Skynet Skynet - Router Firewall & Security Enhancements

[L&LD]

- UPnP is enabled.
- I have one port forwarding rule open for the OpenVPN Server pointing to the router.

I don't think that OpenVPN rule is required? I have never needed one.

 

[#TY]

I don't think that OpenVPN rule is required? I have never needed one.

I'm going to test without it and see if everything still works. If so, I agree, no need for it. I think I had enabled it because I thought it was needed to connect to my OpenVPN Server remotely while my OpenVPN client was connected to ExpressVPN.

Update: I removed the port forward. Wasn't needed after all

 

[dave14305]

I'm going to test without it and see if everything still works. If so, I agree, no need for it. I think I had enabled it because I thought it was needed to connect to my OpenVPN Server remotely while my OpenVPN client was connected to ExpressVPN.

Update: I removed the port forward. Wasn't needed after all

Did you rescan at grc just to see if that was the reason?

 

[Zonkd]

I'm going to test without it and see if everything still works. If so, I agree, no need for it. I think I had enabled it because I thought it was needed to connect to my OpenVPN Server remotely while my OpenVPN client was connected to ExpressVPN.

Update: I removed the port forward. Wasn't needed after all

It’s recommended to disable UPnP and you’re correct that you don’t need to forward any ports for OpenVPN servers that run on the router.

 

[#TY]

Did you rescan at grc just to see if that was the reason?

Yeah it still says port 80 and 443 open.

 

[L&LD]

Yeah it still says port 80 and 443 open.

Are you on a cable or a Fibre ISP connection?

Also, did you clear out your browser cache?

 

[Butterfly Bones]

I ran a test on the following page:
https://www.grc.com/x/ne.dll?rh1dkyd2

and the results came up as shown in the attached screenshot.

I don't recall opening ports 80 or 443 on the WAN side.

Any idea if this is normal or is there anything I need to do. The router config page is not open on the WAN either.

Thanks in advance.

If you test with a VPN client active, you are seeing results of that VPN host server. Don't ask me how I know.
https://www.snbforums.com/threads/server-ports-open-not-wanted-ac-68u-merlin-380-68_4.43791/

 

[#TY]

If you test with a VPN client active, you are seeing results of that VPN host server. Don't ask me how I know.
https://www.snbforums.com/threads/server-ports-open-not-wanted-ac-68u-merlin-380-68_4.43791/

I do! My OpenVPN client is always connected to my VPN provider. Oh man, I would have never thought of that. Thank you.

Does this mean, I can ignore the message about the ports being open?

 

[L&LD]

I do! My OpenVPN client is always connected to my VPN provider. Oh man, I would have never thought of that. Thank you.

Does this mean, I can ignore the message about the ports being open?

Exactly! Just ignore when you're on a paid for VPN.

 

[#TY]

Thank you guys! Mystery solved! Phew

 

[Butterfly Bones]

I do! My OpenVPN client is always connected to my VPN provider. Oh man, I would have never thought of that. Thank you.

Does this mean, I can ignore the message about the ports being open?

What you see is the VPN host server you are connected with, if you want to see your router, you need to turn off the VPN or use a Strict Policy Rules entry to add an IP directed straight to the WAN and not the VPN. The few posts in the linked thread make it very clear. Don't ask me how I know.... [insert highly embarrassed emoji]

 

[elnash]

Hello, since I installed Skynet I have problems in my xbox one. When the friends
me a party invitation, I do not receive this notification. Someone can guide me on how to solve it, thanks in advance.

 

[L&LD]

Hello good, since I installed Skynet I have problems in my xbox one. When the buyers send me a party invitation, I do not receive this notification. Someone can guide me on how to solve it, thanks in advance.

When you uninstall Skynet are the symptoms still there (I would reboot the router too after uninstalling or re-installing any scripts)?

Are you also using Diverson? If so, did you go into the Diversion menu and enable the '+' lists?

 

[elnash]

When you uninstall Skynet are the symptoms still there (I would reboot the router too after uninstalling or re-installing any scripts)?

