Is there any package we need to install in vyos to block websites successfully. Also, what does installing webproxy do in vyos and how does it work?
Can someone show the set commands for this?

Hey all,
I've been strugglging to deploy this container on my Qnap. After much troublshooting I finallget got the container running and I can access the transmission web UI.
My current problem is that it only seems to download for about 2-3 minutes, then it drops to 0kb/s. If i restart the contain, it will download more.
This is my Docker run:
docker run --cap-add=NET_ADMIN -d \
--name=transmission \
-v /share/CACHEDEV2_DATA/Downloads:/data \
-v /etc/localtime:/etc/localtime:ro \
-e CREATE_TUN_DEVICE=true \
-e OPENVPN_PROVIDER=PIA \
-e OPENVPN_CONFIG=us_west \
-e OPENVPN_USERNAME=xxxxxxx\
-e OPENVPN_PASSWORD=xxxxxxx \
-e WEBPROXY_ENABLED=false \
-e LOCAL_NETWORK=192.168.1.0/24 \
-e DISABLE_PORT_UPDATER=yes \
-e ENABLE_UFW=false \
--log-driver json-file \
--log-opt max-size=10m \
-p 9091:9091 \
haugene/transmission-openvpn

Hi all,
i'm trying to get a solution but nothing works exactly..
I have installed a new secondary site to my primary site as a customer from my site got a new location. now they want to have these two sites connected.
So everything fine. Did followed the SCCM Tutorial of Prajwal Desai. Secondary site is installed.
In the Prim. Site i was distrubuting the client agent via sccm push. FW is open, policy is set. everything works.
The main Problem is, that i cannot install the agent via the secondary server. whatever why.
Distribution over the 40Mbit upload Network Line of German Telekom is bullshit. So syncing over night. Installing everything over the secondary site
Push user is set.. (AD Account)
Did you guys/girls have a solution on this one?
here are the logs from the server and client
Server:

======>Begin Processing request: "2097152021", machine name: "DESKTOP-2FO2A17" SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:28:47 8504 (0x2138) Execute query exec [sp_IsMPAvailable] N'KUR' SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:28:47 8504 (0x2138) - Trying the 'best-shot' account which worked for previous CCRs (index = 0x0) SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:28:47 8504 (0x2138) - Attempting to connect to administrative share '\\DESKTOP-2FO2A17.mseven.vt\admin$' using account 'MSEVEN\svc_sccmpush' SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:28:47 8504 (0x2138) - The 'best-shot' account has now succeeded 5 times and failed 0 times. SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:28:47 8504 (0x2138) - Connected to administrative share on machine DESKTOP-2FO2A17.mseven.vt using account 'MSEVEN\svc_sccmpush' SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:28:47 8504 (0x2138) - Trying the 'best-shot' account which worked for previous CCRs (index = 0x0) SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:28:47 8504 (0x2138) - Attempting to make IPC connection to share <\\DESKTOP-2FO2A17.mseven.vt\IPC$> SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:28:47 8504 (0x2138) - Searching for SMSClientInstall.* under '\\DESKTOP-2FO2A17.mseven.vt\admin$\' SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:28:47 8504 (0x2138) - System OS version string "10.0.19045" converted to 10,00 SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:28:47 8504 (0x2138) - Unable to connect to remote machine "DESKTOP-2FO2A17.mseven.vt" and namespace "root\ccm" using Kerberos with alternate account, error - 0x8004100e. SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:28:47 8504 (0x2138) NTLM fallback is enabled, remote machine "DESKTOP-2FO2A17.mseven.vt" is continuing with client push. SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:28:47 8504 (0x2138) - Unable to connect to WMI (root\ccm) on remote machine "DESKTOP-2FO2A17.mseven.vt", error = 0x8004100e. SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:28:47 8504 (0x2138) - Creating \ VerifyingCopying existence of destination directory \\DESKTOP-2FO2A17.mseven.vt\admin$\ccmsetup. SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:28:47 8504 (0x2138) - Copying client files to \\DESKTOP-2FO2A17.mseven.vt\admin$\ccmsetup. SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:28:47 8504 (0x2138) - Copying file "C:\Program Files\Microsoft Configuration Manager\bin\I386\MobileClient.tcf" to "MobileClient.tcf" SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:28:47 8504 (0x2138) - Copying file "C:\Program Files\Microsoft Configuration Manager\bin\I386\ccmsetup.exe" to "ccmsetup.exe" SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:28:48 8504 (0x2138) - Updated service "ccmsetup" on machine "DESKTOP-2FO2A17.mseven.vt". SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:29:03 8504 (0x2138) - Started service "ccmsetup" on machine "DESKTOP-2FO2A17.mseven.vt". SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:29:03 8504 (0x2138) - Deleting SMS Client Install Lock File '\\DESKTOP-2FO2A17.mseven.vt\admin$\SMSClientInstall.KUR' SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:29:03 8504 (0x2138) Execute query exec [sp_CP_SetLastErrorCode] 2097152021, 0 SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:29:03 8504 (0x2138) - Completed request "2097152021", machine name "DESKTOP-2FO2A17". SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:29:03 8504 (0x2138) Deleted request "2097152021", machine name "DESKTOP-2FO2A17" SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:29:03 8504 (0x2138) Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152021, 4 SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:29:03 8504 (0x2138) Execute query exec [sp_CP_SetLatest] 2097152021, N'04/25/2024 17:29:03', 4 SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:29:03 8504 (0x2138) <======End request: "2097152021", machine name: "DESKTOP-2FO2A17". SMS_CLIENT_CONFIG_MANAGER 25.04.2024 19:29:03 8504 (0x2138) 

Client:

                                                                ']LOG]!>                                    ']LOG]!>           ']LOG]!>                     

Thanks all!!! Help is much appreciated!!!

