KeexyBox's forum
Portal

Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  

Search Forums

(Advanced Search)

Forum Statistics
» Members: 11,626
» Latest member: ajehntts3391
» Forum threads: 70
» Forum posts: 182

Full Statistics

Latest Threads
That Chances of Alternati...
Forum: Admin interface
Last Post: CarmelaSharm
07-16-2024, 01:47 PM
» Replies: 0
» Views: 131
Speedy Home Listings via ...
Forum: Admin interface
Last Post: Stevengindy
06-28-2024, 02:23 AM
» Replies: 0
» Views: 448
Best Place To Enjoy Elden...
Forum: Profiles
Last Post: RyujiSaeki
06-24-2024, 09:48 AM
» Replies: 0
» Views: 325
Diablo IV Anniversary Cel...
Forum: Profiles
Last Post: RyujiSaeki
06-24-2024, 09:41 AM
» Replies: 0
» Views: 127
WIZARD
Forum: Installation
Last Post: emmsch
09-18-2023, 02:48 PM
» Replies: 0
» Views: 2,297
Proxmox
Forum: Installation
Last Post: benoit
08-30-2023, 04:54 AM
» Replies: 1
» Views: 1,593
Getting started
Forum: Users and devices connection management
Last Post: byronbulb
07-03-2023, 02:30 PM
» Replies: 0
» Views: 5,084
Dual network interfaces n...
Forum: Network
Last Post: whopz
06-20-2023, 11:07 PM
» Replies: 0
» Views: 3,501
Hardware
Forum: Users and devices connection management
Last Post: emmsch
06-19-2023, 08:12 AM
» Replies: 2
» Views: 5,241
iptables issue with times...
Forum: Profiles
Last Post: rdavila
02-05-2023, 02:20 PM
» Replies: 1
» Views: 3,931

  1 PC, several users
Posted by: diozea - 07-11-2021, 03:47 AM - Forum: Users - Replies (1)

Hello,
Each of my family have a Windows account on the same PC.
After the Windows session opening, when a member log in to keexy the first time, all of others users are authenticates with the first keexy account.

I think keexy only filter by source IP. It's a huge limitation that make useless users profile for my usage.

Others topics:
I would like to ping my LAN devices by hostname. Is there a way to do that?

Some tips:
you should add some use cases in the wiki:

  • Parents who want to limit kids browsing by duration -> not possible (it's important to say it, I think It's a "must have" for parents)
  • Explain how to allow kids to use only a limited couple of websites (school websites for instance) when his profile "Leisure time" is disabled by the scheduler.
Anothers tips:
  • Add a feature to download a backup all keexy configs (in case of crash).
  • Explain how users can find the Captive Portal with their browser. (It seems that there is no http redirect before the first login).
  • When the user's profile is out of schedule, the message displaying in the browser is not user friendly (waiting time exceeded).
  • Explain that you can't change the profile of any devices, if the device itself (wich you are lagin as admin) has a device profile which don't allow it to brows internet (out of schedule). The message displayed is confusing (Unable to connect ... Please check if the device is on the network.)
Currently Keexybox is more oriented to be a DNS blocker than a Parental control tool.
I think you are not so far to be one. I hope thoses features will be available soon (even as a paid Premium features, but paid oneshot, not by annual subscription).

Could we see somewhere your roadmap?

Print this item

  [solved] dhcpd can't start on all interfaces
Posted by: diozea - 07-08-2021, 06:32 PM - Forum: DHCP - Replies (1)

Hello,
Systemctl gives me:
● dhcpcd.service loaded failed failed    dhcpcd on all interfaces

So I'm not sure what's the really impact of the failed state of dhcpd service. What's your recommendation?
Tips: You should display more informations in "Services and power" (such as the detail status of each service, with the error). And add the service "logrotate"?



Code:
sudo ./init_dhcpd start
isc-dhcpd-4.4.2
ls: cannot access '/opt/keexybox/dhcpd/dhcpcd*.pid': No such file or directory
Internet Systems Consortium DHCP Server 4.4.2
Copyright 2004-2020 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /opt/keexybox/dhcpd/etc/dhcpd.conf
Database file: /opt/keexybox/dhcpd/etc/dhcpd.leases
PID file: /opt/keexybox/dhcpd/dhcpcd.pid
Wrote 0 class decls to leases file.
Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 13 leases to leases file.
Multiple interfaces match the same shared network: br0 br0:0
Listening on LPF/br0/dc:a6:32:d3:52:ea/local_net
Sending on   LPF/br0/dc:a6:32:d3:52:ea/local_net
Sending on   Socket/fallback/fallback-net





dhcpd.conf
Code:
pi@raspberrypi:/opt/keexybox/dhcpd/etc $ cat dhcpd.conf
# GENERATED BY KEEXYBOX WEBUI
# DO NOT EDIT THIS FILE


ddns-update-style none;

option domain-name "keexybox";

default-lease-time 600;
max-lease-time 7200;

log-facility local7;

class "external_host" {
            match hardware;
}

class "internal_host" {
            match hardware;
}

include "/opt/keexybox/dhcpd/etc/dhcpd-reservations.conf";

shared-network local_net {
        # INTERNET ROUTER SIDE
    subnet 192.168.1.0 netmask 255.255.255.0 {
        option routers 192.168.1.254;
                option domain-name-servers 192.168.1.1;
                pool {
                range 192.168.1.151 192.168.1.201;
                        allow members of "external_host";
                        deny unknown-clients;
                }
    }

