Welcome, Guest. Please login or register.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - andywhite

Pages: 1 ... 4 5 [6] 7 8
76
Installation / Re: Very slow webGUI
« on: December 09, 2015, 06:24:09 PM »
No issues with gui reported until now.  I suspect it's hardware  . How much ram do you have ?

77
Installation / Re: Very slow webGUI
« on: December 09, 2015, 12:34:48 PM »
How Slow , and are all pages slow, or just some ?

Was this a fresh install ?

78
Installation / Re: Problems with embedded installation
« on: December 09, 2015, 08:59:20 AM »
Hi.  I haven't heard of the https problem. Easy to test. I'll take a look

What's the type of vpn your setting up and what problem are you experiencing  with it on 1.8

Lastly, what 1.10 image are you using, I'm guessing the serial. Have you tried the non serial image ? Once it's booted can you ping the 192.168.1.1 from an attached pc ? I can take a look at this too later in the week


BTW,  you can upgrade from 1.8 to 1.10 with re installing

79
Feature Requests / Re: VMware Tools Installation
« on: November 30, 2015, 08:54:08 PM »
adding these tools takes the image size to 50MB , due to all the libraries it uses, one of the libraries alone is 25MB - libicudata.so .  Even compiling with the option to disable ICU, it still links the library ...

compiled with  --without-kernel-modules --without-gtk2 --without-gtkmm --without-ssl --without-xmlsecurity --without-xerces --without-icu --without-x --disable-vgauth


So, I'm not sure if we really want to take t1n1wall to a 50MB image

80
VPN / Re: VPN Client to use
« on: November 26, 2015, 01:03:13 PM »
t1n1wall can be a VPN server with PPTP and L2TP, and also mobile ipsec.

However, what you want is t1n1wall to be a VPN client, it doesn't do this.  you might be able to use the IPSEC feature to setup an IPSEC tunnel to your VPN service , you would have to test and see does it work, but I suspect it won't.

Feel free to try it and ask questions, but the simpler solution is to use pfSense or OPNsense that have an openvpn client in them, and there are plenty of VPN services that support pfSense doing what you want to do

81
Feature Requests / Re: VMware Tools Installation
« on: November 26, 2015, 12:48:05 PM »
the bad news is, it doesn't compile on freebsd :( , the good news is , a simple patch and it now compiles :)

however, vmtoolsd might be small, but it uses a lot of libraries, so I need to calc how much bigger this makes t1n1wall...

I'll take a look at the weekend, but I don't think i'll look at the kernel modules, as I don't see a need for vgauth or vmxnet (thats already in 1.10 from freebsd source)

82
Security / Re: Security update r68
« on: November 02, 2015, 02:42:44 PM »
No. I'm just travelling and only had time to do an x32 build.  I'll do an amd64 bit build tonight

83
Security / Security update r68
« on: November 01, 2015, 09:15:32 PM »
The following components of t1n1wall 1.10 r68 have known CVEs

mini_httpd,1.21,CVE-2015-1548
net-snmp,5.7.3,CVE-2014-2285
ipsec-tools,0.8.2,CVE-2015-4047

mini_httpd will be updated to a fixed version 1.22 shortly
net-snmp 5.7.3 CVE affects Traps, which is not part of t1n1wall
ipsec-tools 0.8.2 CVE is fixed in the port that is used by t1n1wall

84
Services / Re: Anyone using mobile IPsec?
« on: September 21, 2015, 01:09:17 PM »
to get l2tp working there are a lot of patches.

some of these patches are around NAT environments, where t1n1wall can be behind NAT, and the mobile device can also be behind NAT.  When this is detected, these patches figure out the real and NAT'd address and try to do the right thing.  However, it looks like for mobile ipsec, when racoon tries to create a dynamic policy, it is using the wrong address to create the policy.

From some basic testing today, I can see that the policy it is adding is to encrypt traffic from the client IP to the t1n1wall IP, and not from the client IP to the t1n1wall LAN subnet,  I have modified one of the patches to remove this behavior, and made a new build (b64) for testing

This needs to be tested in 4 environments

1) t1n1wall is behind NAT, and client isn't
2) t1n1wall and client are behind their own NATs
3) client is behind NAT and t1n1wall isn't
4) no NAT between client and server

L2TP should be tested as above and IPSEC tunnels should be tested as working.

Andrew

85
Feature Requests / Re: Add GUI to manage Multilink PPPoE
« on: September 12, 2015, 03:21:53 PM »
I don't have anything to test against, and want to get 10.1.X ipv6 working 100% before any features that require a lot of effort

86
Feature Requests / Re: VMware Tools Installation
« on: September 12, 2015, 03:19:40 PM »
Have you a link to a doc on that feature, I might be able to something without perl

87
Consider it on the backlog. I want to get 1.10.X functional for ipv6 firewalling  first

88
Feature Requests / Re: BlinkLED
« on: September 12, 2015, 03:16:05 PM »
This is completed and apu is supported on 1.10.X builds

89
Feature Requests / Re: SNMP Agent Upgrade to 64bit
« on: September 12, 2015, 03:14:18 PM »
Thanks Lee , this is updated

90
Installation / Re: iso image file to bootable usb stick
« on: September 12, 2015, 03:12:54 PM »
There are now 'installer' images that you write to media as normal that give an install option like the cdrom version.

The firmware upgrade page should now prevent upgrades using installer images, and should also prevent upgrades with the wrong type (serial onto non serial)

It is possible to upgrade to an amd64 image on a an i386 based platform and vice versa , maybe this should be prevented to stop accidental breakage.

Pages: 1 ... 4 5 [6] 7 8