Posts

pfsense IPsec phase 1 disable rekey
Stefan Helander

pfsense IPsec VPN tunnel disconnects after 8 hours

/0 Comments/in /by

I’ve been troubled by the annoying disconnection of the IPsec VPN tunnel on a pfsense firewall. The tunnel disconnects after about 8 hours.

The solution in my case was to enable “Disable rekey” which “Disables renegotiation when a connection is about to expire.“. The setting is found under Phase 1 advanced settings.

Disable rekey setting under Phase 1 Advanced settings
Stefan Helander

Pimp my router! Linksys WRT54GL on steroids… or at least on Tomato

/2 Comments/in , /by

I while ago I got my hands on a Linksys WRT54GL broadband router. This little fellow runs on Linux. Nice, I thought. After fiddling around with it for a while I found that the firmware had bugs.

Linksys WRT54GLI added timed access restrictions (to cut off my teenagers Internet access automatically in the evening). This worked fine until I added another rule that had nothing to do with the first and suddenly my teenagers had Internet access all night long. I also want an incoming VPN connection (PPTP) that I forward by using port forward. This worked fine for a week and of course, it stopped working when I was abroad and needed it the most. Apart from that, there is no telnet or ssh login to the router (it is running on Linux you know).

Read more

Stefan Helander

FTP not working in passive mode – proftpd, iptables and ISPconfig

/1 Comment/in /by

If you are using proftpd FTP server together with iptables firewall, which is the case if you for example are using ISPconfig, you will probably have problems using FTP against your server in passive mode. The problem is that the iptables firewall will not allow the incoming connections in passive mode.

The solution is to configure proftpd to use a small, defined range of incoming ports and open iptables for this range.

Read more

Stefan Helander

Internet related threats

/0 Comments/in /by

On http://www.cromwell-intl.com/security/ you will find a number of articles related to Computer System and Network security. It covers chryptography, privacy tools, computer forensics, authentication, intrusion detection and network monitoring.

GRC Shields Up! tests your firewall from the outside and reports what you are exposing to the Internet.

At CERT, Computer Emergency Response Team, you will find up to date information about security related issues like newly discovered vulnerabilities. Stay updated!