"
I'm using firefox on my end, easiest way to show javascript output is to right-click on an element and choose "inspect"... it will open the inspector at the bottom of your screen. (then choose console for output).
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#556
16.1 Legacy Series / Re: Captive portal errors on Mac's and iOS devices
May 27, 2016, 03:19:10 PM #557
16.1 Legacy Series / Re: Captive portal errors on Mac's and iOS devices
May 27, 2016, 10:19:36 AM
Hi kabrutus,
It looks like the post for "/api/captiveportal/access/logon/" fails the second time, likely because the redirect after login went wrong the first time (because you seem to have gained access).
Normally it should try to redirect to the page you where going to before the login page, but maybe it couldn't determine the right one here.
The Apple Cancel/Done buttons are part of ios, I don't think we should focus on those.
Can you do some debugging and place one additional line in your template?
replace this:
with
Then try in osx again and open a javascript/develop console, it should return some data after login to your JS console.
Regards,
Ad
It looks like the post for "/api/captiveportal/access/logon/" fails the second time, likely because the redirect after login went wrong the first time (because you seem to have gained access).
Normally it should try to redirect to the page you where going to before the login page, but maybe it couldn't determine the right one here.
The Apple Cancel/Done buttons are part of ios, I don't think we should focus on those.
Can you do some debugging and place one additional line in your template?
replace this:
Code Select
}).done(function(data) {
// redirect on successful login
if (data['clientState'] == 'AUTHORIZED') {
with
Code Select
}).done(function(data) {
// redirect on successful login
console.log(data);
console.log(getURLparams()['redirurl']);
if (data['clientState'] == 'AUTHORIZED') {
Then try in osx again and open a javascript/develop console, it should return some data after login to your JS console.
Regards,
Ad
#558
16.1 Legacy Series / Re: weird LDAP auth behavior
May 27, 2016, 10:00:43 AM
Hi gerflo09,
When using ldap authentication for the webgui you need to import the respective users into OPNsense first to be able to grant them rights (when ldap is the default auth, there will be a small icon at the right bottom corner in the user manager).
When using the test button on the authentication page, it will first check the user database for a linked dn and then tries to connect that userdn with the provided password.
If there is no local linked user available (and hence no ACL), it will do an ldap search and tries to perform a connect for the first found user.
The only reason I can think of when a random user/pass combination is accepted is when your active directory server has anonymous bind enabled.
Regards,
Ad
When using ldap authentication for the webgui you need to import the respective users into OPNsense first to be able to grant them rights (when ldap is the default auth, there will be a small icon at the right bottom corner in the user manager).
When using the test button on the authentication page, it will first check the user database for a linked dn and then tries to connect that userdn with the provided password.
If there is no local linked user available (and hence no ACL), it will do an ldap search and tries to perform a connect for the first found user.
The only reason I can think of when a random user/pass combination is accepted is when your active directory server has anonymous bind enabled.
Regards,
Ad
#559
16.1 Legacy Series / Re: Insight - Netflow
May 26, 2016, 08:30:01 AM
Hi kabrutus,
You need to update to the latest version for the latest features :)
In the menu go to : System ⇒ Firmware ⇒ Updates
Regards,
Ad
You need to update to the latest version for the latest features :)
In the menu go to : System ⇒ Firmware ⇒ Updates
Regards,
Ad
#560
Announcements / OPNsense 16.1.15 released
May 25, 2016, 03:57:05 PM
Hi all,
We are dropping in for a quick update bundling assorted fixes and general improvements in all areas. Not much to add this week, see for yourselves...
Don't forget that ASLR is coming next week. :)
Here are the full patch notes for 16.1.15:
o system: make authentication fallback configurable
o system: settings cleanup and prettify
o system: added explicit ETC timezone selection
o high availability: add page for remote service control
o high availability: properly enforce authentication
o firmware: reboot and poweroff API actions
o firmware: only kill GUI process, not captive portal
o firmware: show errors in update window
o firmware: keep polling for progress even when GUI restarts
o backend: skip failing templates on bootup
o trust: fix CA certificate count in overview
o trust: allow key size up to 8192 bits
o firewall: fix invalid NPT rule generation
o firewall: speed up filter log pages
o firewall: do not allow to change virtual IP mode after creation
o firewall: moved settings page and rearranged settings accordingly
o interfaces: unhook all but the last custom PHP module functions
o interfaces: moved settings page and rearranged settings accordingly
o dhcp: do not override RA settings after save
o dns: resolver outgoing interface section moved to advanced as it will break setups with dynamic interfaces selected there
o load balancer: sticky mode from firewall / system split off as separate setting
o snmp: do not allow unicode in system location
o intrusion detection: remove deprecated rbn-malvertisers.rules set
o intrusion detection: add promiscuous mode / physical interface selection
o overall: fix menu width on small size screens
o overall: numerous translation fixes (contributed by Frederic Lietart)
o overall: numerous translation fixes (contributed by Fabian Franz)
o plugins: assorted bugfixes for HAProxy (contributed by Frank Wall)
o mvc: fix translations by adding an escaping wrapper
And here are the patch notes for 16.7 BETA:
o system: reworked the user / group manager privilege selection
o firewall: IPv6 outbound NAT rework
o interfaces: allow debug mode for DHCPv6 client
o interfaces: remove ath(4) long distance helpers
o dns: add custom port option for domain overrides
o gateways/routes: fix for far gateway setups
o overall: add stacked-to-horizontal feature for input forms
Stay safe,
Your OPNsense team
We are dropping in for a quick update bundling assorted fixes and general improvements in all areas. Not much to add this week, see for yourselves...
