Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    pfBlockerNG stops working unlockforus.com needs new cert

    pfBlockerNG
    3
    6
    86
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bgroper last edited by bgroper

      Hi Forum
      Our pfBlockerNG stops working correctly.
      pfBlockerNG is working, but the updating of IP's to be blocked has failed.
      Our pfSense tries to get the list of IP's from https://unlockforus.com/pfblockerng/tor_nodes_ipv4.txt
      It seems that URL is using an expired TLS certificate. (Expired on 30 July)
      Is there someplace else we should get the list of IP's to block, or do we just wait and hope somebody updates the expired cert ?
      Seems strange because LetsEncrypt should update their cert automagically.
      Thx for any tips or clues.

      I'm not a complete idiot. There's still a few pieces missing.

      1 Reply Last reply Reply Quote 0
      • RonpfS
        RonpfS last edited by

        Try with State: Flex for that URL.

        2.4.5-RELEASE-p1 (amd64)
        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

        B 1 Reply Last reply Reply Quote 1
        • B
          bgroper @RonpfS last edited by

          @RonpfS said in pfBlockerNG stops working unlockforus.com needs new cert:

          Try with State: Flex for that URL.

          Thanks for the suggestion. Seems all good again now. I give you +1 thumbs up.

          I'm not a complete idiot. There's still a few pieces missing.

          1 Reply Last reply Reply Quote 0
          • viktor_g
            viktor_g Netgate last edited by

            cert is OK:
            Screenshot from 2020-08-06 15-22-02.png

            Expires On: Tuesday, September 29, 2020

            1 Reply Last reply Reply Quote 0
            • viktor_g
              viktor_g Netgate last edited by

              You can also check:

              Tor Project Bulk Exit List https://blog.torproject.org/changes-tor-exit-list-service:
              https://check.torproject.org/torbulkexitlist

              Rueckgr Tor:
              https://torstatus.rueckgr.at/ip_list_all.php/Tor_ip_list_ALL.csv

              see https://redmine.pfsense.org/issues/10775

              1 Reply Last reply Reply Quote 0
              • B
                bgroper last edited by

                Thanks for fixing the cert. All good now. 👍

                I'm not a complete idiot. There's still a few pieces missing.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post