Messages

1

24.7 Production Series / Re: No NGINX Logs in UI

« on: August 18, 2024, 11:08:26 am »

@_tribal_
I opened a GitHub issue for the bug -> https://github.com/opnsense/plugins/issues/4182

// EDIT
Maybe in dependence with this here ? -> https://forum.opnsense.org/index.php?topic=42284.0

2

24.7 Production Series / No NGINX Logs in UI

« on: August 07, 2024, 09:23:31 pm »

Hello Community,

i did an upgrade to the latest OPNsense Version 24.7_9 which worked without any problems 
I just saw that the NGINX Logs will not be shown in the UI. I added a Screenshot. There is no entry for the selection of the days. It's the same behaviour with access and error logs. I also switched from the dark theme to the opnsense default theme - without success.

Can some NGINX user please do a quick on their system with the latest 24.7 version ?

Thank you!

3

General Discussion / Re: ELK for OPNsense

« on: January 11, 2022, 08:19:44 pm »

Because i just saw the post. We integrated the NGINX logs into pfELK last week and created also a dashboard for it.

And of course pfELK works with OPNsense and pfSense.
There are several ways to install pfELK. Through a script for automatic installation, a Docker setup or an Ansible playbook.

Just check the readme --> https://github.com/pfelk/pfelk

4

Tutorials and FAQs / Re: TUTORIAL Nginx + Let's Encrypt for Plex / Emby / Jellyfin 100% A+ Rating

« on: December 16, 2021, 07:04:28 pm »

@Seimann
Thanks for your great  tutorial. It's easy to follow and clear to understand with the screenshots.

Could you also explain how to handle more than on target ?

I mean a routing with subdomain for example:
subdomain1.my-domain.tld -> server1
subdomain2.my-domain.tld -> server2
....

Do i need to create a HTTP Server for every subdomain ?
How can i redirect to a server with the correct SSL Cert ?

Thanks for any hints and tips.

Greez,
BeNe

5

Zenarmor (Sensei) / Re: Protect physical interface and child VLANs

« on: March 21, 2021, 08:50:34 pm »

Hi Murat!
Thanks for your helpful answer. I understand the problem.

About your question:

are you having the VLAN problem with bridge mode or is it L3 mode?

I'm unable to set any other Option than because of this error/information  "Bridge Mode (L2 Mode, Reporting + Blocking) (Experimental)"

Code: [Select]

You cannot protect both parent and its child VLAN interface

 


So i can't provide you more information in that case.

6

Zenarmor (Sensei) / Re: Protect physical interface and child VLANs

« on: March 21, 2021, 07:17:09 pm »

I'm just wondering. Cause there was working version "0.8.0.rc1" that fixed the problem (for me).
But that was in 2019.

Maybe i can generated the needed logs or input in this experimental state.

7

Zenarmor (Sensei) / Protect physical interface and child VLANs

« on: March 21, 2021, 12:51:45 pm »

Hello,

i want to check out Sensei again. Had some troubles in older version because of a netmap error. Looks like this is still a problem.
-> If i enable Sensei in the bridge mode, then the complete OPNsense is no more access able from the network (including the VLANs)

Interface overview:

IGB0 (Physical) LAN Network
 - VLAN 10
 - VLAN 20
 - VLAN 30
 ...

IGB1 (Physical) WAN Network

Code: [Select]

10_DMZ (igb0_vlan10) -> v4: 172.16.10.254/24
                    v6/t6: 2003:f2:6748:ecf1:6eb3:11ff:fe1b:aede/64
 20_VPN (igb0_vlan20) -> v4: 172.16.20.254/24
 30_Pentest (igb0_vlan30) -> v4: 172.16.30.254/24
                    v6/t6: 2003:f2:6748:ecf3:6eb3:11ff:fe1b:aede/64
 40_WifiGuest (igb0_vlan40) -> v4: 172.16.40.254/24
                    v6/t6: 2003:f2:6748:ecf4:6eb3:11ff:fe1b:aede/64
 50_IoT (igb0_vlan50) -> v4: 172.16.50.254/24
                    v6/t6: 2003:f2:6748:ecf5:6eb3:11ff:fe1b:aede/64
 60_Dev (igb0_vlan60) -> v4: 172.16.60.254/24
                    v6/t6: 2003:f2:6748:ecf6:6eb3:11ff:fe1b:aede/64
 70_WiFi (igb0_vlan70) -> v4: 172.16.70.254/24
                    v6/t6: 2003:f2:6748:ecf7:6eb3:11ff:fe1b:aede/64
 80_Server (igb0_vlan80) -> v4: 172.16.80.254/24
                    v6/t6: 2003:f2:6748:ecf8:6eb3:11ff:fe1b:aede/64
 90_Clients (igb0_vlan90) -> v4: 172.16.90.254/24
                    v6/t6: 2003:f2:6748:ecf9:6eb3:11ff:fe1b:aede/64
 LAN (igb0)      -> v4: 172.16.17.254/24
                    v6/t6: 2003:f2:6748:ecf0:6eb3:11ff:fe1b:aede/64
 PIA_VPN (ovpnc1) -> v4: 10.49.112.204/24
 WAN (igb1)      -> v4: 192.168.217.2/24
                    v6/DHCP6: fe80::6eb3:11ff:fe1b:aedf/64

Here is my Sensei Setup:


Yes, i know that it is experimental. But since i have the setup with VLAN on the same interface as the physical, there is no other option that i can use (so far i know).