Don't forget that ASLR is coming next week. :)
Here are the full patch notes for 16.1.15:
o system: make authentication fallback configurable
o system: settings cleanup and prettify
o system: added explicit ETC timezone selection
o high availability: add page for remote service control
o high availability: properly enforce authentication
o firmware: reboot and poweroff API actions
o firmware: only kill GUI process, not captive portal
o firmware: show errors in update window
o firmware: keep polling for progress even when GUI restarts
o backend: skip failing templates on bootup
o trust: fix CA certificate count in overview
o trust: allow key size up to 8192 bits
o firewall: fix invalid NPT rule generation
o firewall: speed up filter log pages
o firewall: do not allow to change virtual IP mode after creation
o firewall: moved settings page and rearranged settings accordingly
o interfaces: unhook all but the last custom PHP module functions
o interfaces: moved settings page and rearranged settings accordingly
o dhcp: do not override RA settings after save
o dns: resolver outgoing interface section moved to advanced as it will break setups with dynamic interfaces selected there
o load balancer: sticky mode from firewall / system split off as separate setting
o snmp: do not allow unicode in system location
o intrusion detection: remove deprecated rbn-malvertisers.rules set
o intrusion detection: add promiscuous mode / physical interface selection
o overall: fix menu width on small size screens
o overall: numerous translation fixes (contributed by Frederic Lietart)
o overall: numerous translation fixes (contributed by Fabian Franz)
o plugins: assorted bugfixes for HAProxy (contributed by Frank Wall)
o mvc: fix translations by adding an escaping wrapper
And here are the patch notes for 16.7 BETA:
o system: reworked the user / group manager privilege selection
o firewall: IPv6 outbound NAT rework
o interfaces: allow debug mode for DHCPv6 client
o interfaces: remove ath(4) long distance helpers
o dns: add custom port option for domain overrides
o gateways/routes: fix for far gateway setups
o overall: add stacked-to-horizontal feature for input forms
Stay safe,
Your OPNsense team
#561
16.1 Legacy Series / Re: GeoIP alias so cool!!!
May 22, 2016, 01:08:06 PM
Not Franco, but I know the answer here :)
They are updated once a day automatically with the rest of the "downloadable" aliases, the responsible script for it is this one:
They are updated once a day automatically with the rest of the "downloadable" aliases, the responsible script for it is this one:
Code Select
/usr/local/etc/rc.update_urltables
#562
16.7 Legacy Series / Re: Network Insight - Further additions
May 21, 2016, 06:30:49 PM
Hi Dean,
No concrete plans for historical data yet, other then the api support and export which are already in there :)
Although I agree that if we add it... we should add another tab to keep the rest clean like it is now.
Thanks for your feedback,
Best regards,
Ad
No concrete plans for historical data yet, other then the api support and export which are already in there :)
Although I agree that if we add it... we should add another tab to keep the rest clean like it is now.
Thanks for your feedback,
Best regards,
Ad
#563
General Discussion / Re: Feature request reverse proxy load balancing
May 20, 2016, 06:37:35 PM
Hi Matthew,
I don't expect nginx + varnish to come in soon, but you might be interested in haproxy for the reverse proxy feature.
Frank has been working on it, and you can install it using our plugin system. He wrote some information in his original pull request, which can be found here https://github.com/opnsense/plugins/pull/10
Regards,
Ad
I don't expect nginx + varnish to come in soon, but you might be interested in haproxy for the reverse proxy feature.
Frank has been working on it, and you can install it using our plugin system. He wrote some information in his original pull request, which can be found here https://github.com/opnsense/plugins/pull/10
Regards,
Ad
#564
16.1 Legacy Series / Re: Netflow Insight not showing any data
May 19, 2016, 06:37:16 PM
Sorry, I can't test that... could you try to install our standard system and retry?
