Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 25 January 2022, 03:52:40 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14143 Posts in 4323 Topics by 6270 Members
Latest Member: luizcarlosnery
Search:     Advanced search
Pages: 1 2 3 4 5 [6] 7 8 9 10
 51 
 on: Monday 26 April 2021, 04:06:34 am 
Started by miki22 - Last post by miki22
today I solved everything:
I understand that:

1)   There is no need to open the ports on the endian Firewall (screenshot 1)

2)   To make the vpn work just remove the line:
remote-cert-tls server


The further questions are:

1)   We lowered the security level by removing the string:

remote-cert-tls server              ?

what should i do?

2)   Another waring comes out, which I think is related to compression:

WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.

2021-04-25 19:44:15 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.


Seems the error disappears when i delete the line:

“comp-lzo”

but in that case other errors appear:

WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1573', remote='link-mtu 1574'
WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo’

3)   Another waring comes out, which I think is related to TLS

WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

but here in the end it is not clear what must be done.

4)   Another waring comes out:
Sun Apr 25 19:51:57 2021 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.

but here in the end it is not clear what must be done.


5)   Another warning comes out:

WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

but here in the end it is not clear what must be done.




in short, the vpn works but there are “warnings” everywhere!

No good…

 52 
 on: Sunday 25 April 2021, 05:45:19 pm 
Started by miki22 - Last post by miki22
Goodmorning everyone,
we are trying to activate a vpn ssl with Endian but without success.

we are doing the simplest things, so:
(Endian is latest version) (3.3.2 COMMUNITY)

1)   Open port TCP / UDP 1194 in a router and in a Endian Firewall.

Our Router Fritzbox 7590 have a nat 1:1 to Endian Red IP
Our Endian Firewall have a GREEN interface ip: 192.168.1.1(gateway) and we open 1194 port here.

(screenshot 1)

2)   We disable the Firewa vpn:

Vpn Traffic -> Disable Firewall VPN

(screenshot 2)

3)   We have activate open vpn server with all standard parameters

(screenshot 3)

4)   We create a user and password (Menu -> Vpn -> Autentication -> Add user)

5)   We download the correct certificate in a Windows PC

(VPN -> Open VPN Server -> Download Certificate)
(the certificate have the name: “cacert.pem”)

6)   Go in client pc Windows -> I have download the software:
OpenVPN-2.5.2-I601-amd64.msi

7)   We create a file “ACME-vpn.ovpn” and insert this file here:

C:\Program Files\OpenVPN\config\ACME-vpn

File: “ACME-vpn.ovpn” -> has inside:

client
dev tap                             
proto udp            #only if you use udp protocol
remote OurPublicIP 1194  #1194 only if your vpn server's port is the default port     
resolv-retry infinite
nobind
persist-key
persist-tun
ca cacert.pem      #this is the p12 client certificate
auth-user-pass      #uncomment this row if you want to use two factor authentication
verb 3
comp-lzo
remote-cert-tls server

8 )   Here -> C:\Program Files\OpenVPN\config\ACME-vpn

We copy the “cacert.pem” certificated

9)   Stop. We try to connect with open vpn client. The errori is:

2021-04-25 09:39:31 VERIFY OK: depth=1, C=IT, O=misty-disk-0130, CN=efw CA
2021-04-25 09:39:31 Certificate does not have key usage extension
2021-04-25 09:39:31 VERIFY KU ERROR
2021-04-25 09:39:31 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2021-04-25 09:39:31 TLS_ERROR: BIO read tls_read_plaintext error
2021-04-25 09:39:31 TLS Error: TLS object -> incoming plaintext read error
2021-04-25 09:39:31 TLS Error: TLS handshake failed
2021-04-25 09:39:31 SIGUSR1[soft,tls-error] received, process restarting
2021-04-25 09:39:31 MANAGEMENT: >STATE:1619336371,RECONNECTING,tls-error,,,,,
2021-04-25 09:39:31 Restart pause, 300 second(s)


Why not work?
Thanks

 53 
 on: Sunday 25 April 2021, 05:09:08 pm 
Started by miki22 - Last post by miki22
ok i tried and everything works thanks.

I write what we have done in favor of other users:

Basically, we connected a switch after the firewall with a trunk port

then we put the vlan on the switch

and we connected the computers to the untagged vlan

Everything works perfectly!

Thanks

 54 
 on: Saturday 24 April 2021, 12:59:40 am 
Started by beto2p - Last post by beto2p
O problema é na versão do ClamAV

https://.clamav.net/2021/02/clamav-eol-versions-prior-to-0100.html

ClamAV EOL versions prior to 0.100
ClamAV community, we want to inform you that, effective March 1, ClamAV 0.99.0 (and all minor versions) will no longer be supported in accordance with ClamAV's EOL policy.  For clarification, anything prior to 0.100.0.

End of life (EOL) for ClamAV essentially means that we will no longer be testing against that version when we write signatures, and we may break something with a future release. So, while signatures may work past March 1, we are no longer testing that configuration.

Please upgrade to the newest version of ClamAV, currently at 0.103.1, available for download now!

As always, thank you for using ClamAV.

 55 
 on: Friday 23 April 2021, 01:44:48 am 
Started by Ivo - Last post by Ivo
I have been set up a VPN GW2GW as described on document from "Knowledge base" "Set up an OpenVPN Net2Net Connection"
Now if if run ping from lan B to lan A it is working well, viceversa from lan A to Lan B it doesn't give any response.
Do you have any suggestions?
I need to connect IPcam under lan B and see it through VPN connection in LAN A.

Thanks

 56 
 on: Wednesday 21 April 2021, 02:11:12 am 
Started by beto2p - Last post by boergnet
Having the same problem.
Using community version 3.3.4

 57 
 on: Tuesday 20 April 2021, 04:18:00 am 
Started by igor.moura - Last post by igor.moura
Hello, I'm new to Endian Firewall and would like to know if there is a way to translate the IPs of users connected to the network to the name of their machines. I would also like to know if the same applies to NTop and how can I get a consumption report per user. Thanks

 58 
 on: Tuesday 20 April 2021, 04:03:22 am 
Started by miki22 - Last post by miki22
Sorry, one question:

every time I open an endian firewall it tells me: "register your product for free updates"

I have registered several times with our company email info@ourdomain

We also receive a confirmation email but then it always comes out:

"The email address provided has not yet been registered. Please create a new account"

does it happen to you too? Thanks sorry

 59 
 on: Sunday 18 April 2021, 12:47:51 am 
Started by nivaldo - Last post by nivaldo
Hi folks, I need to restrict the access to SOME not all users to a especific IP address. I´ve tried to do so by setting the Advanced Options on his configuration, "Force only those networks" and "network behind the client" to 192.168.10.10/32 witch is the IP that I want to authorize the access, but had no luck. The client stills access all my network resources. Any idea how can I achieve this configuration?

Regards,
Nivaldo

 60 
 on: Saturday 17 April 2021, 05:38:58 am 
Started by akehlert - Last post by hadexx
Brute Force Attack - Non stop ssh login attempts

I am running EFW, lastest up.
I am getting hit by a brute force atatck of constant ssh logins attempts.

How do I automatically block those IP's



 if you try to block access only to known IPs or at least only of your country.

Pages: 1 2 3 4 5 [6] 7 8 9 10
Page created in 0.062 seconds with 15 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com