[RESOLVED] Zenarmor Engine 1.14.1 Update Won't Allow by "Item" Only "Category"

Started by JonStuart, August 08, 2023, 12:23:36 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
August 09, 2023, 08:40:51 PM #15
But does Zenarmor can block VPN ?

I've blocked all the proxt categories but my 9 year kid destoyed all mys security just by installing hide.me vpn software on this phone ... Same thing for 1.1.1.1 vpn software on ios or android, zenarmor does not block anything regarding VPN (at least to my setup).

So what is the point to block doh or dot (and not always, i've tried some doh and dot dns servers anf there are not block by zenarmor too) or to have dpi if a simple free vpn software can bypass all the security of opnsense and zenarmor ? Every VPN on 443 are not seen as VPN by zenarmor ...

So i'm really confused ...
August 09, 2023, 08:58:24 PM #16
There's a category for hide.me, what does Zenarmor log when you try to connect?
What did it log for the problematic services you described?
Did you file a ticket for your problem?

Mine is blocking DoH/DoT just fine, just verified with https://1.1.1.1/help

Code Select
Block status,Start time,End time,Protocol,Source IP,Source hostname,Destination IP,Destination hostname,Destination port,Application category,Application,Application protocol,Security category,Packets Outbound,Packets Inbound,Bytes Outbound,Bytes Inbound,Interface,VLAN,Policy
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,1,0,583,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,1,0,583,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,1,0,583,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:46,2023-08-09 20:55:46,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:46,2023-08-09 20:55:46,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:46,2023-08-09 20:55:46,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,
August 09, 2023, 09:43:00 PM #17
It logs Secure Web Browsing for many VPN that I tried.
And with VPN, zenarmor will not see the dns request even in doh or dot.
Some dot or doh servers are not detected by zenarmor, I need to find the one I've tried few days ago.
August 10, 2023, 05:37:15 AM #18
Quote from: deuch on August 09, 2023, 09:43:00 PM
It logs Secure Web Browsing for many VPN that I tried.
And with VPN, zenarmor will not see the dns request even in doh or dot.
Some dot or doh servers are not detected by zenarmor, I need to find the one I've tried few days ago.
Have you tried the actual VPN services, or only visited their websites? If a VPN connection should be blocked and is not, file a ticket. Zenarmor are friendly and fast to respond.
Same goes for missing DoH servers.
August 10, 2023, 12:44:20 PM #19
Quote from: athurdent on August 10, 2023, 05:37:15 AM
Quote from: deuch on August 09, 2023, 09:43:00 PM
It logs Secure Web Browsing for many VPN that I tried.
And with VPN, zenarmor will not see the dns request even in doh or dot.
Some dot or doh servers are not detected by zenarmor, I need to find the one I've tried few days ago.
Have you tried the actual VPN services, or only visited their websites? If a VPN connection should be blocked and is not, file a ticket. Zenarmor are friendly and fast to respond.
Same goes for missing DoH servers.

Of course i've used the official application of hide.me on ipad and iphone, and the one of cloudflare with WARP on ios/android too. And those VPN are not blocked by zenarmor. I've almost success by create a blacklist of some domain with Zenarmor and Adguard, but it still DNS blocking and zenarmor use dpi that is normally better.

You can have a try with the 1.1.1.1 application of cloudflare, it does not require a account or credit card. Hide.me need to create a account but no credit card required for the free version.
August 10, 2023, 01:35:43 PM #20
Quote from: deuch on August 10, 2023, 12:44:20 PM
Of course i've used the official application of hide.me on ipad and iphone, and the one of cloudflare with WARP on ios/android too. And those VPN are not blocked by zenarmor. I've almost success by create a blacklist of some domain with Zenarmor and Adguard, but it still DNS blocking and zenarmor use dpi that is normally better.

You can have a try with the 1.1.1.1 application of cloudflare, it does not require a account or credit card. Hide.me need to create a account but no credit card required for the free version.

I have filed a ticket this morning. It does not recognise/block OpenVPN or Wireguard anymore here. I remember testing that a few years ago and it worked.
No idea whats going on there.
August 10, 2023, 03:52:27 PM #21
The engine works fine though, seems to be a problem with the OpenVPN and Wireguard matching in my case.
I just tried to block SSH on non-standard port 222, to rule out it would simply block by well known ports.
It recognised and blocked SSH on 222 just fine.
I already got a reply from Zenarmor, they are looking into it.
August 10, 2023, 07:12:25 PM #22
Ok thanks.

The main issue is that  a lot of modern VPN start to use 443 port ... So i think it will be difficult to globally block 443 port if you want to still be able to use internet :)

August 13, 2023, 12:01:25 AM #23
So I originally started this thread and I need to make a few things clear for me. It is NOT that Zenarmor is a bad product. When it works it works very well at not only blocking by DNS but IP's as well and at the same time. Some of you here are not really familiar with it's capabilities. This is a very capable product for controlling local network traffic when it is outbound to the internet. It is VERY effective if you take the time to learn how to configure it. That is not the issue I have.....The sole problem I have is that they need to do better at testing before release to a paid audience. There is a standard practice for this and I feel like they have a poor implementation of it. That makes it unreliable to deploy for businesses or business clients if you are an MSP (Managed Service Provider). They could GREATLY increase it's use and sale by making it's releases more reliable for working on deployments. Some of you really like to argue for your favorite product in true Linux Tradition. I have tested this plugin in many critical situations and it performs exceptionally well even in free mode. I can't deploy it in critical situations because of this upgrade issue which sometimes seems to break.....when it works it works well.

Sunny Valley....if you are still paying attention to this thread.....PLEASE TAKE THIS TO HEART. You have got to get a better update track in place. I love your product and I want to, and can, sell this to clients I have. I can't do that in good conscience knowing that somewhere one of your updates will break it's functionality and they will have to deal with it. Please take a look at this and let us know here in the public realm know what your plan on this is. 
Print
Go Up Pages 1 2
User actions