What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I have this question right now. For me it is the UDP 1149 port for my OpenVPN server that is always blocked: $

But unfortunately the Adamm only says IP based.

Have you tried the ASUS gui / WAN / Port Trigger or Port Forwarding ?
 
I get this message for the last two weeks when updating the Malwarebanlist
Refreshing Whitelists | du: : No such file or directory
When I print the debug info it passes all tests.
Diversion is on its most current release.
Sounds like your swap file is missing or undetected.
 
Have you tried the ASUS gui / WAN / Port Trigger or Port Forwarding ?

Yes, but I'm not sure if that's all true. that's why i put everything i thought here :eek: do you know your way better?
with activated firewall it still doesn't work: / Tips?

lg.
 

Attachments

  • Screenshot_20200505-234037.jpg
    Screenshot_20200505-234037.jpg
    43.3 KB · Views: 134
  • Screenshot_20200505-234019.jpg
    Screenshot_20200505-234019.jpg
    36.7 KB · Views: 128
How about running this:
Code:
grep swaplocation /tmp/mnt/SKYNET/skynet/skynet.cfg
I'm guessing it doesn't exist or is blank.
output was
swaplocation=""

then the file lock notice showed up for some minutes.
now it's gone but i still get the same message when updating the malware banlist
 
output was
swaplocation=""

then the file lock notice showed up for some minutes.
now it's gone but i still get the same message when updating the malware banlist
How about running
Code:
sh /jffs/scripts/firewall debug swap install
Then see if that populates the skynet.cfg file.
 
How about running
Code:
sh /jffs/scripts/firewall debug swap install
Then see if that populates the skynet.cfg file.
seems to have done the trick, no error message anymore :D
thanks!
 
Yes, but I'm not sure if that's all true. that's why i put everything i thought here :eek: do you know your way better?
with activated firewall it still doesn't work: / Tips?

lg.
There is usually no need to port forward or trigger for the built-in OpenVPN server. Remove all that stuff you added. Then check the state of the firewall rules:
Code:
iptables -nvL OVPN
 
There is usually no need to port forward or trigger for the built-in OpenVPN server. Remove all that stuff you added. Then check the state of the firewall rules:
Code:
iptables -nvL OVPN


All rules removed. Now only the VPN server and the VPN client (Nordvpn) are running
I don't know my way around but it shouldn't look like this?

lg.
 

Attachments

  • iptables.png
    iptables.png
    337.2 KB · Views: 149
  • VPN Status.png
    VPN Status.png
    292.8 KB · Views: 120
  • Port Forwarding.png
    Port Forwarding.png
    223.5 KB · Views: 183
All rules removed. Now only the VPN server and the VPN client (Nordvpn) are running
I don't know my way around but it shouldn't look like this?

lg.
So you have a client and server both running on the router simultaneously. Too complicated for my limited VPN knowledge.
 
I'm not sure if this has been requested before, but could there be an option, preferably on by default, to automatically whitelist addresses like the resolved IP of the configured NTP servers, the currently configured DNS resolvers, and the WAN default gateway? Basically things that if they were FPs in IP lists, they would stop everything from working and prevent fetching updated lists and therefore prevent fixing the FP.

This hasn't happened, I just have custom lists and was thinking of bad things that could happen.
 
Last edited:
I'm not sure if this has been requested before, but could there be an option, preferably on by default, to automatically whitelist addresses like the resolved IP of the configured NTP servers, the currently configured DNS resolvers, and the WAN default gateway? Basically things that if they were FPs in IP lists, they would stop everything from working and prevent fetching updated lists and therefore prevent fixing the FP.
Already part of the script. It includes the WAN IP, but not the WAN gateway.
 
Already part of the script. It includes the WAN IP, but not the WAN gateway.

Thanks for the reply. I looked through the script and found what I think are whitelist entries for all of the things I asked for here except the WAN gateway. I might have missed it, though.
 
Hi everyone,

Question from a total non-techie (well, almost total): is there anything that either Diversion or SkyNet would be doing that would block my Desktop PC from connecting to my Echo Studio when listening via Spotify? All of a sudden I can't play Spotify through my Echo. I can play SiriusXM no problem. I'm guessing it's a temporary outage somewhere else, because I've been using Diversion and SkyNet for some time without any issues (see my signature below). Still, just checking...

Thanks,
Anton
 
Hi everyone,

Question from a total non-techie (well, almost total): is there anything that either Diversion or SkyNet would be doing that would block my Desktop PC from connecting to my Echo Studio when listening via Spotify? All of a sudden I can't play Spotify through my Echo. I can play SiriusXM no problem. I'm guessing it's a temporary outage somewhere else, because I've been using Diversion and SkyNet for some time without any issues (see my signature below). Still, just checking...

Thanks,
Anton
if you are using any adblockers that block domains associated with spotify, It would most likely be an issue with the block list you are using with diversion as skynet mainly only blocks threat level stuff. check your logs in diversion and look for domains specifically being blocked when you try to access spotify from your echo. it will list all the domain traffic that is being blocked for the ip addess that is associated with your echo. ( first you need to identify the ip address assigned to your echo before this will be relevant). Once you identify the domains being blocked, then add them to your whitelist and run process all list.
if you need more help with this try moving this issue to the diversion thread for more help.
 
Hi everyone,

Question from a total non-techie (well, almost total): is there anything that either Diversion or SkyNet would be doing that would block my Desktop PC from connecting to my Echo Studio when listening via Spotify? All of a sudden I can't play Spotify through my Echo. I can play SiriusXM no problem. I'm guessing it's a temporary outage somewhere else, because I've been using Diversion and SkyNet for some time without any issues (see my signature below). Still, just checking...

Thanks,
Anton
Code:
apresolve.spotify.com
upgrade.scdn.com
market.spotify.com
spclient.wg.spotify.com
audio-ake.spotify.com.edgesuite.net
mobile-ap.spotify.com

here is some commonly whitelisted ones for spotify try them out in your diversion whitelist and let me know if it resolves your issue.

**edit** Note i just updated the list with a corrected spelling **
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top