Acme, pfSense and easyDNS

So I’m not going to mention cheese, or getting soaked, both of which happened.

So this evening I’ve been having fun with the firewall. The challenge being to get a secure connection via an SSL certificate. As it’s only internal I’m certainly not going to pay for one. So found this ACME package that can be setup with ‘Let’s Encrypt’ which is a free CA. There is a handy YouTube video on how to set it up, it does have one flaw though in that it does the domain validation via a local HTTP server and as I have the ports blocked for remote access that wasn’t going to work. However, there was an option to use easyDNS for validation. First you have to sign up for the REST API, this is painless. Don’t bother with the sandbox. Go straight for the production and regenerate the global token, this will then give you the key. I went diving down into a secure shell and edited the damn script by hand. However if you add a new entry on the certificate rather than edit the default it then gives you the boxes to put the keys in. My method worked anyway, but tomorrow I may try and add the secondary domain to the certificate so will delete my edits and try the interface way instead.

Back to the cheese.

Dynamic DNS and the joys of ‘Youtube’

So started off working on some stuff to do with points on a circular path. Not the most exciting thing on the planet but again something that had to be solved. After a couple of hours it was. Took a break and did a bit more Japanese. Then the Vigor 110 decided it had enough of being synced for two days, so re-synced and then pfSense wouldn’t start PPP. So I took the opportunity to go back to the Vigor 120. This synced fine, I’m still at 12db margin, but it’s only dropped down to 11db after eight hours with 6 CRC’s so hopefully if it stays synced it will drop. If not I’ll need to kick someone at Zen.

Went for a run, had lunch. Did multiple other line, radius things throughout the day. Ended up with a video of what I was working on. TRying to upload it to the works forum, failed every time. Ended up putting it on ftp, then one of the guys put a link to it on the forum using Youtube. After some chatting I now know how to upload videos to Youtube and embed them on the forum. Very useful.

Anyway, I was looking into perhaps using the Virgin line as a backdoor to the firewall, so if the Zen line hangs I can still contact the pfSense box and give it a kick. Problem is the Virgin line uses a dynamic DNS. This means it’s IP address changes on a regular basis. This is a pain. However, pfSense supports about ten different dynamic DNS providers. One of which just happens to be EasyDNS, my DNS provider. The account I have with EasyDNS gives me access to dynamic DNS. Now I though this isn’t going to work as I want all my domain names to be on a static DNS, however it allows multiple sub-domains to be dynamic. So I added a sub-domain (mind your own business) and set it to dynamic. I then produce a token. Back in pfSense I selected dynamic DNS, added an entry for EasyDNS and filled in all the required fields. I then clicked save and expected it to crash as normal. However it went back to the status page and said it had updated the IP records. Back on EasyDNS and I checked, it now had an IP address against the sub-domain. I was amazed. Something actually worked first time. After a bit of piddling about with firewall rules I now have by alternative access to pfSense.

Did a bit more Japanese. It’s torture porn night, I was going to avoid wine all week, but as I’ve had quite a long day then I’m going to forget that. So shower, salad, and then some god awful film no doubt.