Re: [pfSense] Factory Default / Cleanup(script) of binaries + config backups + etc

2017-08-06 Thread WolfSec-Support
Well goal for sure is not a forensical aware deletion which needs DBAN etc Main point is that config backups are NOT deleted with a reset to defaults and on a hdd install it keeps 30 versions So effectively works: Reducing backups to 1 Overwrite all credentials in config Uninstall packages This

Re: [pfSense] Acme client - DNS server setup/dns client secret issue.

2017-08-06 Thread Walter Parker
Thank you, To document how I did it for others: Create your key using dnssec-keygen (use a keysize of 256 to prevent wrapping/spacing issues) Note, you most define you key with the exact name that pfSense will use. If the firewall is named fw.sample.com, the named.conf must look like something be

Re: [pfSense] Acme client - DNS server setup/dns client secret issue.

2017-08-06 Thread Jim Pingle
On 8/6/2017 9:47 PM, Walter Parker wrote: > How do I get the Acme package to let me update the sample.com > zone, to add the host for > _acme-challenge.fw.sample.com ? I > think I missed a step. This is for a firewall that I don't want to s

Re: [pfSense] Acme client - DNS server setup/dns client secret issue.

2017-08-06 Thread Walter Parker
I replaced the secret with the one that didn't have a space in it. It continues to fail. [Sun Aug 6 18:13:10 PDT 2017] adding _acme-challenge.fw.sample.com. 60 in txt "Ovv8F-OwpeprtA2ZhICx9ct3pWlcGViHvPpTtgFkR8A" ; TSIG error with server: tsig indicates error update failed: NOTAUTH(BADKEY) I have

Re: [pfSense] Acme client - DNS server setup/dns client secret issue.

2017-08-06 Thread Jim Pingle
On 8/6/2017 8:03 PM, Walter Parker wrote: > I think I'm missing something simple with my Acme Client setup in pfsense. > I followed the following steps and I'm get a TSIG error (note NSUPDATE > worked when run by hand). > > >- dnssec-keygen -a HMAC-MD5 -b 512 -n HOST fw.sample.com >- Copy

[pfSense] Acme client - DNS server setup/dns client secret issue.

2017-08-06 Thread Walter Parker
I think I'm missing something simple with my Acme Client setup in pfsense. I followed the following steps and I'm get a TSIG error (note NSUPDATE worked when run by hand). - dnssec-keygen -a HMAC-MD5 -b 512 -n HOST fw.sample.com - Copy secret from Kfw.sample.com.*.key (note this secret has

Re: [pfSense] pfSense 2.4 with ZFS, will it solve corrupt systems

2017-08-06 Thread Vick Khera
On Sat, Aug 5, 2017 at 9:07 AM, Jim Pingle wrote: > On 8/5/2017 8:59 AM, Arthur Wiebe wrote: > > This is more out of curiosity to verify that I'm correct, with pfSense > 2.4 > > using ZFS will that solve the issue where an SG appliance will stop > booting > > because of a corrupt filesystem and r