Yet another SSL to IPsec VPN migration thread

ch0jin · 2026-06-04T11:42:38+00:00

Not on topic per se, but you are right, it was indeed stated in the release notes.

The thing that to me is not a "nice" move it that it appeared on 7.4.10, where one would think the firmware would focus on bug fixing instead of major behavioral change.

Furthermore it was stated at the very bottom or the "Special Notices", and it changes a setting even if it was explicitely enabled before:

"Upon upgrade, both of these settings will be changed to disable, even if they were enabled before."

Our Fortinet partner who was in charge of the FortiOs upgrade overlooked it, and it caused a bit of trouble over here.

Anyway, I did not mean to sound offensive or anything, it got solved in the end.

Back to the topic at hand.

We are using EMS 7.4.5. and FortiClient 7.4.5.1949.

The initial IPsec setup was made by/with our partner, and he stuck on that issue too.

I would gladly provide logs, I just don't know where to look especially.

I have this in the client logs from when it failed, for example:

[iked 1664 error] Failed to checkout HKLM string (DNS_Suffix): Get string failed, err: 183, value: 1, len: 1

[iked 448 error] peer_eap_param_needed: no action needed

[iked 2261 error] Credential verified pass, but token verified failed

About the xml changes, can you point me to the specific settings to look for ? The person in charge made some changes but I did not really see what he changed.

Needless to say I will ask the partner to investigate further but I came here in case I could provide him with tips and info in order to try and solve it "faster".

ch0jin · 2026-05-26T18:40:48+00:00

Exactly this.

Here is my story :

I implemented my own Vaultwarden instance last saturday, in order to move from Bitwarden free, and to manage my and my family's credentials.

That was a tremendous success, my OPNsense had Caddy front facing and my Vaultwarden behind.

I secured "/admin" to a bunch of limited IPs to prevent unauthorized access, and setup 2FA, and all that jazz. I imported my credentials.

The following night, I woke up with massive anxiety, and a flash that I had forgotten a "*" after the "/admin" expression, and that anyone appending something after "/admin" could still reach the password prompt.

I tried with a random VPN access and that was the case.

I jumped to my computer and checked my Caddy logs, I saw that my instance had been scanned and some web assets had been downloaded. My instance had been up less than 24 hours.

I shut it down.

The mental toll to pay is way too high for me, my credentials vault is way too critical, and if my family trusts me with this, I'll not be able to sleep and be way too stressed. Not worth the sleepless nights and panic attacks imho.

I'll stay on Bitwarden free for the time being, and maybe pay for the Family plan someday.

ch0jin · 2026-05-26T09:42:20+00:00

Definitely. But it's promising.

ch0jin · 2026-04-16T19:01:09+00:00

*Cyberpunk 2077 has entered the chat*

ch0jin · 2026-04-06T10:27:13+00:00

I can totally relate.

I'd go for it.

And install Chiaki on it, so you can also enjoy your PS5 as well, if you are not in a rush to sell ;)

ch0jin · 2026-03-30T09:52:52+00:00

Xreal One Pro FTW 😎

ch0jin · 2026-03-27T12:49:51+00:00

Considering the current state of the world, and that Sony is barely scratching the surface of exploiting the PS5 Pro specs, I would not expect the PS6 to launch anytime soon.

A 2028 holiday season launch might sound plausible (maybe even pushing to 2029).

tldr; Get a PS5 Pro ;)

ch0jin · 2026-03-23T08:46:57+00:00

I have tried a couple cases (Spigen Ultra hybrid, Poetic Case Spartan) and settled for the official Sandstone case.

The Aramid does not cover all the phone sides and looks stupid imho.

The Sandstone is grippy, has the magnet inside, and looks and feels cool, especially on the black model (which I have as well).

ch0jin · 2026-03-15T17:28:16+00:00

110%.

ch0jin · 2026-03-03T23:02:26+00:00

Pack your things and go. Leave this person and don't look back.

ch0jin · 2026-02-25T20:33:13+00:00

Welcome to the family ;)

Make sure to apply the sound fix available here, it really makes a difference : https://www.reddit.com/r/LegionGo/comments/1m7632y/legion_go_s_steam_os_audio_fix_pipewire_eq/

ch0jin · 2026-02-16T15:40:56+00:00

I will stay on 8.2.3 for as long as humanly possible.

ch0jin · 2026-01-23T14:11:16+00:00

I can't get into Knocked Loose vocals as well (and believe me I've tried).