I would like to debug the problem. What information can i provide to bring the function up and running ?

OPNsense Information:
- KVM under Proxmox
- Both WAN and LAN are same Intel Network Chips (dual card)
- Sensei Version 1.8
- OPNsense 21.1.3_3-amd64

Thanks for any help!
Cheers BeNe

8

21.1 Legacy Series / Re: HAProxy slow / website does not load after upgrade

« on: February 16, 2021, 08:43:02 pm »

Thanks @Ralf -  Problem solved 

I switched to OpenSSL in OPNsense 21.1 for a quick workaround.
HAProxy is working fine after that change.

I will check the next release for a LibreSSL fix to switch back in future version.

Cheers,
BeNe

9

21.1 Legacy Series / Re: HAProxy slow / website does not load after upgrade

« on: February 16, 2021, 08:11:21 pm »

Hi Ralf,

thanks for that information! And yes, i use the LibreSSL instead of OpenSSL.
I will give it a try and come back with a report.

Thanks for that hint.

Cheers!
BeNe

10

21.1 Legacy Series / [SOLVED] HAProxy slow / website does not load after upgrade

« on: February 15, 2021, 10:36:07 pm »

Hi Community,

i updated my OPNsense box from OPNsense 20.7.7_1-amd64 to the current 21.1 Version. The Update was without errors and so far everything is fine expect HAProxy. HAProxy is extremely slow and does not deliver all content. I host Nextcloud, Weewx Wheater etc. and none of the sites are usable after the update.

I did not changed any config or so - just update from OPNsense 20.7.7_1-amd64 to OPNsense 21.1.
I rolled back my snapshot to 20.7.7_1 and everything runs fast as expected. The Problem starts in OPNsense 20.7.8. I did the update again in steps. And in 20.7.8 the sites behind the HAProxy are not usable anymore.
So i will stay at 20.7.7_1 this time and need to find the needle in the hay.

Someone else with the same problem ?
Thanks, BeNe

11

20.7 Legacy Series / OpenVPN as Client / Unable to contact daemon Service not running?

« on: December 16, 2020, 09:27:06 pm »

Hi,

i updated to OPNsense 20.7.6 since some days. I have a strange problem with OpenVPN in Client Mode.
The OPNsense connects to a VPN Provider (Private Internet Access in my case) as Client.

The VPN Tunnel is established and i traffic goes trough. So there is no problem.
But in the GUI i have the message "Unable to contact daemon Service not running?"
The VPN Tunnel is shown as down - but it isn´t.

Here are some screenshots








Directly after a reboot everything is fine and up in the GUI. Looks like the behavior starts after a reconnect in the night (by my Internet Provider (Telekom))

I´m running OPNsense inside a Proxmox VM with Intel Network Cards (successfully since 2 years)

Any logs needed ?
Any hints ?

Thanks for your help!

12

20.7 Legacy Series / Re: [Solved] Opnsense 20.7.3 and PIA VPN

« on: November 26, 2020, 08:40:49 pm »

I just came across this thread here because i encounter also strange routing problems as VPN Client (PIA VPN)
Fixed the problem by add this change here by hand in 20.7.5-> https://github.com/opnsense/core/commit/0ad3ec432ff0d1ee45d9969424b7e5b19eb903e2

More about the issue -> https://github.com/opnsense/core/issues/4419

May it helps the one or other!

13

20.1 Legacy Series / Re: [SOLVED] OpenVPN Server: Cannot open TUN/TAP dev /dev/tun2: Device busy

« on: February 02, 2020, 02:22:40 pm »

Reboot of the machine fixed the problem! 

14

20.1 Legacy Series / [SOLVED] OpenVPN Server: Cannot open TUN/TAP dev /dev/tun2: Device busy

« on: February 01, 2020, 08:48:55 pm »

Hello!

i upgraded very successful to 20.1 - thanks for that.
All Services excluded OpenVPN-Server are running fine. The OpenVPN Server stopped and i´m unable to start it.
It worked fine before in 19.x

Here is the Log:

Code: [Select]

2020-02-01T20:31:42 openvpn[33750]: Exiting due to fatal error
2020-02-01T20:31:42 openvpn[33750]: Cannot open TUN/TAP dev /dev/tun2: Device busy (errno=16)
2020-02-01T20:31:42 openvpn[33750]: TUN/TAP device ovpns2 exists previously, keep at program end
2020-02-01T20:31:42 openvpn[33750]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-02-01T20:31:42 openvpn[33750]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
2020-02-01T20:31:42 openvpn[31339]: library versions: LibreSSL 3.0.2, LZO 2.10
2020-02-01T20:31:42 openvpn[31339]: OpenVPN 2.4.8 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jan 29 2020

Here are the current devices:

Code: [Select]

:/dev # ls -lha | grep tun
crw-------   1 uucp  dialer     0x76 Jan 31 20:57 tun0
crw-------   1 uucp  dialer     0x62 Feb  1 20:45 tun1
crw-------   1 uucp  dialer     0x63 Jan 31 20:57 tun2
crw-------   1 uucp  dialer     0x65 Jan 31 20:57 tun3
crw-------   1 uucp  dialer     0x67 Jan 31 20:57 tun4

Is there anything else i can test or provide to debug ?
Thank you!

15

19.7 Legacy Series / Re: Wireguard debug ?

« on: September 21, 2019, 10:40:28 am »

I generated new Keys and also added a new endpoint. Checked both keys and the Wireguard Service is coming up. 

Thanks for your time and help!