Topics

1

19.1 Production Series / Reverting to an earlier version of unbound over branches

« on: January 30, 2019, 01:56:38 pm »

Is it safe to assume that OPNsense 19.1 will be using Unbound ver. 1.8.3? If so, and I need to revert to an earlier version, like ver. 1.8.1 (I'm using DNS-over-TLS), can I when 19.1 goes live use Unbound from the 18.7 branch to do so?

opnsense-revert -r 18.7.8 unbound


Thanx

miroco

2

18.7 Legacy Series / DNS TLS encryption using Quad9 and Cloudflare DNS servers (18.7)

« on: December 15, 2018, 12:00:27 pm »

Unbound surprisinly quit after an update to 18.7.9. I've been using DNS-over-TLS for a long time now without issues and was surprised over the fact. Reverting to the previous Unbound version 1.8.1 solved the problem.

Dec 13 21:43:04   kernel: -> pid: 86093 ppid: 1 p_pax: 0x850<SEGVGUARD,ASLR,NODISALLOWMAP32BIT>
Dec 13 21:43:04   kernel: [HBSD SEGVGUARD] [unbound (86093)] Suspension expired.
Dec 13 21:43:04   kernel: pid 86093 (unbound), uid 59: exited on signal 11
Dec 13 21:24:43   kernel: -> pid: 1801 ppid: 1 p_pax: 0x850<SEGVGUARD,ASLR,NODISALLOWMAP32BIT>
Dec 13 21:24:43   kernel: [HBSD SEGVGUARD] [unbound (1801)] Suspension expired.
Dec 13 21:24:43   kernel: pid 1801 (unbound), uid 59: exited on signal 10

miroco

3

Hardware and Performance / AirCube a WiFi access point

« on: May 27, 2018, 06:54:10 pm »

Does anyone have experience with the Ubiquiti AirCube ISP and/or AC? The AirCube is a consumer grade WiFi access point. The "ISP" version is 2.4 Ghz only device, whereas the "AC" version supports both 2.4 and 5 GHz mode. The May 7th firmware changelog (the latest) contains a comprehensive description of features.

https://www.ubnt.com/accessories/aircube/

https://www.ubnt.com/downloads/firmwares/airCube/v2.2.0/changelog.txt

https://community.ubnt.com/t5/airCube/bd-p/airCube

https://www.youtube.com/watch?v=UnYRT7wI-Vs

A few points of sale in the EU.

https://www.amazon.co.uk/
https://www.amazon.de/
https://www.eurodk.com/
https://www.irishwireless.net/

4

Hardware and Performance / PC Engines - about Spectre and Meltdown vulnerabilities

« on: March 15, 2018, 01:58:32 pm »

In view of the upcoming speculative execution kernel patch för amd64, planned for 18.1.5 and the APU2C4 board.

https://forum.opnsense.org/index.php?topic=7595.0

PC Engines - about Spectre and Meltdown vulnerabilities

http://pcengines.ch/spectre.htm

On one hand a microcode update seems to be necessary in part to mitigate the effects of the Spectre vulnerability. On the other hand it seems that PC Engines standpoint is that "the vulnerability must be handled at the OS level". That's consistent with the upcoming patch, but not a word about a microcode update?

Is there a discrepancy, or have I misunderstood the complexity of the problem?


Regards,


Miroco

5

17.7 Legacy Series / [SOLVED] Suricata and port 443

« on: September 16, 2017, 03:51:24 pm »

Suricata and port 443

As soon as I enable IPS mode under Intrusion Detection, the No-IP DynamicDNS update fails. This also makes my OpenVPN Server to fail. It’s a road warrior style configuration using port 443.

I sat out to try the abuse.ch ruleset and IPS. The ruleset does not seem to play a part in this, but IPS definitely does. The mandatory 3x hardware offloading is disabled.

Sep 14 20:38:348         opnsense:/usr/local/etc/rc.dyndns: curl error occurred: Failed to connect to dynupdate.no-ip.com port 443: Operation timed out

If I uncheck IPS mode, the problem goes away and I can connect to my OpenVPN server.

Sep 14 20:47:36         opnsense:/usr/local/etc/rc.bootup: DynamicDNS (xxxxxxxxxxxx.ddns.net): (Success) DNS hostname update successful.

I’m on OPNsense ver. 17.7.2


Perhaps a related issue.

https://forum.opnsense.org/index.php?topic=4727.0

Miroco