OPNSense Avoid VPN Traffic Leak

After using OPNSense firwall for a while to tunnel my traffic throw VPN directly from the network infrastructure level, i’m really satisficed with the experience but while i’m monitoring the firewall traffic, i discovered a traffic leaking happen in some cases.

VPN traffic should go to the VPN Interface, but i find a traffic on the WAN Interface which originated from the LAN to VPN and the firewall pass it and that cause leak.

To prevent such leaking i configured the firewall rules to drop any VPN traffic that escapes to the WAN Interface by tagging the VPN traffic in the network and on the WAN i will check the traffic tag, if the traffic is VPN traffic the firewall will drop it to prevent the leak.

In this article i will explain the configuration to prevent such leak on OPNSense.

Read More

After while of using OPNSense firewall, i needed to resize my disk on ESXi and scale up the disk space for OPNSense.

After investigating this issue online, i found that i need to resize the disk from command line and i could not find one clear source to help me on this task.

The problem for me was the swap partition, cause the new free space appended on the end of the disk and i can’t used it because the swap partition is on my way. To scale up root partition the free space should be continuous and available after the target partition.

I had two options

  • Remove the swap partition (Not recommended)
  • Move the swap partition to the end of the disk (Recommended)

In this article i will describe how to move the swap partition to the end of the disk and scale up root partition for OPNSense.

The steps don’t require shut downing the firewall or use live usb, it’s straight forward steps while the firewall is operational, but be caution and alert to what you are doing.

Read More

Introduction

I’m citizen in Egypt, and our ISP doing DPI over network and blocking a lot of content such as (Medium, Proxy Sites, VPN Sites, Torrent, etc) and perform throttling over some services like (Streaming, Games, etc).

I needed a way so i can access the web materials freely and privately without the ISP controlling my digital life, so i bought from 1.5 years a NordVPN service.

NordVPN normal VPN servers are not working with me cause they use standard OpenVPN and ISP is blocking it, but they offer a obfuscated version on OpenVPN designed for them only and these servers accessible from the NordVPN client app only.

So i need to install the client on each device i use (Mobile, PC, Laptop) while i’m in home network, and they offer only 6 concurrent devices connected to the NordVPN Network with same account.

I worked with that for 1.5 years but i wanted to elevate the security in the home network. i wanted to VPN the entire home devices over VPN, and it was clear to me that i need to make the home router act as the VPN gateway but my ISP router doesn’t support OpenVPN so i decided to give pfSense router/firewall a try and it was big failure cause pfSense is buggy.

After some research, i found another router/firewall software called OPNSense and after trying it i was very satisfied and it was more stable and user friendly than pfSense.

I configured it with NordVPN and i started to connect to NordVPN from the firewall and it was a big failure cause the OpenVPN traffic was not obfuscated (NordVPN standard servers), so back to the same problem again.

I tried to contact NordVPN team but they couldn’t support me and i don’t blame them. they told me that the only recommended option is to use the NordVPN application on each device and use obfuscated servers.

But i’m a person who don’t quit easily, so after some research i found something called ShadowSocks or should i say “The Great Firewall of China pain in the ass software”, it’s opensource project to fight china firewall restrictions using SOCKS5 protocol as input and transmit encrypted data over TCP to another machine in the cloud and that makes the payload unknown to the local ISP cause the payload is encrypted and DPI can’t do anything about it.

There is another tools i discovered called Cloak on GitHub, it’s a promising tool also for fighting censorship but this tool utilize the HTTPS protocol standard and transmit data encrypted too like ShadowSocks. This tool is more powerful in nature cause blocking it mean that the ISP gonna block the HTTPS traffic and that could cause global internet failure for the ISP, but this tool not supported in OPNSense by default and it needed more technical part on the Firewall OS level. In this article i won’t discuss Cloak, only will discuss ShadowSocks.

I gave it a try without VPN and i was impressed, it bypassed the censorship without VPN, but ShadowSocks don’t give you privacy over internet, it’s only a way to bypass censorship.

So my idea was what if i merged ShadowSocks [Bypassing Capablities] with NordVPN [Security & Privacy] on OPNSense. Would it bypass ISP and connect to the normal standard OpenVPN servers provided by NordVPN.

I bought a cheap ShadowSocks server over cloud (Linode) and configured my firewall and VPN to connect to that server using ShadowSocks client on the firewall.

After giving it a try all the night, i found that it was successful try and i could connect to NordVPN standard server and i discovered that ShadowSocks is lightweight so it didn’t affect my bandwidth performance with NordVPN much. Only the cloud VPS bandwidth could affect the traffic cause you route your traffic though this server but Linode network is very good for me until now.

