Re: [pfSense] http://pfsense.org/ip.php and wget
On Wed, Mar 19, 2014 at 4:40 PM, Stefan Baur wrote: > Am 19.03.2014 22:35, schrieb Chris Buechler: >> Oh you're one of those people that's hammering us with wget requests >> to ip.php. :p Was curious why people would be hitting it like that. >> There are a few hundred IPs that query it once a minute or so. > > Um, nope. Requests get sent out once a day, when the machines reboot. > Most of them around 1:00-1:15am CE(S)T. (and with a random delay, so > they don't do it at the same time) Aside from that, it only triggers > upon a manual reboot. > > Right now we're talking 3 or 4 machines, once the update propagates > (during the next few weeks, I hope), it should be around 40. > > Of course, if your system can't take that load, let me know and we'll > switch to the dyndns checkip url or something else. > No problem, that's trivial, even the 1 per minute hits are trivial in the scheme of things. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] http://pfsense.org/ip.php and wget
On Wed, Mar 19, 2014 at 4:15 AM, Stefan Baur wrote: > Am 19.03.2014 10:09, schrieb Stefan Baur: >> Hi List, >> >> is there a particular reason why wgetting http://pfsense.org/ip.php >> gives a blank result? Works just fine when using a regular GUI browser >> like Firefox, but not on the command line with wget. > > Oh. I just noticed it's redirecting to https, and wget throws this error: > > ERROR: The certificate of `www.pfsense.org' is not trusted. > > What do I have to install to make it work? Oh you're one of those people that's hammering us with wget requests to ip.php. :p Was curious why people would be hitting it like that. There are a few hundred IPs that query it once a minute or so. We started redirecting everything on www from HTTP to HTTPS about a week ago or so, with the exception of the packages since PHP XMLRPC doesn't follow 301s. It does work fine for me though using wget 1.15 on FreeBSD 10 with the ca_root_nss package installed and symlinked to openssl's default /etc/ssl/cert.pem. The built-in fetch also validates it fine. cmb@fbsd10:~ % ls -l /etc/ssl/cert.pem lrwxr-xr-x 1 root wheel 38 Mar 19 16:28 /etc/ssl/cert.pem -> /usr/local/share/certs/ca-root-nss.crt wget only added SNI support in v1.14, so that's at least part of why yours isn't working, too old of a version. Seems you're getting by fine with curl though. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] http://pfsense.org/ip.php and wget
Am 19.03.2014 22:35, schrieb Chris Buechler: > Oh you're one of those people that's hammering us with wget requests > to ip.php. :p Was curious why people would be hitting it like that. > There are a few hundred IPs that query it once a minute or so. Um, nope. Requests get sent out once a day, when the machines reboot. Most of them around 1:00-1:15am CE(S)T. (and with a random delay, so they don't do it at the same time) Aside from that, it only triggers upon a manual reboot. Right now we're talking 3 or 4 machines, once the update propagates (during the next few weeks, I hope), it should be around 40. Of course, if your system can't take that load, let me know and we'll switch to the dyndns checkip url or something else. -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] http://pfsense.org/ip.php and wget
On Wed, Mar 19, 2014 at 4:51 AM, Brian Candler wrote: > By the way: pfsense.org has a record but refuses connections on port > 443 on IPv6. > That's since been fixed. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] http://pfsense.org/ip.php and wget
Hi Stefan, >Using it now, as per Brian's suggestion. Great job! There's also ifconfig.me it won't download display the html is it's on one line. Best, Jungle On 19 March 2014 13:13, Stefan Baur wrote: > Am 19.03.2014 21:11, schrieb jungleboogie0: > > > Just curious why you would not use curl. > > Using it now, as per Brian's suggestion. > > > IS your objective to get your > > current IP address? > > Yes, on a machine that has no GUI, only a command line. > > -Stefan > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > -- --- inum: 883510009902611 sip: jungleboo...@sip2sip.info xmpp: jungle-boo...@jit.si ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] http://pfsense.org/ip.php and wget
Am 19.03.2014 21:11, schrieb jungleboogie0: > Just curious why you would not use curl. Using it now, as per Brian's suggestion. > IS your objective to get your > current IP address? Yes, on a machine that has no GUI, only a command line. -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] http://pfsense.org/ip.php and wget
Hi Stefan, Just curious why you would not use curl. IS your objective to get your current IP address? Best, jungle On 19 March 2014 02:09, Stefan Baur wrote: > Hi List, > > is there a particular reason why wgetting http://pfsense.org/ip.php > gives a blank result? Works just fine when using a regular GUI browser > like Firefox, but not on the command line with wget. > > -Stefan > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > -- --- inum: 883510009902611 sip: jungleboo...@sip2sip.info xmpp: jungle-boo...@jit.si ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] http://pfsense.org/ip.php and wget