#565
16.1 Legacy Series / Re: Netflow Insight not showing any data
May 19, 2016, 06:18:28 PM
might be kernel/hardware related... I haven't seen it on one of our boxes.
can you try this:
the <flow.Flow..> is output, the print and break needs two spaces in front..
can you try this:
Code Select
root@OPNsense:~/core # python2.7
Python 2.7.11 (default, Apr 6 2016, 12:15:49)
[GCC 4.2.1 Compatible FreeBSD Clang 3.4.1 (tags/RELEASE_34/dot1-final 208032)] on freebsd10
Type "help", "copyright", "credits" or "license" for more information.
>>> import flowd
>>> flog = flowd.FlowLog('/var/log/flowd.log')
>>> for flow in flog:
... print flow
... break
...
<flowd.Flow object at 0x2faab2449c0>
the <flow.Flow..> is output, the print and break needs two spaces in front..
#566
16.1 Legacy Series / Re: Netflow Insight not showing any data
May 19, 2016, 06:06:03 PM
ok, that's good... netflow data is flowing :)
then this:
the second statement should "hang" while processing data, <ctrl><c> after a minute to exit.
then this:
Code Select
service flowd_aggregate stop
/usr/local/opnsense/scripts/netflow/flowd_aggregate.py console
the second statement should "hang" while processing data, <ctrl><c> after a minute to exit.
#568
Announcements / OPNsense 16.1.14 released
May 18, 2016, 04:01:49 PM
Hello there,
It is time for something new. How about an update with your new NetFlow remote export. Or your local reporting frontend? Well, you can always use both if you like. Read all about it here:
https://docs.opnsense.org/manual/netflow.html
Furthermore, we have added the brand new AQM CoDel v 0.2.1 to the mix, yesterday's FreeBSD security advisories, released the HAProxy plugin, bundled a full Japanese translation. And two-factor authentication for our components? Yes, we also have that now. :)
There is also a refreshed website for our general viewing pleasure. Let us know what you think or what it is missing.
https://opnsense.org/
And now, here is the full change log for 16.1.14:
o src: tzdata updated to 2014d[1]
o src: dummynet AQM updated to 0.2.1[2]
o src: fix multiple OpenSSL vulnerabilities[3]
o src: fix excessive latency in x86 IPI delivery[4]
o src: fix memory leak in ZFS[5]
o src: fix buffer overflow in keyboard driver[6]
o src: fix incorrect argument handling in sendmsg[7]
o ports: sqlite 3.12.2[8], openvpn 2.3.11[9], squid 3.5.19[10]
o plugins: HAProxy plugin version 1.0 (contributed by Frank Wall)
o lang: Japanese 100% completed
o lang: updates for French and German
o interfaces: removed polling support
o interfaces: allow subnet size of 31 bits
o high availability: can now sync DNS resolver configuration
o cron: reworked job registration
o system: do not unload cryptodev to prevent panics when used by OpenVPN
o system: user expiration date edit now has a fancy date picker
o system: add RFC 6238 (TOTP) support for two-factor authentication
o reporting: added local NetFlow reporting frontend[11]
o reporting: added remote NetFlow exporter for multiple sources[12]
o firewall: fixed schedule cloning
o services: lower intervals for router advertisement messages
And this is the change log for 16.7 BETA:
o firmware: assorted improvements for error reporting and smooth operation
o firmware: partial fix for Nano update issues when RAM is too small
o intrusion detection: promiscuous interface mode for better VLAN operation
o gateways/routes: support for far gateways outside of the interface subnet
o routes: fixed null routes / blackholes
o interfaces: SVG traffic graphs replaced by modern alternative
o dashboard: finished the rework, ready for general testing
o firewall: removed the need for custom kernel patches for schedules
o lang: numerous improvements (contributed by Fabian Franz)
Stay safe,
Your OPNsense team
--
[1] http://mm.icann.org/pipermail/tz-announce/2016-April/000038.html
[2] http://caia.swin.edu.au/freebsd/aqm/patches/ChangeLog-0.2.1.txt
[3] https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc
[4] https://www.freebsd.org/security/advisories/FreeBSD-EN-16:07.ipi.asc
[5] https://www.freebsd.org/security/advisories/FreeBSD-EN-16:08.zfs.asc
[6] https://www.freebsd.org/security/advisories/FreeBSD-SA-16:18.atkbd.asc
[7] https://www.freebsd.org/security/advisories/FreeBSD-SA-16:19.sendmsg.asc
[8] http://www.sqlite.org/changes.html
[9] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11
[10] ftp://ftp.meisei-u.ac.jp/mirror/squid/squid-3.5-ChangeLog.txt
[11] https://docs.opnsense.org/manual/how-tos/insight.html
[12] https://docs.opnsense.org/manual/how-tos/netflow_exporter.html
It is time for something new. How about an update with your new NetFlow remote export. Or your local reporting frontend? Well, you can always use both if you like. Read all about it here:
https://docs.opnsense.org/manual/netflow.html
Furthermore, we have added the brand new AQM CoDel v 0.2.1 to the mix, yesterday's FreeBSD security advisories, released the HAProxy plugin, bundled a full Japanese translation. And two-factor authentication for our components? Yes, we also have that now. :)
There is also a refreshed website for our general viewing pleasure. Let us know what you think or what it is missing.
