Messages

2371

16.7 Legacy Series / Re: Block outgoing connection for app?

« on: November 15, 2016, 09:13:34 pm »

The only solution I have is for Win machines with (GData) personal firewall, there (above the OS-level) you can choose for each application the way to internet (or not).

For some applications (e.g. firewall sig updates) you can allow (!) some IPs to make it work at the perimeter firewall.

In general, in a secure environment I would BLOCK anything by default and start fishing from the firewall log the IPs to allow (or not) for individual apps. There is no perfect way to make this work from the perimeter firewall today. AFAIK Snort has a relatively new feature for application-based rules...

2372

17.1 Legacy Series / Re: Helping with ARM support + recommended ARM hardware

« on: November 15, 2016, 06:19:36 pm »

This might be fun, tooo:

http://www.banana-pi.org/r1.html

;-)

PS: For serial console try one of these:

https://www.amazon.de/gp/product/B00AFRXKFU/ref=oh_aui_detailpage_o06_s00?ie=UTF8&psc=1

https://www.amazon.de/gp/product/B00R76SCJ6/ref=oh_aui_detailpage_o06_s00?ie=UTF8&psc=1

2373

German - Deutsch / Re: Traffic eines Clients durch OpenVPN Tunnel ins Internet routen

« on: November 15, 2016, 05:57:39 pm »

Manchmal brauchen die ganzen Änderungen auch einen reboot, damit's richtig läuft... ;-)

2374

German - Deutsch / Re: Traffic eines Clients durch OpenVPN Tunnel ins Internet routen

« on: November 15, 2016, 03:32:54 pm »

Vermutlich hast du unter NAT -> Outbound eine Regel, die dein ganzes LAN zum WAN rausjagt ?!

2375

17.1 Legacy Series / Re: Helping with ARM support + recommended ARM hardware

« on: November 12, 2016, 05:12:52 pm »

Hi again!

Did this here:

https://forum.opnsense.org/index.php?PHPSESSID=904p9h0bq3h7vttcejijdn4n30&topic=3793.msg13161#msg13161

Very cool! First sense on raspi feeling!

Notes:

- FreeBSD has ssh enabled out of the box, but no root-login, log in as freebsd/freebsd and do a 'su'.

- Could not get the serial console (115200?) get running on the standard pins of raspi. PS: Error messages appear on serial, but not the usual menu?!? (smsc0: warning MII is busy etc)

- Used a cheap USB-RJ45 as WAN interface, get's an IP and internet is ready to go! CPU loves to "100%" feeling at the Dashboard... :-D

This is absolutely cool!

Keep on! Is there any way to make that work on a Raspi 2 at that time with FreeBSD 11 and the dev version of 17.1?

2376

General Discussion / Re: External access to opnsense GUI

« on: November 04, 2016, 09:09:23 am »

Dig an openVPN/IPsec tunnel to your box and do the service via the tunnel. Anything else is not state-of-the-art.

2377

17.1 Legacy Series / Re: Helping with ARM support + recommended ARM hardware

« on: October 30, 2016, 06:04:01 pm »

Support for Raspi! Great! Will have a look soon... Going to try out some USB-RJ45 adapters I recently bought for a raspberry-Wireshark machine I'm planning currently.

Fun!

2378

General Discussion / Re: Suricata issues in PFsense

« on: October 18, 2016, 02:19:05 pm »

...in times where whole nations become psychotic this should not really come as a surprise, but it's still shocking to me...

2379

General Discussion / Re: Suricata issues in PFsense

« on: October 17, 2016, 08:08:52 pm »

Be aware that your forum account over there might be blocked indefinitely for posting stuff like that over here (or even less...) ;-)

2380

German - Deutsch / Re: Deutsche Übersetzungsarbeit

« on: October 06, 2016, 08:48:07 pm »

eMail? (Spamordner?) :-)

2381

German - Deutsch / Re: Deutsche Übersetzungsarbeit

« on: September 26, 2016, 08:18:24 pm »

Hmmm, und nu? Wie könnte man helfen? ;-)

2382

German - Deutsch / Re: Deutsche Übersetzungsarbeit

« on: September 26, 2016, 09:00:01 am »

Hi!

Ist das Arbeit, bei der man als Gelegenheitsarbeiter mal ein paar Stunden helfend mitmachen kann oder braucht es da echte Kontinuität über Wochen und Monate?

Grüße!

chemlud

2383

16.7 Legacy Series / Re: 16.7.4 openVPN tunnel mixed LibreSSL/openSSL doing fine

« on: September 23, 2016, 09:50:55 am »

Whacky? Woww! :-/ ...maybe on the openssl side (pfsense some updates...?)?

Fact: In summer no connection of tunnels, now no problem at all... Strange but true.

2384

16.7 Legacy Series / 16.7.4 openVPN tunnel mixed LibreSSL/openSSL doing fine

« on: September 22, 2016, 10:57:46 am »

Hi!

Just updated to 16.7.4 i386 nano on one box, used the chance to switch to LibreSSL. After reboot my tunnels to other sites using openSSL came up as normal, so mixed environment is doing fine!

Just wanted to report this, as in the past that didn't work for me... :-D

2385

German - Deutsch / Re: OpenVPN Routing Problem 2 Tunnel

« on: September 21, 2016, 11:51:33 am »

..."meinen" ist eine Sache, eine routing table mit allen Routen etwas ganz anderes. ;-)

Photos or it didn't happen :-D