Jump to content

Creating SSL Certificate for File Server

8 hours ago, leadeater said:

VPNs are a great way to secure insecure communication protocols/traffic as the VPN is operating at a layer above traffic using the tunnel.

If I can use a normal web browser and the encryption operates at a level higher than the standard protocols (HTTP/HTTPS) then I'm to assume I'll get the normal warning "Your connection isn't private" when in reality it will be but the browser doesn't know that to tell me.

 

8 hours ago, leadeater said:

Just remember only traffic using the VPN tunnel will be encrypted, seems obvious but your general internet traffic will not be.

Makes sense but I might like to ask if I wanted to configure it as a legitimate VPN Proxy (when I'm not home, but I don't plan to do this) and I sent all my internet communications through it before redirecting it to a server somewhere else like Google, Youtube , or the forum then all my general internet traffic could be encrypted...at the cost of probably noticeably higher latency and worse download speeds.

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, Windows7ge said:

Does this require any special application or will a web browser such as Mozilla Firefox or Chrome support the encryption algorithm to encrypt and decrypt the communications?

It does not require any special web browser. In fact, it does not require any special programs at all. By default, all traffic from all programs will be sent over the tunnel.

 

 

1 hour ago, Windows7ge said:

If I can use a normal web browser and the encryption operates at a level higher than the standard protocols (HTTP/HTTPS) then I'm to assume I'll get the normal warning "Your connection isn't private" when in reality it will be but the browser doesn't know that to tell me.

Yes that's is exactly right. The VPN encryption runs "a level higher" than everything else.

 

If you want another analogy, using a VPN is just like replacing your physical network cable/wireless signal, with a virtual one that goes straight from your computer, to the VPN server.

It will behave just like if you had a really long (encrypted) cable going straight from your computer to the server. That's pretty much it. Your programs will not know any difference. They will just send and receive data like normal. Your web browser don't care if you are using a wire or wireless, right? And it won't care if you use the virtual cable between your computer and the VPN server either.

 

You will not get any "your connection isn't private" errors either (except maybe when you connect to the VPN, but that won't be a warning in your browser).

Link to comment
Share on other sites

Link to post
Share on other sites

55 minutes ago, LAwLz said:

It does not require any special web browser. In fact, it does not require any special programs at all. By default, all traffic from all programs will be sent over the tunnel.

 

 

Yes that's is exactly right. The VPN encryption runs "a level higher" than everything else.

 

If you want another analogy, using a VPN is just like replacing your physical network cable/wireless signal, with a virtual one that goes straight from your computer, to the VPN server.

It will behave just like if you had a really long (encrypted) cable going straight from your computer to the server. That's pretty much it. Your programs will not know any difference. They will just send and receive data like normal. Your web browser don't care if you are using a wire or wireless, right? And it won't care if you use the virtual cable between your computer and the VPN server either.

 

You will not get any "your connection isn't private" errors either (except maybe when you connect to the VPN, but that won't be a warning in your browser).

Well thank you for all the helpful information. Your analogies also make it easier to understand. I'm going to setup a test rig to see if I can make it work and if I do manage to get it working I'll set up a low power dedicated Mini-ITX system.

Link to comment
Share on other sites

Link to post
Share on other sites

3 hours ago, LAwLz said:

It will behave just like if you had a really long (encrypted) cable going straight from your computer to the server.

Haha I was thinking of using this very same analogy :).

Link to comment
Share on other sites

Link to post
Share on other sites

On 2/16/2017 at 11:59 PM, leadeater said:

Sophos XG

I'm having a little bit of difficulty figuring this out. It's installed. I'm wondering between the WAN port (home network) and the LAN port (server's network) do they have to be separate networks? Or is the VPN server transparent to the home network which would allow me to set up the server on the same network as the home. Right now I got to the WebUI from the servers desktop. I started the registration process but when I tried to register the firewall it failed and threw an error code. So I'm locked out of advanced setting. All I have is basic controls which doesn't allow me to send requests to the server due to it being on a different network. However the server does have the ability to access the internet via the firewall but that's not enough for my purposes. In short. I'm locked out of advanced controls and unless I can make the server look like it's on the same network as the home then I'm going to have to use a different OS. One that doesn't make you do a (putting it nicely) unnecessary activation and regestration process of which I could not get to work.

Link to comment
Share on other sites

Link to post
Share on other sites

On 2/17/2017 at 4:31 PM, Electronics Wizardy said:

teamviewer is encyrpted.

Teamviewer is great.... but it's still shit in this case. Don't you remember not 6 months ago when their entire system was compromised?

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, Windows7ge said:

I'm having a little bit of difficulty figuring this out. It's installed. I'm wondering between the WAN port (home network) and the LAN port (server's network) do they have to be separate networks? Or is the VPN server transparent to the home network which would allow me to set up the server on the same network as the home. Right now I got to the WebUI from the servers desktop. I started the registration process but when I tried to register the firewall it failed and threw an error code. So I'm locked out of advanced setting. All I have is basic controls which doesn't allow me to send requests to the server due to it being on a different network. However the server does have the ability to access the internet via the firewall but that's not enough for my purposes. In short. I'm locked out of advanced controls and unless I can make the server look like it's on the same network as the home then I'm going to have to use a different OS. One that doesn't make you do a (putting it nicely) unnecessary activation and regestration process of which I could not get to work.

The default rules for any firewall is to block any traffic inbound on WAN to outbound to LAN, you'll have to create a rule to allow it. Normally the WAN port connects to your router and everything else would be LAN. You don't have to set it up this way just keep in my Sophos will treat anything coming in on the WAN port as insecure and block by default.

 

Once you setup the VPN the client that connect will be on their own subnet and again firewall rules need to be created to allow traffic from VPN clients to LAN.

 

Odd that you are having registration problems, know what the error code is?

Link to comment
Share on other sites

Link to post
Share on other sites

7 hours ago, leadeater said:

Odd that you are having registration problems, know what the error code is?

The error code was as long as a windows product key sticker with hyphens every 5 or 6 alphanumeric characters. Not easy to memorize and at the time I didn't write it down. At another time it also gave me a web page full of error information saying "failed to decrypt", "SSL" something something, then showing me some raw HTML code telling me to cut & paste it into something. So I think it's encrypting traffic but I need to get into advanced controls and make exceptions.

 

Also something went haywire. No idea how or why but I got locked out of the IPMI. All I get when I try to connect is "Connection has been rejected" ERR_CONNECTION_REFUSED so now I have to try and reset the BMC using a reset utility in DOS but that's unrelated to my original post. This is an unexpected issue that occurred which throws a wrench into the whole reason I'm building a firewall.

Link to comment
Share on other sites

Link to post
Share on other sites

16 hours ago, leadeater said:

Odd that you are having registration problems, know what the error code is?

I got the IPMI under control again and this time forced it to use it's dedicated port instead of sharing port LAN1.

I don't know what the error means. It says:

ERROR ID: XG-00151

Tracking ID a2f3a1f3-38a0-41dc-92c4-1447507f3c26

 

If you have any knowledge on this your help would be appreciated.

Link to comment
Share on other sites

Link to post
Share on other sites

10 minutes ago, Windows7ge said:

I got the IPMI under control again and this time forced it to use it's dedicated port instead of sharing port LAN1.

I don't know what the error means. It says:

ERROR ID: XG-00151

Tracking ID a2f3a1f3-38a0-41dc-92c4-1447507f3c26

 

If you have any knowledge on this your help would be appreciated.

Sophos support pages isn't of much help.

 

Quote

XG-00151

Message:

Sorry - we are unable to register this device.

Error ID: XG-00151

Tracking ID: [[TRACKING_ID]]. Please make a note of this.

What to do:

Please try again. If the problem persists, contact Customer Care.

https://community.sophos.com/kb/en-us/122496

 

I would request a new license and try again. Also make sure the appliance actually has working internet access.

Link to comment
Share on other sites

Link to post
Share on other sites

9 minutes ago, leadeater said:

I would request a new license and try again. Also make sure the appliance actually has working internet access.

Gotta love it when big business gives you garbage support information forcing you to talk to them to improve the situation. Anyways it looks like the internet is fine (see photo).Screenshot_1.png

They have a service E-mail I'll send them one and see if that gets me anywhere.

 

Just in case I looked at OpenVPN but that seems to be an application not an OS. I don't think I could set the server up to work like that.

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, Windows7ge said:

Just in case I looked at OpenVPN but that seems to be an application not an OS. I don't think I could set the server up to work like that.

You would install something like Ubuntu, or even Windows if you wanted to, then install OpenVPN server.

Link to comment
Share on other sites

Link to post
Share on other sites

11 minutes ago, leadeater said:

You would install something like Ubuntu, or even Windows if you wanted to, then install OpenVPN server.

I'd prefer a firewall/vpn server where the OS is the firewall. It's less to go wrong. We'll see if customer support yields a good result and if not I'll install Ubuntu and run the OpenVPN over it. If even that doesn't work 3rd backup to try can be pfsense.

Link to comment
Share on other sites

Link to post
Share on other sites

On 2/21/2017 at 7:55 PM, leadeater said:

You would install something like Ubuntu, or even Windows if you wanted to, then install OpenVPN server.

Well I've waited 4 business days for Sophos to get back to me and all they did was send me an initial E-mail saying "We will get back to you soonest.". I'm done waiting, next I'm going to try OpenVPN. Even though I'd prefer the OS to be the firewall if OpenVPN works then in theory I could use it for firewall purposes and the desktop OS to mine crypto-currency at the same time. Dual purpose system.

 

If you're wondering the motherboard is the ASRock Rack C2750D4I. Tons of I/O and expansion options. Very low power too. Only uses around 30W even when every RAM slot is occupied.

Link to comment
Share on other sites

Link to post
Share on other sites

On 2/21/2017 at 7:55 PM, leadeater said:

You would install something like Ubuntu, or even Windows if you wanted to, then install OpenVPN server.

OK. So Sophos firewall was a bust.

I tried OpenVPN but it apparently costs money because it's a web hosted VPN servce. I have the hardware to run a mini-VPN tunnel server so it's not helpful.

Which leaves pfSense. I have it running on a virtual machine and passed through the necessary adapters for it to have internet and serve as the default gateway for the device I want to plug into it.

 

Would you happen to know of any step by step guides that discuss how to encrypt all the network traffic that passes through the firewall? I took a look at it. Something about OpenVPN and a large amount of information relating to encryption but it's out of my field of expertise so I need help. I made an effort to look online myself but none of the tutorials I came across thoroughly explained how to do it in any manor that I understood. They also didn't verify if in fact the traffic passing through the router was being encrypted.

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, Windows7ge said:

OK. So Sophos firewall was a bust.

I tried OpenVPN but it apparently costs money because it's a web hosted VPN servce. I have the hardware to run a mini-VPN tunnel server so it's not helpful.

Which leaves pfSense. I have it running on a virtual machine and passed through the necessary adapters for it to have internet and serve as the default gateway for the device I want to plug into it.

 

Would you happen to know of any step by step guides that discuss how to encrypt all the network traffic that passes through the firewall? I took a look at it. Something about OpenVPN and a large amount of information relating to encryption but it's out of my field of expertise so I need help. I made an effort to look online myself but none of the tutorials I came across thoroughly explained how to do it in any manor that I understood. They also didn't verify if in fact the traffic passing through the router was being encrypted.

OpenVPN is free, not sure where you got the info from. Anyway pfsense uses OpenVPN and personally I kinda like running that way than on a generic Linus OS.

 

Try this and yell out if you get stuck.

https://www.highlnk.com/2013/12/configuring-openvpn-on-pfsense/

Link to comment
Share on other sites

Link to post
Share on other sites

4 hours ago, leadeater said:

OpenVPN is free, not sure where you got the info from. Anyway pfsense uses OpenVPN and personally I kinda like running that way than on a generic Linus OS.

 

Try this and yell out if you get stuck.

https://www.highlnk.com/2013/12/configuring-openvpn-on-pfsense/

I google searched openvpn the first result was openvpn.net clicking on it I scrolled down the page to downloads. Clicked on "for your PC" it downloaded a file called privatetunnel. It had me make an account. Gave be the first 200MB free then beyond that it said I had to pay. I guess their website has more than one tool you can download and I clicked on the wrong one.

 

Thanks if I have any trouble that I can't solve myself I'll ask.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×