16
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
17
17.7 Legacy Series / [CALL FOR TESTING] Suricata 4.0.0
« on: July 28, 2017, 08:15:49 pm »
Hi all,
Suricata 4.0 is out and I asked Franco to build it for 17.7. It will not be included in the stable version but it can be installed via the shell by running the following command:
In a short test it still works without changing the GUI. Note: If you are having Suricata running, you will have to to restart it after installation. You can do that in the GUI.
Suricata 4.0 is out and I asked Franco to build it for 17.7. It will not be included in the stable version but it can be installed via the shell by running the following command:
Code: [Select]
pkg install https://pkg.opnsense.org/snapshots/suricata-4.0.0.txz
In a short test it still works without changing the GUI. Note: If you are having Suricata running, you will have to to restart it after installation. You can do that in the GUI.
18
17.1 Legacy Series / CVE-2017-8301
« on: May 05, 2017, 07:38:32 pm »
Just if anyone is questioning this:
OPNsense is not affected as CVE-2017-8301 affects 2.5.1 to 2.5.3 and OPNsense uses a 2.4.x version of LibreSSL.
http://seclists.org/oss-sec/2017/q2/145
Please be careful with your other servers out there.
Kind regards
Fabian
OPNsense is not affected as CVE-2017-8301 affects 2.5.1 to 2.5.3 and OPNsense uses a 2.4.x version of LibreSSL.
http://seclists.org/oss-sec/2017/q2/145
Please be careful with your other servers out there.
Kind regards
Fabian
19
17.7 Legacy Series / Doublepulsar Suricata rules
« on: April 24, 2017, 07:52:23 pm »
This rules may be included:
https://github.com/countercept/doublepulsar-detection-script/blob/master/doublepulsar_snort_rules.rules
https://github.com/countercept/doublepulsar-detection-script/blob/master/doublepulsar_snort_rules.rules
20
German - Deutsch / Übersetzungsdatei für 17.1 ist vollständig
« on: April 16, 2017, 02:11:24 pm »
Es können noch Rechtschreibfehler vorhanden sein, und manche Plugins und 17.7 Änderungen noch nicht vorhanden sein.
21
Documentation and Translation / New Roadmap for 17.7 required
« on: March 11, 2017, 12:48:22 pm »
The road map for 17.7 is still missing. Can you add it or will 17.7 be only bug fixing and closing tickets (there are still lots of feature requests open on GitHub)?
22
Development and Code Review / Routing Protocol Support
« on: March 10, 2017, 11:11:53 pm »
Hi, I made a more or less working version of a plugin, that allows routing protocols like OSPF in OPNsense.
https://github.com/opnsense/plugins/pull/88
Quagga supports a lot more protocols but if you like to add another than OSPF like BGPv4 or RIP or are willing to help it could be even better.
Because it is a work in progress, it may not work on your device (the config still includes hardcoded interfaces because quagga generates them every time you copy the running config to the startup config and did not try if I can remove them securely.
Kind regards
Fabian
https://github.com/opnsense/plugins/pull/88
Quagga supports a lot more protocols but if you like to add another than OSPF like BGPv4 or RIP or are willing to help it could be even better.
Because it is a work in progress, it may not work on your device (the config still includes hardcoded interfaces because quagga generates them every time you copy the running config to the startup config and did not try if I can remove them securely.
Kind regards
Fabian
23
17.1 Legacy Series / Dynamic DNS Hardening on 17.1.2+
« on: March 03, 2017, 07:48:19 pm »
Dear OPNsense users,
on a pull request we got, we found out, that dynamic DNS is having TLS certificate checks disables on most services.
I have tried some of them if the certificate of the service is trusted*.
First of all the good news - most of the tested services are trusted. But there is a downside: Some services experience issues when you use LibreSSL. The Bug is already fixed in LibreSSL but it did not went upstream yet as a production release.
I have enabled the certificate checks again on some services and this will go into the beta series of 17.7 and will be finally released then. In mean time we would be glad to hear some feedback if the patch is working. You may install it on your device via
Find the full commit here to see which services are affected:
https://github.com/opnsense/core/commit/f0f65fc9ad1d7750bf1cb50d470accab93a9afd5
Stay safe
Fabian
* tried to use cURL on the command line which should use the same trust store as the scripts of OPNsense.
