G W Posted November 16, 2017 Share Posted November 16, 2017 So I installed the ISY Portal tonight and hooked up the LB2120 (I'm using an Xfinity Mobile sim, it shows up as Verizon). I unplugged the WAN and I could still control my ISY through cellular!! I can arm and disarm my ELK through the admin console (I'm not getting pushover notifications, but I think I just need to change some timing settings. I have the timeout set at 2000ms). I also realized I could remote into my desktop with Splashtop and see my Blue Iris. I think I can live with this setup as long as I can get the notifications working. You said that the ELK can communicate to central station through the LTE? I have to check that out next. Congratulations! Sent from my SM-G955U1 using Tapatalk Link to comment
jason.russo.96 Posted November 16, 2017 Share Posted November 16, 2017 So they guys at UDI said I should increase the timeout to push the notifications and make sure SNI was enabled. He said it was a tick box in the resource editor. Am I missing something? Where is the box? Also, do I really need to enable this? I never had a problem before. I think I will test out the longer timeout. It may be getting choked out because the speeds are so much slower than the Xfinity. I normally get 250mb/s, I get 25 on the LTE. Link to comment
G W Posted November 16, 2017 Share Posted November 16, 2017 So they guys at UDI said I should increase the timeout to push the notifications and make sure SNI was enabled. He said it was a tick box in the resource editor. Am I missing something? Where is the box? Also, do I really need to enable this? I never had a problem before. I think I will test out the longer timeout. It may be getting choked out because the speeds are so much slower than the Xfinity. I normally get 250mb/s, I get 25 on the LTE. Pushover doesn't need SNI. Sent from my SM-G955U1 using Tapatalk Link to comment
MWareman Posted November 16, 2017 Share Posted November 16, 2017 The missing SNI is likely an old admin console. What is the version of your console and ISY? (SNI is also not needed for Pushover. It appears to be needed for Pushbullet.) Link to comment
elvisimprsntr Posted March 3, 2018 Share Posted March 3, 2018 BACKGROUND Update on low cost LTE failover plan options. I am using pfSense and a Netgear LB1120 LTE modem. Currently using an ATT IoT SIM plan, which previously was $25/yr for 1Gb + $1/mo. Unfortunately, ATT has changed its IoT data plans which would increase my monthly cost to approx $15/mo. ALTERNATIVE FAILOVER PLANS 1. Looked at the FreedomPop plans, but they make it extremely difficult and try to upsell you, and from what I have read, customer support/billing is non-existent. They make their money from forced trial upsell and overage charges. 2. Looked at adding a line to my existing ATT mobile share data plan, but that would cost $20/mo. ATT would not let me add it as an iPad for $10/mo. 3. Bought a SpeedTalk GPS tracker SIM (for a different reason which did not pan out). I dropped the SpeedTalk SIM into the LB1120. Presto! The SpeedTalk GPS SIM works without issue. It runs on T-Mobile. https://www.amazon.com/Prepaid-Tracker-Devices-Locators-Wireless/dp/B01HHEWEK0/ref=sr_1_7?ie=UTF8&qid=1520103185&sr=8-7&keywords=speedtalk+gps+sim+card CONCLUSION 1. The SpeedTalk GPS plans do the job. Easy to buy and set up without upsell games. So my monthly cost is $4/mo, up from $3/mo. Link to comment
Scottmichaelj Posted March 3, 2018 Author Share Posted March 3, 2018 3. Bought a SpeedTalk GPS tracker SIM (for a different reason which did not pan out). I dropped the SpeedTalk SIM into the LB1120. Presto! The SpeedTalk GPS SIM works without issue. It runs on T-Mobile. That awesome. Too bad TMobile didn’t work at my home and they were dorks helping me setup the Netgear. I ended up switching from my old grandfathered in ATT unlimited plan to the “new” unlimited plans and even with my Netgear added for backup my bill dropped. So no savings but no losses. The one benefit is the old unlimited plan didn’t allow “hotspots” the new plan does AND I am able to save $10 on my DTVNow sub so I am happy enough.Sounds like a great option for most. How much bandwidth does that give you? IE if your internet goes down are you using the LTE for whole home internet backup or just for your Elk/more important items? I had to fall back a few times last year on my LTE for at least 4-5 hours per incident, so it’s handy bc I work from home and have no interruptions.Are you doing anything else cool on the pfsense? I am still dialing in snort and pfblocker. I have both installed along with NPTop. I am super happy with my setup and love (now after learning how it all works) that I can make specific rules, gateways and splitting device paths for my needs. Link to comment