Good Afternoon:
Aptitude package manager has a feature that allows you define a proxy. I have several VMs that utilize a VPN for default traffic thus causing errors when it comes to update (apt) time. I would like to setup the Squid Web Proxy to take APT requests on behalf of those clients. Is this overkill? If not, not all clients are on the same interface. How would I set the Squid Proxy to allow APT requests from identified clients on different interfaces (is this even possible)?
Thank you!

I'm struggling to find out how to configure our Servers to be able to enable extended server protection on our exchange cluster. The documentation states the servers need to use the same certificates.
The setup is: exchange cluster (2 Servers) -> LoadBalancer -> Apache Webproxy
Atm we have configured a local wildcard certificate on the exchange servers themselves and the loadbalancer and a public cert on the webproxy. Using TLS-Offloading (configured on the LB) this works, but that setup is not compatible with ESP obviously. So I try to switch to TLS-bridging (called SSL/TLS (TCP Mode) on Opensense) instead. I think it would be the public (external) certificate to install on all servers? But that cert is only for the external domain ofc, would that break anything to use it directly on the exchange servers?

There are multiple (5 to my knowledge) ways to disable WPAD in an Windows server / client environment.

1. On the DNS server add a "A" record for "wpad" and point it to "127.0.0.1"
2. Go to %systemdrive%\Windows\System32\Drivers\etc\hosts. Create the following entry for WPAD in the host file: wpad (or 127.0.0.1).
3. Computer Configurations -> Policies -> Windows Settings -> Security Settings -> System Services; Edit the policy “WinHTTP WebProxy Auto-Discover Service” and set the policy to “Disabled”.
4. User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer; Edit the policy “Disable caching of Auto-Proxy scripts” and set the policy to “Enabled”.
5. Computer Configuration -> Preferences -> Windows Settings -> Registry; HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\DisableWpad = 1

Number 1 seems counter intuitive as the wpad dns query is already blocked by Active Directory integrated DNS.

PS C:\\> dnscmd /info /globalqueryblocklist Query result: String: wpad String: isatap Command completed successfully. PS C:\\> dnscmd /info /enableglobalqueryblocklist Query result: Dword: 1 (00000001) Command completed successfully. 

Number 5 only works since Windows Server 2019 and Windows 10, version 1809. But i am searching for a one size fits all solution which is backwards compatible with older windows Server and client versions.
But which of those options is best to implement domain wide as a policy or GPO?

Enviar correo a [sheyk87@gmail.com](mailto:sheyk87@gmail.com), es subida propia!
Precio: u$s 20 dólares o $20.000 Pesos Argentinos
Acepto PayPal, Binance, MercadoPago
Más Información

Lo que aprenderás

• Trabajaremos dentro de nuestro propio laboratorio y todo el contenido del curso sera 100% practico
• Al final de este curso será capaz de dominar cualquier equipo de la línea Mikrotik incluyendo pero no limitándose a los siguientes temas:
• Tipos de Backups y Restores
• Configuracion de DNS Client y DNS Server
• Administración de Paquetes y servicios
• Upgrade y downgrade de RouterOS
• Gestión de Usuarios y grupos
• Administracion de RouterOs por CLI
• Bridging
• Administración de DHCP Client y DHCP Server
• Enrutamiento estático
• Configurar alertas por E-mail
• Automatizar backups por correo electrónico
• Administracion basica/intermedia/avanzada de Firewall
• Configuración de Gráficos Estadísticos
• Gestión de Colas de velocidad simples
• Herramienta torch para medir consumo
• Firewall y Web Filter
• Port Forwarding
• Administración de Logs
• Técnicas de Hardening para fortalecer la seguridad
• DNS Dinámico
• Tuneles VPN Site to Site y Client to Site (PPTP, SSTP, L2TP, IPIP, EOIP, PPPoE, OVPN, GRE, IPSEC)
• Hotspot
• Conexión LTE
• Reinstalar RouterOs con NETINSTALL
• VLANs
• RoMON
• Enrutamiento Dinámico con OSPF
• WebProxy
• Wireless
• Monitoreo mediante la herramienta TheDude
• Balanceo de Carga (ECMP, NTH, PCC)
• Calidad de servicio (QoS)

Este curso incluye:

• 23 horas de vídeo bajo demanda
• 12 artículos
• 14 recursos descargables

Requisitos

• Es necesario tener experiencia o haber realizado alguna capacitación previa sobre networking, este curso es sobre aprender a dominar los equipos Mikrotik y para eso necesitamos conocimientos sobre networking
• En el curso usaremos un laboratorio personal basado en GNS3, es necesario contar con 4GB de RAM libres para que el laboratorio funcione correctamente

Hi! Just for anyone who is anxiously awaiting decisions from UCs like I was, I just wanted to let everyone know that some UC staff have a holiday break today for President's Day. It's confirmed for Berkeley, UCI, UCSD, and UCLA, among others that I did not check. If your application is marked as complete, it probably won't go under review today. There is a chance that a wave is automated for today/tonight, but I doubt it.
Now I can enjoy today without the added stress of law school decisions, haha.

