Text only | Text with Images

OPNsense Forum

Archive => 23.1 Legacy Series => Topic started by: peterwkc on March 09, 2023, 10:00:59 AM

Title: Unable to sign in google services using Ubuntu/Centos OS behind OPNSense
Post by: peterwkc on March 09, 2023, 10:00:59 AM
Dear all forumers, I had opnsense serve as gateway router and firewall. My ubuntu and Centos OS cannot signin to youtube services and gmail services but my Window 11 OS function with no problem. May I know hwat is the problem? security-Certificate?

Please help. Thanks in advance.
Title: Re: Unable to sign in google services using Ubuntu/Centos OS behind OPNSense
Post by: bartjsmit on March 09, 2023, 12:57:34 PM
Do you run a squid proxy on OPNsense? If you're worried about the cert as seen by your Linux clients, run this:

echo Q | openssl s_client -showcerts -connect youtube.com:443 | less

Bart...
Title: Re: Unable to sign in google services using Ubuntu/Centos OS behind OPNSense
Post by: peterwkc on March 11, 2023, 02:55:24 AM
I don't have squid proxy configured with OPNSense. When i running the command, i see the google.com certs seems valid.
Title: Re: Unable to sign in google services using Ubuntu/Centos OS behind OPNSense
Post by: bartjsmit on March 11, 2023, 08:47:00 AM
Run packet captures for your Windows Google session and for Linux. Compare them in Wireshark. https://www.wireshark.org/
Title: Re: Unable to sign in google services using Ubuntu/Centos OS behind OPNSense
Post by: peterwkc on March 11, 2023, 10:12:05 AM
How to caputure the google session only since there is others program using the network interface?
Title: Re: Unable to sign in google services using Ubuntu/Centos OS behind OPNSense
Post by: bartjsmit on March 11, 2023, 10:31:47 AM
Interfaces: Diagnostics: Packet Capture

Filter on the source workstation by putting its IP address in the Host Address field

You can pick out the Google sessions by following each TCP connection in Wireshark

Bart...
Text only | Text with Images