Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - xinnan

#106
Static port mapping on port 500 may help if you control the router/firewall.
#107
Your server should have produced a static key and the same key should be in your openvpn config. 

Also, sometimes its just easier to delete the vpn server instance, delete the config and start over.
#108
General Discussion / Re: Setup for home
October 30, 2017, 02:38:38 PM
https://www.dd-wrt.com/wiki/index.php/Asus_RT-AC68U

https://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point

Start where it says "long version" and do all the optional and recommended steps as well.
#109
Dumb question I'm sure...   Are the ports open on the WAN?
Are you running any blocker this blocker than stuff? 
#110
Yes - I'd check to be sure the Static TLS key in the server and client match.
#111
How are you getting your configuration from your opnsense to your ipad?

What kind of authentication is your server side set up for?
#112
OK - There are two parts to any vpn connection (at least). 

1 is the client. 
1 is the server. 

So, you are using opnsense for 1?  Is that the server or client?

What is the other machine?
#113
When on windows, I run a small ubuntu server VM with 256mb of ram and a single core on my desktop if I suddenly need access to the console. I ssh in and execute commands from there.  Optionally, a VM with a desktop is nice because it allows web access in the VM, easy cut/copy/paste etc.  And your firewall remains unmolested.  These can be opened and closed as easily as opening a word document. 
#114
I have no LAN - WAN only. 

However at first it did do some odd behavior when I had a WAN and LAN. 

Basically it assigned the WAN as LAN and the LAN as WAN.  So I set up the interfaces manually and that was all solved.

Now with just a WAN, resolver is slow to set up on boot and I had to enter the DNS servers manually.

Maybe just being glitchy because its running under vmware.

#115
Ahhh.  So it's not just me!
I'm very new to opnsense so I just assumed I was doing something wrong.  haha
#116
And I thought I needed to go get a life...  Mr.hmm needs a GF or something.
#117
General Discussion / Re: two questions to unbound
October 23, 2017, 11:43:33 PM
from console:

Dig google.com (or whatever)

or

nslookup google.com (or whatever)

#118
That's very odd. I've definitely noticed Suricata inspecting, alerting and warning on the WAN in the past.  And blocking also.

Usually, its getting far fewer alerts when ran on a LAN (My experience), since if the firewall is doing its job at the wan and dropping a ton of uninvited connections Suricata monitoring the lan would never even see the traffic. 
#119
Firewall rules can break it if you played with them. 
You can also break things by changing the LAN IP and not making the DHCP service match.

There are so many little things. 
#120
17.7 Legacy Series / Re: Newbie questions
October 20, 2017, 03:03:13 PM
When you say "filtering", what exactly do you mean?

I ask because suricata "filters" quite a bit and can be configured per interface. 

But thats not the same sort of filtering you get with a proxy or transparent proxy. 

Just checking to see that terminology wasn't causing problems.