Search found 24 matches

by GrueMaster
February 11th, 2019, 7:32 pm
Forum: IPFire in General
Topic: Cryptographic warning & error in Core 123
Replies: 18
Views: 2354

Re: Cryptographic warning & error in Core 123

All OpenVPN clients needs then to be renewed! How exactly do you do this? Is it possible to renew an expired certificate? I understand one would need to be recreated, but it seems like a major PITA to have to delete the entire user and re-add them. Sorry to hijack the thread for a slight deviation....
by GrueMaster
January 25th, 2019, 5:00 pm
Forum: Addons
Topic: Backup service
Replies: 0
Views: 430

Backup service

I'm looking at possibly using our firewall servers (two separate sites) as backup servers for our 2 offices. I see bacula in pakfire, but there is no documentation (that I have seen yet) on the wiki for how to configure it. As bacula is a huge system, I need to know if this sets up the server side, ...
by GrueMaster
January 15th, 2019, 11:33 pm
Forum: Installation
Topic: OpenVPN Net2Net routing issues
Replies: 6
Views: 488

Re: OpenVPN Net2Net routing issues

While I understand with your assessment on the public/private routing, I don't believe that is the case here. Here is why: OfficeA to Home works both ways The previous company I worked for also had similar ranges for their internal networks (which were far larger than all of the private ranges combi...
by GrueMaster
January 15th, 2019, 3:29 am
Forum: Installation
Topic: OpenVPN Net2Net routing issues
Replies: 6
Views: 488

Re: OpenVPN Net2Net routing issues

Not really much to show. The two firewalls (OfficeA & OfficeB) show connections. Both have separate internal subnets (OfficeA: 222.10.0.0/255.255.255.0, OfficeB: 222.20.0.0/255.255.255.0, Home: 222.30.0.0/255.255.255.0). I verified that the UDP ports I am using are not used by anything else, based o...
by GrueMaster
January 5th, 2019, 7:14 pm
Forum: Installation
Topic: OpenVPN Net2Net routing issues
Replies: 6
Views: 488

Re: OpenVPN Net2Net routing issues

Just ran an additional test. Since my home is very close to OfficeA (45 minute drive), I made a N2N connection between OfficeA and my home ipfire system. Same settings as above (Home subnet 222.30.0.0/24, VPN 10.20.10.0/24, port 1492) and everything just works. I can ssh to any system in the office ...
by GrueMaster
January 5th, 2019, 5:28 pm
Forum: Installation
Topic: OpenVPN Net2Net routing issues
Replies: 6
Views: 488

Re: OpenVPN Net2Net routing issues

Additional info. Routes: OfficeA: [root@ipfire ~]# route |fgrep -v red0 # No need to post external IP, that part works Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.20.0.2 * 255.255.255.255 UH 0 0 0 tun1 10.25.16.0 10.25.16.2 255.255.255.0 UG 0 0 0 tun0 10.25.16.2...
by GrueMaster
January 5th, 2019, 1:44 am
Forum: Installation
Topic: OpenVPN Net2Net routing issues
Replies: 6
Views: 488

OpenVPN Net2Net routing issues

Ok, I have been struggling with this for a week now. Not getting anywhere, and google has not been my friend in this (how setting up a roadwarrior ipsec connection on PFSense is related to IPFire openvpn net2net escapes me). My situation: OfficeA in USA, OfficeB in India (can't get much further apar...
by GrueMaster
April 5th, 2018, 1:52 am
Forum: IPFire in General
Topic: Block Web Interface Within Green Network
Replies: 11
Views: 943

Re: Block Web Interface Within Green Network

Erm, why? Why would you want to block all access to the password locked configuration GUI (which is essentially what it is)? You could possibly block all with a rule to block traffic to port 444 (which is where the interface lives). Or are you trying to block all access to the internet (if so, whats...
by GrueMaster
April 2nd, 2018, 3:06 pm
Forum: Installation
Topic: Can't install to APU2C4 (serial)
Replies: 11
Views: 2438

Re: Can't install to APU2C4 (serial)

Well, as the dev for Win32DiskImager, I know it doesn't work (yet) with compressed images. It's on my todo list though. :D
by GrueMaster
March 31st, 2018, 3:16 pm
Forum: Hardware
Topic: An opinion on this material!
Replies: 3
Views: 809

Re: An opinion on this material!

IF you just want a firewall, this should do nicely. My firewall is a much earlier generation of the same processor, and for the most part, it works very well. The only real issue is if you plan on supporting multiple VPN clients. Then you will want to go with a better processor like the i5 that has ...
by GrueMaster
March 12th, 2018, 2:19 pm
Forum: IPFire in General
Topic: Block URLs for Specific Machine
Replies: 5
Views: 506

Re: Block URLs for Specific Machine

Why not just create a couple of firewall rules? If you have the mac of the system (connected to your network, you should), you can just put it as the source for one rule, and the dest for another rule, and block either all protocols or specific ones.
by GrueMaster
February 25th, 2018, 9:15 pm
Forum: IPFire in General
Topic: What can i expect from this hardware?
Replies: 6
Views: 727

Re: What can i expect from this hardware?

You can buy a decent rig for a few hundred dollars. Ideally, you will want a system with a more recent processor that has AES if you are doing any type of encryption (VPN, etc). I'm not sure how the core count factors in here yet, but the more services you run, the more threads are required (not 1:1...
by GrueMaster
February 21st, 2018, 6:51 am
Forum: Installation
Topic: Problem Update to 118
Replies: 7
Views: 1242

Re: Problem Update to 118

So far, the only issue I had was on a test system that was originally running 116, updated to 117, and now 118. My green network was setup for bridging, but for some reason, dhcp failed after updating. Rebooting, I discovered that my bridge settings were changed. I'll try to reproduce the results la...
by GrueMaster
February 15th, 2018, 2:50 am
Forum: IPFire in General
Topic: Partitions Resize
Replies: 22
Views: 2833

Re: Partitions Resize

The 'easiest' solution is to repartition in-place. You can boot to a live Linux image (like Ubuntu Desktop) and use it to resize the partition. The size you listed should be adequate. For the most part, most Linux systems can live in ~32G or less depending on logfile data retention needs (IPFire gen...
by GrueMaster
February 12th, 2018, 3:13 pm
Forum: Installation
Topic: LAN & WLAN coexistence
Replies: 6
Views: 1132

Re: LAN & WLAN coexistence

Actually, having green, blue, (and possibly orange) networks coming from the same network port is possible using vlans. You just need to setup multiple vlans on your physical port (call it eth1), so that it looks something like this: Green0: eth1: 192.168.0.1 Blue0: eth1.1: 10.0.0.1 Orange0: eth1.5:...