Search found 29 matches

by GrueMaster
August 6th, 2019, 1:02 am
Forum: IPFire in General
Topic: OpenVPN generate new client cert
Replies: 1
Views: 174

OpenVPN generate new client cert

I have searched all over this forum and googled for answers to a very basic real world question; how do I reissue a certificate to a user? I have a user that their cert expired. I don't want to have to delete the user and reenter their information, I just need to generate a new .p12 file with a new ...
by GrueMaster
May 30th, 2019, 5:09 pm
Forum: Installation
Topic: Blue net won't start
Replies: 3
Views: 515

Re: Blue net won't start

I'm not sure why the config_type was 1. That was how it spilled out of setup. Might have been a copy/paste artifact as the original config was type 1 (red/green) with green in bridge mode (manual edit). I had thought all I did was enter setup and change the type to red/blue/green and tell it which m...
by GrueMaster
May 29th, 2019, 1:53 pm
Forum: Installation
Topic: Blue Network No Internet
Replies: 3
Views: 989

Re: Blue Network No Internet

Did you add the subnet to the Blue Access list under Firewall->Blue Access? I found that I had to add the entire subnet (192.168.10.0/24) to that configuration screen for our guest network to get access.

Could be something else, but worth the check.
by GrueMaster
May 28th, 2019, 5:27 pm
Forum: Installation
Topic: Blue net won't start
Replies: 3
Views: 515

Re: Blue net won't start

Ok, figured it out. Apparently, the /var/ipfire/ethernet/settings file needs to have the Blue network before the Green when Green is bridged (libvirt running LDAP server). If BLUE is after, it fails to come up. Failed settings: CONFIG_TYPE=1 GREEN_DEV=green0 GREEN_MODE=bridge GREEN_SLAVES=18:d6:c7:0...
by GrueMaster
May 28th, 2019, 4:44 pm
Forum: Installation
Topic: Blue net won't start
Replies: 3
Views: 515

Blue net won't start

Update 131. I recently added the blue network to our main firewall, but the network fails to start on reboot. /var/ipfire/ethernet/settings shows the correct interface with the correct mac, setup is configured correctly, but the interface fails to start on reboot. I had a temporary system running ou...
by GrueMaster
February 11th, 2019, 7:32 pm
Forum: IPFire in General
Topic: Cryptographic warning & error in Core 123
Replies: 20
Views: 3933

Re: Cryptographic warning & error in Core 123

All OpenVPN clients needs then to be renewed! How exactly do you do this? Is it possible to renew an expired certificate? I understand one would need to be recreated, but it seems like a major PITA to have to delete the entire user and re-add them. Sorry to hijack the thread for a slight deviation....
by GrueMaster
January 25th, 2019, 5:00 pm
Forum: Addons
Topic: Backup service
Replies: 0
Views: 546

Backup service

I'm looking at possibly using our firewall servers (two separate sites) as backup servers for our 2 offices. I see bacula in pakfire, but there is no documentation (that I have seen yet) on the wiki for how to configure it. As bacula is a huge system, I need to know if this sets up the server side, ...
by GrueMaster
January 15th, 2019, 11:33 pm
Forum: Installation
Topic: OpenVPN Net2Net routing issues
Replies: 6
Views: 823

Re: OpenVPN Net2Net routing issues

While I understand with your assessment on the public/private routing, I don't believe that is the case here. Here is why: OfficeA to Home works both ways The previous company I worked for also had similar ranges for their internal networks (which were far larger than all of the private ranges combi...
by GrueMaster
January 15th, 2019, 3:29 am
Forum: Installation
Topic: OpenVPN Net2Net routing issues
Replies: 6
Views: 823

Re: OpenVPN Net2Net routing issues

Not really much to show. The two firewalls (OfficeA & OfficeB) show connections. Both have separate internal subnets (OfficeA: 222.10.0.0/255.255.255.0, OfficeB: 222.20.0.0/255.255.255.0, Home: 222.30.0.0/255.255.255.0). I verified that the UDP ports I am using are not used by anything else, based o...
by GrueMaster
January 5th, 2019, 7:14 pm
Forum: Installation
Topic: OpenVPN Net2Net routing issues
Replies: 6
Views: 823

Re: OpenVPN Net2Net routing issues

Just ran an additional test. Since my home is very close to OfficeA (45 minute drive), I made a N2N connection between OfficeA and my home ipfire system. Same settings as above (Home subnet 222.30.0.0/24, VPN 10.20.10.0/24, port 1492) and everything just works. I can ssh to any system in the office ...
by GrueMaster
January 5th, 2019, 5:28 pm
Forum: Installation
Topic: OpenVPN Net2Net routing issues
Replies: 6
Views: 823

Re: OpenVPN Net2Net routing issues

Additional info. Routes: OfficeA: [root@ipfire ~]# route |fgrep -v red0 # No need to post external IP, that part works Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.20.0.2 * 255.255.255.255 UH 0 0 0 tun1 10.25.16.0 10.25.16.2 255.255.255.0 UG 0 0 0 tun0 10.25.16.2...
by GrueMaster
January 5th, 2019, 1:44 am
Forum: Installation
Topic: OpenVPN Net2Net routing issues
Replies: 6
Views: 823

OpenVPN Net2Net routing issues

Ok, I have been struggling with this for a week now. Not getting anywhere, and google has not been my friend in this (how setting up a roadwarrior ipsec connection on PFSense is related to IPFire openvpn net2net escapes me). My situation: OfficeA in USA, OfficeB in India (can't get much further apar...
by GrueMaster
April 5th, 2018, 1:52 am
Forum: IPFire in General
Topic: Block Web Interface Within Green Network
Replies: 11
Views: 1348

Re: Block Web Interface Within Green Network

Erm, why? Why would you want to block all access to the password locked configuration GUI (which is essentially what it is)? You could possibly block all with a rule to block traffic to port 444 (which is where the interface lives). Or are you trying to block all access to the internet (if so, whats...
by GrueMaster
April 2nd, 2018, 3:06 pm
Forum: Installation
Topic: Can't install to APU2C4 (serial)
Replies: 11
Views: 2940

Re: Can't install to APU2C4 (serial)

Well, as the dev for Win32DiskImager, I know it doesn't work (yet) with compressed images. It's on my todo list though. :D
by GrueMaster
March 31st, 2018, 3:16 pm
Forum: Hardware
Topic: An opinion on this material!
Replies: 3
Views: 1048

Re: An opinion on this material!

IF you just want a firewall, this should do nicely. My firewall is a much earlier generation of the same processor, and for the most part, it works very well. The only real issue is if you plan on supporting multiple VPN clients. Then you will want to go with a better processor like the i5 that has ...