2020-06-09

IT/TECH: OPNsense deny default rule problems

Forword
Moving from psSense to OPNsense does create a learning curve and a number of unexpected problems - at least this is my experience.

Therefore I'll post now from time to time the one or other 'highlight' that I found and potential solutions to them, at least the ones I found.

Situation
I recently installed OPNsense from scratch on a new machine, a number of interfaces, two WAN interfaces, some LAN and WiFi interfaces.

After doing the basic installation - which is quite fast and easy - I found that no traffic went through the added interfaces, except for the initial LAN.

More, and surely not helpful, I just found [..] deny default route [..] in the Firewall: Log Files: Live View. E.g. DNS queries that haven't yet been blocked are denied. Even on each interface I installed IPv4 and IPv6 allow everything rules and expected that they just work.

After researching a while forth and back, I found that none of the articles in both, OPNsense forum and elsewhere in the net, didn't help. E.g. Firewall: Diagnostics: States Reset and clicking Reset didn't help.

Potential solution / My solution
So after trying around and thinking everything through and since this is now the 5th or 6th time I (re-)install OPNsense I tried the following:
  1. Firewall: Diagnostics: States Reset - do the full reset thing
  2. Opening an SSH connection to the Firewall
  3. Choosing "11) Reload all services"
And guess what, that did the thing.

Epilogue
With pfSense I never had issues like this, but others... With OPNsense I found now a number of situations, e.g. this one in which I found this process helps.

Yet, I haven't found out why this is (the often) needed process to get OPNsense do what it should, however, I hope that this helps other newbies to OPNsense if they come across such a problem.

2020-05-30

IT/TECH: Exchange Online (O365) & PowerShell: Access denied and other stupid failures... or how-to use Exchange Online Powershell V2 module without IE

THIS IS GOING TO BE REVIEWED and written more in detail as soon as I find some time, however, it may be of any help until than - and if it is just that I remember where to go ;)

If you, like me, fighting some Microsoft decisions when it comes to using an on-premise domain and integrate it afterwards you decided to just go with Azure-AD / Office 365 without on-premise, you will sooner or later come to a point where you potentially need to access Exchange Online with PowerShell.

If you, like me, also decided to get rid of IE wherever possible, you will figure out that you get Access Denied errors and other, strange issues when accessing O365 Exchange from PowerShell.

Sooner or later you'll realize that opening Office 365 Exchange Admin Center (https://portal.office.com -> Admin -> Exchange Admin Center) and here clicking on Hybrid -> and than configure below the Exchange Online PowerShell Module the next problem arises: No Internet Explorer, no success. You cannot install the module without IE successful - at least not according to all right now existing documentation if you search the way I did.

So either you open the module via IE which might work directly on a non-core-Windows server but is not really feasible or you'll find the following page https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/exchange-online-powershell-v2/exchange-online-powershell-v2?view=exchange-ps and here we go: Install and maintain the Exchange Online PowerShell V2 module.

If you are following https://docs.microsoft.com/en-us/office365/troubleshoot/active-directory/duplicate-attributes-prevent-dirsync to fix your current issues, you just need to adopt the commands to the current ones.

You also may want to consult https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/mfa-connect-to-exchange-online-powershell?view=exchange-ps if you are using MFA to get the session from the ladder link working.

a) Connect-EXOPSSession -UserPrincipalName chris@contoso.com -DelegatedOrganization fabrikam.onmicrosoft.com 
b) $SessionExO = GetPSSession
c) Import-PSSession $sessionExO -prefix:Cloud

and than you can go on.

2020-03-20

LifeStyle: Wie toedlich ist das Coronavirus? Ueberarbeitete Version


Fuer all diejenigen die nach wie vor der Meinung sind das Corona ein Scherz ist, fuer den Buergermeister Berlins der der Meinung ist das Ausgangssperren unnoetig sind und diejenigen, wenigen, die sich einfach informieren moechten.



Es sei vermerkt, das ist eine von vielen, moeglichen Quellen - ich empfehle die Suche im Englischen, z.B. aktuelle Berichte italienischer Mediziner, quasi frisch von der "Corona Front". Aber auch etliche chinesische Wissenschaftler haben, vor Beginn der Propaganda Aufarbeitung Chinas, aber auch jetzt noch diverse Veroeffentlichungen in Englisch verbreitet die selbst fuer den 'normalen' Menschen verstaendlich genug sind um zu kapieren was Corona bedeutet und weshalb jeder gefragt ist zu handeln - und nicht abzuwarten dass der Staat uns alle reglementiert.

Was ich mehr fuerchte als Corona ist die Durchsetzung einer allgemeinen Quarantaene - das wird denjenigen, die latent gegen Demokratie und Bildung sind, Tuer und Tor oeffnen; hoffen wir das Ihnen ebenso wie denjenigen die das ermoeglichen, der notwendige Grips fehlt.