Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Tags
    3. tls
    Log in to post
    • All categories
    • JonathanLeeJ

      TLS1.3 and pfSense Ciphers Questions and container mitigation brain storming

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy squid tls
      16
      0 Votes
      16 Posts
      836 Views
      JonathanLeeJ

      So generation 2 proxy technology can help if its built right...

    • mgiM

      OpenVPN client drops after assigning interface

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN openvpn client openvpn openvpn problem tls tls error
      10
      0 Votes
      10 Posts
      3k Views
      mgiM

      @johnsheridan Thanks for the info and testing. That makes sense. I’ll have a look at those files and patch.

      This will be probably fixed in one of the next releases then.

    • 1

      DNS over TLS Not Working?

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS tls dns resolver tls over dns dns unbound
      7
      0 Votes
      7 Posts
      3k Views
      GertjanG

      @coyote1abe said in DNS over TLS Not Working?:

      could you please be a little more specific about the change you made to system

      Somewhere in the past, he changed the IP settings of his device ( a Windows PC ) from the default DHCP settings to a static setting.

      Like this :

      d3577074-a66d-4dc6-9d2a-47fe70abc2e1-image.png

      which means this windows device doesn't use pfSense at all for DNS .... because he asked 1.2.3.4 to be used.

      He has undone that, and now all is well.

    • B

      TLS Error : something wrong with Certificates ?

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN tls certificate open vpn
      13
      0 Votes
      13 Posts
      2k Views
      DaddyGoD

      @Bekoj said in TLS Error : something wrong with Certificates ?:

      installed pfsense brand new in 2.4.5 version

      installed pfsense brand new in 2.4.5 version

      hmmm, next time I'll ask first...😉

      @Gertjan "Oooohhhh. And you're telling that now ?"
      Yes, we went around a bit, the point is, it's okay

    • MikeV7896M

      pfSense Unbound DoT - additional setting needed?

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS unbound dns resolver tls config
      3
      0 Votes
      3 Posts
      1k Views
      MikeV7896M

      Thanks for that... I had seen the DNS hostname boxes, but must've missed the text below indicating that they're related to DoT. Something might want to be mentioned on the DNS Resolver page at the SSL/TLS checkbox too, that for best security the hostnames for the servers should be entered on System > General.

    • Z

      Squid MITM: How to retrieve decrypted data?

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy squid mitm man-in-the-midd tls ssl
      5
      0 Votes
      5 Posts
      2k Views
      Z

      Thanks for the info. Astounding is what this is. :-)

    • N

      Intermittently losing DNS

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS dns quad9 tls
      10
      0 Votes
      10 Posts
      3k Views
      XentrkX

      @naskar

      I don't have a good answer for you about enabling DNSSEC when using Cloudflare DoT. The sites that do support DNSSEC are few. I saw something the other day that DNSSEC sites are in the single digit percentage of all sites on the internet. I added the DNSSEC detector add-on on Firefox and I can confirm from my own experience that not too many sites I visit support DNSSEC. With DNSSEC disabled on the DNS Resolver, I still pass all of the DNSSEC tests on these sites:

      https://rootcanary.org/test.html http://dnssec.vs.uni-due.de/ http://en.conn.internet.nl/connection/ http://0skar.cz/dns/en/

      This thread does shed some light on the topic.

    • S

      [SOLVED] SMTP notification error (SMTP: Failed to connect socket: fsockopen()...) with TLS and private CA

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions smtp intermediate ca tls
      12
      0 Votes
      12 Posts
      10k Views
      A

      Not fixed as of 2.4.4-RELEASE-p3 (amd64)
      built on Wed May 15 18:53:44 EDT 2019
      FreeBSD 11.2-RELEASE-p10.

      Only after appending the text dump of my ca cert to /usr/local/share/certs/ca-root-nss.crt was I able to send test messages.
      "Validate the SSL/TLS certificate presented by the server" had no effect.
      Package captures verified that pfsense was rejecting the certificate being returned by my email server.

    • M

      Error TLS handshake failed

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN tls handshake failed connection timeout
      1
      0 Votes
      1 Posts
      1k Views
      No one has replied
    • M

      OpenVPN TLS Fehler

      Watching Ignoring Scheduled Pinned Locked Moved Deutsch vpn firewall openvpn tls pfsense
      8
      0 Votes
      8 Posts
      1k Views
      JeGrJ

      @medikopter said in OpenVPN TLS Fehler:

      Das klingt ja eigentlich ganz cool und simple, allerdings scheitere ich schon an der Umsetzung eines Failover.

      Nunja, aber das sind ja auch zwei verschiedene paar Stiefel ;) VPN auf beiden Interfaces zum Laufen zu bringen ist wesentlich leichter, weil du nichts umschalten/routen/sonstwas musst. Daher überhaupt nicht schwer.

      Also das er das Interface automatisch wechselt wenn eins Down ist.

      Es genügt doch eine Gateway Gruppe zu machen und die bei den Regeln auf dem LAN einzusetzen?