Menu
What's new
By:
Filters Better Search

Aegis Aegis (simple yet effective protection)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

HELLO_wORLD said:
1.3.1 is out
The swap bug should be definitely gone.
Click to expand...
Just finished flashing to latest Voxel:
One thing I noticed that as usual aegis reinstalled via post-mount.sh, but Web Companion did complain that something was not ok.
(unfortunately I forgot to make a screenshot).
I had to disable and re-enable to get rid of the message. (also don't remember whether I also did an "update set and reload".
Not sure if you can do something with this fague description.

But aside that thing: 1.3.1 now completely hides all blocked VPN connections from Web Companion.
I run a ping from a device that is going via VPN -> I do see them being blocked in /var/log/log-message but Web Companion only shows blocked WAN connections but zero VPN connections.
(and toggling the VPN checkbox makes no difference)
 
R. Gerrits said:
Just finished flashing to latest Voxel:
One thing I noticed that as usual aegis reinstalled via post-mount.sh, but Web Companion did complain that something was not ok.
(unfortunately I forgot to make a screenshot).
I had to disable and re-enable to get rid of the message. (also don't remember whether I also did an "update set and reload".
Not sure if you can do something with this fague description.

But aside that thing: 1.3.1 now completely hides all blocked VPN connections from Web Companion.
I run a ping from a device that is going via VPN -> I do see them being blocked in /var/log/log-message but Web Companion only shows blocked WAN connections but zero VPN connections.
(and toggling the VPN checkbox makes no difference)
Click to expand...
Is aegis log in shell not showing vpn activity as well? I am using the same way of processing the log, so the bug should be there as well.
I will look into that this week.
 
HELLO_wORLD said:
Is aegis log in shell not showing vpn activity as well? I am using the same way of processing the log, so the bug should be there as well.
I will look into that this week.
Click to expand...
aegis log via shell does show the VPN entries (and also the correct direction + local vs remote); Only Web Companion is not showing them.
 
Ok, 1.3.2
Corrected a typo making VPN outgoing ‘from’ ip not showing.

I tested with a merge of my own log and @R. Gerrits one, and forcing aegis to recognize a virtual tun21 vpn device (for me, since I don’t use vpn), and the output is right:
2020-11-01 18:33:24 Blocked WAN incoming TCP packet from remote: 45.129.33.14744242 to local: HERMES (2.59.237.195)55199

2020-11-01 18:33:19 Blocked WAN incoming TCP packet from remote: 2.59.119.3760191 to local: HERMES (2.59.237.195)1433

2020-11-01 18:33:04 Blocked WAN incoming UDP packet from remote: 169.254.189.11249150 to local: BROADCAST (255.255.255.255)49152

2020-11-01 18:33:04 Blocked WAN incoming TCP packet from remote: 193.27.229.20752852 to local: HERMES (2.59.237.195)3954

2020-11-01 18:33:04 Blocked WAN incoming TCP packet from remote: 134.122.72.22149037 to local: HERMES (2.59.237.195)5553

2020-11-01 18:32:54 Blocked WAN incoming UDP packet from remote: 169.254.189.11249150 to local: BROADCAST (255.255.255.255)49152

2020-10-31 17:25:59 Blocked VPN outgoing UDP packet to remote: 195.35.245.306881 from local: 192.168.1.1051413

2020-10-31 17:25:39 Blocked VPN outgoing UDP packet to remote: 195.35.245.306881 from local: 192.168.1.1051413

2020-10-31 17:25:20 Blocked VPN outgoing UDP packet to remote: 195.35.245.306881 from local: 192.168.1.1051413

2020-10-31 17:13:06 Blocked VPN outgoing TCP packet to remote: 172.98.92.6651413 from local: 192.168.1.1045403

2020-10-31 17:12:54 Blocked VPN outgoing TCP packet to remote: 172.98.92.6651413 from local: 192.168.1.1045403

2020-10-31 17:12:48 Blocked VPN outgoing TCP packet to remote: 172.98.92.6651413 from local: 192.168.1.1045403

2020-10-31 17:12:45 Blocked VPN outgoing TCP packet to remote: 172.98.92.6651413 from local: 192.168.1.1045403
Click to expand...

@R. Gerrits : is it working for you?
 
hmm, my router again stopped logging iptables logs to /var/log/log-message... So I only have the older entries to go on:

aegis log:
Code: 
2020-11-01 18:33:26 Blocked WAN incoming TCP packet from remote IP 206.189.208.103:42708 to local IP R7800 (94.213.x.x):20844
2020-11-01 18:33:26 Blocked VPN outgoing ICMP packet to remote IP 220.163.125.148 from local IP 192.168.1.99
2020-11-01 18:33:31 Blocked VPN outgoing ICMP packet to remote IP 220.163.125.148 from local IP 192.168.1.99
2020-11-01 18:33:36 Blocked VPN outgoing ICMP packet to remote IP 220.163.125.148 from local IP 192.168.1.99
2020-11-01 18:33:41 Blocked VPN outgoing ICMP packet to remote IP 220.163.125.148 from local IP 192.168.1.99
2020-11-01 18:33:43 Blocked WAN incoming TCP packet from remote IP 195.54.161.122:50121 to local IP R7800 (94.213.x.x):6428

