Search found 51 matches

by gpatel-fr
August 24th, 2019, 7:33 am
Forum: IPFire in General
Topic: "This site can’t provide a secure connection" Error!
Replies: 22
Views: 4278

Re: "This site can’t provide a secure connection" Error!

Any ideas on how to effectively sort the problem? Please bear in mind that I already have spent many hours of investigation on this and NONE of the proposed "fixes" on the web fixed the problem on my side. It's not really possible to give a suggestion you did not already try if you don't say precis...
by gpatel-fr
August 22nd, 2019, 7:40 am
Forum: Development
Topic: [Feature request] Ipfire binary signing
Replies: 6
Views: 1034

[Feature request] Ipfire binary signing

Hello Maybe I missed something, but I don't see any binary signing on the download page: https://www.ipfire.org/download/ipfire-2.23-core134 A small additional security could be to provide by a GPG signature to protect against a compromise of downloads.ipfire.org. It may be paranoid, but I checked o...
by gpatel-fr
August 20th, 2019, 6:17 am
Forum: IPFire in General
Topic: some valid domains getting blocked
Replies: 74
Views: 9866

Re: some valid domains getting blocked

Connecting to mail.mantech.com|108.174.241.57|:443... connected. HTTP request sent, awaiting response... 401 Unauthorized ( The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator. ) never mind this, this is a wget feature. Conn...
by gpatel-fr
August 19th, 2019, 6:01 am
Forum: IPFire in General
Topic: some valid domains getting blocked
Replies: 74
Views: 9866

Re: some valid domains getting blocked

Well, as far as I can tell, your Ipfire box is doing everything right. First a bit of explanation: a TCP connection is done through the exchange of 3 packets; - emitter sends a SYN packet - receiver replies with an ACK packet - emitter replies to the ACK packet with another ACK packet that's called ...
by gpatel-fr
August 18th, 2019, 9:47 pm
Forum: IPFire in General
Topic: some valid domains getting blocked
Replies: 74
Views: 9866

Re: some valid domains getting blocked

I tried this from a CentOS host on my network behind IPFire and it just times out. [user@CentOS ~]$ wget https://mail.mantech.com/owa --2019-08-18 15:33:52-- https://mail.mantech.com/owa Resolving mail.mantech.com (mail.mantech.com)... 108.174.241.57 Connecting to mail.mantech.com (mail.mantech.com...
by gpatel-fr
August 18th, 2019, 4:16 pm
Forum: IPFire in General
Topic: some valid domains getting blocked
Replies: 74
Views: 9866

Re: some valid domains getting blocked

can you try from a workstation connected behind your ipfire:

wget https://mail.mantech.com/owa

and

wget https://mail.mantech.com/CookieAuth.dll ... &formdir=1
by gpatel-fr
August 18th, 2019, 1:43 pm
Forum: IPFire in General
Topic: some valid domains getting blocked
Replies: 74
Views: 9866

Re: some valid domains getting blocked

Why is IPfire blocking these domains? Why do they respond via ping but won't load in a web browser? Edit: I am running Core 134. I was using Quad 9 as my DNS service (9.9.9.9) but just switched it over to Google (8.8.8.8) and there is no change. I still can't get to those web sites. Hello Ping and ...
by gpatel-fr
August 14th, 2019, 9:01 pm
Forum: IPFire in General
Topic: Cannot connect to ipfire web interface
Replies: 28
Views: 5537

Re: Cannot connect to ipfire web interface

H&M wrote:
August 14th, 2019, 8:00 pm
No problem with that: I've found a way to get all source IP addresses I need: apparently Let's Encrypt uses only Amazon EC2 servers.
https://community.letsencrypt.org/t/ip- ... le/5410/18

they *want* their source addresses to be unpredictable.
by gpatel-fr
August 14th, 2019, 7:52 pm
Forum: IPFire in General
Topic: Cannot connect to ipfire web interface
Replies: 28
Views: 5537

Re: Cannot connect to ipfire web interface

H&M wrote:
August 14th, 2019, 7:42 pm

Actually I need to find all Let's Encrypt source IP addresses and allow only those to access my port 80...
I don't think this is a good idea, IIRC Let's encrypt engineers discourage it since their source address is not always constant.
by gpatel-fr
August 14th, 2019, 4:10 pm
Forum: IPFire in General
Topic: Cannot connect to ipfire web interface
Replies: 28
Views: 5537

Re: Cannot connect to ipfire web interface

If I am not making any wrong assumption, then no matter of script to be used (acme, dehydrated, etc) I will need to pass a http-01 type verification because I do not own the domain hence I have no solution to create the TXT record used by dns-01 type verification. Yes, if it's not possible to do *a...
by gpatel-fr
August 14th, 2019, 7:38 am
Forum: IPFire in General
Topic: Cannot connect to ipfire web interface
Replies: 28
Views: 5537

Re: Cannot connect to ipfire web interface

@gpatel-fr is this a problem solution when i install your command? It may be a way to create an approved (not self-signed) certificate, it's a very complicated way to address the problem and mostly overkill. Also, when I was posting this I failed to notice that ipfire includes dehydrated, a letsenc...
by gpatel-fr
August 13th, 2019, 12:47 pm
Forum: IPFire in General
Topic: SQL Server Connection-
Replies: 3
Views: 711

Re: SQL Server Connection-

Hello first begin with a simple case such as a web server before going to difficult stuff like Sql Server. Once you have seen how it works, then pass to more complex cases. The tutorial that has worked for me is here: https://wiki.ipfire.org/configuration/firewall/rules/port-forwarding Sql server is...
by gpatel-fr
August 13th, 2019, 7:40 am
Forum: IPFire in General
Topic: Unable to bring SSH service up
Replies: 2
Views: 414

Re: Unable to bring SSH service up

Is it possible to install a ipfire package for remoting in? sorry, but I hope not, since it would be a simple privilege escalation (from admin - high power - to local root - all powers) and as such a basic vulnerability issue. If i knew of such a way, I would not discuss it on a public forum. Such ...
by gpatel-fr
August 12th, 2019, 7:54 pm
Forum: IPFire in General
Topic: OpenVPN not generating ta.key
Replies: 8
Views: 1912

Re: OpenVPN not generating ta.key

I do not see TLS Channel Algorithm as an option in the main Open VPN page. I see TLS Channel Protection Yes, that's the correct name, sorry. It's not necessary to recreate anything. As long as the file is patched (the variable name is $vpnsettings, that's indeed the only thing to change), the TLS C...
by gpatel-fr
August 12th, 2019, 6:40 pm
Forum: IPFire in General
Topic: OpenVPN not generating ta.key
Replies: 8
Views: 1912

Re: OpenVPN not generating ta.key

Hello the procedure to generate a ta.key file is a bit convoluted, you need first to set the TLS Channel Algorithm in the main Openvpn page, save (very important) then open the advanced server options page, then... save. Unfortunately with core 134 this is not enough, I have the unpleasant feeling i...