Messages

Hello
since the Update
the Munin Agent do not send information on new added VLAN "Ports" traffic!
And there is also a function missing to remove old VLAN ID Traffic grafics!

have a nice day
vinc

Hello
ok i think the best would be:
UCS hold the USER Management
opnSense keep DHCP and Radius!

But on a Unifi AP i have to define for wlan Access a Radius server and i am not sure what should be added there!
Basicly the AP is allready connected with Radius and so far this works.
This (on the Picture) would be needed to check the user login too, so i am a bit confused...

The SSID is fixed to a VLAN and the VLAN is known on the opnSense, with WPA the connection works - just without user authentication

have a nice day
vinc

any idea how to solve this challange?

Hello

I have UCS (Univention Corporate Server) running with User Management.
I also run a opnSense FW.

first,
i manage Radius and DHCP on my opnSense, would it be wise to move this function to the UCS itself?
It is possible to hold them on both place like a master and Backup system? if yes how?

Then
i have also the VPN on my opnSense, how to manage the userrights for VPN over UCS and giving the Information to the opnSense, how to add the Certificate back to the user. Goal would be a login into the VPN and get the cert.

How did you solved this challange?

have a nice day
vinc

so after the update and rebooting the system are back - and i think it works fine!
but why this error???

upgrade to 20.7 did work
update to 20.7.1
give as information

2020-08-25T16:54:21.345697+02:00 FW-03.kozo.ch lighttpd 24452 - - (mod_openssl.c.1975) SSL: 1 -1 error:1404C07F:SSL routines:ST_OK:bad write retry
2020-08-25T16:54:27.269803+02:00 FW-03.kozo.ch lighttpd 24452 - - (mod_openssl.c.1975) SSL: 1 -1 error:1404C07F:SSL routines:ST_OK:bad write retry
2020-08-25T16:54:33.282943+02:00 FW-03.kozo.ch lighttpd 24452 - - (mod_openssl.c.1975) SSL: 1 -1 error:1404C07F:SSL routines:ST_OK:bad write retry
2020-08-25T16:54:39.313529+02:00 FW-03.kozo.ch lighttpd 24452 - - (mod_openssl.c.1975) SSL: 1 -1 error:1404C07F:SSL routines:ST_OK:bad write retry
2020-08-25T16:54:45.283066+02:00 FW-03.kozo.ch lighttpd 24452 - - (mod_openssl.c.1975) SSL: 1 -1 error:1404C07F:SSL routines:ST_OK:bad write retry
2020-08-25T16:54:51.237438+02:00 FW-03.kozo.ch lighttpd 24452 - - (mod_openssl.c.1975) SSL: 1 -1 error:1404C07F:SSL routines:ST_OK:bad write retry

since 6 minutes

after downloading and the information about rebooting in the console i got this....

Aug 25 16:21:49 lighttpd[19562]: (mod_openssl.c.1975) SSL: 1 -1 error:1404C07F:SSL routines:ST_OK:bad write retry
Aug 25 16:21:54 lighttpd[19562]: (mod_openssl.c.1975) SSL: 1 -1 error:1404C07F:SSL routines:ST_OK:bad write retry
Aug 25 16:21:59 lighttpd[19562]: (mod_openssl.c.1975) SSL: 1 -1 error:1404C07F:SSL routines:ST_OK:bad write retry

@siga75 Merci
yes i will have more then a vlan - with each ssid a vlan


IP  MAC Manufacturer Interface Interface name Hostname
10.18.14.1   00:0d:b9:48:53:56   PC Engines GmbH   igb2                   LAN   
10.18.14.131   fe:bd:4a:ac:10:8f                               igb2_vlan1014   1014vLAN   
10.18.14.50   ac:1f:6b:d3:93:31   Super Micro Computer, Inc.   igb2   LAN   
10.18.14.81   78:8a:20:d3:72:d0   Ubiquiti Networks Inc  igb2                   LAN   

how it is possible to have VM with a vlan1014 tag?

Hello
opnSense is working with VLAN Tag's so you have to define your VLAN on the opnSense and on the cisco side you do a trunk configuration

have a nice day
vinc

yes @mimugmail
but first would be a reload button to load new VLAN or remove old Bridge information.
But do not missunderstud - i am happy to see how it works and work fine

nice would also be not only to see the igb0, igb1, igb2 but added the "tag" DMZ, LAN, WAN ;-)
nice would also be to get information about updates ;-)

have a nice day
vinc

Hello @mimugmail

would be nice to have a option to activate or remove it

[] Disk usage in percent
[] Inode usage in percent
[] IOstat by bytes
[] S.M.A.R.T values for drive ada0
[] ath0_wlan1 Errors & Collisions
[] ath0_wlan1 pps
[] ath0_wlan1 traffic
[] ath0_wlan2 Errors & Collisions
[] ath0_wlan2 pps
[] ath0_wlan2 traffic
[] bridge0 Errors & Collisions
[] bridge0 pps
[] bridge0 traffic
[] igb0 Errors & Collisions
[] igb0 pps
[] igb0 traffic
[] igb1 Errors & Collisions
[] igb1 pps
[] igb1 traffic
[] igb2 Errors & Collisions
[] igb2 pps
[] igb2 traffic
[] igb2_vlan1002 Errors & Collisions
[] ovpns1 traffic
[] HDD temperature

and so one,
nice to have too.
[]
[]
[] Squid cache status
[] mail scanner reject
[] web page Scanner
[] Bind/DNS requests
[] DHCP Range and free


the a
[Refresh/Reload] Button

would remove old Bridge or VLAN Information
but also add new Bridge or VLAN Information or other stuff to monitor

have a nice day
vinc

i think it should be simple but i do miss something

or is there a way to give the same IP Range to the physical LAN and the VLAN LAN ?

hello
when i startet with opnsense i had a LAN Port with ip Range and some VM inside the IP Range too.
Now i have added a VLAN for the local user on a Switch.

the LAN and VLAN have different IP Range!

how the rule should be to have full access from VLAN <--> LAN?
the VLAN so far works to connect over WAN outside!
the VLAN is fixed on top of the LAN Port!

have a nice day
vinc

Hello
after update - after every update i got a error like this.
with a link to
System: Firmware: Reporter

Unfortunately we have detected at least one programming bug.
Would you like to submit this crash report to the developers?

and i send it
but never get a feedback.