!GNXiKMQpxjFHsivQWJ:chat.weho.st

pfSense® ☞ ؟⸮UNOFFICIAL⸮؟ – Self Support Community for community self support.

546 Members
pfSense is an open source firewall/router computer software distribution based on FreeBSD. It is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network and has been noted for its reliability and offering a range of features. - https://en.wikipedia.org/wiki/PfSense ••• https://www.netgate.com/docs/pfsense/book/ ••• https://doc.pfsense.org/index.php/Main_Page ••• No need to introduce yourself, nor greet others; whereas "lurking"/idling is fine. "Don't ask to ask! Just ask." — https://dontasktoask.com/ — This is NOT a General Chat. Go fill the scrollback with hi-hello ping-pong somewhere else like #offtopic:matrix.org . Put your greetings within a topical message! — https://www.nohello.com/?m=0 •••Room History is "World Readable" by anyone. → https://view.matrix.org/alias/%23pfSense:matrix.org ••• WAS listed (R.I.P.): https://matrixstats.org/room/!GNXiKMQpxjFHsivQWJ:chat.weho.st ••• For sharing: "pfSense® ☞ ؟⸮UNOFFICIAL⸮؟ – Self Support Community for community self support." [pfSense® ☞ ؟⸮UNOFFICIAL⸮؟ – Self Support Community for community self support.](https://matrix.to/#/!GNXiKMQpxjFHsivQWJ:chat.weho.st) ° https://rmatrix.to/#/!GNXiKMQpxjFHsivQWJ:chat.weho.st ••• Keywords/Tags: #pfSense #Firewall #Router #Security #CyberSecurity #IDS #Squid #ProxyCache ••••55 Servers

Load older messages


SenderMessageTime
29 Apr 2024
@emma:chat.blahaj.zone@emma:chat.blahaj.zoneI just worry about the possibility of losing access, especially with OS updates. I probably worry too much in general though.13:59:11
@emma:chat.blahaj.zone@emma:chat.blahaj.zoneI haven't even setup ssh auth yet though. Contemplating how I would like to do it in my QubesOS setup. And I also need to setup my vpn qube. Anyway thanks for the response.14:01:07
@narc1013:matrix.orgnarc1013Yeah always a legitimate concern with remote access, although you can only do so much to mitigate it. For what it's worth I've never had a pfSense update break or go sideways, but it's not impossible. Without actual hardware redundancy though it sounds like you're doing everything you reasonably can. 14:07:02
@narc1013:matrix.orgnarc1013If it's a major concern, you could get a cheap consumer grade router and configure it such that your family could swap it in in case of an emergency until you could get on site to fix the pfSense box.14:08:22
@emma:chat.blahaj.zone@emma:chat.blahaj.zone

Without actual hardware redundancy though it sounds like you're doing everything you reasonably can.

I appreciate the recommendation, but if my setup fails my family will be helpless and would likely just contact the ISP to come swap the pfSense box with a new ISP router. If it comes to that, "it is what it is" at that point I guess.

14:14:03
@emma:chat.blahaj.zone@emma:chat.blahaj.zone *

Without actual hardware redundancy though it sounds like you're doing everything you reasonably can.

Thank you.

I appreciate the recommendation, but if my setup fails my family will be helpless and would likely just contact the ISP to come swap the pfSense box with a new ISP router. If it comes to that, "it is what it is" at that point I guess.

14:14:20
@emma:chat.blahaj.zone@emma:chat.blahaj.zone *

Without actual hardware redundancy though it sounds like you're doing everything you reasonably can.

Thank you.

I appreciate the recommendation, but if my setup fails, my family will be helpless and would likely just contact the ISP to come swap the pfSense box with a new ISP router. If it comes to that, "it is what it is" at that point I guess.

