Sign in with
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

About Marc_Smaak

since ‎08-07-2020
‎04-08-2024
Marc_Smaak
Long-established Member

Re: Confused with the firewall application for NAT port forwarding

by in ctrlX IOT
‎03-22-2024 04:50 PM
‎03-22-2024 04:50 PM
@Sgilk Thank you for your reply. I have seen the post you mentioned but thought this is not exactly what I want since it is using the firwall as router while I want to use it as a NAT firewall. The diffrence is that for the client accesing the Webpage of a device behind the ctrlX it should simply think it comunicates to the ctrlx core IP address Therefore this step should not be needed since this will not work in our usecase many diffrent PC will need to use this connection   ... View more

Confused with the firewall application for NAT port forwarding

by in ctrlX IOT
‎03-22-2024 01:38 PM
‎03-22-2024 01:38 PM
My usecase is pretty simple. I have an internal network onnected to XF-51 and an external network connected to XF-10 The internal is subnet 192.168.2.0/24 This network has devices with a web interface The external subnet 192.168.100.0/24 I try to configure the firewall to port forward tcp (http) traffic from the external to the internal network. For instance incomming to the IP of XF-10 on port 8443 needs to be forwarded to 192.168.2.2 port 443 The confusion already starts from port naming shoudl it be XF-10, ETH0 or XF10. I think the latter is correct beacuse this is the name Linux reports.  I understand have to enable packet forwarding for both XF-10 & XF-51 which I did. According the this diagram I need to configurer Dnat, forwarding and SNAT rules Which seems to be a lot since I only have a few coonfiguration parameters to play with: Incomming interface XF10(??) Incomming protocol TCP Incomming port: 8443 Destination interface XF51 Destination IP: 192.68.2.2 Destination port: 443 Al that information can go into the destination NAT Is this correct? And if yes what should I put in the forwarding dan SNAT entries? An example which uses OS 1.20 (new port names) is appriciated    ... View more

Re: Ctrlx core login on browser

by in ctrlX CORE
‎03-13-2024 01:48 PM
1 Like
‎03-13-2024 01:48 PM
1 Like
Sorry this tiem I am afraid I disagree with the @CodeShepherd The normal error for a self signed certificate is cert_authority_invalid Indeed indicating your browser is not able to authenticatethe certificate of teh ctrlX core and therefore assumes it is not trusted. In this case there is an advance button to bypass this check Your message says "certificate_invalid" so it really seems to be corupted. You can go to settings => certificates & keys => webserver   and simply delete both certificates. Reboot your core and they get recreated. Try again   ... View more

Re: "Self-signed certificate" error while using TLS certificates in MQTT connection

by in ctrlX CORE
‎05-02-2023 09:57 AM
‎05-02-2023 09:57 AM
So just to be clear you downloaded the CA for the certificate manager MQTT (As said we are using our own broker so I do not know the details)  Please check what is used as common name for the server certificate, we are using the hostname. You must use the same name to connect to the broker from the client.  Leave the client certificate and private key blank This is my full configuration which connect succesfully.   If I change the CA certificate or try to connect to a diffrent core I get which is intended.   ... View more

Re: "Self-signed certificate" error while using TLS certificates in MQTT connection

by in ctrlX CORE
‎05-01-2023 08:47 AM
‎05-01-2023 08:47 AM
We are also implementing certificate authenication for our own Mosquitto broker. I still find it is very easy to make an mistake so maybe some background to start with sorry if this is all clear. The broker certificate is useful to allow clients to athenticate the broker before they send the acces credentials (mqtt user + password) I consider this the biggest tspe to get things more secure. Without this somebody can use the ctrlX-CORE Ip address on a diffrent device and easily steals the access credentials from the client. To allow the client to check the certificate it needs the root certificate from which the MQTT server certificate is created and signed. So if you use sefl signed you also need this 'CA' certificate and add it to MQTT explorer as CA certifiacte. The client certificate + key can be left blank (see below). This allows MQTT explorer to validate thepublic key in the MQTT server certificate supplied by the MQTT broker. Alternatively you can use a formal CA signed certificate. e.g. letesencrypt for the MQTT broker. In that case there is no need to supply any certificate to MQTT explorer since it has access to the root certificates itself.  The GUI for MQTTX is a bit clearer on this point: CA signed And with self signed you get the option to add the CA certificate   Client certificate The use of the client certificate is for authentication of the client by the broker. It avoids that rogue clients although they have the right access credentials can connect to your broker. For this you beed to generate a client certificate signed by the CA certificate of the MQTT broker. This again can be a selfsigned certifiacte or a CA sgned certificate. TH eprivate key for the client is only used on the client to prove this client is the legal owner of the certificate (p[ublic key) If this key gets into the wrong hands the client authentication is useless 😉 We are not using this yet. If you want to you need to generate a certificate signing request based on your private key. If your broker uses self signed this signing request needs to get processed by the ctrlX-CORE. I do not know excatly how that works with the certificate manager GUI. ... View more
Latest Tags
No tags yet

OK
OK
Icon--AD-black-48x48Icon--address-consumer-data-black-48x48Icon--appointment-black-48x48Icon--back-left-black-48x48Icon--calendar-black-48x48Icon--center-alignedIcon--Checkbox-checkIcon--clock-black-48x48Icon--close-black-48x48Icon--compare-black-48x48Icon--confirmation-black-48x48Icon--dealer-details-black-48x48Icon--delete-black-48x48Icon--delivery-black-48x48Icon--down-black-48x48Icon--download-black-48x48Ic-OverlayAlertIcon--externallink-black-48x48Icon-Filledforward-right_adjustedIcon--grid-view-black-48x48IC_gd_Check-Circle170821_Icons_Community170823_Bosch_Icons170823_Bosch_Icons170821_Icons_CommunityIC-logout170821_Icons_Community170825_Bosch_Icons170821_Icons_CommunityIC-shopping-cart2170821_Icons_CommunityIC-upIC_UserIcon--imageIcon--info-i-black-48x48Icon--left-alignedIcon--Less-minimize-black-48x48Icon-FilledIcon--List-Check-grennIcon--List-Check-blackIcon--List-Cross-blackIcon--list-view-mobile-black-48x48Icon--list-view-black-48x48Icon--More-Maximize-black-48x48Icon--my-product-black-48x48Icon--newsletter-black-48x48Icon--payment-black-48x48Icon--print-black-48x48Icon--promotion-black-48x48Icon--registration-black-48x48Icon--Reset-black-48x48Icon--right-alignedshare-circle1Icon--share-black-48x48Icon--shopping-bag-black-48x48Icon-shopping-cartIcon--start-play-black-48x48Icon--store-locator-black-48x48Ic-OverlayAlertIcon--summary-black-48x48tumblrIcon-FilledvineIc-OverlayAlertwhishlist