May be the ISP still can do throttling over the encrypted data or may be not, this need someone with high speed subscription to test but at least we are free and private from it.

After this long story i will explain In this article the technical steps to help anyone facing the same problem and for the good of humanity at the end we all concerned these day with our freedom and privacy over the Internet which called by physicists a (Type 1 Civilization Communication System).

Requirments

Read More

I have small datacenter at my home and i use FreeNAS & OpenFiler for managing SAN/NAS storage with VMWare ESXi/vCenter.

My OpenFiler server OS was corrupted so i needed to recover the data from the server after making new installation of OpenFiler.

OpenFiler use LVM to mount & manage the storage partitions and here is the steps to mount the lost partitions and backup your data.

Read More

I was working on a personal project (Machine Learning) required to scrape Souq.com public data to train my model.

After doing intensive search on the web i didn’t find any powerful scrapper which can get the information i want so i decided to develop one.

My scrapper is advanced because it’s scrape almost all the public information from Souq.com very fast and can scrape the whole website offline for BI Analysis, Machine Learning or any other purpose.

The scraper can scrape the whole Souq.com in 1~2 days at max on regular internet speeds (4mb~16mb) if you have more bandwidth it will be more faster and less time.

Read More

I faced problem with my Bluetooth headset, it’s working only in voice mode and cannot hear the music or voices clear and sometimes don’t work at all.

After some investigation i found that solution and it’s working perfectly and solved the corruption problem in the driver.

Note: Windows update will not solve your problem i tried, it’s a problem from Microsoft latest update for windows [windows-10-updates-3682074].

Read More

Alien Isolation

Alien Isolation

I’m a huge fan for the Horror/Sc-Fi game Alien Isolation, but i faced a serious problem after i downloaded this game on my low specs PC.

The game designed to work correctly on DirectX11 & Powerful Graphic Cards, and if you don’t meet these requirements, you will face a random frequent crashes during the game that will make your life as Hell.

So i tried to figure out how to solve the problem so i can play the game normally without any crashes, and i figured out a solution.

The problem comes from the Engine Settings file in “<Game-Path>\Data\Alien Isolation.xml”.

This file simply have the configurations for the game graphics parameters, and these parameters configured to be compatible DirectX11 and to provide you the best game experience even in the lowest options but these configurations will make your graphic card unstable cause the graphic card don’t have the power to handle such configurations.

So the solution is to change some of these configurations so it can meet with your graphic card capabilities.

Of course this will downgrade the game graphics a little bit but you will gain that the game will be stable and you can enjoy it.

Note: this manual enable you to run the game on DirectX10 too, but you must have at least 4-Core Processor cause the game switch on software acceleration.

FYI, this solution is working on my Laptop that have Intel Graphic card and it’s working fine.

Read More

In my work, i needed to generate a folders structure to help the team to organize the work data, but i found that i have to create more than 1500 nested folders, and that’s hard to do manually so i tried to search for a solution on the internet for my situation but without any results so i developed my own tool to do the task, i developed Directory Tree Generator.

Directory Tree Generator

Directory Tree Generator (DirGen) is a small tool based on .Net-framework 4 that helps administrators to build any Directory Structure they want without any effort and with organized way.

Directory Tree Generator Functions

DirGen provide various functions to help the administrator accomplish his objective:

  • Read Excel-Sheets and Extract the Folder Structure Tree.
  • Generate and modify Directory Structure Tree in Run-time.
  • Generate the Directory Structure Tree in Text File.
  • Execute The Directory Structure Tree on The Windows File System.
  • Export Directory Structure Tree to Excel Format.
  • Support Command Line Parameters for Scripting.

Directory Tree Generator Screenshots

Directory Tree Generator
Read More

While I’m working in AeroXtreme MAV Researching Project, i faced a serious problem in the serial communication in .NET C#. The standard C# serial component is too slow to handle fast serial communication for real-time applications. The MAV Main Computer send data over serial communication in high frequency and send a lot of data. When I used the standard C# serial library “Receiving Event” a huge lag of communication appeared and the buffers is jammed due to the high frequency of communication. After a lot of testing and debugging i found that the serial communication using the standard library will fail in such application so i tried to develop a Fast Serial Library to fulfill my requirement of real-time communication. My Library solve this problem and it can work with high frequency communication without any overhead on the processor due to the frequency control technique.

Read More

In the last few hours i faced a serious problem with VMWare.

My VMDK or VMWare Virtual Disk file corrupted due to a failure happened in the vmware.

After doing search on internet about this problem i didn’t found efficient and easy solution, but at last i found a the best solution represented by VMWare company for both Windows and Linux users 😀

It’s the most efficient and easiest solution for anyone have problem with his VMDK files.

Read More