Search found 24 matches

by Rainmaker
July 20th, 2018, 6:14 pm
Forum: Development
Topic: Secure DNS-over-TLS alongside unbound?
Replies: 10
Views: 4637

Re: Secure DNS-over-TLS alongside unbound?

Hi Folks, My network clients uses ipfire as the dns. In IP fire i use tls-aware dns servers, but I don't think ssl is activated/recognized in ipfire. We like to use dns server with dns-over-tls. Any chance to bring this into the web-ui? I could imagine an additional column to add the tls-port for e...
by Rainmaker
July 14th, 2018, 2:09 pm
Forum: Hardware
Topic: Duobox vs APU2c4
Replies: 8
Views: 2014

Re: Duobox vs APU2c4

The APU has a few design issues. Bus throughput is really slow and each CPU core only has 1 GHz clock speed. I suppose that *if* it actually transfers that data at that speed from one NIC to another one it will have at least two CPU cores entirely saturated. Meaning that with a little bit of QoS or...
by Rainmaker
July 14th, 2018, 1:57 pm
Forum: Hardware
Topic: Duobox vs APU2c4
Replies: 8
Views: 2014

Re: Duobox vs APU2c4

Did you buy anything in the end OP? I can confirm that the APU2C4 can route symmetrical gigabit WAN > LAN at wire speed using IPFire (but not pfSense) Since when is that? Are you sure that you benchmarked that correctly? I didn't do the benchmarking, Michael. I was taking my info from here , which ...
by Rainmaker
July 13th, 2018, 2:37 pm
Forum: Hardware
Topic: Duobox vs APU2c4
Replies: 8
Views: 2014

Re: Duobox vs APU2c4

Did you buy anything in the end OP? I can confirm that the APU2C4 can route symmetrical gigabit WAN > LAN at wire speed using IPFire (but not pfSense). Nice little boxes tbh, though slightly more of a pain due to needing the serial console cable. I moved on to an x86 box (G4560 3.5GHz 2c4t) but the ...
by Rainmaker
June 5th, 2018, 11:41 pm
Forum: IPFire in General
Topic: IPSec with user/pass?
Replies: 1
Views: 331

Re: IPSec with user/pass?

OK, just in case anyone sees this and can help: I have solved the EAP issue with a lot of Googling and some fast learning. I do have a new resulting problem though that I can't (yet) solve, and I'd really appreciate some help if anyone can, please. To get around the EAP authentication (mschapv2) iss...
by Rainmaker
June 5th, 2018, 12:37 am
Forum: IPFire in General
Topic: IPSec with user/pass?
Replies: 1
Views: 331

IPSec with user/pass?

I was playing with adding an IPSec connection (net to net), as I have several third party VPN providers who support it. They all rely on a username and password plus pre-shared key, and they support IKEv2. I set up a connection and the logs show it connects to the remote IP and initiates a connectio...
by Rainmaker
April 5th, 2018, 4:34 pm
Forum: Development
Topic: Secure DNS-over-TLS alongside unbound?
Replies: 10
Views: 4637

Re: Secure DNS-over-TLS alongside unbound?

PS I can't find a link to download core 120, neither on Planet or in the download centre. The blog post says it's available to test, so could you please kindly point me to where I can find the serial console dd image?

Never mind, I RTFM. My apologies.
by Rainmaker
April 5th, 2018, 2:48 pm
Forum: Development
Topic: Secure DNS-over-TLS alongside unbound?
Replies: 10
Views: 4637

Re: Secure DNS-over-TLS alongside unbound?

Core Update 120 will bring unbound 1.7.0 which has support for DNS over TLS. See also the discussion here: https://lists.ipfire.org/pipermail/development/2018-April/004211.html DNSCrypt has been declared dead. That's great Michael. I saw the announce on Twitter - you guys have been busy! Is DoH sup...
by Rainmaker
April 3rd, 2018, 9:35 pm
Forum: IPFire in General
Topic: DNS Cloudflare : 1.1.1.1
Replies: 5
Views: 775

Re: DNS Cloudflare : 1.1.1.1

Both servers (1.1.1.1 and 1.0.0.1) support DNSSEC, as well as DNS-over-HTTPS and DNS-over-TLS. I'm using these servers locally using DNS-over-TLS (Stubby Manager on macOS, scripts on other boxes) at present, in strict mode (only allow DoT, only allow DNSSEC) and it's working flawlessly - and very fa...
by Rainmaker
April 3rd, 2018, 3:35 pm
Forum: Development
Topic: Secure DNS-over-TLS alongside unbound?
Replies: 10
Views: 4637

Secure DNS-over-TLS alongside unbound?

With many providers now supporting DNS over TLS (Cloudflare, Google etc), and support being added to Android and iOS soon, the issue of DNS query encryption is becoming more prominent. It's especially relevant for those in oppressive countries, and those users who care strongly about privacy. Even m...
by Rainmaker
April 3rd, 2018, 3:17 pm
Forum: IPFire in General
Topic: Pakfire download error, file wasn't verified by IPFire.org
Replies: 15
Views: 1744

Re: Pakfire download error, file wasn't verified by IPFire.org

Thanks for letting us know (and for your hard work) arne! 8)
by Rainmaker
April 3rd, 2018, 1:32 pm
Forum: IPFire in General
Topic: Pakfire download error, file wasn't verified by IPFire.org
Replies: 15
Views: 1744

Re: Pakfire download error, file wasn't verified by IPFire.org

Same problem on my box; Platform is X86_64 as well.... Is it still broken for you? It started working again for me (only partially at first) sometime around 02:00 UTC. Here's what I get now over SSH (the webUI works perfectly now, also): [root@ipfire ~]# pakfire update server-list.db 100.00% |=====...
by Rainmaker
April 3rd, 2018, 9:52 am
Forum: Installation
Topic: Can't install to APU2C4 (serial)
Replies: 11
Views: 2159

Re: Can't install to APU2C4 (serial)

GrueMaster wrote:
April 2nd, 2018, 3:06 pm
Well, as the dev for Win32DiskImager, I know it doesn't work (yet) with compressed images. It's on my todo list though. :D
A dev’s To-Do list is never done, eh? :)
by Rainmaker
April 2nd, 2018, 9:02 pm
Forum: Installation
Topic: Can't Get pakfire to work!! Newbe
Replies: 9
Views: 919

Re: Can't Get pakfire to work!! Newbe

I don't think, this are code problems. I just posted the problem on the developers mailing list. This post may reach Core Devs and server admin much better. BTW: As far as i know, there are not so many updates since the last core release. You do not miss much until the problem is solved. ;) ...Exce...
by Rainmaker
April 2nd, 2018, 2:42 pm
Forum: IPFire in General
Topic: Pakfire download error, file wasn't verified by IPFire.org
Replies: 15
Views: 1744

Re: Pakfire download error, file wasn't verified by IPFire.org

Just came here for the exact same reason. I thought I'd messed something up. I've been chasing the problem around for a couple of hours - even reinstalling from scratch, but the issue remained. It's no problem thanks to backup files, but still frustrating! At least I know now it's not a local issue....