Search found 36 matches

by Saiyato
February 5th, 2019, 11:05 am
Forum: Installation
Topic: IPFire Installation
Replies: 2
Views: 515

Re: IPFire Installation

Ich habe diese Site genutzt: https://asciinema.org/a/189918

Es gab bei mir auch die komische doppelte Buchstaben, aber am ende hat es funktioniert. Und es lauft noch immer.

Entschuldige mein Deutsch bitte ;)
by Saiyato
January 7th, 2019, 12:47 pm
Forum: IPFire in General
Topic: Pondering to upgrade HW, now using a Banana Pi R1
Replies: 20
Views: 1715

Re: Pondering to upgrade HW, now using a Banana Pi R1

Despite a busy end of the year, I still ordered the APU2D4 and I'm happy I did! At first I experienced some trouble with installation, but I just needed to follow the step-by-step and not experiment. After restoring the backups I locked myself out of the WUI, because the theme I used wasn't on the n...
by Saiyato
January 4th, 2019, 10:52 am
Forum: IPFire in General
Topic: DNS security hardening
Replies: 10
Views: 1434

Re: DNS security hardening

Just another thing that comes to mind, if unbound is a recursive resolver, why would you want to configure upstream servers? Is that for speed purposes? I mean if unbound can check all the way up to the root servers, then you have your DNSSEC and QNAME minimisation right there, if you use upstream s...
by Saiyato
January 4th, 2019, 10:23 am
Forum: IPFire in General
Topic: DNS security hardening
Replies: 10
Views: 1434

Re: DNS security hardening

Thanks for the updates UE, I've added them to the main post. I must say I haven't tested the tools yet, I'm fairly new to the IPFire environment in terms of installing software, I'm used to apt-get or building from git (sometimes), so I need to check how this ecosystem works exactly. I have in the m...
by Saiyato
December 20th, 2018, 8:29 am
Forum: IPFire in General
Topic: iptables WHITELIST
Replies: 1
Views: 260

Re: iptables WHITELIST

I believe iptables handles rules in chains, meaning it will handle the first rule in the first chain and subsequently iterates through the rules and respectively the chains. As far as I know - correct me if I'm wrong - iptables will stop once a matching rule has been found, so you need to accept the...
by Saiyato
December 19th, 2018, 11:27 am
Forum: Development
Topic: OpenVPN multithreading
Replies: 3
Views: 606

Re: OpenVPN multithreading

Hi UE, Thanks for the response, I did some checking into comp-lzo, which is 'simple' compression (now deprecated, because lz4 was implemented for speed reasons), it it - in certain scenarios - susceptible to attacks. See BEAST and CRIME: https://security.stackexchange.com/questions/51017/does-the-pr...
by Saiyato
December 18th, 2018, 9:17 pm
Forum: Development
Topic: OpenVPN multithreading
Replies: 3
Views: 606

OpenVPN multithreading

Hi all, I've been reading into why OpenVPN seems perform so poorly on fairly new devices. As it appears OpenVPN only runs on one thread, meaning higher frequencies are beneficial, but multiple cores aren't. Some searching did give me this repo, which claims it can run OpenVPN connections over multip...
by Saiyato
December 5th, 2018, 2:10 pm
Forum: IPFire in General
Topic: Ipfblocklist (IP Blocklists for IPFire)
Replies: 16
Views: 1996

Re: Ipfblocklist (IP Blocklists for IPFire)

Thanks for the explanation. :) I thought it would block incoming connections only, but it's a two-way block. Which - when I come to think of it - actually makes sense, you don't want any incoming traffic from compromised systems, but you also don't want any outgoing connection (exfiltrating data or ...
by Saiyato
November 30th, 2018, 1:04 pm
Forum: IPFire in General
Topic: Pondering to upgrade HW, now using a Banana Pi R1
Replies: 20
Views: 1715

Re: Pondering to upgrade HW, now using a Banana Pi R1

I've been kept a bit busy with some other investigations, like DNS hardening and trying to get DNSSEC and DoT working. I'm not quite there yet, but the deadline (2019) is drawing near, so I thought I'd investigate the Qotom too... The risk of no updates, i.e. NSA/KGB/GCHQ/etc is kind of a dealbreake...
by Saiyato
November 30th, 2018, 10:41 am
Forum: IPFire in General
Topic: Ipfblocklist (IP Blocklists for IPFire)
Replies: 16
Views: 1996

Re: Ipfblocklist (IP Blocklists for IPFire)

I just came to the conclusion that using BOGON_FULL blocks 192.168.0.0/16, i.e. you can't access machines behind IPFire in that network as well ;) It's a two-way block. 11:28:53 DROP_BOGON_FULL red0 TCP 192.168.178.x 192.168.178.y 80(HTTP) In my case I can't reach the Fritzbox modem, not too much of...
by Saiyato
November 29th, 2018, 3:55 pm
Forum: IPFire in General
Topic: DNS security hardening
Replies: 10
Views: 1434

Re: DNS security hardening

Long post alert! this was one working topic since the first tries with the custom_forwarder in local.d ended up in a "local recursor" mode but did crashed also the entries in host.cgi (reported this in the linked thread) whereby i could localize the problem somewhere in the update_forwarders functio...
by Saiyato
November 28th, 2018, 9:13 pm
Forum: IPFire in General
Topic: DNS security hardening
Replies: 10
Views: 1434

Re: DNS security hardening

Thanks, I just updated some parts, I must say I havent tested yet... when I quickly tested yesterday, my DNS was broken :( So I must find the time to test it thorougly :) Theres one other thing I don't understand, I will add it to the questions. When I configure unbound, what do the DNS settings in ...
by Saiyato
November 28th, 2018, 6:04 pm
Forum: Installation
Topic: Installation of Banana PI Router R2?
Replies: 3
Views: 967

Re: Installation of Banana PI Router R2?

This device is not supported, I believe it uses a different, unsupported, chipset and the price isn't too pretty for its performance.
If I recall correctly it isn't even on the roadmap right now, mostly due to the price in combination with not much added benefit.
by Saiyato
November 28th, 2018, 6:00 pm
Forum: IPFire in General
Topic: DNS security hardening
Replies: 10
Views: 1434

Re: DNS security hardening