I wanted to write something up for the Googlers out there who might stumble across this post and find it useful. Reddit and Ubiquity Community has largely all the information you need to get this up and running but some of it was years old and I discovered some quirks along the way. I cant thank the communities enough. This is a version of what I posted over on the Ubiquity Forums and I didnt just want to dump a link in here to that.
Essentially I wanted a complete solution which meant I could avoid using the ISP router at all for Internet and TV.
Recently I had BT (UK) FTTP 900 installed along with EE TV (Multicast IPTV), I wanted to continue using my ER-X which I had been using for my previous cable provider. In short, it all works without any issues with bandwidth delivery or TV 'signal'. I am using PPPOE as the WAN Interface and an IGMP Proxy to get the Multicast TV working. My general config is not overly complicated, I am not using VLANS and the firewall is largely default and some typical port forwarding. To be honest if you have a super complicated setup with your Ubiquity gear you are probably far cleverer than me and dont need this post anyway :) Chances are the people who find this useful will be those a bit like me, just getting started and have a relatively basic config.
Before starting on the below my ER-X was configured essentially like this for my previous Cable ISP:
ER-X on v2.0.9-hotfix.7
eth0 (WAN Interface using DHCP from Cable ISP)
Switch0 (eth1-eth4 192.168.84.1/24)
Single Local DHCP Server for 192.168.84.0/24
First of all if you are using an FTTP provider like BT and many other ISPs you will need to have a PPPOE Interface configured and attached to the parent physical interface, in my case I was using eth0. With the ER-X you can use the wizard for this if you are first starting it up from a factory reset however I was going from my old Cable Provider to FTTP. My Cable provider was a little more straight forward as the Cable Modem would allow me to set my WAN interface (eth0) to DHCP and it would just work without an authentication layer, at least on the ER-X anyway. My existing ER-X was setup for DHCP on the WAN using the wizard so I needed to first remove that config and add in PPPOE instead and to do that I issued the following commands which @redfive provided me with. (I didnt want to factory reset)

configure delete interfaces ethernet eth0 address delete interfaces ethernet eth0 firewall delete firewall ipv6-name WANv6_IN delete firewall ipv6-name WANv6_LOCAL delete service nat set interfaces ethernet eth0 pppoe 0 default-route force set interfaces ethernet eth0 pppoe 0 mtu 1492 set interfaces ethernet eth0 pppoe 0 password  set service nat rule 5010 type masquerade set service nat rule 5010 outbound-interface pppoe0 set interfaces ethernet eth0 pppoe 0 firewall in name WAN_IN set interfaces ethernet eth0 pppoe 0 firewall local name WAN_LOCAL set firewall options mss-clamp interface-type pppoe set firewall options mss-clamp mss 1452 set port-forward wan-interface pppoe0 commit save exit reboot 

This deleted the basic config I had before and replaced it with a PPPOE interface to talk to BT FTTP. It left it tact things like my port forwarding.
After a reboot the PPPOE interface picked up its IP and the default route appeared and that was it, internet worked great and the Edge Router wasnt restricting me on bandwidth at all, speed tests were showing the full 900Mbps. I had seen many posts where people were not seeing full speeds on the ER-X for some reason, but it was fine for me with the above, plus also as literally every single other guide says you need to do is to enable hw-offloading.

configure set system offload hwnat enable set system offload ipsec enable commit save exit 

This has been enabled on my ER-X since I first got it so I dont know what its like with out it, just all the guides were like, 'you must do this' otherwise the CPU gets bogged down.
Internet was working great but then came the delivery of my IPTV box (EE TV Box Pro) and being a newbie I wasnt aware that it wasnt more complicated then just plugging in an ethernet hook up to the router. Some Googling later I realised that live TV from ISP's is often provided as Multicast for efficiency and that an IGMP proxy could be utilised to grab these packets from the WAN and send them out over a given internal interface. Time to give that a stab, so I found this post:
IPTV/IGMP/Multicast Solution for Edgemax Router Ubiquiti Community
Pretty much had everything I needed to get going so thanks to @noleech for his write up but it was 9 years old and using a much older OS. Other posts I had found also were mentioning how IGMP was broken in some releases so I wasnt sure what to expect as I couldnt find anything really current.
Configuring an IGMP Proxy is pretty straight forward and Ubiquity's own own page is all I needed:
EdgeRouter - IGMP Proxy – Ubiquiti Support and Help Center
I was already pondering a problem however, do I set the upstream to the PPPOE interface or parent interface eth0 and then as I have switch0 configured for all my other ports (eth1-eth4) so do I configure the downstream to go out via my switch0 interface and therefore my entire network?....that didnt seem ideal to me. These are newbie questions.
Anyway, you need to set your upstream interface as the parent interface and not the PPPOE, after configuring my IGMP proxy to use eth0 and then out to switch0 the IGMP proxy would crash or at least not start with an error, after more googling I stumbled upon a post that mentioned the IGMP interfaces must have IP addresses. When using PPPOE the IP is addressed there, it is not there on the parent WAN interface which in my case is eth0. Switch0 had an IP but eth0 did not. The post mentioned that to solve this issue is to just give the eth0 an IP address, doesn't really matter what it is but just ensure it is not an IP that is going to get used elsewhere. An interesting point here is that if your ISP uses DHCP and not PPPOE and your external IP is dynamic, apparently when the IP changes it can break the IGMP proxy, not a concern if you are use PPPOE as you can stick a static IP on the parent interface like I did below.

configure set interfaces ethernet eth0 address 192.168.255.1/24 commit save exit 

Once my eth0 had an address the IGMP proxy then worked however however I wasnt a huge fan that I was directing everything to switch0 (my entire network), I have one IPTV box within a short distance of the ER-X so I decided on another solution. That was to remove eth4 from switch0 and give it its own LAN, so I assigned the eth4 interface 192.168.85.1/24 and created a second DHCP server for the subnet 192.168.85.0/24, so now anything I connect to eth4 will be on this new subnet, but in effect for me it allows me to have a dedicated port directly connected to the IPTV box simplifying matters. Now cleverer people would probably utilise some VLAN config at this point but im not ready for that.
So with that now in place I configured my IGMP Proxy as follows:

configure set protocols igmp-proxy interface eth0 role upstream set protocols igmp-proxy interface eth4 role downstream set protocols igmp-proxy interface eth0 threshold 1 set protocols igmp-proxy interface eth0 alt-subnet 0.0.0.0/0 set protocols igmp-proxy interface eth4 threshold 1 set protocols igmp-proxy interface eth4 alt-subnet 0.0.0.0/0 commmit save exit 

