Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - wirehire

#16
24.7, 24.10 Legacy Series / Re: wireguard 2fa defguard
September 24, 2024, 03:17:04 PM
but i will try defguard, and can tell , if this tool are good for the community!
#17
24.7, 24.10 Legacy Series / Re: wireguard 2fa defguard
September 24, 2024, 03:07:37 PM
because its a external pkg, so i would here of othe rpeople use that tool or have other ideas for a 2fa/mfa option for wireguard with opnsense.
#18
24.7, 24.10 Legacy Series / wireguard 2fa defguard
September 24, 2024, 02:37:22 PM
Hey ,

i read that defguard has a plugin for the opnsene , with that plugin 2fa for wireguard are possible. have anyone run this setup with defguard or how you secure your wireguard vpn ? or other options for 2fa /mfa for wireguard?
#19
Hey,

i tried with patch and the new update 27.1.2 with os-caddy-1.6.3

"error","ts":"2024-08-21T20:13:27Z","logger":"tls.obtain","msg":"will retry","error":"[sub.domain.de] Obtain: [sub.domain.de] solving challenge: sub.domain.de: [sub.domain.de] authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - Incorrect TXT record "rekord" (and 1 more) found at _acme-challenge.sub.domain.de (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":124.751260674,"max_duration":2592000%7D

The disable dont help by netcup. The options with longer propagation where needed. Do you still need more for debug?

with other dns example clouflare its workes, so its looks like its needed the higher value for netcup.

thanks for your work !
#20
retries yes, but , example netcup need longer propagation time , when not infinity loop.

https://github.com/caddy-dns/netcup

NOTE: You may need to set an unexpectedly high propagation time (≥ 900 seconds) to give the netcup DNS time to propagate the entries! This may be annoying when executing caddy run/start manually but should not be a problem in automated setups. In exceptional cases, 20 minutes may be required. See

can we have this option? to set a propagation time and delay ?

#21
ich habe den patch eingespielt, sehe auch das disable, aber wo kann ich die werte an sich dann mitgeben? zb für netcup 600 oder 900s?
#22
Hey,

How can i set the propagation_timeout and propagation_delay? When i type this keyword sin the fields , i dont see the config parameter in the json file. Example with netcup you need a high propagation_timeout and propagation_delay time.

Its this possible in the gui or must it have set on the cli?


Greets
#23
hello,

on one sense i can not upgrade squid to 6.10 :

missing files 6.9 license , gplv2, catalog.mk


pkg-static failes rename ...

have anyone the same problem?
#24

its this the same problem , why my 1:1 NAT outbound was deleted? only the rule for the 1:1 was deleted , the other nat outbound rules was not deleted.
#25
schau mal bitte bei der 1:1 übersicht , bevor du die regel editierst ob dein external network angezeigt wird oder nur in der 1:1 regel?
#26
bei mir war es der outbound, weil es über eine andere ip auf wan 1:1 umgesetzt wird. diese war nach dem update weg, sodass es nur noch über die normale wan ip raus ging.
#27
do you mean me? i recover the rules from a backup config file, for the outbound NAT.
#28
24.1, 24.4 Legacy Series / 24.1.9 bgp Port open
June 19, 2024, 10:23:02 AM
 After update to 24.1.9 i ran a port scan, this time a have a open bgp port

179/tcp open  bgp     (open)

i dont the see port on the wan fw rules open?

i dont use bgp .

i have a ip range from a provider. could it be his device what bgp has open, to communicate with his network?
#29
After update to 24.1.9 1:1 Nat outbound was not working anymore, the outbound rule over a specific ip was deleted.
#30
i have it done, on first look, looks good.

but why are run caddy on root user? should it not www?

root     caddy      56705 8  tcp4   ip:443