News:

Welcome to the Home Network Guy forum!

Main Menu
Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - JiveTalking

#1
Hello,

UPdate: I found out that there is a new strongswan release strongswan-5.9.5-released, but it does not show up for updating in my OPN and I do not know why.  Maybe I need to uninstall it.
Here is the information should anyone else be needing it https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html



I find this:
***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 21.7.8 (amd64/LibreSSL) at Tue Feb  1 10:01:11 PST 2022
Fetching vuln.xml.bz2: .......... done
strongswan-5.9.4 is vulnerable:
  strongswan - Incorrect Handling of Early EAP-Success Messages

1 problem(s) in 1 installed package(s) found.
***DONE***

So I reinstalled Strongswan, ran the test again, and the error remains - I have no idea what to do now, this will be a recurring theme as this posts goes along.

I also received this:
The default strongSwan configuration interface have been updated to vici.
To use the stroke interface by default either compile the port without the vici option or
set 'strongswan_interface="stroke"' in your rc.conf file.
Checking integrity... done (0 conflicting)

This means nothing to me, and again I have no idea what to do.



Any help is greatly appreciated :/

#2
Hello -

Can you talk a bit (maybe even an article) about IP addresses, subnets, why I see two WAN coming from my ISP, beginner stuff like that?  I see many devices attached, but cannot figure out who is who.  I could using my off the self router before because the hardware names were listed along with MAC address - in OPNs it's just IPs...

Thank you ~
#3
Hello,  First of all great article!

So I followed your steps - and so far so good, however I was very uncertain about the section for setting up Policy's.

So I nervously set my 1 policy to cover the Abuse.ch's I had selected, with no filters, because they are over my head.  Maybe an article part 2 for digging deeper into this stuff would be so helpful.

My 2nd policy I set for all the Emerging Threats (ET), with no filters for the same reason.

And my 3rd policy I set for the last group of my rules, same as the others.

I really hate guessing, it makes me very nervous - I have three policies, but I don't know why, or if they are any good, or where to go from here....

I know this is all very subjective for each persons Internet use, but are there any articles which give more guidance on polices you'd recommend, and some use examples.  I'd imagine there are many threats out there that the majority of people would want to guard against, so something that shoots down the middle as far as policy specifics?

I do a lot of email, ftp, browser searches and logins, some web email, banking, shopping and VOIP - no social media, no IoT If this helps.

Thanks for the enlightenment,



#4
Hello all,

So happy to have found a safe place for a newbie such as myself....

My network plan imagined by me (before I heard of VLANs) is simple I thought, best laid plans and all that.

The Layout & History:
My office and living room have a broom closet between their facing walls - so I put a 6port Vault running OPNsense in the closet, had my ISP run their fiber modem into the closet, and drilled holes in the left and right walls of the closet, into each of the rooms mentioned.  I connected cat6 from my PC to the LAN port on my Vault, and of course the modem to the WAN port.

All was well - I had internet access in my office.  That was to easy, I was very happy, for a bit.

I then attached a new TPLink 8port Gbit Smart Switch in between my Office PC and the Vault router LAN port- all was still well, and I then cat6 my Linux PC & laptop also - all 3 devices still good, but I was about to learn of the special settings for LAN ports on routers.

I then ran cat6 through the other wall hole (living room) to a TPLink 5port Gbit Easy Smart Switch, and you guessed it nothing plugged into that found the internet... all is not well :/ and I didn't know why.... I did a ton of research but other peoples network layouts were to complicated for my understanding and needs.

My goal was higher level access for my Office/LAN/Devices computing needs (1 - 4 devices) - and restricted access for the 2 switches installed via cat6 in other rooms.  #1=Living room next to Office through closet, and #2=upstairs above the Office/closet.  These switches would be for media TV and simple laptop Net searches, and email. 

I have since heard of VLANS, which I still don't fully understand - I will dig into learning of these after I get some additional security understanding set up in my OPNsense (the entire point of this adventure in the first place is much better security).
- Many thanks Network Guy for your informative articles ♥ which have really helped, and scared me.

I felt that the trouble might be in my interfaces - so I set one up for em2 (em0 is WAN, em1 is LAN) the same as the one for my LAN except I gave it ........20.1/24 where the LAN is ........10.1/24 - Still no access for em2.  Why that IP - I have no idea I just guessed.

I have poked around, lost internet access - oops, got it back again (no idea how I lost it, or got it back, yikes!)

But I have seen that there are no Firewall rules for my em2 living room could be an issue I say.  But I read when OPNs mostly comes set up like an off the shelf router - security sucks = all access, maybe this just means for LAN port - so sad.  FW scares me, I almost didn't make it through setting up Intrusion Prevention System - Thanks again Network Guy!  Not sure I have that done right, but nothing broke so I call it a win!

So - best network layout practices for setting up 2 limited port/switches - mostly for Internet browsing and media?  While... not killing my LAN :) this is my current quest.

I read where you say this type of wired/switches sucks bandwidth, or better, competes for bandwidth - I want a 99% wired home network, I was hoping not to daisy chain the whole thing, so I can deal with rooms/hardware independently - it's how I think.  Something that looks like an octopus, router being the central hub/brain banished to the broom closet.

If and when I do add low range wifi I would like it to be turn-off-able <-- my technical term.  I do not have any IoT to deal with -yea!  I do hope to add things as I learn and go - pi hole, physical redundancy for my LAN, backup power source, maybe my own email server, maybe a NAS server for home media (a girl can dream).

Q2: any good beginners practical How-To books?  So far there seems to be a huge vacuum in this: "for personal use, home networking" space.  So glad to find Network Guy is addressing this :D

I've attached my network layout/map - all rooms are only 4-12' apart.