Messages

That went well, we are back in the game ;-)

Many thanks for the quick reply!

I'm not that good with BSD at the console, is there somethink easy such as

Code Select Expand

rm /path/to/config.xml

or such? :-)

Hi!

While configuring a vga install (updated to the latest), I imported interfaces form a different config (with more interfaces than physically available in my current install), after fixing this I have a DHCP server on the LAN, but nothing going back and forth (no ping to the box, no GUI of the box, nothing). Disabeling pf from console (shell) doesn't help.

Is there a command from console (shell) to reset the opnsense to factory?

Many thanx in advance...

Tried something new:

switched to DNS server

46.182.19.48@853

(Digitalcourage), commenting out the other TLS-DNS servers proposed above (Cloudflare...). Checked that it works.

Subsequently switched to LibreSSL and rebooted. Now working fine for some time, no crashes for unbound yet. :-)

OK, tried it myself, switched a completely updated x64 full install from openSSL to libreSSL, but within 3 minutes Unbound is ended, the general log says:

Code Select Expand

Oct 12 11:34:47 kernel: pid 50815 (unbound), uid 59: exited on signal 11


and unbound log says:

Code Select Expand

Oct 12 11:34:47 unbound: [50815:0] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:0] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:2] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:0] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:2] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:0] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:2] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:0] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:2] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:0] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:2] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:0] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:2] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:0] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:2] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:2] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:2] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:2] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:2] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:2] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:2] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:2] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:2] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:2] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:2] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:2] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:2] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Oct 12 11:34:47 unbound: [50815:0] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
OPNsense (c) 2014-2018 Deciso B.V.

-------------------

Manually restarting unbound doesn't help for long:

Code Select Expand

Oct 12 11:40:51 kernel: -> pid: 28971 ppid: 1 p_pax: 0x850<SEGVGUARD,ASLR,NODISALLOWMAP32BIT>
Oct 12 11:40:51 kernel: [HBSD SEGVGUARD] [unbound (28971)] Suspension expired.
Oct 12 11:40:51 kernel: pid 28971 (unbound), uid 59: exited on signal 11


in the general log, but no corresponding entries in the unbound log.

Did anybody try with newer versions of LibreSSL recently to make this work? Had to switch to openssl to make it work (again?) in summer...

"Am Einfachsten ist die Regelverarbeitung, wenn man auf Kniffe wie "!<alias>" verzichtet, denn das kann an anderen Stellen wieder seltsame Nebeneffekte haben. "

Also zumindest bei der pfsense stirbt mir regelmäßig auf einer Installation die Auflösung der Aliases, mal nach 24 h, mal nach 2-3 Wochen und dann werden Regeln mit Aliases zu einem großen Problem. Nur als Hinweis... Warum die Aliases nicht mehr aufgelöst werden? Keine Ahnung! Irgendwann hatte ich mir mal einen Fehlerbericht dazu gegoogelt, war schon etwas älter und hatte sich nichts getan.

Die Aliases werden auch nicht mit TLS DNS aufgelöst (habe ich im Resolver konfiguriert), solange man unter "General" DNS Server gesetzt hat (Habe ich letzthin mit Wireshark auf dem WAN Interface gefunden).

Ahh, wo anscheinend gerade der Datenschutzbeauftragte von Microsoft hier ist, kurze Frage:

WAS genau sendet Win 10 eigentlich an unvermeidlicher Telemetrie und warum sollte das für ein Betriebssystem unerläßlich sein?

How???

This here works fine for me:

https://forum.opnsense.org/index.php?topic=7811.0

:-)

Hallo Jegr! Na, ich kenne mittlerweile ein knappes Duzend Leute, die drüben gesperrt sind, nachdem sie hier gepostet haben. :-)

Ich habe nie etwas Verbotenes drüben gepostet, mein Account wurde einfach gesperrt. Aber ich verdiene auch nicht mein Geld mit Firewalls. :-D

Hi!

Ich würde an deiner Stelle einfach schnell mal den Aufbau in einer OPNsense nachstellen und schauen, was passiert, sicher hat sonst kaum jemand Erfahrung mit genau diesem setup?!

Immer damit rechnen, dass dein Account im pfsense (nun ja: ntegat.com) Forum gesperrt wird, nur weil du hier postest. Ist mir vor Jahren passiert und diversen anderen Leuten (die dort und hier die selben Nicks verwenden ;-) ) mittlerweile auch...

Grüße!

Hi again!

I know, this is most likely a feature, not a bug, but would book this under "unexpected behaviour", so just as a "heads up" to everybody :-)

Have an OPNsense (up to date i386 nano wit LibreSSL flavour). As I use it for traveling, it has preconfigured openVPN tunnels, employing DYNDNS for the target servers running on other
OPNsenses and one remaining pfsense (x64, latest updates installed).

All doing fine. Can reach the subnet I want to reach at a specific pfsense when traveling, but was really surprised that I could reach the openVPN server as well as clients in the LAN subnet

- when the OPNsense is BEHIND the pfsense, but in a different subnet (OPT1), than the subnet attached to tunnel (LAN)
- with a WAN firewall rule BLOCKING access to the specific port the openVPN server is listening.

Really a surprise to me at first sight, but then I remembered that you can reach the GUI from LAN when entering the WAN-IP in the browser (if not specifically blocked).

So the access to the specific WAN port is NOT blocked for access via this OPT1 network.

Will hopefully soon switch this remaining pfsense to OPNsense, but likely have to expect the same behaviour, as the openVPN traffic is hitting the WAN adress not via the WAN interface, which has the block rule, or? :-)

..would do a backup on the opnsense after each and every step, before importing the next section of the config. Just in case something breaks you doon't have to start from scratch again.... ;-)

Und auf der EAP Seite kann ich via User dann schnell ein Gerät entweder ins echte LAN oder WLAN Netz, oder auch mal ins Gäste Netz hängen. Sehr praktikabel :)

Bitte, wie? Kannst du das in 1-2 Sätzen nochmal verständlich machen, bitte?