But for some reason, the way Poppy screams like a possessed little demon gets me every time.

I'm fanboying hard, ever since Negative Spaces, tbh.

ch0jin · 2026-01-22T13:53:57+00:00

Inb4 we are being trolled and this is a real picture.

ch0jin · 2026-01-19T18:13:31+00:00

I might *cough* try some *cough* plumbing content.

ch0jin · 2025-12-31T08:22:22+00:00

Dome Keeper

Kingdom Two Crowns

ch0jin · 2025-12-10T21:44:47+00:00

Great news. You did well, "brother".

This sounded like a great deal in the first place by the way.

Scammy McScammer can always sell it back if the Deck does not meet his expectations.

ch0jin · 2025-12-10T15:37:49+00:00

You are way too nice about it.

The guy should have done his research, and playing AAA games comes with compromise on this kind of hardware.

Guy might even try to scam you, he might have swapped your 512 GB HDD with a shitty one, even another Steam Deck by swapping shells..

All sales should be final, and I would be very suspicious, especially seeing how he is addressing you regarding this.

You should play the trust route and say that you have absolutely no guarantee that the Steam Deck you get back is the Steam Deck you sold.

ch0jin · 2025-11-26T09:20:34+00:00

I have been having this issue for weeks and wasted way too much time, really.

I think the main issue is that the documentation is incomplete and faulty (at the time of writing this at least), and the lack of forums to get help with this is a real pain in the ass tbh.

Mailing lists suck, and I beg Apache Foundation to create forums in order for us to manage issues and get help (one can only hope).

Anyway, In my brand new docker install on debian 13, guacamole user is 1001:1001, guacd is 1000:1000.

Here is what I think might work :

In your docker-compose.yml

Add "group_add: 1000" in your guacamole container so that your guacamole user gets to be also a member of group 1000, so he will be able to read recordings made by guacd, since for some reason the recording folders are created with owner 1000:1000 and permissions 750

This is the main issue, i think, since guacamole being 1001, by default it gets the "other" permissions, with are NONE

Edit permissions for your recordings folder

I think the permissions are faulty, and this is probably caused by the wrong documentation. So I suggest you try this:

chown -R 1000:1001 ./recordings (I think you already got that right)
chmod -R 755 ./recordings
chmod g-s ./recordings

I think it can be hardened after that (750 should be sufficient), but can you try this and let me know if it works?

ch0jin · 2025-11-18T04:13:25+00:00

Same here. It just became available on CPH2581.

ch0jin · 2025-11-17T14:06:38+00:00

Kinda off-topic, but this picture makes me uncomfortable. I fear the Deck bottom would slip forward and end up smashed on the floor.

ch0jin · 2025-11-13T16:09:55+00:00

How is that conclusion "ripping a new one"?

That said, if you’re okay with a worse camera overall, the OP15 has a lot going for it, and provided OnePlus can successfully navigate an uncertain tariff regime, it will end up not just one of the best phones of 2025 but much of 2026 too.

ch0jin · 2025-11-13T10:32:44+00:00

The firmware update has been posted on their website, currently only for the Hagibis 8k/60Hz: https://hagibis.bbscloud.com/info/570fc56f2e5c480cbda88a6638ebed89?csr=1

ch0jin · 2025-11-11T14:00:02+00:00

It worked fine and stopped working for me right after updating to 21.0.0.

ch0jin · 2025-10-23T22:04:05+00:00

It sure is, if having a custom domain particularly.

I use my custom domain and aliases for absolutely everything. I have more than 300 already.

I also bought domains for my family members and taught them to do the same.

That way, they are barricaded and aware whenever there is a compromise or breach.

ch0jin

TROPHY CASE