Messages

1

20.1 Legacy Series / Re: Wildcard hosts in Firewall alias

« on: April 07, 2020, 06:59:59 pm »

I don't think that's possible at all

Imagine how the firewall works - when you enter fqdn, the engine resolves it to IP (or IPs) and create the rules. There might be configured refresh time to update the resolving table. So how would you imagine resolving *.domain.tld?

Depending on the desired results, you should consider different approach.

2

20.1 Legacy Series / OpenVPN clogged by client rush

« on: April 06, 2020, 04:10:18 pm »

Looks like restarting VPN server with 200-300 active clients is bad idea. I have such on dual Xeon 3.3GHz.
OpenVPN service gets smashed by all the clients rushing in. As a result, nobody can connect and the service is dead. showing mostly

WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 255

in the logs.

I see that it's possible in firewall rule to have SYN rate limiting per IP. But what if the connections are coming each from unique IP?!

So, is there a way of limiting the SYN rate per firewall rule, not per single source IP? For example to have no more than 1 new incoming (SYN) connection per 2 seconds in the fw rule, which allows access to the service.

3

20.1 Legacy Series / Re: Extract OpenVPN server status

« on: March 21, 2020, 06:14:23 am »

Thanks for the idea! Worked!
Now feeding Graphite with data like this:

Code: [Select]

echo "OpenVPN.clients_count `cat /tmp/openvpn-status.txt | grep CLIENT_LIST | /usr/bin/wc -l` `date +%s`" | /usr/bin/nc -N 192.168.1.100 2003

4

20.1 Legacy Series / Extract OpenVPN server status

« on: March 20, 2020, 06:21:32 am »

Hi guys,
Is there a way to get the status of OpenVPN server with all the clients connected?
API doesn't seem to provide such capability. If I try to socat it from the unix socket (/var/etc/openvpn/server1.sock) it breaks the server and reboot is required. SNMP maybe?

5

General Discussion / Re: Road Warrior IPsec tunnel, with IkeV2 and EAP-MSCHAPV2

« on: March 15, 2020, 06:58:37 am »

I have the same problem.
I can't see the reason why we have the ability to use the same PSK (password) for ANY user, but can't use user's password for VPN login password.

@FredTGB, have you managed to work around this?

6

17.1 Legacy Series / Not booting after upgrade to the latest 17.x

« on: July 05, 2017, 04:16:11 pm »

Hi all,
Yesterday I have decided to upgrade to the latest 17.x version, I was on the previous v17 build and I the machine didn't came up...
I had similar problems when installing it. I couldn't install v17 because of the same error. What I did was to install v16 and then upgrade to v17. It was working OK since then, until the yesterdays update...
Attached is the screen where the booting process stops.
Did anyone had similar problem or ideas what could be causing it? The server is HP DL380 G5