Web Companion:
Code: 
2020-11-01 18:33:43 Blocked WAN incoming TCP packet from remote: 195.54.161.12250121, to local: R7800 (94.213.x.x)6428
2020-11-01 18:33:41 Blocked VPN incoming ICMP packet from remote: 192.168.1.99, to local: 220.163.125.148
2020-11-01 18:33:36 Blocked VPN incoming ICMP packet from remote: 192.168.1.99, to local: 220.163.125.148
2020-11-01 18:33:31 Blocked VPN incoming ICMP packet from remote: 192.168.1.99, to local: 220.163.125.148
2020-11-01 18:33:26 Blocked VPN incoming ICMP packet from remote: 192.168.1.99, to local: 220.163.125.148
2020-11-01 18:33:26 Blocked WAN incoming TCP packet from remote: 206.189.208.10342708, to local: R7800 (94.213.x.x)20844

So 1.3.2 now again shows blocked VPN in web. But incoming and outgoing are swapped and the words local and remote are swapped.

Also 1.3.2 no longer shows the version number in the upper right corner.
 
1.3.3 - fix the version not showing.

@R. Gerrits , there is something definitely odd there... I can reproduce this problem when the vpn interface is not available but there are vpn entries in the log.
It seems you have weird problems on your device with vpn not always on... I will wait for more feedback from other vpn users.
 
I no longer have the version in the top right
Immagine.jpg


sorry but google translate
from milan italy
 
HELLO_wORLD said:
1.3.3 - fix the version not showing.

@R. Gerrits , there is something definitely odd there... I can reproduce this problem when the vpn interface is not available but there are vpn entries in the log.
It seems you have weird problems on your device with vpn not always on... I will wait for more feedback from other vpn users.
Click to expand...

added a line echo "_getLog $SC_NAME $LEN 0 0 $WAN_IF $TUN_IF" >/tmp/aegis_web_debug to function log() in aegis_web.cgi
Then opened the web log again. After this that debug file shows this:
Code: 
root@R7800:~$ cat /tmp/aegis_web_debug 
_getLog aegis 300 0 0 brwan

So somehow in function log(), $TUN_IF is blank.
Which seems strange, as on the status page, it does show tun21.

so my fix:

in function log(), change
Code: 
  aegis_env
into
Code: 
  aegis_env
  set -- $(/opt/bolemo/scripts/aegis _status)
  eval "_STAT=$1; WAN_IF=$2; TUN_IF=$3; BL_NB=$4; WL_NB=$5"

And now things do look good also in web interface
 
@R. Gerrits : big thanks!
I used this set — for the status, after I had problems. But worked on that a long time ago (started to work on the web thing in spring before I stopped to finally go back at it this spring.
So it was not in my mind anymore.

I could not look more into this this evening (family life) and was planning to work on it tomorrow (and not sleep well as I like this kind of bugs solved before going to sleep).

So thank you all for being testers and patient with me.
And thank you @R. Gerrits for the troubleshoot (and helping me to sleep well tonight), and glad to hear that all your issues are gone :)
 
Whoever encounters the same problem @R. Gerrits did with Web Companion log, you can reinstall the Web Companion that has for now a quick fix (based on his suggestion).
Code: 
aegis web -install

The fix makes it work, but I still will need to go to the bottom of the problem to have an elegant way to have this work, and to understand why it does not behaves as supposed. A piece of code works for me, but not for him. Probably a R7800 R9000 difference...
 
Ok guys,

I found the bottom of the problem. My variable export from aegis to web companion was skipping backlashes, so the sed command that was capturing the vpn interface was broken.
I fixed it two ways : 1) getting rid of sed in that case and use pure shell (should be faster), and 2) my export system does not skip backslashes anymore (so the sed would have now worked anyway).
New version with fixes coming soon :)
 
It gets visible when the add-on detects the presence of:
/root/bolemo/www/aegis.htm
Note that the web-page in your browser must be re-loaded (e.g. by pressing F5) for this.
(Maybe it's not working on the R9000, since I have not tested that)
D3FenD3r said:
upgraded voxel, kamoj, aegis
noticed that the web icon is gone
reboot ..... but nothing
Click to expand...
 
You must log in or register to reply here.

Similar threads

HELLO_wORLD
Aegis Aegis 1.7.x
8 9 10
Replies
192
Views
24K
DeuX
DeuX
HELLO_wORLD
Aegis aegis: a firewall blocklist
7 8 9
Replies
177
Views
17K
HELLO_wORLD
HELLO_wORLD
HELLO_wORLD
Aegis Aegis 1.7.0 beta
2
Replies
29
Views
3K
HELLO_wORLD
HELLO_wORLD
HELLO_wORLD
Aegis The future of Aegis
Replies
4
Views
2K
HELLO_wORLD
HELLO_wORLD
HELLO_wORLD
[R7800, R9000 & probably others] Blocklist based Firewall addon
5 6 7
Replies
133
Views
12K
HELLO_wORLD
HELLO_wORLD

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 598 (members: 14, guests: 584)
Top