Firewall Problem - My job is on the line

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
tunnel_boar
OpenVPN User
Posts: 25
Joined: Fri Dec 24, 2021 4:50 pm

Re: Firewall Problem - My job is on the line

Post by tunnel_boar » Sat Dec 25, 2021 12:41 am

Well, you're definitely a charming fellow.
Just to teach you a lesson I will answer every question in the scripting and server admin section with 100% courtesy and zero barrels.

Thought so, seems weird that you can't get the values with verbose debug or boxed. I'm actually gonna find out how remote-random works exactly and compile again with the fix.

The pre-up patch works BTW, I could tell u got a little jealous there.
Why tf are you guys refusing to implement that, it's genius.

tunnel_boar
OpenVPN User
Posts: 25
Joined: Fri Dec 24, 2021 4:50 pm

Re: Firewall Problem - My job is on the line

Post by tunnel_boar » Sat Dec 25, 2021 12:49 am

TinCanTech wrote:
Sat Dec 25, 2021 12:39 am
Our boss/professor asked if somebody can solve this and I was first (loudest) to say yes

If your boss has the back-bone to pay for the answer and not extort it then I'll provide you with what you need.

FOSS need food too ..
I already apologized for the clickbait, learn to let go.
Also, your solution is what I've already done. I thought you had some kind of maintainer level trick up your sleeve. Randomizing it myself is fine, but not what I want.

Anyway, ur not a bad guy, just extremely sensitive and slightly irritable.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Firewall Problem - My job is on the line

Post by TinCanTech » Sat Dec 25, 2021 12:56 am

tunnel_boar wrote:
Sat Dec 25, 2021 12:49 am
Anyway, ur not a bad guy, just extremely sensitive and slightly irritable
Judge not, lest ye be judged ..
tunnel_boar wrote:
Sat Dec 25, 2021 12:49 am
I already apologized for the clickbait, learn to let go.
Actually, I was having fun driving the point home. Like twisting the knife when you already know you have the aorta.
tunnel_boar wrote:
Sat Dec 25, 2021 12:49 am
your solution is what I've already done
nah .. you have sum-duk-soop and noodles .. you don't have what I have.

You would think that, by now, computer nerds would be getting a sense of humour.
After all, they named python after Monty Python ..

I Fart in your general direction .... pppffft-t-d-d-b-b-rrrrggggdddgggggggg ..

tunnel_boar
OpenVPN User
Posts: 25
Joined: Fri Dec 24, 2021 4:50 pm

Re: Firewall Problem - My job is on the line

Post by tunnel_boar » Sat Dec 25, 2021 1:22 am

I kinda like you now, haha. Talk about Christmas miracles. Your accent doesn't come across on here, but I'd bet good money that ur a Newark guy or smth close. Your sense of humour seems very familiar.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Firewall Problem - My job is on the line

Post by TinCanTech » Sat Dec 25, 2021 1:32 am

tunnel_boar wrote:
Sat Dec 25, 2021 1:22 am
kinda like you now, haha. Talk about Christmas miracles
If you have a miracle then I'd like to share it with you ;-) FOSSM
tunnel_boar wrote:
Sat Dec 25, 2021 1:22 am
Your accent doesn't come across on here, but I'd bet good money that ur a Newark guy or smth close. Your sense of humour seems very familiar
My accent is the most popular export accent there is: Pirate! (Little bit Cornwall, NY, TX, MS you name it!)

Enjoy the spoils of the religious war that took place to burden this fake season upon you.

tunnel_boar
OpenVPN User
Posts: 25
Joined: Fri Dec 24, 2021 4:50 pm

Re: Firewall Problem - My job is on the line

Post by tunnel_boar » Sat Dec 25, 2021 1:54 am

TinCanTech wrote:
Sat Dec 25, 2021 1:32 am
My accent is the most popular export accent there is: Pirate! (Little bit Cornwall, NY, TX, MS you name it!)

Enjoy the spoils of the religious war that took place to burden this fake season upon you.
Hmm Texas. To us the south represents refusing to get vaccinated, Tucker Carlson and trucks...lots of trucks, haha.

Our economy has to recover somehow. Holiday season is perfect, everybody buys two Margaritavilles and one for backup.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Firewall Problem - My job is on the line

Post by TinCanTech » Sat Dec 25, 2021 2:01 am

tunnel_boar wrote:
Sat Dec 25, 2021 1:54 am
Hmm Texas. To us the south represents refusing to get vaccinated
And I am sure they reciprocate ..

Personally, I have total immunity.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Firewall Problem - My job is on the line

Post by TinCanTech » Sat Dec 25, 2021 2:22 am

COVIRT-19 is manufactured. It also has a shelf-life.

