Ciao,
ho notato che i nuovi MAC con processore M1 non supportano il client ENDIAN in modalità TAP.
Infatti il client TAP che viene installato è per architettura X86_X64 r non ARM.
Sapete come aggirare l'ostacolo?

Grazie
Alberto

I got this error when trying to "efw-upgrade" with my registered e-mail. I've tried to edit "/var/efw/main/settings" file and run "efw-upgrade -s", and nothing changed. It keeps give me the same error. Is there anything i can do. I just want to update my ClamAV because it's outdated.

NB : I'm using EFW Community 3.3.2

today I solved everything:
I understand that:

1)   There is no need to open the ports on the endian Firewall (screenshot 1)

2)   To make the vpn work just remove the line:
remote-cert-tls server


The further questions are:

1)   We lowered the security level by removing the string:

remote-cert-tls server              ?

what should i do?

2)   Another waring comes out, which I think is related to compression:

WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.

2021-04-25 19:44:15 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.


Seems the error disappears when i delete the line:

“comp-lzo”

but in that case other errors appear:

WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1573', remote='link-mtu 1574'
WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo’

3)   Another waring comes out, which I think is related to TLS

WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

but here in the end it is not clear what must be done.

4)   Another waring comes out:
Sun Apr 25 19:51:57 2021 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.

but here in the end it is not clear what must be done.


5)   Another warning comes out:

WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

but here in the end it is not clear what must be done.




in short, the vpn works but there are “warnings” everywhere!

No good…

Goodmorning everyone,
we are trying to activate a vpn ssl with Endian but without success.

we are doing the simplest things, so:
(Endian is latest version) (3.3.2 COMMUNITY)

1)   Open port TCP / UDP 1194 in a router and in a Endian Firewall.

Our Router Fritzbox 7590 have a nat 1:1 to Endian Red IP
Our Endian Firewall have a GREEN interface ip: 192.168.1.1(gateway) and we open 1194 port here.

(screenshot 1)

2)   We disable the Firewa vpn:

Vpn Traffic -> Disable Firewall VPN

(screenshot 2)

3)   We have activate open vpn server with all standard parameters

(screenshot 3)

4)   We create a user and password (Menu -> Vpn -> Autentication -> Add user)

5)   We download the correct certificate in a Windows PC

(VPN -> Open VPN Server -> Download Certificate)
(the certificate have the name: “cacert.pem”)

6)   Go in client pc Windows -> I have download the software:
OpenVPN-2.5.2-I601-amd64.msi

7)   We create a file “ACME-vpn.ovpn” and insert this file here:

C:\Program Files\OpenVPN\config\ACME-vpn

File: “ACME-vpn.ovpn” -> has inside:

client
dev tap                             
proto udp            #only if you use udp protocol
remote OurPublicIP 1194  #1194 only if your vpn server's port is the default port     
resolv-retry infinite
nobind
persist-key
persist-tun
ca cacert.pem      #this is the p12 client certificate
auth-user-pass      #uncomment this row if you want to use two factor authentication
verb 3
comp-lzo
remote-cert-tls server

8 )   Here -> C:\Program Files\OpenVPN\config\ACME-vpn

We copy the “cacert.pem” certificated

9)   Stop. We try to connect with open vpn client. The errori is:

2021-04-25 09:39:31 VERIFY OK: depth=1, C=IT, O=misty-disk-0130, CN=efw CA
2021-04-25 09:39:31 Certificate does not have key usage extension
2021-04-25 09:39:31 VERIFY KU ERROR
2021-04-25 09:39:31 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2021-04-25 09:39:31 TLS_ERROR: BIO read tls_read_plaintext error
2021-04-25 09:39:31 TLS Error: TLS object -> incoming plaintext read error
2021-04-25 09:39:31 TLS Error: TLS handshake failed
2021-04-25 09:39:31 SIGUSR1[soft,tls-error] received, process restarting
2021-04-25 09:39:31 MANAGEMENT: >STATE:1619336371,RECONNECTING,tls-error,,,,,
2021-04-25 09:39:31 Restart pause, 300 second(s)


Why not work?
Thanks

ok i tried and everything works thanks.

I write what we have done in favor of other users:

Basically, we connected a switch after the firewall with a trunk port

then we put the vlan on the switch

and we connected the computers to the untagged vlan

Everything works perfectly!

Thanks

O problema é na versão do ClamAV

https://.clamav.net/2021/02/clamav-eol-versions-prior-to-0100.html

ClamAV EOL versions prior to 0.100
ClamAV community, we want to inform you that, effective March 1, ClamAV 0.99.0 (and all minor versions) will no longer be supported in accordance with ClamAV's EOL policy.  For clarification, anything prior to 0.100.0.

End of life (EOL) for ClamAV essentially means that we will no longer be testing against that version when we write signatures, and we may break something with a future release. So, while signatures may work past March 1, we are no longer testing that configuration.

Please upgrade to the newest version of ClamAV, currently at 0.103.1, available for download now!

As always, thank you for using ClamAV.

I have been set up a VPN GW2GW as described on document from "Knowledge base" "Set up an OpenVPN Net2Net Connection"
Now if if run ping from lan B to lan A it is working well, viceversa from lan A to Lan B it doesn't give any response.
Do you have any suggestions?
I need to connect IPcam under lan B and see it through VPN connection in LAN A.

Thanks

Having the same problem.
Using community version 3.3.4

Hello, I'm new to Endian Firewall and would like to know if there is a way to translate the IPs of users connected to the network to the name of their machines. I would also like to know if the same applies to NTop and how can I get a consumption report per user. Thanks

Sorry, one question:

every time I open an endian firewall it tells me: "register your product for free updates"

I have registered several times with our company email info@ourdomain

We also receive a confirmation email but then it always comes out:

"The email address provided has not yet been registered. Please create a new account"

does it happen to you too? Thanks sorry