pfSense Gold Subscription

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - AhnHEL

Pages: [1] 2 3 4 5 ... 43
1
2.4 Development Snapshots / Re: Openvpn - Simple 2.4 Send/Receive question
« on: November 18, 2017, 06:35:04 pm »
https://forum.pfsense.org/index.php?topic=130350.msg718028#msg718028

Trying to interpret Jimp's choice of words here in the second paragraph.  Did he mean the Custom Options override the checkboxes, and thats why it was safe to upgrade?

2
2.4 Development Snapshots / Re: dpinger 3.0 hot off the presses!
« on: November 11, 2017, 01:09:47 am »
Is this the correct md5 for 2.4.2?

MD5 (/usr/local/bin/dpinger) = 804f2541cd4dd0e3cad6ff23447ea891

4
+1 Seeing this as well.

5
2.4 Development Snapshots / Re: New 502 Bad Gateway
« on: October 17, 2017, 07:36:05 pm »
I pushed some experimental changes today that are designed to help track down the issue of gateway timeouts occurring when the IPSec dashboard widget is displayed. 

I, myself never had the IPSEC dashboard widget displayed when I was getting the 502 Bad Gateway issue.  Was this problem somehow thought to be related?  I don't use IPSEC at all.

6
2.4 Development Snapshots / Re: New 502 Bad Gateway
« on: October 13, 2017, 09:35:15 am »
Just reinstalled myself changing from UFS to ZFS filesystem, using the same 20171009 snapshot.  Wouldn't last ten minutes before, but has been up without error for 24 hours now.

Never used Squid or ClamAV.  Only using pfBlockerNG.

7
2.4 Development Snapshots / Re: New 502 Bad Gateway
« on: October 11, 2017, 03:49:08 pm »
I have one box using the ZFS file structure, the other is using UFS, both using pfBlockerNG.  The ZFS is rock solid, and the UFS one gets the Bad Gateway after some time.  Wondering if that is a possible reason why two similar boxes with similar settings exhibit different behavior using the same snapshot and same packages.

Both running 20171009 Snapshots for 2.4.0

Just a thought

8
2.4 Development Snapshots / Re: New 502 Bad Gateway
« on: October 10, 2017, 05:17:02 pm »
I was seeing the same thing, I upgraded to the October 9th snapshot, and did a "pkg upgrade -f" at the shell prompt and all is well again.

Statement retracted.

Took a day but yes, eventually got the bad gateway again.

9
Installation and Upgrades / Re: 2.3.3 is live!
« on: February 20, 2017, 08:47:21 pm »
Another hand up for a smooth upgrade if anyone is still on the fence about pulling the trigger.

 ;)

10
pfBlockerNG / Re: pfBlockerNG 2.1.1_5 / Pfsense 2.4
« on: January 06, 2017, 04:59:19 pm »
I failed to post the manual fix by BBcan177 because I thought the patch would have been out relatively quickly but just realized it has been over 2 weeks since the last correspondence involving this.  The following is the instructions BBcan177 gave me to test that worked perfectly.
Quote
1) Backup file:

    cp /usr/local/pkg/pfblockerng/pfblockerng.inc /tmp/pfblockerng.inc.bk

2) Edit:   

    /usr/local/pkg/pfblockerng/pfblockerng.inc   and remove line 937


exec("/usr/bin/openssl req -new -x509 -keyout {$pfb['dnsbl_cert']} -out {$pfb['dnsbl_cert']} -days 3650 -nodes");

Here is what Line 937 looks like:
https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L937

3) Then at line 937 add the following code:


                        $dn = array (   'countryName'           => 'CA',
                                        'stateOrProvinceName'   => 'ST_DNSBL',
                                        'localityName'          => 'LN_DNSBL',
                                        'organizationName'      => 'ON_DNSBL',
                                        'organizationalUnitName'=> 'OU_DNSBL',
                                        'commonName'            => 'CN_DNSBL',
                                        'emailAddress'          => 'dnsbl@dnsbl.com'
                                        );

                        $pkey   = openssl_pkey_new();
                        $csr    = openssl_csr_new($dn, $pkey);
                        $cert   = openssl_csr_sign($csr, NULL, $pkey, 3650);

                        openssl_pkey_export($pkey, $privatekey);
                        openssl_x509_export($cert, $publickey);
                        @file_put_contents("{$pfb['dnsbl_cert']}", "{$privatekey}{$publickey}", LOCK_EX);

    The final changes should look like this:


                // Create DNSBL SSL certificate
                if (!file_exists ("{$pfb['dnsbl_cert']}")) {
                        $log = "\nNew DNSBL cert created";
                        pfb_logger("{$log}", 1);

                        //exec("/usr/bin/openssl req -new -x509 -keyout {$pfb['dnsbl_cert']} -out {$pfb['dnsbl_cert']} -days 3650 -nodes");

                        $dn = array (   'countryName'           => 'CA',
                                        'stateOrProvinceName'   => 'ST_DNSBL',
                                        'localityName'          => 'LN_DNSBL',
                                        'organizationName'      => 'ON_DNSBL',
                                        'organizationalUnitName'=> 'OU_DNSBL',
                                        'commonName'            => 'CN_DNSBL',
                                        'emailAddress'          => 'dnsbl@dnsbl.com'
                                        );

                        $pkey   = openssl_pkey_new();
                        $csr    = openssl_csr_new($dn, $pkey);
                        $cert   = openssl_csr_sign($csr, NULL, $pkey, 3650);

                        openssl_pkey_export($pkey, $privatekey);
                        openssl_x509_export($cert, $publickey);
                        @file_put_contents("{$pfb['dnsbl_cert']}", "{$privatekey}{$publickey}", LOCK_EX);
                }


4) Delete the old PEM file

    rm /var/unbound/dnsbl_cert.pem

5) Goto Update Tab and run a "Force Update" which should rebuild the PEM file

6) Check to see if the service is running and that the DNBSL Logs are still working (Alerts Tab)

7) Manually try to restart the DNSBL Service to see if its working as expected

   /usr/local/etc/rc.d/dnsbl.sh restart

11
pfBlockerNG / Re: pfBlockerNG 2.1.1_5 / Pfsense 2.4
« on: December 22, 2016, 12:38:04 am »
PM sent, code changes seem to fix the problem perfectly.

12
pfBlockerNG / Re: pfBlockerNG 2.1.1_5 / Pfsense 2.4
« on: December 20, 2016, 09:52:20 pm »
Thanks again, Ron.  Is this easily resolved for a permanent fix? 


2.1.1_6?

13
pfBlockerNG / Re: pfBlockerNG 2.1.1_5 / Pfsense 2.4
« on: December 20, 2016, 09:38:18 pm »
Blank page and the browser title bar says 10.10.10.1 (1x1)

That correct?

14
pfBlockerNG / Re: pfBlockerNG 2.1.1_5 / Pfsense 2.4
« on: December 20, 2016, 09:24:44 pm »
Progress!!

Yup, that let me start the service and its showing up green now, but I'm not seeing any packets being blocked though.


****Disregard that, I see some packet drops, its working.  Sweet, thank you.

15
pfBlockerNG / Re: pfBlockerNG 2.1.1_5 / Pfsense 2.4
« on: December 20, 2016, 08:48:03 pm »
I've confirmed that it was deleted, Force Updated and confirmed that it get recreated.

Recreates the same type of format of key with just Begin and End Private Key.

Comes up with the same couldnt read x509 certificate error as before when trying to restart

Pages: [1] 2 3 4 5 ... 43