        # USER AND DEVICES SIDE
    subnet 192.168.0.0 netmask 255.255.255.0 {
        option routers 192.168.0.254;
                option domain-name-servers 192.168.0.254;
                pool {
                range 192.168.0.1 192.168.0.100;
                        allow members of "internal_host";
                        allow unknown-clients;
                }
    }
}

Do we need to indicate which scope is autoritative?


Code:
more dhcpd-reservations.conf
# GENERATED BY KEEXYBOX WEBUI
# DO NOT EDIT THIS FILE


host ajonc {
        hardware ethernet MACaddress;
        fixed-address 192.168.0.37;
}
subclass "internal_host" MACaddress;

host Printer-Pixma {
        hardware ethernet MACaddress;
        fixed-address 192.168.0.3;
}
subclass "internal_host" MACaddress;

host Freebox-Mini {
        hardware ethernet MACaddress;
        fixed-address 192.168.0.4;
}
subclass "internal_host" MACaddress;


/opt/keexybox/dhcpd/etc/interfaces.conf
Code:
export LISTENING_INTERFACES="br0"


and
Code:
more /etc/network/interfaces
# GENERATED BY KEEXYBOX WEBUI
# DO NOT EDIT THIS FILE

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# Auto load interfaces
auto lo br0 br0:0
iface lo inet loopback

# Hotplug interfaces
allow-hotplug br0 br0:0


# Output network configuration
iface br0 inet static
    address 192.168.1.1
    netmask 255.255.255.0
    gateway 192.168.1.254
    dns-nameservers 208.67.222.222 8.8.4.4

    bridge_ports eth0
    bridge_stp off
    bridge_waitport 0
    bridge_waitport 0

# Internal network configuration
iface br0:0 inet static
    address 192.168.0.254
    netmask 255.255.255.0


On each PC, DHCP server is set to 192.168.1.1 (instead of 192.168.0.254 i think)


By the way, there is an issue with the time zone in the GUI. My timezone is Europe/Paris  but when I checked in raspi-config it was "London".



Code:
Rq:
I'm using raspberry 4 with a for website filtering and anonymity. First for parental control, and a little for ad blocker.
internal interface of Keexybox: 192.168.0.254
external interface of Keexybox:192.168.1.1
router interface: 192.168.1.254

GW: 192.168.1.254
DNS1: 208.67.222.222
DNS2: 8.8.4.4

DNS Redirector: enabled

DHCP conf is (on the same interface so: Bro):
internal: range 192.168.0.1 to 100
external: range 192.168.1.251 to  201
Print this item

  [Solved] Wifi configuration
Posted by: diozea - 07-04-2021, 10:37 AM - Forum: Wireless Access Point - Replies (1)

Hello,

I finished to setup keexybox for website filtering and anonymity topology with a raspberry pi 4.
Wifi form is filled. 
But any wifi signal is broadcast by the raspberry.(As I understand, Pi 4 can act as an AccessPoint natively, Am I wrong?)
Keexybox GUI can't start hostapd service. The service is stopped.

On SSH, Raspberry warn me:
Wi-Fi is currently blocked by rfkill.
Use raspi-config to set the country before use.

raspi-config shows an error when I try to setup WLAN country:
Could not communicate with wpa_supplicant

pi@raspberrypi:~ $ cat /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1


pi@raspberrypi:/opt/keexybox/hostapd/etc $ cat hostapd.conf
# GENERATED BY KEEXYBOX WEBUI
# DO NOT EDIT THIS FILE

# General
ssid=WifiNobel-keexy
interface=wlan0
bridge=br0
country_code=FR
hw_mode=g
channel=10
wmm_enabled=1
macaddr_acl=0

# Security
ignore_broadcast_ssid=0
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
wpa_passphrase=mypassword


Do I miss something?

Print this item

  Browsing duration with limit per day
Posted by: diozea - 07-04-2021, 10:07 AM - Forum: Profiles - Replies (1)

Hello,
I would like to allow my kids to browse internet:
- on a time slot -> okay i can setup that in a profile
+
- with a limit of duration per day -> how? If not, is it plan soonly?

I think a lot of parents will use this feature.

Thanks fo your work.

