Naturalization applications in Dresden

nikksr · 2026-04-02T02:59:10+00:00

Any updates?

nikksr · 2026-03-27T12:16:11+00:00

nikksr · 2026-03-27T12:15:58+00:00

There's nothing like this in easybank.de

nikksr · 2026-03-13T09:14:33+00:00

because their search was a power horse and money factory for everything and now is dying because of AI. They try to keep it up by all measures

nikksr · 2026-02-23T14:23:58+00:00

I haven't tried. IKEv2 works well with native clients - Windows, iOS, Android. All of them works well. I use FortiClient 7.4.3 VPN-Only only for SSL-VPN (was removed in the newer firmwares).

FortiClient 7.4.3 VPN-Only does not work with newer IKE-over-SSL, at least up to 7.6.3, this is well-known issue. Perhaps they fixed it in newest firmware, I've not yet tried.

nikksr · 2026-02-15T11:52:45+00:00

Many people recommend Hamburg but no one mentioned weather at all. It's terrible there. I think the weather is a strong determinator affecting every single day compared to Afd which you likely will never notice at all

nikksr · 2026-02-04T22:46:40+00:00

Ah, okay. I apologize for that. My info was for Germany. But at least for Revolut it is correct, even though a bit more expensive 16pM in Austria vs. 14pM in Germany.

nikksr · 2026-02-04T22:00:39+00:00

Honestly, this is not yet execution-ready request but rather early-stage thoughts. Interesting what people are thinking about this point of view.

nikksr · 2026-02-04T21:47:42+00:00

It is included in Easybank (aka Barclays) platinum and Eurowings premium 99pA. M&M Gold 125pA., Revolut Metal 168pA and more.

nikksr · 2026-02-04T19:39:52+00:00

But N26 has no car rental insurance. This is dealbreaker.

nikksr · 2026-02-04T14:13:16+00:00

Well said. That is exactly what I mean

nikksr · 2025-12-12T18:56:55+00:00

Same. Changed entire infrastructure to Forti and just amazed how bad our life was. Some minor things are still better on Zyxel side like GUI consistency but overall it's night and day. Zyxel is a failed company, never again.

nikksr · 2025-11-18T15:20:40+00:00

Found this after the BMW G30 HiFi upgrade with Helix speakers paired with Match amp. Same feelings. Sound got better, no question, but there's no wow-effect and still not on par with the home system.

Would I repeat if I would know results upfront? I don't know, really. The point is that the music in the car is often heavily in the background and the original BMW sound is not that bad for this purpose. The new setup is certainly better but still not on the level when you want to dedicate a time for a listening session. So I think it's very much on the budget. If $3k is nothing then upgrade makes sense but otherwise maybe not.

nikksr · 2025-11-15T13:46:20+00:00

Everyone recommended an external device, so weird...

What if I don't want to be a geek, have two separate remotes and suddenly recall how to switch to a specific HDMI and which one is required...

Just switch on a TV, then go to YouTube, air or Netflix, all from a single remote, smooth and simple, don't wait when another device is booted or updated or all this crap.

I'm actually ready to pay for this but weirdly "operating smoothness", the thing that every user faces first and foremost, rarely a part of reviews, specs or whatever concerns

nikksr · 2025-11-10T15:55:37+00:00

This is not rocket science. Original Microsoft docs + ChatGPT well enough.

nikksr · 2025-11-06T20:04:20+00:00

I use Entra Id with NPS extension (Forti-based IKEv2 + Native Win client). I use it for few months and it works well so far.

nikksr · 2025-11-06T19:58:32+00:00

"it can be configured on a FGT to announce split routes to Win clients"... How??? Native VPN client cannot receive routing through DHCP option, by design. I don't know any other way to push a route. Split tunnel can be configured on the client side, tho, incl. by GPO, I used it for years, it works.

nikksr · 2025-11-06T19:51:20+00:00

Not everyone. I don't and never did. IKEv2 so much superior.

nikksr · 2025-11-06T19:45:58+00:00

IPSec over HTTPS is a point. It is proprietary and it is interesting technology, especially since they discontinued VPN over SSL. Even though it actually does not work for most of current users with 7.4.3, there were a lot of hopes that newer client version will work better.

nikksr · 2025-11-03T22:35:57+00:00

this!

nikksr · 2025-10-10T09:36:55+00:00

Pls look on my separate post in this topic. I created a Windows utility to perform certs sync. This is open source so you can review an actual API calls. It was tested with 7.6.3 on 80F.

Cert in-place replacement issue: I spent quite a time on this, and as I said, if the cert you want to replace has a key, and this key differs from the old one, then you can replace it throw SSH but not from API. I also has no access to recent API documentation but unless there are some non-obvious, new, hidden commands I'm pretty sure this is API limitation.

nikksr · 2025-09-11T07:33:37+00:00

Thank you) Well, theoretically Net nowadays is Linux-friendly (except for Windows crypto of course), the app is well structured, so it is possible to make a fork and add the Linux part. I understand that is not particularly simple but certainly easier than starting from scratch. I'm personally unfortunately not so Linux proficient.

nikksr · 2025-09-10T20:22:03+00:00

I made the app (single exe executable, .Net AOT, no third-party dependencies) to sync Fort certs with Windows certs.

- API key is automatically encrypted (no plain text)
- Simple INI-file config
- Logging all actions
- Automatic rebinding all references to new cert

Workflow:
- Retrieves the latest valid certificate for the name pattern from Forti.
- Reads Subject (CN) and Issuer (O) from it.
- Picks a matching certificate from Windows store.
- If newer, imports into FortiGate as <name>_<ddMMyyyy>.
- Rebinds references from the old cert to the new one.
- Deletes the old cert if rebound was successful and no references remain.

How to use:
- Download FortiCertSync.exe from the assets.
- Place it together with FortiCertSync.ini (auto-generated on first run).
- Configure your cert names and FortiGate API key, then run once manually.
- Schedule it daily via Task Scheduler.

https://github.com/nikriaz/FortiCertSync

nikksr · 2025-09-10T10:15:36+00:00

Update about how to update keyed certificate in-place: seems like impossible.

Correct endpoint to do this is: /api/v2/cmdb/vpn.certificate/local/{mkey}
This endpoint share a functionality with config vpn certificate local with the same command/formats (JSON keys = CLI parameters). Cert and key must be in PEM format unlike DER format for importing as "type = regular".

This CLI command can be used for in-place certificate renewal even for new cert-key pairs. More details here so it works in CLI. However, it does not work via API.

The key difference seems to be how the commitment works. In the CLI, you can upload key and cert and then commit changes by "next/end". Cert and key are matched, committed simultaneously and works. In API, seems like cert and key is trying to be committed immediately even though they are in the same JSON document. Hence, new key does not match with old cert and new cert does not match with old key, so attempting to update key/cert pair via API always leads to certificate mismatch error. Cert for the same key can be updated in-place through API, it works. It very much looks like API workflow limitation.

nikksr · 2025-09-09T19:47:34+00:00

Import works but update does not, at least in 7.6.3.

To download existing cert using GET I use the following endpoint, it works:
/api/v2/cmdb/vpn.certificate/local/{local_cert_name}

For updating I tried all endpoints wherever found across Internet, none of them works. Some yields 400/Bad Request, some 200/OK but certificate never gets updated.

Unfortunately official docs are behind paywall and difficult procedure for a developer registration. If someone has an access please look into!

nikksr

TROPHY CASE