You are here

Block Known Encryption

18 posts / 0 new
Last post
Ai6bx
Block Known Encryption
*** Moderator copied text from Summary to Body section of the Forum post ***
 

Are there any known issues with the installation of blockknownencryption? I have tried applying to nodes only to find it appears to be blocking all web access regardless of page content. I would have anticipated receiving warnings that a page could not be viewed due to encrypted content rather than blocking everything.

Keith

AE6XE
AE6XE's picture
Keith,  got this on the radar
Keith,  got this on the radar.   The package needs some updates to work.    
Ai6bx
Thanks
Thank you, Joe. I pulled it back off for now.
N9ITW
Any update on the Block Known Encryption?
I was just curious to see if there is any update on the Block Know Encryption package.
KG6JEI
I'm not seeing any tickets in
I'm not seeing any tickets in bloodhound so my guess is the issue hasn't been reported yet for the developers to work on.

Best for someone to create a bloodhound ticket to get this on the developers radar.
Kd6mtu
blockknownencryption package
I installed this package and it blocked all web and tunnel traffic.. Removed the package but did not fix the access issue !!! any ideas on what to do. this node is 32 miles away on a mountain top...not easy access
K5DLQ
K5DLQ's picture
try logging in and rebooting
try logging in and rebooting it (over an RF connection from a connected node)
Kd6mtu
Ugh
Tried that... even wen as far to load the upgrade firmware over the top...but forgot to uncheck save config... In the switch on the Mt. top I removed it from its own vlan and put it in my admin vlan and then on a Pi2 running Ubuntu server I telnet'ed into it and added a 192.168.1.xxx address.. tried to ping it but no go.. rebooted it with a power down at the poe sw and then brought it back up after a few mins, still a no go...  Had to go to the Mt. Top this morning and reset it and then re configure it..

I believe if I had not had the check box checked to save config on the firmware upload it would have went back to the default IP and I could of accessed it from my Pi2 server....Lessoned learned..

firmware is 3.16.1.1 and it totally blocked all ip traffic through its wan port....???
K5DLQ
K5DLQ's picture
I opened this ticket on your
I opened this ticket on your behalf...  http://bloodhound.aredn.org/ticket/220
 
AE6XE
AE6XE's picture
The block known encryption

The block known encryption package has been upgraded and is now installable in 3.17.1.0RC1 (and future versions).    A 'refresh' in setup->administration->package_management, if connected to the internet, will make it selectable to install.   Otherwise, manually download from: 

http://downloads.aredn.org/releases/3/17/3.17.1.0RC1/ar71xx/generic/packages/arednpackages/​

This package download is not built for (meaning is not compatible) in 3.16.x.x or prior versions.  

Joe AE6XE

kj6dzb
kj6dzb's picture
Is there still an approved

Is there still an approved package that dose this? Or is there a suggested method to enable this function? 

AE6XE
AE6XE's picture
blockknownencryption package

blockknownencryption package in nightly build. 

Also, a package will install these rules:  ​http://downloads.arednmesh.org/snapshots/trunk/packages/mips_24kc/arednpackages/blockknownencryption_2.0.0-1_mips_24kc.ipk

Joe AE6XE

kj6dzb
kj6dzb's picture
The link got cut off!
The link got cut off!
AE6XE
AE6XE's picture
Fixed the link.   It should
Fixed the link.   It should also be in the list, after a refresh, on the admin page.

Joe AE6XE
kj6dzb
kj6dzb's picture
Thanks.
Thanks.

I thinks I will be removing the ssh rules. 

I don't run nighty on my tunnel server so I will place rules on a gateway and see how it works.
Im really looking to put together something more like a Firewall with the control like PFsence. The cheep hardware doesn't provide the bandwidth. I wish CISCO would let me evaluate some SDWAN equipment.
KJ6WEG
KJ6WEG's picture
BlockKnownEncryption not showing in list
Joe, thanks for the link!  I downloaded the file and got it to work on some of my devices.  

Wanted to mention that I tried getting the package by clicking the "Refresh" button in the  Package Management section of the Admin page. It gave me a bunch of error messages, mostly consisting of lines where it was downloading something, followed by these 2 lines:

Signature check failed.
Remove wrong Signature file.


The list never seems to populate.  I've tried it several times, on different devices, over the last 2-3 days.  
Any idea if I'm doing something wrong, or is the system that provides the package list not working right? 
K5DLQ
K5DLQ's picture
You most likely are on an
You most likely are on an older nightly build.    Update to the latest nightly and immediately install the packages you need.   Once the new nightly comes out, you will see the "Signature check failed" message again.

(OR, if you are a risk taker, you can edit /etc/opkg.conf and remove the line:   option check_signatures)
 
n3xls
Is this package still
Is this package still required on nodes or has it been incorporated?   There is still a splash screen for this package in the builds. I also can't find it in any of the repositories for the current packages. 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer