"
Thanks for the update.
I assume you tested this on OPNsense version based on HardenedBSD 12.1, right?
I assume you tested this on OPNsense version based on HardenedBSD 12.1, right?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
19.1 Legacy Series / BUG: Ubound DNS crashes when assign DHCP client to static IP
March 21, 2019, 02:12:28 PM
OPNsense 19.1.4-amd64
FreeBSD 11.2-RELEASE-p9-HBSD
OpenSSL 1.0.2r 26 Feb 2019
it seems when you assign a DHCP client to a static IP and save, Unbound DNS crashes and have to be started.
See attachments.
By the way, in general I rather often have to reload Unbound DNS because new DHCP assigned IP's are not always registered in Unbound from DHCP. I do admit I add/remove clients often and change hostnames etc (KVM test setup). In it might have been better in the few last updates.
I don't have any specific details yet, but just for common info that the sync between DHCP and Unbound doesn't seem to be rock solid.
FreeBSD 11.2-RELEASE-p9-HBSD
OpenSSL 1.0.2r 26 Feb 2019
it seems when you assign a DHCP client to a static IP and save, Unbound DNS crashes and have to be started.
See attachments.
By the way, in general I rather often have to reload Unbound DNS because new DHCP assigned IP's are not always registered in Unbound from DHCP. I do admit I add/remove clients often and change hostnames etc (KVM test setup). In it might have been better in the few last updates.
I don't have any specific details yet, but just for common info that the sync between DHCP and Unbound doesn't seem to be rock solid.
#3
General Discussion / Create cron job "run custom script"
February 25, 2019, 10:37:13 PM
Been looking at this guide to make a cron job:
https://docs.opnsense.org/development/backend/configd.html
I would like to make a job that run the script specified in the parameter field in the gui.
I've tried to create this configd file:
Restarted configd:
Created the job in the gui:
But it seems not to run :-( ?
https://docs.opnsense.org/development/backend/configd.html
I would like to make a job that run the script specified in the parameter field in the gui.
I've tried to create this configd file:
Code Select
[start]
command:/bin/csh
parameters:-c '%s'
type:script
description:run custom script
message:run script
Restarted configd:
Code Select
service configd restartCreated the job in the gui:
But it seems not to run :-( ?
#4
19.1 Legacy Series / Re: There seems to be a bug in the Client export
February 04, 2019, 08:57:28 PM
Thanks :-)
Another thing that didn't work in the new "new" config file:
I had to change it back to the old format:
This one is more complex. It has more dependencies so hard to say if it is bug or just a misconfiguration on my setup (although it was pretty much created by the wizard).
Now that we have the box open:
The OpenVPN Windows client gives an ugly red warning about password is cached in memory and that you should use "auth-nocache". It's my advice it is added by the exporter by default ;-)
Another thing that didn't work in the new "new" config file:
Code Select
verify-x509-name "/C=DK/ST=CPH/L=CPH/O=MyDomain/emailAddress=xxx@domain.com/CN=FW1_SRV_CERT" subject
I had to change it back to the old format:
Code Select
verify-x509-name "FW1_SRV_CERT" nameThis one is more complex. It has more dependencies so hard to say if it is bug or just a misconfiguration on my setup (although it was pretty much created by the wizard).
Now that we have the box open:
The OpenVPN Windows client gives an ugly red warning about password is cached in memory and that you should use "auth-nocache". It's my advice it is added by the exporter by default ;-)
#5
19.1 Legacy Series / There seems to be a bug in the Client export
February 03, 2019, 07:04:46 PM
Error from the OpenVPN client log:
"Options error: remote: bad protocol associated with host vpn.wit.dk: 'UDP'"
In 19.1 the Client export write in the ovpn file: "remote xxx.domain.com 1194 UDP"
This must be specified in small cap letters "udp"
"Options error: remote: bad protocol associated with host vpn.wit.dk: 'UDP'"
In 19.1 the Client export write in the ovpn file: "remote xxx.domain.com 1194 UDP"
This must be specified in small cap letters "udp"
#6
Web Proxy Filtering and Caching / Proxy user autentifikation doesnøt seem to apply for FTP proxy
November 22, 2018, 01:36:32 PM
I've setup Web Proxy with user autentifikation enabled and it work great.
But the FTP proxy seem to be open and doesn't require the user to authenticate to the proxy which i expect it to do.
Is this by design or a bug?
But the FTP proxy seem to be open and doesn't require the user to authenticate to the proxy which i expect it to do.
Is this by design or a bug?
#7
Web Proxy Filtering and Caching / Which group-privileges are needed for Web Proxy access when using auth.?