Are you also using Diverson? If so, did you go into the Diversion menu and enable the '+' lists?

I do not just use skynet sorry for my english I'm spanish and tradusco in google translator

 

[Adamm]

Hello, since I installed Skynet I have problems in my xbox one. When the friends
me a party invitation, I do not receive this notification. Someone can guide me on how to solve it, thanks in advance.

https://github.com/Adamm00/IPSet_ASUS/wiki#applicationexe-or-websitecom-is-blocked

 

[faria]

I do not just use skynet sorry for my english I'm spanish and tradusco in google translator

add the folowing entries to your white list and reboot

# Xbox live
attestation.xboxlive.com # """""
cert.mgt.xboxlive.com # """""
client-s.gateway.messenger.live.com # Used for Xbox Live Messaging
clientconfig.passport.net # This domain is used for sign-ins, creating new accounts, and recovering existing Microsoft accounts
ctldl.windowsupdate.com # """""
def-vef.xboxlive.com # """""
device.auth.xboxlive.com # """""
eds.xboxlive.com # """""
help.ui.xboxlive.com # """""
licensing.xboxlive.com # """""
notify.xboxlive.com # """""
settings-win.data.microsoft.com # """""
title.auth.xboxlive.com # """""
title.mgt.xboxlive.com # """""
v10.events.data.microsoft.com # These domains are used for Xbox Live Achievements
v10.vortex-win.data.microsoft.com # """""
v20.events.data.microsoft.com # """"
www.msftncsi.com # """""
www.xboxlive.com # """""
xbox.ipv6.microsoft.com # confirmed by Microsoft as being required by Xbox Live
xboxexperiencesprod.experimentation.xboxlive.com # """""
xflight.xboxlive.com # """""
xkms.xboxlive.com # """""
xsts.auth.xboxlive.com # """""

You can also create a new file in /jffs called "shared-xbox-whitelist" then paste the entries above to it save and reboot.

 

[#TY]

Update: It's been two days since installing SkyNet and so far everything seems to be running well.

Is there a best practice setup after installing it (for general use) or does simply installing SkyNet take care of all this?

 

[Adamm]

Update: It's been two days since installing SkyNet and so far everything seems to be running well.

Is there a best practice setup after installing it (for general use) or does simply installing SkyNet take care of all this?

Beyond manual whitelisting/blacklisting, Skynet is essentially “set and forget”.

 

[#TY]

Beyond manual whitelisting/blacklisting, Skynet is essentially “set and forget”.

Good to know Thanks!

 

[elnash]

add the folowing entries to your white list and reboot

# Xbox live
attestation.xboxlive.com # """""
cert.mgt.xboxlive.com # """""
client-s.gateway.messenger.live.com # Used for Xbox Live Messaging
clientconfig.passport.net # This domain is used for sign-ins, creating new accounts, and recovering existing Microsoft accounts
ctldl.windowsupdate.com # """""
def-vef.xboxlive.com # """""
device.auth.xboxlive.com # """""
eds.xboxlive.com # """""
help.ui.xboxlive.com # """""
licensing.xboxlive.com # """""
notify.xboxlive.com # """""
settings-win.data.microsoft.com # """""
title.auth.xboxlive.com # """""
title.mgt.xboxlive.com # """""
v10.events.data.microsoft.com # These domains are used for Xbox Live Achievements
v10.vortex-win.data.microsoft.com # """""
v20.events.data.microsoft.com # """"
www.msftncsi.com # """""
www.xboxlive.com # """""
xbox.ipv6.microsoft.com # confirmed by Microsoft as being required by Xbox Live
xboxexperiencesprod.experimentation.xboxlive.com # """""
xflight.xboxlive.com # """""
xkms.xboxlive.com # """""
xsts.auth.xboxlive.com # """""

You can also create a new file in /jffs called "shared-xbox-whitelist" then paste the entries above to it save and reboot.

Thank you very much, I have solved by putting the domes you have put. Thanks again. Regards!!!!