elvisimprsntr Posted March 4, 2018 Share Posted March 4, 2018 SpeedTalk is a T-Mobile MVNO. Works fine in the LB1120. It just would not work in the GPS tracker I attempted to use it in. Not using the SpeedTalk GPS SIM plan for failover of my entire network. Just ISY and Elk to provide redundancy in the event my primary goes down or is intentionally tampered. My primary is now ATT Fiber (50 Mbps up/down) for $30/mo when combined with my ATT wireless service. I dug a trench and put in armored flexible conduit to protect the fiber from the landscapers and vandals. All my neighbors did not do the same, thus their fiber has already been damaged. ATT Fiber has been 100% reliable so far. We'll see during the next hurricane season (impact windows will be installed in April.) Fibre is directly into my junction box. Managed to fit a CyberPower UPS into the junction box to keep things running during momentary power outtages. Already route all my DNS traffic via a Cisco OpenDNS Server free Home account. Actually installed pfBlockerNG just the other day and added a few block lists. Doesn't block everything, thus still have getadblock installed on primary clients. I just wish there was a single open source block list from a known, trusted source. On a side note, I installed cron to schedule a script to backup my pfSense config.xml file to a USB thumb drive. #!/bin/sh DATE=`date +%Y%m%d` # mkdir /media/usb mount_msdosfs /dev/da0s1 /media/usb mount | grep /dev/da0s1 > /dev/null if [ "$?" -eq "0" ]; then cp /cf/conf/config.xml /media/usb/config_$DATE.xml find /media/usb/* -name config_*.xml -mtime +180 -exec rm {} \; echo "Backup config_$DATE.xml created" else # send something fi umount /media/usb # install cron package and add cron job # 0 4 * * Sun /bin/sh /root/backup.sh > /dev/null Link to comment
Scottmichaelj Posted March 4, 2018 Author Share Posted March 4, 2018 SpeedTalk is a T-Mobile MVNO. Works fine in the LB1120. It just would not work in the GPS tracker I attempted to use it in. Not using the SpeedTalk GPS SIM plan for failover of my entire network. Just ISY and Elk to provide redundancy in the event my primary goes down or is intentionally tampered. My primary is now ATT Fiber (50 Mbps up/down) for $30/mo when combined with my ATT wireless service. I dug a trench and put in armored flexible conduit to protect the fiber from the landscapers and vandals. All my neighbors did not do the same, thus their fiber has already been damaged. ATT Fiber has been 100% reliable so far. We'll see during the next hurricane season (impact windows will be installed in April.) Fibre is directly into my junction box. Managed to fit a CyberPower UPS into the junction box to keep things running during momentary power outtages. Already route all my DNS traffic via a Cisco OpenDNS Server free Home account. Actually installed pfBlockerNG just the other day and added a few block lists. Doesn't block everything, thus still have getadblock installed on primary clients. I just wish there was a single open source block list from a known, trusted source. On a side note, I installed cron to schedule a script to backup my pfSense config.xml file to a USB thumb drive. #!/bin/shDATE=`date +%Y%m%d`# mkdir /media/usbmount_msdosfs /dev/da0s1 /media/usbmount | grep /dev/da0s1 > /dev/nullif [ "$?" -eq "0" ]; thencp /cf/conf/config.xml /media/usb/config_$DATE.xmlfind /media/usb/* -name config_*.xml -mtime +180 -exec rm {} \;echo "Backup config_$DATE.xml created"else# send somethingfiumount /media/usb# install cron package and add cron job# 0 4 * * Sun /bin/sh /root/backup.sh > /dev/null Have you seen https://www.iblocklist.com/ auto updates, open and seems trusted/trustworthy Link to comment
elvisimprsntr Posted March 4, 2018 Share Posted March 4, 2018 2 minutes ago, Scottmichaelj said: Have you seen https://www.iblocklist.com/ auto updates, open and seems trusted/trustworthy They were my first stop. Using a few more sources. Currently investigating https://github.com/StevenBlack/hosts I assume that OpenDNS is protecting me from malicious site DNS lookups. I am hoping to find a one stop shopping set of IP list(s) from a reputable source to block ads, malware, ransomware, etc. that may utilize hard coded IP addresses. Link to comment
MWareman Posted March 4, 2018 Share Posted March 4, 2018 The commercial OpenDNS (Cisco Umbrella) is very good at blocking malicious stuff. The free OpenDNS not so much. It’s more about parental control than malware blocking.Consider 9.9.9.9 instead... it’s designed to block malware and backed by IBMs X-Force. Also free to use. https://arstechnica.com/information-technology/2017/11/new-quad9-dns-service-blocks-malicious-domains-for-everyone/ Link to comment