You can then check for traffic and other info by issuing the following commands:

show ip multicast interfaces Intf BytesIn PktsIn BytesOut PktsOut Local eth0 322.55MB 31923239 0.00b 0 192.168.255.1 eth4 0.00b 0 320.97MB 31922696 192.168.85.1 show ip multicast mfc Group Origin In Out Pkts Bytes Wrong 234.xx.xxx.xxx 109.xxx.xxx.xxx eth0 eth4 469825 607.57MB 0 

Without getting into things I dont understand, essentially the two commands are showing traffic between the interfaces and with this IGMP Proxy in place the IPTV box has been working flawlessly.
I did want to address something and also pose a question, in all of the posts I have read, albeit old ones, they are mentioning that now two firewall rules must be created, one to Allow Multicast UDP between source and destination IP's, which can be gathered from the above MFC command, the other to allow IGMP. Without these firewall rules apparently the IPTV feed will crash out after a few seconds, I cannot report that this has effected me and I am wondering why. I havent gone ahead and created these rules as everything works fine without them. I was wondering if because the IPTV is on its own subnet and singular interface away from my default LAN that this has circumvented the requirement? I dont know.
So, it all works, ive rebooted everything to make sure, ONT, Router and Factory Reset the IPTV box and everything still works, all live channels work, the premium paywalled sport ones such a Sky Sports (Now) and TNT Sports...Ultimate and HDR, im pretty chuffed however wouldnt have been able to do this without the help on these communities. I hope someone might stumble across this post and find it helpful, Im sure the same can be applied to most ISP's who are using PPPOE and I cant recommend the Edge Router X enough for anyone who wants to learn some basics or some more complicated stuff, it is a very capable device.
My full sanitized config is below:

firewall { all-ping enable broadcast-ping disable ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name WAN_IN { default-action drop description "WAN to internal" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } name WAN_LOCAL { default-action drop description "WAN to router" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 21 { action accept description Allow_WAN-Port_Ping destination { group { address-group ADDRv4_pppoe0 } } log disable protocol icmp } } options { mss-clamp { interface-type pppoe mss 1452 } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { ethernet eth0 { address 192.168.255.1/24 description WAN duplex auto pppoe 0 { default-route force firewall { in { name WAN_IN } local { name WAN_LOCAL } } mtu 1492 name-server auto password BT user-id bthomehub@btbroadband.com } speed auto } ethernet eth1 { description "Office Switch" duplex auto speed auto } ethernet eth2 { description "Cupboard Switch" duplex auto speed auto } ethernet eth3 { description "Lounge Switch" duplex auto speed auto } ethernet eth4 { address 192.168.85.1/24 description IPTV duplex auto poe { output off } speed auto } loopback lo { } switch switch0 { address 192.168.84.1/24 description "Default LAN (eth1-eth3)" mtu 1500 switch-port { interface eth1 { } interface eth2 { } interface eth3 { } vlan-aware disable } } } port-forward { auto-firewall enable hairpin-nat enable lan-interface switch0 rule 1 { description OpenVPN(pi) forward-to { address 192.168.84.238 port 1987 } original-port 1987 protocol udp } rule 2 { description SSH(pi) forward-to { address 192.168.84.238 port 40 } original-port 40 protocol tcp } wan-interface pppoe0 } protocols { igmp-proxy { interface eth0 { alt-subnet 0.0.0.0/0 role upstream threshold 1 } interface eth4 { alt-subnet 0.0.0.0/0 role downstream threshold 1 } } } service { dhcp-server { disabled false hostfile-update disable shared-network-name IPTV { authoritative disable subnet 192.168.85.0/24 { default-router 192.168.85.1 dns-server 192.168.84.199 lease 86400 start 192.168.85.10 { stop 192.168.85.20 } static-mapping EE-TV-Box-Pro { ip-address 192.168.85.11 mac-address x } } } shared-network-name LAN { authoritative enable subnet 192.168.84.0/24 { default-router 192.168.84.1 dns-server 192.168.84.199 lease 86400 start 192.168.84.2 { stop 192.168.84.243 } static-mapping naylor-gw { ip-address 192.168.84.238 mac-address x } static-mapping pi-hole { ip-address 192.168.84.199 mac-address x } static-mapping wifi-bridge { ip-address 192.168.84.240 mac-address x } } } static-arp disable use-dnsmasq disable } dns { dynamic { interface pppoe0 { service custom-cloudflare { host-name x login x options zone=x password x protocol cloudflare } } } forwarding { cache-size 150 listen-on switch0 } } gui { http-port 80 https-port 443 older-ciphers enable } nat { rule 5010 { outbound-interface pppoe0 type masquerade } } ssh { port 22 protocol-version v2 } unms { disable } upnp { } } system { analytics-handler { send-analytics-report false } crash-handler { send-crash-report false } host-name x login { user x { authentication { encrypted-password x } level admin } } ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org { } server 2.ubnt.pool.ntp.org { } server 3.ubnt.pool.ntp.org { } } offload { hwnat enable ipsec enable } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone Europe/London } /* Warning: Do not remove the following line. */ /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@5:ubnt-l2tp@1:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@2:ubnt-util@1:vrrp@1:vyatta-netflow@1:webgui@1:webproxy@1:zone-policy@1" === */ /* Release version: v2.0.9-hotfix.7.5622731.230615.0857 */ 

