sonertari / utmfw Goto Github PK

My SSLproxy is listening on IP addr:x.x.x.0 and UTMFW is on x.x.x.x.1 , and I am using sudo ./sslproxy -k ca.key -c ca.crt https x.x.x.0 8443 up:8080 to start proxy

i always get the error
BEV_EVENT_ERROR
Error from bufferevent: 111:Connection refused 0:0:-:0:-:0:-
BEV_EVENT_ERROR
Error from bufferevent: 111:Connection refused 0:0:-:0:-:0:-
Please tell me whoch configuration to use to fully listen on UTMFW

or If SSLProxy and UTMFW is meant to be on same system, how to configure the UTM IPv4 address, as it donot accept the same IP

Does this support Wireguard for VPN?
Does this support MultiWAN (multiple wireguard connections), meaning having multiple public IPs, for which incoming traffic are accepted, then sent to a port on a internal server.
Here its also important that the resulting response traffic, is emanicated from the correct WAN interface, so WAN1:80 might be assigned to 192.168.1.10:80, and WAN2:80 might be assigned to 192.168.1.10:81. Response traffic with a source of 192.168.1.10:81 must be sent out from WAN2:80, even tough default gateway is WAN1.

I tried to install on KVM from iso. There seems to be an issue with user accounts. I'm not able to login to console with any user and password combination, errors with pf scrip and configuration:

I was testing the firewall, and configuring the Webfilter produced an invalid config file.

These lines where in the file /etc/e2guardian/lists/authplugins/ipgroups.

"utmfw = filter1
= filter2
bjt = filter5
all = filter1
bj = filter2"

I didnt edit the file manually, so i think this was produced by the interface.

Hi, is it possible to use sslproxy + snort and the UTMFW preprocessor in linux?
Thank you

Hello, its me again :)

I now tried to use OpenVPN to connect to UTMFW using the provided config files but it does not allow me to connect to anything besides the local network (UTMFW WUI using the local IP works but no internet).

What I did:

1. Fresh setup of UTMFW with 2 interfaces (internal/external) with every packet installed
2. Connected to the WUI using ssh ... -L port forwarding (I use a cloud server to host UTMFW)
3. Downloaded the OpenVPN client.conf and relevant certs via SFTP
4. Changed the remote port on my client to the actual public IP of UTMFW, the cert paths and enabled the setting to route any ipv4 traffic through Tunnelblick (OpenVPN client for MacOS)
5. Un-commented the "VPN" section in the pf.conf and did pfctl -f pf.conf
6. Connected using the client.conf. The connection is green/established. (It just warns that the DNS is not routed through the VPN)
7. No connection to anything besides 10.0.0.3 (the internal IP)

• I tried just a ping 1.1.1.1 , curl https://1.1.1.1 or neverssl.com, nothing works.
• In the WUI I can see many more "States" if I connect but nothing on "Data Transfer" or "Internal interfaces". No logs on any of the packet's Log-sections (IDS/IPS/Spam etc).
• I can see no pf blocks in the log. I see pass from 10.0.0.8 to public-IPs that seem to be the one I requested but I see nothing in the other direction.
• I tried enabling the #VPN passthrough rules that were commented in the pf.conf but it also didn't work.

Maybe I am missing some routing? Or did I do anything else wrong?
Any help would be appreciated. :)

I was trying to boot the ISO, no luck. Do I have to be in 'legacy' mode? UEFI? I did 'dual' but even my iso file seems corrupted (I got the one from the google drive). To build do I need an openbsd vm?

thomas

Hello,
I like this project and find it really promising (and also underrated), but at the moment I am facing an inconvenience:

I tried to add rules to pass my own host to connect to anything via the WUI Packet Filter -> Editor, but this doesn't seem to work at all.
If I e.g add a "pass from 10.26.0.10" rule at the end it doesn't actually let this IP pass. I know this could be related to some quick rules above, but the same goes for something like: "block to 1.1.1.1" which I could easily confirm using "ping 1.1.1.1" -> connection still possible. The changes are also not written in the /etc/pf.conf file. If I edit the /etc/pf.conf file manually with these entries from above it all works fine. So it seems that any change via the WUI Rule editor does not seem to affect pf...Or did I oversee something? Afaik the "Load and Save" options are just for saving to another conf. file and not necessary to apply new rules right?

