Finally got the #DNS locked down at home. I had mis-configured #pfsense to do #DNSSEC verification itself, which disables DNS over #TLS (it would be nice if that was reflected in the UI and not just the documentation). Now the resolver that nearly everything uses works over #DoH (DNS over #HTTPS), and dig reports that my upstream resolver is doing DNSSEC verification for me (it reports ad as an answer flag).

Was finally able to confirm with #CloudFlare’s help page and by checking the firewall state for TCP connections open to port 853.

1.1.1.1 — the Internet’s Fastest, Privacy-First DNS Resolver

I use #pfsense to manage #dynamicdns. I was poking around after returning from #Airventure and discovered that it set koehn.com and home.koehn.com to 192.168.100.1. I have no idea why, but it certainly disrupted IPv4 communications coming into the pod. Incoming IPv6 and outgoing IPv4 were unaffected. Sorry about that.

I recently switched from #ipfire to #pfsense, partially for the latter’s support for #IPv6. I’ve been using IPv6 for years, but there’s still more to learn. Here’s a nice primer:

https://gist.github.com/timothyham/dd003dbad5614b425a8325ec820fd785

A Short IPv6 Guide for Home IPv4 Admins

A Short IPv6 Guide for Home IPv4 Admins. GitHub Gist: instantly share code, notes, and snippets.

Setting up #OpenVPN on #pfSense was very easy. There’s a wizard that does most of the heavy lifting for you (PKI, firewall rules, client profiles) and unlike #ipfire it actually works.

I wish that the #wireguard configuration was as easy; I’ve never gotten it to work on any platform. Regardless, I now have good VPN connectivity to the LAN.

I switched my router from #ipfire to #pfsense. The support of IPv6 was enough, but it just seems like a better product overall. It took about an hour to convert everything (sorry for the downtime), but it’s up and running seems great.

Going to Extremes to Block YouTube Ads

#networkhacks #adblock #dns #google #maninthemiddle #network #pfsense #userexperience #youtube #hackaday
posted by pod_feeder_v2

Going To Extremes To Block YouTube Ads

Many users of YouTube feel that the quality of the service has been decreasing in recent years — the platform offers up bizarre recommendations, fails to provide relevant search results, and …

Flash APU 1D4 / Coreboot

Heute hab' ich Blut und Wasser geschwitzt - umso süßer ist der Erfolg!

Nach einem Hardwareschaden auf der #SSD meiner #APU1D4 hatte ich neue SSDs beschafft: 'msata 16g' - 4 Stück, weil ich auch mehrere dieser Boards besitze.
Vom Hersteller verbaut und spezifiziert war 'msata 16d', aber die waren nicht mehr zu bekommen.

Naja, war ja klar - keine davon wurde von der #Hardware erkannt, egal ob unter #GNU/Linux oder #FreeBSD.

Nach viel Recherche und wochenlangem Zaudern war ich heute mutig/verzweifelt genug, das #Coreboot #BIOS zu flashen. Vielen Dank überigens an #VoyageLinux für die Starthilfe.

Natürlich habe ich mir ins Höschen gemacht, dass ich Depp das Board kaputt flashe, besonders wegen einer Meldung zu angeblich falschen Chip. Aber ein beherztes '--force' brachte den Erfolg. Zuerst das Flashen selber und dann nach dem Neustart, dass die Disk nun erkannt wird. 🚀

Nun kann ich die Hardware weiter nutzen und der Weg ist frei zu einer stressfreihen Migration meiner #Firewall zwischen den Feiertagen.

#PC-Engines #pfSense #flashrom

This Week in Security: Updraft, Termux, and Magento

#hackadaycolumns #news #securityhacks #pfsense #qualsys #termux #thisweekinsecurity #hackaday
posted by pod_feeder_v2

This Week In Security: Updraft, Termux, And Magento

One of the most popular Wordpress backup plugins, UpdraftPlus, has released a set of updates, x.22.3, that contain a potentially important fix for CVE-2022-23303. This vulnerability exposes existin…

#pfSense 2.6 Released, ZFS Is Now the Default File System http://www.tuxmachines.org/node/161474#comment-32853

#pfSense Plus version 22.01 and pfSense CE version 2.6.0 Software are Now Available • Tux Machines ⇨ http://www.tuxmachines.org/node/161474 #BSD #security #UNIX #TuxMachines

#Pfsense Box mini PC with 6 Gigabit Ethernet from $417 http://www.tuxmachines.org/node/159961#comment-32426

In The Lab: 6-port $3,000 #pfSense Box - StorageReview.com ⚓ https://www.storagereview.com/review/in-the-lab-6-port-3000-pfsense-box ䷉ #storagereview reviews it. We used it at work. Had some issues.

#BSDNow "Build Your #FreeBSD Developer Workstation, logging is important, how #BSD authentication works, #pfSense turns 15 years old, #OPNsense Business Edition 21.10 released, getting started with pot, and more" https://www.bsdnow.tv/427

Logging is important

Build Your FreeBSD Developer Workstation, logging is important, how BSD authentication works, pfSense turns 15 years old, OPNsense Business Edition 21.10 released, getting started with pot, and more

#pfSense is based on #bsd and is secure, but this #hardware has #nsa #backdoors https://www.cnx-software.com/2021/08/23/liva-q1l-review-pfsense-ubuntu-20-04-windows-10-dual-ethernet-mini-pc/

LIVA Q1L Review - pfSense, Ubuntu 20.04, Windows 10 tested on a dual Ethernet "Ultra Tiny PC" - CNX Software

LIVA Q1L Review - An tiny mini PC with dual Gigabit Ethernet tested with pfSense, Ubuntu 20.04, and Windows 10 operating systems.

#BSDNow : " #OpenZFS snapshots, #OpenSUSE on Bastille, printing with netcat, new #opnsense 21.1.8 released, new #pfsense plus software available, and more." https://www.bsdnow.tv/416

netcat printing

OpenZFS snapshots, OpenSUSE on Bastille, printing with netcat, new opnsense 21.1.8 released, new pfsense plus software available, and more.

OPNsense - Fehlversuch Nr. 2

Lange sah es super aus. Zurerst #OPNsense problemfrei auf der #APU1D4 via USB und per serieller Console gebootet, auf die interne Platte geschrieben und über das Web-Interface scheinbar fehlerfrei die Config von #pfSense importiert.

Alles lief super, intern waren VLANs, LACP und diverse Services aktiv und das interne Netzwerk flutschte!
Aber #PPPoE tat nicht. Bin wahrscheinlich hier rein gelaufen:
https://github.com/opnsense/core/issues/2186
Das war's - Hhmpff!

wizard: WAN over PPPOE - default Route is not set correctly · Issue #2186 · opnsense/core

Version OPNsense 18.1-amd64 FreeBSD 11.1-RELEASE-p6 OpenSSL 1.0.2n 7 Dec 2017 Failure history 16.7.3: Fails 17.1.4: Fails 17.7: Fails 18.1: Fails 18.7 Fails Background The default route is set to g...