Messages

211

19.1 Legacy Series / Re: Suricata: Not logging alerts in Tab alerts

« on: November 16, 2018, 06:33:56 am »

OK, i switched back to 18.7.7, downloaded the rules and alerts came back. Switched again to Beta, downloaded the rules and no further alerts were seen in the log.

212

18.1 Legacy Series / Re: [solved] Transparent Proxy and WLAN on Android: No Internet

« on: November 14, 2018, 09:19:10 am »

have you added it to your ssl bump list or just excluded it in pihole?

213

18.1 Legacy Series / Re: [solved] Transparent Proxy and WLAN on Android: No Internet

« on: November 09, 2018, 04:39:09 pm »

@Pimb/Jdb:

What are your squid-logs saying? What Android-Version are you using? I am now on pie and it's still working.

Check the squidlogs for bumps while connecting to the wlan. this will give you some ip's back, which can be resolved. Eventually, Goo changed again some hosts...

214

18.7 Legacy Series / Unbound: how to forward local data to dnsmasq

« on: November 09, 2018, 04:32:14 pm »

Hello,

As unbound is not able to handle cnames, i thought about having dnsmasq resolving my localzone.

What i've done so far:
- inserting a domain overwrite with my own domain, inserting localhost and port 5454 on which dnsmasq is listening
- setting local zone type to redirect (which is false...)

I did not get this running. Can anybody help? All i want is:
- if unbound gets a request for my own local domain redirect the request to dnsmasq (where i have all my cnames)
- dnsmasq will give back the answer
- all other requests can be sent out the my providers dns

btw. dnsmasq is configured to not register dhcp and so on.

215

19.1 Legacy Series / Suricata: Not logging alerts in Tab alerts

« on: November 09, 2018, 03:41:41 pm »

Hi,
Since i updated to the beta, i do not see any entry in the alert-tab of suricata. Is it just logging drops/alerts there? before, everything has been logging (allowed)

216

19.1 Legacy Series / Re: Suricata stopps after a few minutes [solved]

« on: November 07, 2018, 02:22:41 pm »

disabled urlhaus, survives now reboots.

217

Development and Code Review / Re: Wireguard in opnsense

« on: November 07, 2018, 12:56:28 pm »

One good thing to add in the wireguard package would be adding a outbound-nat-rule in the firewall, when adding wireguard. Now you have to switch to hybrid and add it manually. openvpn adds this automatically.

218

19.1 Legacy Series / Re: Suricata stopps after a few minutes

« on: November 07, 2018, 12:53:30 pm »

for sure, but:

after reboot in 18.7, it did not start automatically. Launching Suricata manually was the solution and Suricata kept up running.

Different in 19.1, where it crashes after a restart of the service.

219

Web Proxy Filtering and Caching / Squid: how to hide Browser and OS

« on: November 07, 2018, 12:28:09 pm »

Hi,

How can i hide browser- and OS-Information in Squid?

Thx!

220

19.1 Legacy Series / Re: Suricata stopps after a few minutes

« on: November 07, 2018, 11:51:45 am »

again? This issue has already been in Production, but has been fixed...

221

19.1 Legacy Series / [SOLVED] Suricata stopps after a few minutes

« on: November 07, 2018, 09:50:07 am »

Hi,

If i reboot the firewall, i have to start suricata manually (already had this in production). Now, in dev, i start suricata, but it stops after a few minutes.

Anybody else having this?

222

Web Proxy Filtering and Caching / [SOLVED] get rid of host forgery detected

« on: October 20, 2018, 05:49:21 pm »

Hi,

i try already a long time to resolve that issue on the proxy:

SECURITY ALERT: Host header forgery detected on local=[blah-ip]:443 remote=[my-ip]:52382 FD 12 flags=33 (local IP does not match any domain IP)

i read a lot about it, it force the same ip for the dns on dhcp as i have entered in the proxy, but the problem remains. I have no further clue, how to get rid of and clean my logs.

any help is appreciated.

btw. i use dnsmasq as resolver, not unbound

223

Web Proxy Filtering and Caching / Re: SSL Proxy Config question

« on: October 19, 2018, 07:39:39 am »

How do your clients connect to the proxy? Is it a transparent proxy, or did you install it on each device?

224

Web Proxy Filtering and Caching / Questions about SNI

« on: October 18, 2018, 04:06:13 pm »

Hi,

i  read about SNI in opnsense, first i wanted to use ssl-bump. But this is way of administrative overhead for a home network.

how does opnsense handle SNI? Does it just passthrough the information to endusers browser? or does it read "by some magic" the sni-headers sent by the webserver? And what at the end of the day is the real outcome of sni when using a proxy?

225

Development and Code Review / Re: Wireguard in opnsense

« on: October 17, 2018, 12:17:33 pm »

Necessary, otherwise all would have same keys ..

...which would make a per client-endpoint on the opnsense useless, as you could use the same for all?

1) using DHCP for the internal network, so you don't have to issue an ip for each client  and set one endpoint on the opnsense for all clients

That's not the way it works ..

This would mean, it's not favourable for roadwarrior-setup in bigger environments, isn't it?

2) an option to connect via user-credentials e.g. using radius or ldap in combination with the keys.

Nope, will not come .. then it would just be a clone of OpenVPN

Good issue

the main goal of wireguard is i think s2s-vpn?