​

Here is my docker compose file: ```yml version: '3.0'
services: genefit.to: build: context: /vawww/html/genefit.to dockerfile: DOCKERFILE networks: webproxy: ipv4_address: 172.26.0.4 depends_on: - genefit.to_db
genefit.to_db: image: mariadb:latest container_name: forum_db command: ["--innodb-buffer-pool-size=256M"] environment: - MYSQL_ROOT_PASSWORD=REDACTED - MYSQL_USER=USER_REDACTED - MYSQL_PASSWORD=REDACTED - MYSQL_DATABASE=forum networks: webproxy: ipv4_address: 172.26.0.5 volumes: - db_data:/valib/mysql
networks: webproxy: external: true
volumes: db_data: ```
Here the DOCKERFILE: ```yml

Use a base image with Apache and PHP installed

FROM php:apache

Set the working directory inside the container

WORKDIR /vawww/html

Copy the contents of the codebase into the container

COPY . .

Expose port 80 (the default port for Apache)

EXPOSE 80 ```
Now when trying to deploy the stack (compose file inside portainer) I get following error: failed to deploy a stack: unable to prepare context: path "/vawww/html/genefit.to" not found
This is weird because the path exists on my linux vps, i also added the required chmod permissions to the folder which sadly did not change anything.
I appriciate any help which helps me get closer to the solution of this issue, don't hestiate to submit your potential solutiuons!

I have a wireguard site-2-site between two vyos routers. I'd like to send only traffic destined to a *.netflix.com domain from one client on site a over the tunnel to site b before going out to the internet.
Seems like I could use webproxy in non-transparent mode and configure that one client to use the proxy. But reading through the vyos docs I'm not sure how I would send only *.netflix.com traffic over the tunnel and the rest out the default gateway.
I could probably do policy based routing to send all traffic from that client over the tunnel but that would be a lot of unnecessary traffic.

Is anyone able to help me figure out what I am doing wrong with the haugene/transmission-openvpn docker image? Everything appears to be working and ports are being forwarded properly, however, any torrent that I add to transmission just get "stuck". Some more popular torrents will show 1-3 peers and download extremely slowly (i.e. 30kb/s) but most just never download.
​
Below are my environment variables:

 "Env": [ "TRANSMISSION_PORT_FORWARD_ENABLED=true", "TRANSMISSION_UMASK=000", "TRANSMISSION_SPEED_LIMIT_UP_ENABLED=true", "PUID=114", "PGID=120", "TRANSMISSION_DOWNLOAD_DIR=/data/completed", "TRANSMISSION_SPEED_LIMIT_UP=1000", "OPENVPN_USERNAME=******", "LOCAL_NETWORK=192.168.1.0/24", "TRANSMISSION_IDLE_SEEDING_LIMIT_ENABLED=true", "TRANSMISSION_INCOMPLETE_DIR=/data/incomplete", "TRANSMISSION_RATIO_LIMIT_ENABLED=false", "OPENVPN_PASSWORD=******", "TRANSMISSION_SPEED_LIMIT_DOWN=10000", "TRANSMISSION_SPEED_LIMIT_DOWN_ENABLED=true", "OPENVPN_PROVIDER=PIA", "OPENVPN_CONFIG=ca_vancouver", "PATH=/uslocal/sbin:/uslocal/bin:/ussbin:/usbin:/sbin:/bin", "OPENVPN_OPTS=", "GLOBAL_APPLY_PERMISSIONS=true", "TRANSMISSION_HOME=/config/transmission-home", "TRANSMISSION_RPC_PORT=9091", "TRANSMISSION_RPC_USERNAME=", "TRANSMISSION_RPC_PASSWORD=", "TRANSMISSION_WATCH_DIR=/data/watch", "CREATE_TUN_DEVICE=true", "ENABLE_UFW=false", "UFW_ALLOW_GW_NET=false", "UFW_EXTRA_PORTS=", "UFW_DISABLE_IPTABLES_REJECT=false", "PEER_DNS=true", "PEER_DNS_PIN_ROUTES=true", "DROP_DEFAULT_ROUTE=", "WEBPROXY_ENABLED=false", "WEBPROXY_PORT=8118", "WEBPROXY_USERNAME=", "WEBPROXY_PASSWORD=", "LOG_TO_STDOUT=false", "HEALTH_CHECK_HOST=google.com", "SELFHEAL=false", "REVISION=07f5a2b9aea5028c9bb75438c1552708e91dde71" 

Additionally, the health check returns healthy and I do have internet access within the docker container. I tried adding a list of public trackers as well and that did nothing.

Hallo!
Ich hatte vor für 2024 eine Ausbildung zum Fachinformatiker anzufangen. Jedoch bin ich mir unsicher für welchen Bereich ich diese anfangen soll.. Mich sprechen beide Bereiche an und ich habe ebenfalls ein bisschen Erfahrung(wenn man das so nennen kann) für beides.
Systemintegration: • Habe eigene PCs zusammengebaut, ebenfalls von Freunden oder bekannten. • Handys, Tablets etc repariert • Netzwerke eingerichtet • VPN Erfahrung - aus gemieteten Servern ein VPN aufzubauen • Server Erfahrung in Linux & Windows (gemietete Server für Websiten, Spiele etc) • Proxy Erfahrung - ebenfalls aus einem der gemieteten Server einen Webproxy zu erstellen usw • Firewall als auch DNS Erfahrung um vor gemeinen Bubis die Website vor DDoS usw zu schützen
Anwendungsentwicklung: (noch nicht sehr viel) • Webseiten in HTML / CSS / Javascript • Javascript Disocrd Bots
Habe mir natürlich alles selbst beigebracht und bin kein Profi in beidem, jedoch denke ich, dass ich paar gute Basics mitbringe in beiden Bereichen. Mir macht beides natürlich sehr viel Spass.
Meine Frage wäre ob diese Grundkenntnisse gut sind für eine Ausbildung in beiden Bereichen? Ebenfalls würde ich mich über Tipps oder Ratschläge für die Bewerbung freuen. Hatte noch vor eine About Me Website zu erstellen ebenfalls eine Domain mit Website zu holen wo ich das natürlich hosten würde.
Bewerben würde ich mich in Raum Stuttgart falls jemand noch gute Firmen kennt, würde ich mich auch für Empfehlungen freuen.
Besten Dank!