Any help would be appreciated
Greetings

I installed the UTMFW with 2 network interfaces in different subnets. But SSH nor web gui on port 80 or 443 is not accessible. From UTMFW server console I can ping local network and internet. How do I allow access to SSH and web so I can configure it?
Thanks

Is there any throughput benchmark of UTMFW, specially SSLProxy

It is a little unclear how to use this firewall correctly, for example, for an office with 10 computers and 1 web server for development

Hi there,

I keep getting the following errors when I tried to access inbox from google:
SNI peek: [inbox.google.com] [complete], fd=47
Connecting to [216.58.212.133]:443
pxy_connected_enable: SSL connected to [-]:- TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
CLIENT_RANDOM B4C70D68E61E74699267DBCAE725936250B55FB110259C37A46F94E4DB5FEB42 761DEA9FC5DEEA1418BEA4BD045F64DDE82B79DB711BCCFF5F8935186DB326DC1D701BD09F41DB20AEABFD6E67A0334C
===> Original server certificate:
Subject DN: /C=US/ST=California/L=Mountain View/O=Google LLC/CN=mail.google.com
Common Names: mail.google.com/mail.google.com/inbox.google.com
Fingerprint: 47:C9:7F:F3:E6:2C:9B:CE:0E:954B:95:23:0B:BC:FA:71:EE:A4:68
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /C=US/ST=California/L=Mountain View/O=Google LLC/CN=mail.google.com
Common Names: mail.google.com/mail.google.com/inbox.google.com
Fingerprint: E4:80:3A:D7:52:98:FF:F6:48:6F08:24:B6:73:B5:77:BB:EF:E8:21
Received privsep req type 05 sz 5 on srvsock 8
Certificate cache: KEEP (SNI match or target mode)
pxy_ssl_shutdown_cb: fd=48, SSL_free() in state 00000001 = 0001 = SSLOK (SSL negotiation finished successfully)
BEV_EVENT_ERROR
Error from bufferevent: 0:- 336151574:1046:sslv3 alert certificate unknown:20:SSL routines:148:ssl3_read_bytes
pxy_bev_eventcb: SSL disconnected to [216.58.212.133]:443, fd=47
pxy_bev_eventcb: SSL disconnected from [10.8.0.2]:59632, fd=47

Inbox will not refresh the content and gave No Connection error. I also get similar error in whatsapp. Has it got something to do with my self-signed certificate? I already imported the self-signed certificate onto my Android device so that is not the cause. Not all forged certificates generated an error though.

I have sslproxy version v0.5.6-7-g859da0a so it's the latest. I noticed that web browsing on Android phone is fine with the forged certificates but when in android apps these error became more. I think I miss something here but what? Hopefully you can help me with this.

Thank you!

Eric

Hello. I was installed on virtualbox two machines, utmfw as router-utm and Windows xp as guest OS to test connection to the internet via utmfw. Utmfw ext_if is connected to the internet via bridged interface in my laptop on which I installed the VM. The problem is that i cant connect anywhere to www (80 or 443) even to utmfw (to the int_if from guest XP) but for example i can connect from XP to ftp, SSH Servers. To test built-in server www on utmfw i was instaled lynx from openbsd and IT works locally. Furthermore I can ping from guest any machine in the internet. Nslookup on guest resolv names properly. I installed several times utmfw but no luck. Please help.

Hello,
as the default ca.crt doesn't seem to work when installing as trusted root in Ubuntu, I tried changing the certs in SSLProxy to the ones I know that worked with SSLsplit (and therefore I guess with SSLProxy too).
But changing the config to include them or just replacing them (tried both) results in the following error:

/usr/local/bin/sslproxy: error loading CA cert from '/etc/sslproxy/ca.crt':
Invalid argument
Error in conf: 'CACert' on line 12
Error in conf file '/var/log/utmfw/tmp/sslproxy.conf.Om4SYF'

Config:

[...]
# Use CA cert (and key) to sign forged certs.
# Equivalent to -c command line option.
CACert /etc/sslproxy/ca.crt

# Use CA key (and cert) to sign forged certs.
# Equivalent to -k command line option.
CAKey /etc/sslproxy/ca.key
[...]

Is there maybe something wrong with my certificates?

Hello, I really like your project, especially the TLS decryption feature, but I have questions:

1. As I understand it, it is possible to inspect decrypted TLS traffic with suricata/snort with all the rules etc. right?

1.2) is there a feature for remote logging (especially the eve.json)?

2. Is it possible to just use SSLproxy to decrypt the traffic and mirroring the decrypted traffic to a Suricata server? In my case I just want to have an internet proxy (MyDevices <-> SSL Proxy <-> Internet) to monitor for malicious traffic and not block anything or something like that.

First, thank you so much for creating and maintaining UTMFW - I'm looking to create an OpenBSD-based transparent firewall with a good GUI and this looks like the perfect solution.

I was wondering if you would be able to provide a reduced set of installation instructions (or, ideally, an installer script :)) for those of us who just want to install UTMFW on top of an existing OpenBSD system, rather than having to fully format and do a clean install of the ISO. It looks like the build instructions were intended for creating full ISOs. Thank you!

Hi there,
I found your project after doing a research about Open-BSD based operating systems and I must say that the features packed in this are pretty good!

It's just that, it's a bit concerning that you're the only one working on this project. Do you somehow need a helping hand on this?

HTTP/S Traffic doesnt work, i always get a BEV_EVENT_ERROR in the logs of the SSL-Proxy.

Hello, I'm having a question, is it possible to use SSLProxy with Squid on linux?

because I configured sslproxy, but did not browse because the source and destination was 127.0.0.1.

Do you have any tips?

Thank you.