elvisimprsntr Posted March 4, 2018 Share Posted March 4, 2018 13 minutes ago, MWareman said: Consider 9.9.9.9 instead... it’s designed to block malware and backed by IBMs X-Force. Also free to use. https://arstechnica.com/information-technology/2017/11/new-quad9-dns-service-blocks-malicious-domains-for-everyone/ OK, that protects against DNS lookups, but how do you protect hard coded IP addresses? Link to comment
MWareman Posted March 4, 2018 Share Posted March 4, 2018 The free OpenDNS does not protect against hard coded IPs either. Cisco Umbrella uses a TCP proxy to capture hard coded IPs and do a risk assessment before forwarding the traffic. So, it can protect against malware using hard coded IPs. At home I use pfSense with pfBlocker for this at home, along with IP block lists. Link to comment
Scottmichaelj Posted April 4, 2018 Author Share Posted April 4, 2018 Today I finally got around to setting up pfblocker on pfsense. If anyone else is using pfsense and would like to block sites like pihole does take a look at this tutorial. You can actually use the same pihole lists on pfsense and duplicate pihole on pfsense. I have tested some sites and it works perfectly. Link to comment
Scottmichaelj Posted April 4, 2018 Author Share Posted April 4, 2018 Announcing 1.1.1.1: the fastest, privacy-first consumer DNS service - Cloudflarehttps://blog.cloudflare.com/announcing-1111/So, the big question now is do you use IBM’s DNS or Cloudflare? I picked the latter but IBM isn’t to be taken lightly. Still debating if I made the right choice. Link to comment
Scottmichaelj Posted April 4, 2018 Author Share Posted April 4, 2018 Today I setup SNORT on my pfsense based on this YouTube video. Link to comment
Goose66 Posted April 5, 2018 Share Posted April 5, 2018 14 hours ago, Scottmichaelj said: Today I setup SNORT on my pfsense based on this YouTube video. Ok now you guys are just making up words! ? Link to comment
larryllix Posted April 5, 2018 Share Posted April 5, 2018 34 minutes ago, Goose66 said: Ok now you guys are just making up words! ? It's just Scott's heavy accent! Notice how some of his letters have a slight lean on them (like everything he owns)? ..........or is it just our eyes? Link to comment
MWareman Posted April 5, 2018 Share Posted April 5, 2018 Announcing 1.1.1.1: the fastest, privacy-first consumer DNS service - Cloudflarehttps://blog.cloudflare.com/announcing-1111/So, the big question now is do you use IBM’s DNS or Cloudflare? I picked the latter but IBM isn’t to be taken lightly. Still debating if I made the right choice. For the moment, I’m sticking with IBMs service. They also have a good privacy commitment, but the threat feed they use to block bad requests is pretty good and it provides a significant security benefit to machines using it. I’ve not seen anything about any security benefit to Cloudflares service - other than privacy. Link to comment
Scottmichaelj Posted April 5, 2018 Author Share Posted April 5, 2018 For the moment, I’m sticking with IBMs service. They also have a good privacy commitment, but the threat feed they use to block bad requests is pretty good and it provides a significant security benefit to machines using it. I’ve not seen anything about any security benefit to Cloudflares service - other than privacy. I am still on the fence and may go back myself. However I did run a DNS benchmark program and Cloudflare was faster. Link to comment
Scottmichaelj Posted April 5, 2018 Author Share Posted April 5, 2018 Ok now you guys are just making up words! It's just Scott's heavy accent! Notice how some of his letters have a slight lean on them (like everything he owns)? ..........or is it just our eyes? You two are just jealous because I know the difference between a Snort and an Oink. Lol jk -all this pfsense is new to me and so is running NodeLink and Polyglot on VM Linux! I don’t know a Bash from a Sudo hahaha Link to comment
elvisimprsntr Posted April 5, 2018 Share Posted April 5, 2018 How do IBM and CF fair against DNS spoofing? https://www.grc.com/dns/dns.htmOpenDNS was rated excellent. Link to comment
Scottmichaelj Posted September 12, 2018 Author Share Posted September 12, 2018 pfsense doesn't allow natively for auto backups of the configuration file. However I recently found a script that can be installed and ran to do this for anyone who wants a backup to happen automatically. https://github.com/badbread/breadsPFsenseAutoBackup Just wanted to share. As of this post my pfsense, LTE backup, Elk reporting over IP and internet have been working well via pfsense and it was well worth the switch/upgrade. Link to comment
fisix Posted April 24, 2019 Share Posted April 24, 2019 excellent thread, thanks everyone. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.