Hallo!
Ich hatte vor für 2024 eine Ausbildung zum Fachinformatiker anzufangen. Jedoch bin ich mir unsicher für welchen Bereich ich diese anfangen soll.. Mich sprechen beide Bereiche an und ich habe ebenfalls ein bisschen Erfahrung(wenn man das so nennen kann) für beides.
Systemintegration: • Habe eigene PCs zusammengebaut, ebenfalls von Freunden oder bekannten. • Handys, Tablets etc repariert • Netzwerke eingerichtet • VPN Erfahrung - aus gemieteten Servern ein VPN aufzubauen • Server Erfahrung in Linux & Windows (gemietete Server für Websiten, Spiele etc) • Proxy Erfahrung - ebenfalls aus einem der gemieteten Server einen Webproxy zu erstellen usw • Firewall als auch DNS Erfahrung um vor gemeinen Bubis die Website vor DDoS usw zu schützen
Anwendungsentwicklung: (noch nicht sehr viel) • Webseiten in HTML / CSS / Javascript • Javascript Disocrd Bots
Habe mir natürlich alles selbst beigebracht und bin kein Profi in beidem, jedoch denke ich, dass ich paar gute Basics mitbringe in beiden Bereichen. Mir macht beides natürlich sehr viel Spass.
Meine Frage wäre ob diese Grundkenntnisse gut sind für eine Ausbildung in beiden Bereichen? Ebenfalls würde ich mich über Tipps oder Ratschläge für die Bewerbung freuen. Hatte noch vor eine About Me Website zu erstellen ebenfalls eine Domain mit Website zu holen wo ich das natürlich hosten würde.
Bewerben würde ich mich in Raum Stuttgart falls jemand noch gute Firmen kennt, würde ich mich auch für Empfehlungen freuen.
Besten Dank!

Hallo!
Ich hatte vor für 2024 eine Ausbildung zum Fachinformatiker anzufangen. Jedoch bin ich mir unsicher für welchen Bereich ich diese anfangen soll.. Mich sprechen beide Bereiche an und ich habe ebenfalls ein bisschen Erfahrung(wenn man das so nennen kann) für beides.
Systemintegration: • Habe eigene PCs zusammengebaut, ebenfalls von Freunden oder bekannten. • Handys, Tablets etc repariert • Netzwerke eingerichtet • VPN Erfahrung - aus gemieteten Servern ein VPN aufzubauen • Server Erfahrung in Linux & Windows (gemietete Server für Websiten, Spiele etc) • Proxy Erfahrung - ebenfalls aus einem der gemieteten Server einen Webproxy zu erstellen usw • Firewall als auch DNS Erfahrung um vor gemeinen Bubis die Website vor DDoS usw zu schützen
Anwendungsentwicklung: (noch nicht sehr viel) • Webseiten in HTML / CSS / Javascript • Javascript Disocrd Bots
Habe mir natürlich alles selbst beigebracht und bin kein Profi in beidem, jedoch denke ich, dass ich paar gute Basics mitbringe in beiden Bereichen. Mir macht beides natürlich sehr viel Spass.
Meine Frage wäre ob diese Grundkenntnisse gut sind für eine Ausbildung in beiden Bereichen? Ebenfalls würde ich mich über Tipps oder Ratschläge für die Bewerbung freuen. Hatte noch vor eine About Me Website zu erstellen ebenfalls eine Domain mit Website zu holen wo ich das natürlich hosten würde.
Bewerben würde ich mich in Raum Stuttgart falls jemand noch gute Firmen kennt, würde ich mich auch für Empfehlungen freuen.
Besten Dank!

Hallo!
Ich hatte vor für 2024 eine Ausbildung zum Fachinformatiker anzufangen. Jedoch bin ich mir unsicher für welchen Bereich ich diese anfangen soll.. Mich sprechen beide Bereiche an und ich habe ebenfalls ein bisschen Erfahrung(wenn man das so nennen kann) für beides.
Systemintegration: • Habe eigene PCs zusammengebaut, ebenfalls von Freunden oder bekannten. • Handys, Tablets etc repariert • Netzwerke eingerichtet • VPN Erfahrung - aus gemieteten Servern ein VPN aufzubauen • Server Erfahrung in Linux & Windows (gemietete Server für Websiten, Spiele etc) • Proxy Erfahrung - ebenfalls aus einem der gemieteten Server einen Webproxy zu erstellen usw • Firewall als auch DNS Erfahrung um vor gemeinen Bubis die Website vor DDoS usw zu schützen
Anwendungsentwicklung: (noch nicht sehr viel) • Webseiten in HTML / CSS / Javascript • Javascript Disocrd Bots
Habe mir natürlich alles selbst beigebracht und bin kein Profi in beidem, jedoch denke ich, dass ich paar gute Basics mitbringe in beiden Bereichen. Mir macht beides natürlich sehr viel Spass.
Meine Frage wäre ob diese Grundkenntnisse gut sind für eine Ausbildung in beiden Bereichen? Ebenfalls würde ich mich über Tipps oder Ratschläge für die Bewerbung freuen. Hatte noch vor eine About Me Website zu erstellen ebenfalls eine Domain mit Website zu holen wo ich das natürlich hosten würde.
Bewerben würde ich mich in Raum Stuttgart falls jemand noch gute Firmen kennt, würde ich mich auch für Empfehlungen freuen.
Besten Dank!

