop the packets and reply at all?

thanks much,
jojo

Web Proxy Filtering and Caching / shadowsock server, not using dnscrypt server

« on: January 27, 2021, 12:48:23 am »

hello and thanks,

my opnsense router is running dnscrypt and that is working well.
also, i have installed the shadowsocks server.

on my computer, on the lan from that opnsense router.
i am running a shadowsocks client.

using ms-edge, not using that shadowsocks clients, dnsleaktest results look very good.

using my main browser, firefox, pointing to that shadowsocks client, internet is working.

using firefox, having ENABLED "Proxy DNS when using SOCKS v5"
i do a dnsleaktest, the results are not good, pointing to my isp dns, verizon.

using firefox, having DISABLED "Proxy DNS when using SOCKS v5"
i do a dnsleaktest, the results are good, clearly using the dnscrypt

note: that on the opnsense router, if i setup a ssh tunnel like so, then firefox proxy dns works.
ssh -D 8123 -f -q -N asdffdsa@OPNsense

so why using shadowsocks, the dns is not using dnscrypt server,
but using that ssh tunnel, the dns is using the dnscrypt server?

thanks,
david

General Discussion / shadowsock server, not using dnscrypt server

« on: January 26, 2021, 11:13:32 pm »

hello and thanks,

my opnsense router is running dnscrypt and that is working well.
also, i have installed the shadowsocks server.

on my computer, on the lan from that opnsense router.
i am running a shadowsocks client.

using ms-edge, not using that shadowsocks clients, dnsleaktest results look very good.

using my main browser, firefox, pointing to that shadowsocks client, internet is working.

using firefox, having ENABLED "Proxy DNS when using SOCKS v5"
i do a dnsleaktest, the results are not good, pointing to my isp dns, verizon.

using firefox, having DISABLED "Proxy DNS when using SOCKS v5"
i do a dnsleaktest, the results are good, clearly using the dnscrypt

so why using shadowsocks, the dns is not using dnscrypt server?

thanks,
david

Pages: [1] 2