On Wed, Mar 19, 2014 at 5:51 AM, Brian Candler wrote: > is happy, so my guess it's a problem with wget 1.13.4 - maybe it doesn't > do SNI. In that case, the solution is to change to a less broken client. > Try: > Indeed that is the case. wget is complaining about properly chained certificates -- it seems to ignore the certificate chains as provided by the client entirely, and only trusts certificates signed directly by one in its internal list of known signers. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] http://pfsense.org/ip.php and wget
Am 19.03.2014 10:51, schrieb Brian Candler: > That's a problem I can replicate with Debian Wheezy. I find that > > openssl s_client -CApath /etc/ssl/certs -connect pfsense.org:443 > > is happy, so my guess it's a problem with wget 1.13.4 - maybe it doesn't > do SNI. In that case, the solution is to change to a less broken client Indeed, that seems to be the problem. Thanks for pointing that out and providing a workaround. -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] http://pfsense.org/ip.php and wget
On 19/03/2014 09:15, Stefan Baur wrote: Am 19.03.2014 10:09, schrieb Stefan Baur: Hi List, is there a particular reason why wgetting http://pfsense.org/ip.php gives a blank result? Works just fine when using a regular GUI browser like Firefox, but not on the command line with wget. Oh. I just noticed it's redirecting to https, and wget throws this error: ERROR: The certificate of `www.pfsense.org' is not trusted. What do I have to install to make it work? Depends what platform you are running wget on. On OSX, "wget https://pfsense.org/ip.php"; works fine for me. That's with wget 1.15. "openssl s_client -connect pfsense.org:443" will show you what certificate it has (it's GlobalSign) If you are using an Ubuntu/Debian flavour of Linux, then check you have the ca-certificates package installed, and that /etc/ssl/certs contains a bunch of symlinks. Then, check if wget https://dropbox.com/ is accepted but wget https://pfsense.org/ is not. That's a problem I can replicate with Debian Wheezy. I find that openssl s_client -CApath /etc/ssl/certs -connect pfsense.org:443 is happy, so my guess it's a problem with wget 1.13.4 - maybe it doesn't do SNI. In that case, the solution is to change to a less broken client. Try: apt-get install curl curl https://pfsense.org/ >index.html which works for me. By the way: pfsense.org has a record but refuses connections on port 443 on IPv6. $ telnet pfsense.org 443 Trying 2610:160:11:11::69... telnet: connect to address 2610:160:11:11::69: Connection refused Trying 208.123.73.69... Connected to pfsense.org. Regards, Brian. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] http://pfsense.org/ip.php and wget
Am 19.03.2014 10:18, schrieb A Mohan Rao: > Hello, > i have configured openvpn road warrior also client is properly connected > from outside internet network. > but not able to access server end network and servers's. > can anybody give any help where is do any wrong steps. This has nothing to do with my original question, to which you posted this as a reply. Please open a new thread with an appropriate subject (by sending a new E-Mail to list@lists.pfsense.org, instead of hitting "reply"), rather than hijacking someone else's unrelated thread. Thank you. :-) -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] http://pfsense.org/ip.php and wget
Hello, i have configured openvpn road warrior also client is properly connected from outside internet network. but not able to access server end network and servers's. can anybody give any help where is do any wrong steps. thanks Mohan On Wed, Mar 19, 2014 at 2:45 PM, Stefan Baur wrote: > Am 19.03.2014 10:09, schrieb Stefan Baur: > > Hi List, > > > > is there a particular reason why wgetting http://pfsense.org/ip.php > > gives a blank result? Works just fine when using a regular GUI browser > > like Firefox, but not on the command line with wget. > > Oh. I just noticed it's redirecting to https, and wget throws this error: > > ERROR: The certificate of `www.pfsense.org' is not trusted. > > What do I have to install to make it work? > I do have the ca-certificates bundle installed, but it seems you're > requiring something else? > > -Stefan > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] http://pfsense.org/ip.php and wget
Am 19.03.2014 10:09, schrieb Stefan Baur: > Hi List, > > is there a particular reason why wgetting http://pfsense.org/ip.php > gives a blank result? Works just fine when using a regular GUI browser > like Firefox, but not on the command line with wget. Oh. I just noticed it's redirecting to https, and wget throws this error: ERROR: The certificate of `www.pfsense.org' is not trusted. What do I have to install to make it work? I do have the ca-certificates bundle installed, but it seems you're requiring something else? -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] http://pfsense.org/ip.php and wget
Hi List, is there a particular reason why wgetting http://pfsense.org/ip.php gives a blank result? Works just fine when using a regular GUI browser like Firefox, but not on the command line with wget. -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list