Hi Everyone I am have only a vague idea of what I'm doing so please use small simple words! Im using the most up to date Ubuntu and Docker.
I found a guide I'm following to set up a media sever and says to set up transmission open-VPN with my VPN of choice and I already use Nord and it says it compatible so I started using it. I got the docker file set up enough that it runs but gives me an authentication error, I know its not my username and password as I have tested those but I don't know enough to try and troubleshoot and the guide is too vague to help with this. Please help!! THANK YOU
transmission: image: haugene/transmission-openvpn:latest container_name: transmission volumes: - /mnt/data:/mnt/data cap_add: - NET_ADMIN environment: - PUID=1000 - PGID=1000 - CREATE_TUN_DEVICE=true - OPENVPN_PROVIDER=NORDVPN - OPENVPN_CONFIG=nordvpn - OPENVPN_USERNAME=MyUsername - OPENVPN_PASSWORD=MyPassword - WEBPROXY_ENABLED=false - TRANSMISSION_DOWNLOAD_DIR=/mnt/data/downloads - TZ=America/New_York - TRANSMISSION_WEB_HOME=/combustion-release/ - TRANSMISSION_IDLE_SEEDING_LIMIT_ENABLED=true - TRANSMISSION_SEED_QUEUE_ENABLED=true - TRANSMISSION_INCOMPLETE_DIR_ENABLED=false - LOCAL_NETWORK=192.168.0.0/16 logging: driver: json-file options: max-size: 10m ports: - "9091:9091" restart: unless-stopped

Dear Palo People,
I been doing SDWAn project. We decided to get rid of MPLs interface. Only will use ISP B Ethernet for Sdwan.
However, in head office, lots External services (web proxy, webmail access, global protect portal and gateway) public IPs are still pointing this mpls interface: ISP A cloud Nat and public IPs to get to "DMZ" zone where webproxy servers are. So, before migrating these public services to the ISP B ethernet link, I would like to keep DMZ working on ISP A without being affected by SDWAn implementation as Sdwan 901 will become the new default route.....
So I was suggested to use PBF. Now I had a bit play, still confusing.. is it totally ok to use PBF from "DMZ" zone to egress interface to MPLs interface? Also, if I have global protect portal, would it work if the default route changed at all?
Would the existing security rules still work, all traffic will flows like before?
Is there any good way to do this PbF for DMZ going out to ISP A link although ISP B (within Sdwan DIA) will become the new default route?
Thanks a lot

Hello guys,
I've out for a week to comeback to one my sites not able to talk to the MP.The DP on the same subnet on this site stop talking 6 days ago and the machines seems it did it abt 24 hours ago.this only happens on this site, if the laptops jump on Hotspot they get policies.
The only thing that happen while I was gone is the replacement of a Domain Controller (2012 r2)
I am not sure what to do abt this... this seems to be a cert issue kinda, but I am lost like a puppy when it comes down to certs.
Thanks in advance
​
https://preview.redd.it/w3y5kc8k0j6c1.png?width=1814&format=png&auto=webp&s=b7e3023bf992cb65ccb4590e4fe5a8f50d150493

Hi everyone,
can anyone explain me the usecase of a transparten webproxy? I mean why do I use another independent proxy instance when I could do the same just on the policy? What am I missing here?
Thanks!

Hey zusammen,
Ich bin auf der "Suche" nach dem Pfad den ich gerne beruflich einschlagen möchte und hoffe hier ein wenig Input zu bekommen. Kurz zu meinem Background: Habe 2 Jahre (+ 1,5 Jahre als Werkstudent) Erfahrung im IT-Infrastruktur Consulting (LAN,WAN, etwas PreSales, Projektmanagement) und davon etwas über einem Jahr auch mit der ISO 27001 für die Zertifizierung eines Kritis-Unternehmens. Dabei war der Hauptfokus die Implementierung technischer Controls (Webproxy, EDR, VLAN Segmentierung, etc.) und nebenbei habe ich mitbekommen wie der Scope definiert oder die verschiedenen Policies geschrieben wurden.
Nun habe ich die Chance bekommen, bei einem der größten Hersteller für Infrastruktur Hardware und Security Software als Trainee zum Security Engineer in den Professional Services zu starten. Dabei geht's natürlich extrem tief in die Netzwerkthemen (NGFW, DNS-Security, SASE, XDR, NAC, etc.). Hier würde ich auch die nächsten Jahre mit Weiterbildungen gut bedient sein.
Die Stelle habe ich, zum einen aus Interesse an den Technologien und zum anderen für die Erfahrung und der steilen Lernkurve, angenommen. Bisher gefällt es mir auch sehr gut, allerdings denke ich auch oft darüber nach, wie langfristig ich mir eine Karriere in diesem Bereich vorstellen kann und welche Optionen sich später daraus entwickeln. Derzeit bekomme ich immer noch viele Jobanfragen im Bereich GRC/InfoSec/Security Assessment und habe auch das Gefühl, dass das ein extrem gefragter und gut bezahlter Bereich (und vergleichsweise an notwendigen Weiterbildungen / Upskilling entspannt ist). Außerdem, hat man hier ein extrem breites Aufgabenspektrum und ist nicht unbedingt auf einer Technologie spezifiziert, wodurch man es natürlich auch auf dem Arbeitsmarkt leichter hat.
Meine Befürchtung wäre einfach, dass ich nach X-Jahren merke, dass ich nicht den richtigen Weg eingeschlagen habe und mir das Engineering nicht mehr so liegt. Vor allem, da klassische Infrastrukturthemen wie Routing und Switching / Network Security auf professioneller Ebene sehr spezifisch werden und mich damit eher in Richtung IT-Administration qualifiziere.
Vielleicht hat ja jemand Erfahrungswerte oder im Verlauf seine Karriere auch vom Security Engineering in das Security Management gewechselt und kann berichten. :-)