It is Christmas:

If I were to develop a viral weapon then I would like this weapon to have maximum penetration.

That means, I want it to spread as far and wide as possible before there are any noticeable side-effects.

  • We just want to make some desk jockeys feel really ill ..

  • Scare-Factor-50billion!


And then, I want it to die out and leave no trace ..

  • [Phase Three: Profit]


But if we fork that up then we better have a fake vaccine to take out the weirdos !

  • Scare-Factor-5000billion!


And the beat goes on..

tunnel_boar
OpenVPN User
Posts: 25
Joined: Fri Dec 24, 2021 4:50 pm

Re: Firewall Problem - My job is on the line

Post by tunnel_boar » Sat Dec 25, 2021 3:00 am

Haha, oooh come on now.
Clearly, you are an educated individual and fully aware that you most certainly do not have complete immunity.
Then again, conspiracy theories always have more pull in the tech sector.

So, the new world order has manufactured a deadly virus and orchestrated a global pandemic to inject you with nanites that will facilitate their unlimited control over your browser history? haha
Right after having a slice of walnut pizza on Epstein island with Fauci.

Are you a sovereign citizen, too? Am I being detained?

Just wondering how deep this is going. Yahoo answers or Deepweb Wiki deep?

Gain of function research is real, however there is a legitimate reason why it occurs. People need to educate themselves, honestly.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Firewall Problem - My job is on the line

Post by TinCanTech » Sat Dec 25, 2021 3:12 am

tunnel_boar wrote:
Sat Dec 25, 2021 3:00 am
Just wondering how deep this is going.
I would say: Elf deep :lol:
tunnel_boar wrote:
Sat Dec 25, 2021 3:00 am
Clearly, you are an educated individual and fully aware that you most certainly do not have complete immunity.
Then again, conspiracy theories always have more pull in the tech sector.
Seriously, I am not convinced.

I do believe that The Establishment has out-right Lied on this one.
tunnel_boar wrote:
Sat Dec 25, 2021 3:00 am
Right after having a slice of walnut pizza on Epstein island with Fauci
Only in my stockings and only on July 4th.

Santa Claus is as real as Covirt-19.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Firewall Problem - My job is on the line

Post by TinCanTech » Sat Dec 25, 2021 3:25 am

It would be rather unfortunate, if the human species was not capable of evolving natural defences to COVirt-19 .. After all, this species has been around for 200,000 odd years ..

Would it not feel a little ironic that, just at the dawn of the technological era, we suddenly stopped evolving our own natural immunity to our natural surroundings and have to rely on some corporate shite to function ?

You choose for yourself .. The Matrix has you anyway.

(PILL)

tunnel_boar
OpenVPN User
Posts: 25
Joined: Fri Dec 24, 2021 4:50 pm

Re: Firewall Problem - My job is on the line

Post by tunnel_boar » Sat Dec 25, 2021 3:56 am

TinCanTech wrote:
Sat Dec 25, 2021 3:25 am
It would be rather unfortunate if the human species was not capable of evolving natural defences to COVirt-19 .. After all, this species has been around for 200,000 odd years ..

Would it not feel a little ironic that, just at the dawn of the technological era, we suddenly stopped evolving our own natural immunity to our natural surroundings and have to rely on some corporate shite to function ? You choose for yourself ..
Well, the lab leak theory is the most plausible one, currently. Meaning an inadvertent release during gain of function research. Thus, our natural defenses by definition would be ineffective, as we're dealing with a genetically enhanced virus, that is effectively, unnatural.

The vaccination mandates are coming in 2022. People in Mississippi, Texas & Co will surely clutch their AR-15s and Pabst Blue Ribbon, to no avail, I'm afraid.

Haha, the level of your code suggests far deeper understanding than I anticipated.

Who are you, really?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Firewall Problem - My job is on the line

Post by TinCanTech » Sat Dec 25, 2021 7:56 am

tunnel_boar wrote:
Sat Dec 25, 2021 3:56 am
our natural defenses by definition would be ineffective, as we're dealing with a genetically enhanced virus
You are welcome to believe what-ever n-n-n-nonsense you have been told to believe.

Pavlov would have been satisfied, ironically.
tunnel_boar wrote:
Sat Dec 25, 2021 3:56 am
Who are you, really?
I am Ming The Merciless.

:mrgreen:

And you still have not figured out the obvious. Merry Xmas.