Print this item

  DHCP & DNS trouble
Posted by: diozea - 06-17-2021, 04:49 PM - Forum: Network - Replies (3)

Hello,
I finish the setup on a raspberry 4 with a for website filtering and anonymity.
internal interface of Keexybox: 192.168.0.254
external interface of Keexybox:192.168.1.1
router interface: 192.168.1.254

GW: 192.168.1.254
DNS1: 208.67.222.222
DNS2: 8.8.4.4

DNS Redirector: enabled or disabled, same result. (what's criteria to decide to enable ou disable it?)

DHCP conf is (on the same interface so: Bro): 
internal: range 192.168.0.1 to 100
external: range 192.168.1.251 to  201
Why both ranges have to me enabled?
How a device will now which range to use?

But from a PC, I can't resolve any domain. (From keexy I can).
(I haven't create a user or a device).

Any idea?

Print this item

  Select all categories
Posted by: diozea - 06-17-2021, 12:33 PM - Forum: Profiles - Replies (1)

Hello,
Thank you very much for your impressive work.

I would like to setup a school profile:
- available all the time
- but restricted only to school site or educational content (so only a couple of categories).

Is there a way to select all categories at the same times?
or to allow only one or 2 category and block the others?

Print this item

  purely device based
Posted by: lanceg10 - 05-26-2021, 03:25 AM - Forum: Users and devices connection management - Replies (1)

Looking for a way to purely handle traffic by devices without having users have to 'log in' with some profile to keexybox - so, for devices like a smart tv, want to be able to view traffic and selectively block domains.
is this possibe becuse, if so, i'm totally missing it.

Print this item

  I give up
Posted by: vit - 05-05-2021, 02:32 AM - Forum: Installation - Replies (1)

I spent a few days in it and got tired, I couldn't make it work well on the Rapsberry OS i386, I tried it with another PC with ubuntu 20, but also without success ... can you put a version to work on a virtual machine? to just download and start in vmware or virtual box? I really liked the software, too bad it's a nightmare trying to make it work manually.

Print this item

  Clock Unsynchronized
Posted by: vit - 05-04-2021, 12:12 AM - Forum: Date and time - Replies (4)

Error on NTPD TIME, anyone can help?

2021-05-03 20:42:22 - /usr/bin/sudo /etc/init.d/ntp status
2021-05-03 20:42:22 - * ntp.service - Network Time Service
2021-05-03 20:42:22 -    Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
2021-05-03 20:42:22 -    Active: active (running) since Mon 2021-05-03 19:43:38 -03; 58min ago
2021-05-03 20:42:22 -      Docs: man:ntpd(8)
2021-05-03 20:42:22 -  Main PID: 994 (ntpd)
2021-05-03 20:42:22 -    Tasks: 2 (limit: 4464)
2021-05-03 20:42:22 -    Memory: 2.4M
2021-05-03 20:42:22 -    CGroup: /system.slice/ntp.service
2021-05-03 20:42:22 -            `-994 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 104:110
2021-05-03 20:42:22 -
2021-05-03 20:42:22 - May 03 19:43:39 p1 ntpd[994]: restrict ::: KOD does nothing without LIMITED.
2021-05-03 20:42:22 - May 03 19:43:39 p1 ntpd[994]: Listen and drop on 0 v6wildcard [::]:123
2021-05-03 20:42:22 - May 03 19:43:39 p1 ntpd[994]: Listen and drop on 1 v4wildcard 0.0.0.0:123
2021-05-03 20:42:22 - May 03 19:43:39 p1 ntpd[994]: Listen normally on 2 lo 127.0.0.1:123
2021-05-03 20:42:22 - May 03 19:43:39 p1 ntpd[994]: Listening on routing socket on fd #19 for interface updates
2021-05-03 20:42:22 - May 03 19:43:39 p1 ntpd[994]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
2021-05-03 20:42:22 - May 03 19:43:39 p1 ntpd[994]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
2021-05-03 20:42:22 - May 03 19:43:41 p1 ntpd[994]: Listen normally on 3 br0 192.168.0.111:123
2021-05-03 20:42:22 - May 03 19:43:41 p1 ntpd[994]: Listen normally on 4 br0:0 192.168.2.254:123
2021-05-03 20:42:22 - May 03 19:43:41 p1 ntpd[994]: new interface(s) found: waking up resolver
2021-05-03 20:42:23 - /usr/bin/sudo /opt/keexybox/keexyapp/src/Shell/scripts/init_tor status
Print this item

  Samba and Plex no longer connect
Posted by: vit - 05-03-2021, 10:30 PM - Forum: Network - Replies (1)

After installation, I can no longer access plex and samaba on the local network, I looked at iptables and it seems that there is a drop for everything other than the keexybox ports, how can I release these services on the local network?

Thanks! Smile Smile

Print this item