firewall { all-ping enable broadcast-ping disable group { } ipv6-name WANv6_IN { default-action drop description "WAN inbound traffic forwarded to LAN" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } ipv6-name WANv6_LOCAL { default-action drop description "WAN inbound traffic to the router" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 30 { action accept description "Allow IPv6 icmp" protocol ipv6-icmp } rule 40 { action accept description "allow dhcpv6" destination { port 546 } protocol udp source { port 547 } } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name WAN_IN { default-action accept description "WAN to internal" rule 10 { action accept description "Allow established/related" log disable protocol tcp_udp state { established enable related enable } } rule 20 { action accept description "Allow ARK game port" destination { address 192.168.1.100 port 7777 } log disable protocol tcp_udp source { group { } } state { established enable invalid disable new enable related enable } } rule 30 { action accept description "Allow ARK peer port" destination { address 192.168.1.100 port 7778 } log disable protocol tcp_udp source { group { } } state { established enable invalid disable new enable related enable } } rule 40 { action accept description "Allow Steam query port" destination { address 192.168.1.100 port 27015 } log disable protocol tcp_udp source { group { } } state { established enable invalid disable new enable related enable } } rule 50 { action accept description "Allow RCON for remote console server access" destination { address 192.168.1.100 port 27020 } log disable protocol tcp_udp source { group { } } state { established enable invalid disable new enable related enable } } rule 60 { action drop description "Drop invalid state" state { invalid enable } } } name WAN_LOCAL { default-action drop description "WAN to router" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 30 { action drop description "Drop invalid state" state { invalid enable } } } name WAN_OUT { default-action accept description "WAN Out" enable-default-log } options { mss-clamp { mss 1412 } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { ethernet eth0 { duplex auto speed auto vif 201 { description "Internet (PPPoE)" pppoe 0 { default-route auto firewall { in { ipv6-name WANv6_IN name WAN_IN } local { ipv6-name WANv6_LOCAL name WAN_LOCAL } out { name WAN_OUT } } mtu 1492 name-server auto password xxxx user-id xxxx } } } ethernet eth1 { address 192.168.1.1/24 description Local duplex auto speed auto } ethernet eth2 { address 192.168.2.1/24 description "Local 2" duplex auto speed auto } ethernet eth3 { duplex auto speed auto } loopback lo { } } port-forward { auto-firewall disable hairpin-nat disable lan-interface eth1 wan-interface pppoe0 } service { dhcp-server { disabled false hostfile-update disable shared-network-name LAN1 { authoritative enable subnet 192.168.1.0/24 { default-router 192.168.1.1 dns-server 192.168.1.1 lease 86400 start 192.168.1.38 { stop 192.168.1.243 } static-mapping ASA-Server { ip-address 192.168.1.100 mac-address 1C:1B:0D:31:98:54 } } } shared-network-name LAN2 { authoritative enable subnet 192.168.2.0/24 { default-router 192.168.2.1 dns-server 192.168.2.1 lease 86400 start 192.168.2.38 { stop 192.168.2.243 } } } static-arp disable use-dnsmasq disable } dns { forwarding { cache-size 10000 force-public-dns-boost listen-on eth1 listen-on eth2 } } gui { http-port 80 https-port 443 older-ciphers enable } nat { rule 1 { description "Allow ARK game port" destination { address xx.xx port 7777 } inbound-interface pppoe0 inside-address { address 192.168.1.100 port 7777 } log disable protocol tcp_udp type destination } rule 2 { description "Allow ARK game port" destination { address xx.xx port 7778 } inbound-interface pppoe0 inside-address { address 192.168.1.100 port 7778 } log disable protocol tcp_udp type destination } rule 3 { description "Allow ARK game port" destination { address xx.xx port 27015 } inbound-interface pppoe0 inside-address { address 192.168.1.100 port 27015 } log disable protocol tcp_udp type destination } rule 4 { description "Allow ARK game port" destination { address xx.xx port 27020 } inbound-interface pppoe0 inside-address { address 192.168.1.100 port 27020 } log disable protocol tcp_udp type destination } rule 5000 { description "masquerade for WAN" destination { group { } } log disable outbound-interface pppoe0 protocol all source { } type masquerade } } ssh { port 22 protocol-version v2 } unms { disable } } system { analytics-handler { send-analytics-report false } crash-handler { send-crash-report false } host-name ER4 login { user xxx { authentication { encrypted-password xxxx } level admin } } ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org { } server 2.ubnt.pool.ntp.org { } server 3.ubnt.pool.ntp.org { } } offload { hwnat disable ipv4 { forwarding enable pppoe enable } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone America/Los_Angeles } /* Warning: Do not remove the following line. */ /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@5:ubnt-l2tp@1:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@2:ubnt-util@1:vrrp@1:vyatta-netflow@1:webgui@1:webproxy@1:zone-policy@1" === */ /* Release version: v2.0.9-hotfix.6.5574652.221230.1020 */