Forum Replies Created
Just checked to see what was written to the filesystem on mine and at the moment it has the correct one. Where would I look to see what is written to the CF that would survive a shutdown or reboot when it comes back up.
What ports are needed to be opened to allow host-to-lan VPN connections. Also since I have ppp0 bound to ETH00 for PPPoE what interface should my rules be set for. (ppp0 or ETH00).
I think I might have found us OSX users a short work around from here:
Below is a cut and paste from section 8.4.1 of the page.
8.4.1 Alternative method of importing the machine certificate
If you are a die-hard command line fan you can use the utility ‘certtool’ that is included with Mac OS X. It works for me but I did not look into this much because the command line scares off most users. Anyway, here are the commands for importing a file in PKCS#12 format. This example assume the file is called ‘yourcrt.p12’.
openssl pkcs12 -in yourcrt.p12 -cacerts -out ca.pem -nokeys
openssl pkcs12 -in yourcrt.p12 -clcerts -out client.pem -nokeys
openssl pkcs12 -in yourcrt.p12 -nocerts -out key.pem -nodes
cp /System/Library/Keychains/X509Anchors $HOME/Library/Keychains/X509Anchors.bkp
cp /Library/Keychains/System.keychain $HOME/Library/Keychains/System.keychain.bkp
certtool i ca.pem k=X509anchors.bkp v
certtool i client.pem r=key.pem f=1 k=System.keychain.bkp v
sudo cp $HOME/Library/Keychains/X509Anchors.bkp /System/Library/Keychains/X509Anchors
sudo cp $HOME/Library/Keychains/System.keychain.bkp /Library/Keychains/System.keychain
rm -fr ca.pem client.pem key.pem
You will be asked three times for the certificate password. After that, you will be asked for the Keychain Access password and then for your login password.
A word of advice: copy, paste and execute these lines one by one in a Terminal window. Typing them is error prone.
In doing the steps above it allowed me toimport a user certificate and a host certificate to allow me to configure L2TP from internet conect using only certs.
I just found out that my DNS is exposed to the internet and the internet is allow o query my DNS server.
Can someone provide me with a quick write-up to put rules that would block all inbound from the internet but would allow all outbound from my Networks that I have on ETH01 and ETH02.