Remember: There is no spoon.. but Oliver Twist did ask for more. (Wicked Games)

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Firewall Problem - My job is on the line

Post by TinCanTech » Sat Dec 25, 2021 8:34 am

tunnel_boar wrote:
Fri Dec 24, 2021 10:01 pm
TinCanTech wrote:
Fri Dec 24, 2021 9:47 pm
  • OpenVPN is FOSS and all the documentation is written by volunteers.
Right, by people who believe information should be free.

You're like Darth Sidious, hording knowledge. :roll:

I have helped countless people on various forums and mailing lists, because that's what we do in this community.

Nobody is expecting a spoon feed, but a reasonable hint is common courtesy.
What you are doing is pretty much the antithesis to the FOSS spirit.
People like that went out of business about 5 millennia ago.

Honestly, I cannot believe you people cannot see it yet. Reality is coming .. nothing you can do about it.

Edit: Virtual Reality is coming .. nothing you can do about it.

Ask yourself one simple question: Who pays for the electricity to keep those servers going ?
(Tip of the Iceberg but something to gnaw)

Let us do a user friendly list:
  • servers, routers, devices,
  • air-con, halon, key-codes,
  • buildings, lightening-rods, security guards,
  • toilets, vending machines, unicorns on bumblebees ..
Satellites vs deep sea cables.

Trustworthy roaming WiFi .. (Oh-oh .. Openvpn can actually help there)

I am still curious if you found the obvious solution ?
The solution that is the opposite of what you were asked to accomplish.
Computer random is generally pseudo.

A solution that I will share with you ..

tunnel_boar
OpenVPN User
Posts: 25
Joined: Fri Dec 24, 2021 4:50 pm

Re: Firewall Problem - My job is on the line

Post by tunnel_boar » Sat Dec 25, 2021 10:05 am

Listen, I get it, but I gotta stop you right there my capitalistic buddy.
FOSS is not just freedom software, it represents literal freedom, especially in this age of technology. Having unrestricted access to all of this information, free of charge including free documentation and support, is simply the lord's work.

Linus Torvald didn't know that was gonna happen. We have created an international community that shares knowledge without any aspirations for monetary gain, limitations or expectations, simply for the purpose and undeniable truth, that information must be free.

In my opinion that is the purest form of human decency, love thy neighbor and kumbaya that currently exists in this world. Where would we be if it wasn't for people like that and their sacrifice for the greater good?

Without Linux I truly believe we'd already be equipped with brain chips and a direct uplink to a Microsoft satellite. I can say without a shred of doubt it's the greatest achievement of the 21st century in all categories.

Edit: Yes, we covered that already. Your advice was "randomize the servers yourself", and so I did. I guess I'll share the solution with you and others for free then.

Step 0.) Remove option remote-random from config.
Step 1.) Touch file and add all remote servers
Step 2.) Create script that executes: cat file | shuf
Step 3.) Insert shuffled servers back into config
Step 4.) grep 1st remote server line and use IP for firewall before connect

That is the simplest and best way to do this apart from altering source code, you can stop honeydic*king now.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Firewall Problem - My job is on the line

Post by TinCanTech » Sun Dec 26, 2021 5:51 am

By the way, what is the point to do this ?

tunnel_boar
OpenVPN User
Posts: 25
Joined: Fri Dec 24, 2021 4:50 pm

Re: Firewall Problem - My job is on the line

Post by tunnel_boar » Sun Dec 26, 2021 3:23 pm

It's supposed to be 100% self-sufficient, so that users won't have to deal with iptables or require any prior knowledge.
That's why the rule has to be applied automatically.
Although chances are if their subnet is slightly different or iface nomenclature varies, there'll be plenty new threads in here lmao :mrgreen:

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Firewall Problem - My job is on the line

Post by TinCanTech » Sun Dec 26, 2021 3:36 pm

What I mean is: What security does this add to a normal network connection ?

The rules which you are defining do not add any rules which are not dealt with by default.

tunnel_boar
OpenVPN User
Posts: 25
Joined: Fri Dec 24, 2021 4:50 pm

Re: Firewall Problem - My job is on the line

Post by tunnel_boar » Sun Dec 26, 2021 5:32 pm

Are you well versed in iptables?

7/10 linux systems with VPN use the following standard rules:
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -d 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
iptables -A OUTPUT -p udp --dport $VPN_PORT -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT

If you're asking why that is unsafe, you might not be well versed enough.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Firewall Problem - My job is on the line

Post by TinCanTech » Sun Dec 26, 2021 6:14 pm

tunnel_boar wrote:
Sun Dec 26, 2021 5:32 pm
7/10 linux systems with VPN use the following standard rules
Do you have a source for this claim ?

Personally, I don't see any benefit from your rules. (Having spent the last 40 years in technology)

Post Reply