Search found 123 matches

by fkienker
June 15th, 2019, 3:33 pm
Forum: IPFire in General
Topic: Upgrade from 132 to 133 saricata fails (RESOLVED)
Replies: 7
Views: 399

Re: Upgrade from 132 to 133 saricata fails

Upgrading an running C132 firewall system, I can duplicate this error. Once again, commenting the 2> /dev/null saves the day. With the comment removed, this message appears when trying to start Suricata: /usr/bin/suricata: error while loading shared libraries: libjansson.so.4: cannot open shared obj...
by fkienker
June 11th, 2019, 5:42 pm
Forum: IPFire in General
Topic: yum update times out after upgrade to 131
Replies: 21
Views: 694

Re: yum update times out after upgrade to 131

This just points out the care required to use IPS. Indiscriminate application of rules and rule sets can cause more problems than it solves. Worst case is to turn them all of them on and suffer through fixing all of the broken things.

Best regards,
Fred
by fkienker
June 11th, 2019, 5:37 pm
Forum: IPFire in General
Topic: DHCP fixed leases configuation
Replies: 3
Views: 1276

Re: DHCP fixed leases configuation

I can confirm this works as expected on several different systems.

It was disappointing this fix didn't make it into C132. I assume it will be in C133.

Best regards,
Fred
by fkienker
May 31st, 2019, 4:20 pm
Forum: IPFire in General
Topic: yum update times out after upgrade to 131
Replies: 21
Views: 694

Re: yum update times out after upgrade to 131

The best approach at this point to start with is to get the proxy COMPLETELY out of the loop. Disable it completely and see what happens. If you have Geo Filtering turned on, turn it off. If yum can't access a mirror with the proxy disabled, then your problem is with DNS, some basic network configur...
by fkienker
May 30th, 2019, 5:49 pm
Forum: IPFire in General
Topic: yum update times out after upgrade to 131
Replies: 21
Views: 694

Re: yum update times out after upgrade to 131

You should look in the unbound Log files for hints. They should be able to tell you what is failing.

Best regards,
Fred
by fkienker
May 30th, 2019, 5:08 pm
Forum: IPFire in General
Topic: yum update times out after upgrade to 131
Replies: 21
Views: 694

Re: yum update times out after upgrade to 131

To test this, try specifying Google DNS (8.8.8.8 and 8.8.4.4), try restarting, and and see what messages you get at the command line. If everything works as it should, your issues are with the upline DNS providers. It's NOT uncommon to have one work and another not even with the SAME DNS provider. I...
by fkienker
May 30th, 2019, 3:27 pm
Forum: Development
Topic: OpenVPN - Say goodbye to --dh and hello to --ecdh-curve ?
Replies: 16
Views: 1143

Re: OpenVPN - Say goodbye to --dh and hello to --ecdh-curve ?

One of the chief issues IPFire users have is how "complicated" (versatile) OpenVPN is. To address this, maybe the best solution is to "recommend" defaults which would create a working configuration with little input from an unsophisticated user. At the same time, leave as many of the "advanced" opti...
by fkienker
May 29th, 2019, 3:18 pm
Forum: Development
Topic: OpenVPN - Say goodbye to --dh and hello to --ecdh-curve ?
Replies: 16
Views: 1143

Re: OpenVPN - Say goodbye to --dh and hello to --ecdh-curve ?

Sorry for not responding sooner - I'm really buried right now and have not had time to reflect on your last post. I will try to get to it soon.

Best regards,
Fred
by fkienker
May 29th, 2019, 3:10 pm
Forum: IPFire in General
Topic: yum update times out after upgrade to 131
Replies: 21
Views: 694

Re: yum update times out after upgrade to 131

To correct the DNS issue you can either do:
- do a restart the IPFire hardware
- at the command prompt on the IPFire hardware, type "/etc/init.d/unbound restart"

Either one will force the unbound to clear and reconnect to the DNS servers you have specified.

Best regards,
Fred
by fkienker
May 29th, 2019, 3:06 pm
Forum: IPFire in General
Topic: yum update times out after upgrade to 131
Replies: 21
Views: 694

Re: yum update times out after upgrade to 131

On the Web Proxy page, try adding your server IP addresses in the block labeled "Unrestricted IP addresses (one per line):"

Best regards,
Fred
by fkienker
May 28th, 2019, 6:45 pm
Forum: IPFire in General
Topic: yum update times out after upgrade to 131
Replies: 21
Views: 694

Re: yum update times out after upgrade to 131

I see you are running C6-x64. I tried the mirrors link listed in the log you provided on our local IPFire system. A response was returned in less than a second. We have a few C6-x64 systems still around and I tried it on one of them and no issues were reported as well. You said the server is in your...
by fkienker
May 28th, 2019, 4:57 pm
Forum: IPFire in General
Topic: yum update times out after upgrade to 131
Replies: 21
Views: 694

Re: yum update times out after upgrade to 131

We've not experienced this issue at all with any of our CentOS servers, connected to numerous firewalls on various ISP's. If this just started happening, could it be something changed in iptables? Have you checked the iptables to see if it has the Apply button displayed? I'm curious as to why you ar...
by fkienker
May 27th, 2019, 10:44 pm
Forum: IPFire in General
Topic: Configuring firewall rules for Cloudflare DNS
Replies: 4
Views: 350

Re: Configuring firewall rules for Cloudflare DNS

I can confirm intermittent DNS failures using cloudflare (1.1.1.1 / 1.0.0.1) DNS servers. it is happening on more than one of our IPFire systems and more than one ISP's. - Switching to Google (P-8.8.8.8 / S-8.8.4.4) always fixes it. - For a while we were using P-1.1.1.1 and S-8.8.8.8 as a work-aroun...
by fkienker
May 24th, 2019, 3:04 pm
Forum: Development
Topic: OpenVPN - Say goodbye to --dh and hello to --ecdh-curve ?
Replies: 16
Views: 1143

Re: OpenVPN - Say goodbye to --dh and hello to --ecdh-curve ?

I polled the three firewalls I am using for testing. FW1: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305, 2048 bit RSA FW2: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 2048 bit RSA FW3: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SH...
by fkienker
May 24th, 2019, 1:37 pm
Forum: IPFire in General
Topic: Fixed IP assignment under DHCP
Replies: 40
Views: 3134

Re: Fixed IP assignment under DHCP

My hat is off to you for getting it to work at all! This should probably should be filed under "All's Well That Ends Well".

Thanks for all you hard work. I have a pretty good idea hard this was to fix.

Best regards,
Fred