November 16, 2018, 03:15:01 PM
Using OPNsense 18.7.7
I've enable user authentication in Web Proxy (local db) and assign my test-user to a group with privileges to:
Proxy: Login
Services: Proxy
But that doesn't seem to be enough.
I can only get it to work if I assign all the privileges :-(
Which ones do you need for Web proxy access?
Another question:
-How can I "clear" the authentication timeout (TTL)...the minimum is 1 hour?
Trie to restart the proxy service, but it didn't "clear" it.
-In the Proxy authentication form there is something called "Authentication processes" (The total number of authenticator processes to spawn.).....can someone explain this parameter?
I've enable user authentication in Web Proxy (local db) and assign my test-user to a group with privileges to:
Proxy: Login
Services: Proxy
But that doesn't seem to be enough.
I can only get it to work if I assign all the privileges :-(
Which ones do you need for Web proxy access?
Another question:
-How can I "clear" the authentication timeout (TTL)...the minimum is 1 hour?
Trie to restart the proxy service, but it didn't "clear" it.
-In the Proxy authentication form there is something called "Authentication processes" (The total number of authenticator processes to spawn.).....can someone explain this parameter?
#8
18.1 Legacy Series / Unique user-certificate is not unique on my box
June 14, 2018, 01:30:52 AM
My OpenVPN server config is set to "Server Mode = Remote Access (SSL/TLS + User Auth )".
I've created user-certificate for every user and made a Client Export for every user (Archive file with 3 files .key,.p12 & config file).
Each user also have a unique password. I'm not using TOTP.
But I can switch the .p12 file between the users on the clients and they can still establish a VPN connection to the server using another users .p12 file.
I thought the file was "paired" to the specific user?
I've created user-certificate for every user and made a Client Export for every user (Archive file with 3 files .key,.p12 & config file).
Each user also have a unique password. I'm not using TOTP.
But I can switch the .p12 file between the users on the clients and they can still establish a VPN connection to the server using another users .p12 file.
I thought the file was "paired" to the specific user?
#9
18.1 Legacy Series / Re: How to start the installer script from the DVD iso image?
June 14, 2018, 01:14:18 AM
I admit it's described on the page several places, sorry for that.
But I just didn't understand the meaning of if. Even though the formulation and grammatical is absolutely 100% correct, it just didn't make sense to me at that time. Partly because of the duplicated naming "installer" and partly because I would never expect it would be executed depending on a user-login.
But there will always be people who don't understand a guide, no matter how good it is, I guess this time I was one of them, damn! :-P
But I just didn't understand the meaning of if. Even though the formulation and grammatical is absolutely 100% correct, it just didn't make sense to me at that time. Partly because of the duplicated naming "installer" and partly because I would never expect it would be executed depending on a user-login.
But there will always be people who don't understand a guide, no matter how good it is, I guess this time I was one of them, damn! :-P
#10
Hardware and Performance / Re: Hardware requirements / support
June 13, 2018, 10:33:55 AM
I'm running it as VM on KVM, that's why ressources matter more than on physical hardware.
#11
Hardware and Performance / Re: Hardware requirements / support
June 13, 2018, 09:21:43 AM
I really don't get the "official" hardware requirement (https://wiki.opnsense.org/manual/hardware.html)
I just made a harddisk installation of 18.1:
Mem usage: 147MB
HDD usage: 1,3G
40G of HDD??? I assume that is only if you need to save A LOT of log data, right?
I just made a harddisk installation of 18.1:
Mem usage: 147MB
HDD usage: 1,3G
40G of HDD??? I assume that is only if you need to save A LOT of log data, right?
#12
18.1 Legacy Series / Re: How to start the installer script from the DVD iso image?
June 13, 2018, 08:45:40 AM
What a supprise! Login with "installer" sure does execute the installation program using the live DVD iso image.
franco: It would be nice it that was more clear on the https://docs.opnsense.org/manual/install.html page ;-)
franco: It would be nice it that was more clear on the https://docs.opnsense.org/manual/install.html page ;-)
#13
18.1 Legacy Series / Re: How to start the installer script from the DVD iso image?
June 12, 2018, 11:19:44 PM
I still don't get it. Does the install script start if I login as "Installer"?
#14
18.1 Legacy Series / Re: How to start the installer script from the DVD iso image?
June 12, 2018, 08:29:31 PM
The install page ( https://docs.opnsense.org/manual/install.html) says:
#15
18.1 Legacy Series / How to start the installer script from the DVD iso image?
June 12, 2018, 08:26:25 PM
I'm installing OPNsense as virtual on KVM and want to use "OPNsense-18.1.6-OpenSSL-dvd-amd64.iso" as install media, but it boot into live :-(
How can I start the installer script if possible from this ISO?
How can I start the installer script if possible from this ISO?
