@scottalanmiller @bigbear I was lucky enough not to use FR in production, only in lab while I was studying for my Cisco certs. Nowdays, we don't use FR, and Cisco is less and less present in my work. Fortunatelly

@travisdh1 said in Introducing FreeNAS Corral:

@mlnews Are they going to add in a kitchen sink for the next release?

Somehow I don't see this becoming the next @scale.

not yet, for sure

https://www.theregister.co.uk/2017/04/18/freenas_downgrades_latest_release_to_tech_preview/

new Chrome has patch for this already.

@scottalanmiller said in Did you ever try NethServer ?:

@alefattorini said in Did you ever try NethServer ?:

@triple9 we're working on Asterisk 13 and Freepbx 14. They are going to be available by the summer

A full integration so that the system can be used as a complete PBX? Or just for faxing?

as stated on referenced URL:

*We are working very proudly to have Asterisk 13 and FreePBX 14 on NethServer 7!

They are useful to turn your NethServer 7 into a phone switchboard!*

@alefattorini I tried NethServer, it seems really nice, very polished. I liked OpenVPN part a lot, though I would like to see self-service portal for end users, where they could download ovpn file (or have I missed it?)
I had one problem, not sure if I'm to blame. I wanted to setup server as AD DC, and things went really bad. Installation was stuck in the middle, and I could not stop it or do anything with it. I didn't have time to investigate what happened, but I plan to do it later.

Do you have #!/bin/bash in the scripts? Other thing that could cause problem is missing PATH variable. Put something like

#!/bin/bash
export PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin

In script itself.

As @StorageNinja said, you should upgrade to something newer. The problem was described at https://kb.vmware.com/s/article/1020214?language=en_US

Cisco has it's own technique on ASA for this - they call it DNS Doctoring.
You would put something like this on your ASA:

object network WEB_SRV_OUTSIDE
 nat (dmz,outside) static X.X.X.X dns

where X.X.X.X is public (external) address and dns keyword is DNS doctoring part. More details is available at:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/72273-dns-doctoring-3zones.html

http://resources.intenseschool.com/dns-doctoring-on-the-cisco-asa/

@samsmart84 Maybe this Sophos KB article will help?

Personally, I prefer to close RDP if possible and put it into VPN. Keep it open only if client insists, and even then try to limit to certain IPs only. Even though there is no documented case that RDP itself was to blame (other than recently discovered exploit, but for 2003 and XP, which are dead anyway), I just don’t like the idea of having it exposed. As @scottalanmiller said "the product is just believed to be insecure" and I feel that way.
Good read at https://blog.rapid7.com/2017/08/09/remote-desktop-protocol-exposure/

@scottalanmiller Pete-S wants control once user is logged in or I misunderstood request? IPtables kicks in when user jumps to destination server.

@Pete-S never tried it myself but I think it should be doable using uid-owner in iptables

iptables -A OUTPUT -s 127.0.0.1 -d x.x.x.x -m owner --uid-owner <USERNAME> -j ACCEPT/REJECT

@JaredBusch https://docs.microsoft.com/en-us/deployoffice/security/internet-macros-blocked

@JaredBusch I had same problem recently. Solution was to use name instead of IP address.
I had to map folder as \\FILESERVER\Data

Mikrotik devices are usually very stable, rock solid. However, from time to time, there are serious problems with some models and it can take looooong time until they fix it. Last two fckups that I remember where problem with RB4011 disabling wifi interface for no reason and CCR2004 router rebooting on random. It took over a year in both cases to solve the problems.

@jaredbusch has anyone experienced problems with corrupted backups like this
https://forums.veeam.com/veeam-backup-replication-f2/synology-nas-as-repo-t77177.html
I have never seen it myself, but it doesn't mean it is not happening.

@jaredbusch is it EAP225 AC1350? EAP225 supports both 802.3af PoE and Passive PoE power supply.

@brandon220 said in What Are You Doing Right Now:

Does anyone have a trick to make FreePBX re-register the voip.ms SIP trunks after an internet outage restores? A cut fiber caused an outage for a few hours yesterday eve. When it was restored, I had to manually get them to register by re-booting the system. I probably could have just disabled and then enabled the trunks for the same result. Seems like it should do this "automagically"....

for chan_sip set registerattempts=0. It will force Asterisk to attempt to re-register until it can (the default is 10 tries)
for chan_pjsip you should set max_retries=0 (default is 10 as well).

@scottalanmiller said in The Myth of RDP Insecurity:

Something like that. It's a silly argument. Basically it's the "Windows people seem to distrust Windows" problem. People who use Windows the most start to develop this bizarre distrust of it. And the more that they become entrenched and feel that MS products are the only ones that you can use, the less that they trust them. It's a bizarre combination of things.

I’m on Linux side as much as possible. I deploy Windows servers only when there is no alternative solution. I might even say that I don’t trust Windows to that level to feel comfortable keeping RDP open.
So it’s quite opposite for me.

Personally, I prefer to close RDP if possible and put it into VPN. Keep it open only if client insists, and even then try to limit to certain IPs only. Even though there is no documented case that RDP itself was to blame (other than recently discovered exploit, but for 2003 and XP, which are dead anyway), I just don’t like the idea of having it exposed. As @scottalanmiller said "the product is just believed to be insecure" and I feel that way.
Good read at https://blog.rapid7.com/2017/08/09/remote-desktop-protocol-exposure/