OPNsense Forum
English Forums => General Discussion => Topic started by: Inxsible on February 28, 2021, 08:49:54 am
-
Hello,
I moved over my pfSense install to OPNsense and had a few niggles during the install process and after using the new firewall for half a day
During the install, I got multiple Segmentation faults and the screen would get the login prompt back even though the GUI installer screen would remain. However once I logged back in using the installer username, I would get back to the same spot where the Segmentation Fault had occurred and I could continue until the next Segmentation Fault occurred. I got this at least 4-5 times during the install but was eventually able to finish it.
- Will there be any issues by using OPNsense given that there were Segmentation Faults during installation?
- Why did I get these, when I didn't get them when I installed it on my friend's router with the exact same USB key?
Now that I have used this for about 8-10 hours I have a few problems that I am trying to fix:
I set up the Let's encrypt plugin with my account and cloudflare dns. Set up a certificate and renewed it which went fine. However, Chromium would just time out when trying to access the Web UI by the IP address and give a DNS Rebind Error when using the host.mydomain. Same DNS Rebind error in Firefox with host.mydomain, but the IP address worked in Firefox, so I had to then login and disable the DNS Rebind Check. After disabling, I was able to get to the login page in Chromium and Firefox by using the host.mydomain. But after logging in, I got the HTTP_REFERER error and it indicated that i should disable that. So again I went via Firefox and IP to disable that and now I can access the Web UI with IP or host.mydomain in both Chromium and Firefox
Secondly, I have had trouble setting up the UPS monitor. I installed the os-nut package and set up my UPS using the SNMP driver. However the UPS Diagnostics page never displays any settings. In pfSense, I only had to select the SNMP driver and put in the IP address of my networked UPS and it was able to communicate with the UPS. Is there something I am missing in the UPS setup for Opnsense?
- Why is disabling the DNS Rebind & HTTP REFERER necessary? I had those checks enabled in pfSense and it worked fine. I would really like to enable those again without losing access to the Web UI. How would I do that?
- I assume I have to use the standalone Service Mode on the UPS configuration page since I don't have a separate NUT server?
- Dashboard always indicates that the nut_daemon is not running -- no matter how many times I try to start it, it remains red
Please let me know if you need any additional information.
-
I figured out the UPS issue after trying out a few things. For those in similar situation, here's what I did
- Install os-nut plugin
- On the Nut Configuration page, Enable NUT, name your UPS(any name -without spaces)
- Select service mode as standalone or netclient (see notes below)
- Set ListenAddress as 127.0.0.1 & ::1 (if using IPv6)
- Click Apply
- Select the SNMP-Driver under UPS Type
- Enable the driver. Make sure all other drivers are disabled
- Under Extra Arguments add port=<IP of your UPS network card> and any other SNMP attributes eg pollfreq=45 etc
- Click Apply
Then visiting the Nut --> Diagnostics page should provide you all the attributes that your UPS supports.
Notes:
- I tried the FQDN of my UPS -- port=host.domain.com -- in the Extra Arguments, but Opnsense failed to communicate with the UPS. I have read reports that FQDN should work, but for me, I had to explicitly put the IP address of the network card of the UPS.
- When you select the Service Mode as -- standalone, you will see the Nut Daemon and Nut_upsmon services being enabled.
- When you select the Service Mode as -- netclient, but still use the SNMP-driver, then you will see only the Nut_upsmon service enabled, but you will also see the below error in the logs. However, the Nut-->Diagnostics page still shows the attributes that your UPS supports. So I think you can still use either Service Mode, but you might have to set up the correct Net-SNMP credentials in the Extra Arguments, in order to avoid the error in the logs.
upsmon[85281] Login on UPS [UPSNAME] failed - got [ERR ACCESS-DENIED]
-
I am still struggling with the DNS Rebind & HTTP_REFERER issue. Can somebody provide some insight into those please?
Thanks,
Inxsible
-
I am still struggling with the DNS Rebind & HTTP_REFERER issue. Can somebody provide some insight into those please?
Thanks,
Inxsible
Are you trying to access the OPNsense from the internet?
If yes setup a VPN and disable the WebUI on WAN
But if thats neccesarry heres the solution
https://forum.opnsense.org/index.php?topic=1954.0
-
No I was simply accessing the webui while on the LAN.
I don't have any open ports to allow access via the internet. I did have a VPN server set up in my pfSense install -- but I haven't gotten around to setting up the VPN server in Opnsense yet.