14:15:05
@emma:chat.blahaj.zone@emma:chat.blahaj.zoneOh, should I generate the ssh keys separately and then add them to pfSense or should I let pfSense generate the ssh keys automatically? Does pfSense support password-protected ssh keys?14:19:54
@narc1013:matrix.orgnarc1013Sorry just saw this. I'm not sure how to generate keypairs directly in pfSense, but it does support keys protected by passphrases. Most of the information I see suggests generating your keypair externally and then pasting the pubkey into the authorized keys area for the relevant user in pfSense15:29:08
@emma:chat.blahaj.zone@emma:chat.blahaj.zone
In reply to @narc1013:matrix.org
Sorry just saw this. I'm not sure how to generate keypairs directly in pfSense, but it does support keys protected by passphrases. Most of the information I see suggests generating your keypair externally and then pasting the pubkey into the authorized keys area for the relevant user in pfSense
Thanks. Yes that's what I'm planning to do. The docs say enabling ssh in pfSense without ssh keys already added will generate keys, but it doesn't specify password protection support. I'm just going to generate a new key-pair in my keys qube and paste the pub key as you said.
15:31:42
@narc1013:matrix.orgnarc1013Ah yeah. That may just be the sever keys that it auto-generates? Not sure. But yeah your approach sounds correct.15:32:54
@emma:chat.blahaj.zone@emma:chat.blahaj.zone
In reply to @narc1013:matrix.org
Ah yeah. That may just be the sever keys that it auto-generates? Not sure. But yeah your approach sounds correct.
Thanks again for the sanity check 😊
15:36:35
@narc1013:matrix.orgnarc1013No problem!15:36:51
@k1nk0z:subr0sa.0j0.jpgeorge.roswell
In reply to @emma:chat.blahaj.zone
I just worry about the possibility of losing access, especially with OS updates. I probably worry too much in general though.
if I were you I'd configre both, OpenVPN and Wireshark. If you need to work on the config of one of these, you can use the other to stay connected.
19:18:11
@k1nk0z:subr0sa.0j0.jpgeorge.roswell
In reply to @emma:chat.blahaj.zone
I just worry about the possibility of losing access, especially with OS updates. I probably worry too much in general though.
* if I were you I'd configre both, OpenVPN and Wireshark. If you need to work on the config of one of these, you can use the other to stay connected. has worked for me in the past.
19:18:26
@emma:chat.blahaj.zone@emma:chat.blahaj.zone
In reply to @k1nk0z:subr0sa.0j0.jp
if I were you I'd configre both, OpenVPN and Wireshark. If you need to work on the config of one of these, you can use the other to stay connected. has worked for me in the past.
I assume you meant to say Wireguard? I forgot that it was being implemented. I'll definitely look into it.
19:41:40
@k1nk0z:subr0sa.0j0.jpgeorge.roswell
In reply to @emma:chat.blahaj.zone
I assume you meant to say Wireguard? I forgot that it was being implemented. I'll definitely look into it.
Yes, sorry, just a typo
19:42:06
@emma:chat.blahaj.zone@emma:chat.blahaj.zone
In reply to @k1nk0z:subr0sa.0j0.jp
Yes, sorry, just a typo
Yeah I figured. Thanks for the recomendation.
19:42:33
@k1nk0z:subr0sa.0j0.jpgeorge.roswell * if I were you I'd configre both, OpenVPN and Wireguard (not Wireshark). If you need to work on the config of one of these, you can use the other to stay connected. has worked for me in the past. 19:42:30
@k1nk0z:subr0sa.0j0.jpgeorge.roswell
In reply to @emma:chat.blahaj.zone
Yeah I figured. Thanks for the recomendation.
youre welcome
19:42:54
@k1nk0z:subr0sa.0j0.jpgeorge.roswellanother option would be the Tailscale package. (is based on Wireguard)19:44:14
@k1nk0z:subr0sa.0j0.jpgeorge.roswell * another option would be the Tailscale package. (it's based on Wireguard)19:44:42
@emma:chat.blahaj.zone@emma:chat.blahaj.zoneInteresting. I guess I'll do some investigating then.19:45:29
@k1nk0z:subr0sa.0j0.jpgeorge.roswellcheck out the Lawrence Systems vlog on YT19:46:45
@emma:chat.blahaj.zone@emma:chat.blahaj.zoneHa yeah, I used to watch him on YT a while ago. I tend to check with his vids from time to time.19:47:24
@emma:chat.blahaj.zone@emma:chat.blahaj.zoneReally helpful stuff.19:47:40
@k1nk0z:subr0sa.0j0.jpgeorge.roswellthey also have forum19:48:05
@emma:chat.blahaj.zone@emma:chat.blahaj.zoneOh yeah I forgot about that. Will check there too.19:48:35
30 Apr 2024
@tekzer0:matrix.org@tekzer0:matrix.org changed their profile picture.01:14:39
@kernellinux:linuxdelta.comKernellinux changed their profile picture.14:27:29

Show newer messages


Back to Room ListRoom Version: