Search found 208 matches

by rseiler
Mon Mar 14, 2022 12:07 am
Forum: Network / Wireless Issues
Topic: Guide to what some of the VPN server options change?
Replies: 2
Views: 6802

Guide to what some of the VPN server options change?

In reference to the OpenVPN Server Configuration section, particularly some of the lower ones like "Clients Use VPN For," while I understand what it does functionally it would be good to know what it changes on the router in order to do it.

Is that documented somewhere?
by rseiler
Sat Mar 12, 2022 2:05 pm
Forum: News
Topic: Version 1.13.0 : Based on OpenWrt 19.07.8
Replies: 125
Views: 804921

Re: Version 1.13.0 : Based on OpenWrt 19.07.8

Yes, agreed. After actually finding it, I was playing around with the EASYRSA_CERT_EXPIRE parameter today and it does look like it still works. For example, setting it to 3650. It's when you don't use it the 825 comes in. It's likely what Gargoyle used behind-the-scenes to get those far-off dates in...
by rseiler
Fri Mar 11, 2022 11:51 am
Forum: News
Topic: Version 1.13.0 : Based on OpenWrt 19.07.8
Replies: 125
Views: 804921

Re: Version 1.13.0 : Based on OpenWrt 19.07.8

No, I couldn't either with specific regard to OpenVPN (aside from the commercial product, Access Server, which still cites 10 years), but I know not too long ago when I was running through an OpenVPN install on 21.02 (I realize we're still 19.07 here), I got 825 for the client/server certs expiries....
by rseiler
Fri Mar 11, 2022 3:00 am
Forum: News
Topic: Version 1.13.0 : Based on OpenWrt 19.07.8
Replies: 125
Views: 804921

Re: Version 1.13.0 : Based on OpenWrt 19.07.8

OK, thanks Given the OpenVPN changes and industry limits on TLS cert lengths (825 days), do the ones generated here fall under that limitation now? I know when I was generating some for another project recently, easyrsa automatically chose 825. I think the limit had been around 1185 days before that...
by rseiler
Thu Mar 10, 2022 8:30 pm
Forum: News
Topic: Version 1.13.0 : Based on OpenWrt 19.07.8
Replies: 125
Views: 804921

Re: Version 1.13.0 : Based on OpenWrt 19.07.8

Is an upgrade from the previous release OK (I see one person mentioned doing it)? One thing that gives me pause is that it's a major OpenWRT version leap behind-the-scenes.
by rseiler
Tue Jan 26, 2021 4:29 pm
Forum: Gargoyle Development
Topic: DNSpooq vulnerabilities and Gargoyle
Replies: 10
Views: 29068

Re: DNSpooq vulnerabilities and Gargoyle

Yes, I was referring to what we'd see in the release version with the mitigation, not the latest dev with the updated dnsmasq.
by rseiler
Tue Jan 26, 2021 12:43 pm
Forum: Gargoyle Development
Topic: DNSpooq vulnerabilities and Gargoyle
Replies: 10
Views: 29068

Re: DNSpooq vulnerabilities and Gargoyle

OK, makes sense. While I haven't done it yet, it's worth mentioning that it's very likely to cause a bunch of these errors: daemon.err dnsmasq[24211]: failed to send packet: Network unreachable It happened for everyone with OpenWRT who implemented the workarounds even before the dnsmasq update, so i...
by rseiler
Tue Jan 26, 2021 2:36 am
Forum: Gargoyle Development
Topic: DNSpooq vulnerabilities and Gargoyle
Replies: 10
Views: 29068

Re: DNSpooq vulnerabilities and Gargoyle

Thanks, I hadn't seen this post.

Do you have a feel for what the disabling of caching would mean for its actual function (beyond the vulnerability)?
by rseiler
Tue Jan 26, 2021 1:58 am
Forum: Gargoyle Development
Topic: DNSpooq vulnerabilities and Gargoyle
Replies: 10
Views: 29068

Updating DNSMasq for the latest security issue

A fixed (and then re-fixed, for a log issue) version is now out (it's nominally 2.84 but shows up in OpenWRT as 2.80-16.3).

Gargoyle uses 2.80-1.4.

Are we free to use opkg to update Gargoyle 1.12.0 to solve the issue, or is it not that simple?