If you want to test the connection by yourself, run
Edit: removed dot from command
on a pull request we got, we found out, that dynamic DNS is having TLS certificate checks disables on most services.
I have tried some of them if the certificate of the service is trusted*.
First of all the good news - most of the tested services are trusted. But there is a downside: Some services experience issues when you use LibreSSL. The Bug is already fixed in LibreSSL but it did not went upstream yet as a production release.
I have enabled the certificate checks again on some services and this will go into the beta series of 17.7 and will be finally released then. In mean time we would be glad to hear some feedback if the patch is working. You may install it on your device via
Code: [Select]
opnsense-patch f0f65fc
Find the full commit here to see which services are affected:
https://github.com/opnsense/core/commit/f0f65fc9ad1d7750bf1cb50d470accab93a9afd5
Stay safe
Fabian
* tried to use cURL on the command line which should use the same trust store as the scripts of OPNsense.
If you want to test the connection by yourself, run
Code: [Select]
curl -v "https://example.com"
-v is for verbose, so the shell will show the result of the HTTPS handshake.Edit: removed dot from command
24
17.1 Legacy Series / New Roadmap for 17.7 required
« on: February 14, 2017, 06:16:40 pm »
As we are on a new release, the road map for 17.7 should be created.
25
Tutorials and FAQs / HOWTO: Install ICAPrb::Server on OPNsense
« on: November 24, 2016, 03:56:40 pm »
Hi all,
Tutorial is on my own website: https://fabian-franz.eu/icaprb/opnsense/2016/11/23/install-icaprb-on-opnsense.html
It can be used with the web proxy server if you want to add some custom features for scanning or content manipulation.
Kind regards
Fabian
Tutorial is on my own website: https://fabian-franz.eu/icaprb/opnsense/2016/11/23/install-icaprb-on-opnsense.html
It can be used with the web proxy server if you want to add some custom features for scanning or content manipulation.
Kind regards
Fabian
26
German - Deutsch / Deutsche Übersetzungsarbeit
« on: September 24, 2016, 04:42:00 pm »
Hallo Miteinander,
ich werde die nächste Zeit nicht mehr so viel an der deutschen Übersetzungsdatei arbeiten können, wodurch sich der Fortschritt verlangsamen wird. Derzeit ist der Stand übrigens 89%.
Mit freundlichen Grüßen
Fabian
ich werde die nächste Zeit nicht mehr so viel an der deutschen Übersetzungsdatei arbeiten können, wodurch sich der Fortschritt verlangsamen wird. Derzeit ist der Stand übrigens 89%.
Mit freundlichen Grüßen
Fabian
27
16.7 Legacy Series / New Attack
« on: August 25, 2016, 05:30:33 pm »
There is a new attack against 64 bit ciphers: https://sweet32.info/
Please be careful when using an affected cipher especially when using it with vpn.
fabian
Please be careful when using an affected cipher especially when using it with vpn.
fabian
28
17.1 Legacy Series / Idea(s) for the road map
« on: August 10, 2016, 05:10:09 pm »- migrate to PHP 7 and Phalcon 3
29
Documentation and Translation / Some issues with the japanese and chinese translation
« on: July 11, 2016, 11:54:38 am »
Hi,
there is an issue with the Japanese and Chinese translation. The way to fix it: Install an additional font.
If you are using it on a system where the font is not installed, the page may look empty.
The question is, how this issue should be fixed. Does anyone know an open source font which can be used or have another idea?
Kind regards,
Fabian
there is an issue with the Japanese and Chinese translation. The way to fix it: Install an additional font.
If you are using it on a system where the font is not installed, the page may look empty.
The question is, how this issue should be fixed. Does anyone know an open source font which can be used or have another idea?
Kind regards,
Fabian
30
Development and Code Review / ICAP-Support
« on: February 12, 2016, 03:07:18 pm »
does anyone have a hint why my patch is not working?
https://github.com/opnsense/core/compare/master...fabianfrz:icap_support?expand=1
The generated configuration is valid but it will produce an 403 error on every request.
Authentication is disabled.
Regards
Fabian
https://github.com/opnsense/core/compare/master...fabianfrz:icap_support?expand=1
The generated configuration is valid but it will produce an 403 error on every request.
Authentication is disabled.
Regards
Fabian