https://opnsense.org/
And now, here is the full change log for 16.1.14:
o src: tzdata updated to 2014d[1]
o src: dummynet AQM updated to 0.2.1[2]
o src: fix multiple OpenSSL vulnerabilities[3]
o src: fix excessive latency in x86 IPI delivery[4]
o src: fix memory leak in ZFS[5]
o src: fix buffer overflow in keyboard driver[6]
o src: fix incorrect argument handling in sendmsg[7]
o ports: sqlite 3.12.2[8], openvpn 2.3.11[9], squid 3.5.19[10]
o plugins: HAProxy plugin version 1.0 (contributed by Frank Wall)
o lang: Japanese 100% completed
o lang: updates for French and German
o interfaces: removed polling support
o interfaces: allow subnet size of 31 bits
o high availability: can now sync DNS resolver configuration
o cron: reworked job registration
o system: do not unload cryptodev to prevent panics when used by OpenVPN
o system: user expiration date edit now has a fancy date picker
o system: add RFC 6238 (TOTP) support for two-factor authentication
o reporting: added local NetFlow reporting frontend[11]
o reporting: added remote NetFlow exporter for multiple sources[12]
o firewall: fixed schedule cloning
o services: lower intervals for router advertisement messages
And this is the change log for 16.7 BETA:
o firmware: assorted improvements for error reporting and smooth operation
o firmware: partial fix for Nano update issues when RAM is too small
o intrusion detection: promiscuous interface mode for better VLAN operation
o gateways/routes: support for far gateways outside of the interface subnet
o routes: fixed null routes / blackholes
o interfaces: SVG traffic graphs replaced by modern alternative
o dashboard: finished the rework, ready for general testing
o firewall: removed the need for custom kernel patches for schedules
o lang: numerous improvements (contributed by Fabian Franz)
Stay safe,
Your OPNsense team
--
[1] http://mm.icann.org/pipermail/tz-announce/2016-April/000038.html
[2] http://caia.swin.edu.au/freebsd/aqm/patches/ChangeLog-0.2.1.txt
[3] https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc
[4] https://www.freebsd.org/security/advisories/FreeBSD-EN-16:07.ipi.asc
[5] https://www.freebsd.org/security/advisories/FreeBSD-EN-16:08.zfs.asc
[6] https://www.freebsd.org/security/advisories/FreeBSD-SA-16:18.atkbd.asc
[7] https://www.freebsd.org/security/advisories/FreeBSD-SA-16:19.sendmsg.asc
[8] http://www.sqlite.org/changes.html
[9] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11
[10] ftp://ftp.meisei-u.ac.jp/mirror/squid/squid-3.5-ChangeLog.txt
[11] https://docs.opnsense.org/manual/how-tos/insight.html
[12] https://docs.opnsense.org/manual/how-tos/netflow_exporter.html
#569
16.1 Legacy Series / Re: Autobackup configuration to SCP/SFTP server.
May 17, 2016, 02:14:26 PM
I guess you miss a / at the end of the url when you enter https://192.168.1.1/ui/cron it routes back to the dashboard. this https://192.168.1.1/ui/cron/ should route to the cron setup page.
#570
16.7 Legacy Series / Re: Network Insight - Further additions
May 17, 2016, 08:58:13 AM
Hi Dean,
No problem, we're all busy :)
The graphs change when there is no data, because the first date is plotted as 0 if not available (not really a bug).
About the averages, this is actually the sample resolution, so 1 running total per day. The term averages might be a bit confusing sometimes.
Best regards,
Ad
No problem, we're all busy :)
The graphs change when there is no data, because the first date is plotted as 0 if not available (not really a bug).
About the averages, this is actually the sample resolution, so 1 running total per day. The term averages might be a bit confusing sometimes.
Best regards,
Ad
