Messages

@_tribal_
I opened a GitHub issue for the bug -> https://github.com/opnsense/plugins/issues/4182

// EDIT
Maybe in dependence with this here ? -> https://forum.opnsense.org/index.php?topic=42284.0

Hello Community,

i did an upgrade to the latest OPNsense Version 24.7_9 which worked without any problems  8)
I just saw that the NGINX Logs will not be shown in the UI. I added a Screenshot. There is no entry for the selection of the days. It's the same behaviour with access and error logs. I also switched from the dark theme to the opnsense default theme - without success.

Can some NGINX user please do a quick on their system with the latest 24.7 version ?

Thank you!

Because i just saw the post. We integrated the NGINX logs into pfELK last week and created also a dashboard for it.

And of course pfELK works with OPNsense and pfSense.
There are several ways to install pfELK. Through a script for automatic installation, a Docker setup or an Ansible playbook.

Just check the readme --> https://github.com/pfelk/pfelk

@Seimann
Thanks for your great  tutorial. It's easy to follow and clear to understand with the screenshots.

Could you also explain how to handle more than on target ?

I mean a routing with subdomain for example:
subdomain1.my-domain.tld -> server1
subdomain2.my-domain.tld -> server2
....

Do i need to create a HTTP Server for every subdomain ?
How can i redirect to a server with the correct SSL Cert ?

Thanks for any hints and tips.

Greez,
BeNe

Hi Murat!
Thanks for your helpful answer. I understand the problem.

About your question:

are you having the VLAN problem with bridge mode or is it L3 mode?

I'm unable to set any other Option than because of this error/information  "Bridge Mode (L2 Mode, Reporting + Blocking) (Experimental)"

Code Select Expand


You cannot protect both parent and its child VLAN interface


 


So i can't provide you more information in that case.

I'm just wondering. Cause there was working version "0.8.0.rc1" that fixed the problem (for me).
But that was in 2019.

Maybe i can generated the needed logs or input in this experimental state.

[Interface overview:]

Hello,

i want to check out Sensei again. Had some troubles in older version because of a netmap error. Looks like this is still a problem.
-> If i enable Sensei in the bridge mode, then the complete OPNsense is no more access able from the network (including the VLANs)

Interface overview:

IGB0 (Physical) LAN Network
- VLAN 10
- VLAN 20
- VLAN 30
...

IGB1 (Physical) WAN Network

Code Select Expand

10_DMZ (igb0_vlan10) -> v4: 172.16.10.254/24
                    v6/t6: 2003:f2:6748:ecf1:6eb3:11ff:fe1b:aede/64
20_VPN (igb0_vlan20) -> v4: 172.16.20.254/24
30_Pentest (igb0_vlan30) -> v4: 172.16.30.254/24
                    v6/t6: 2003:f2:6748:ecf3:6eb3:11ff:fe1b:aede/64
40_WifiGuest (igb0_vlan40) -> v4: 172.16.40.254/24
                    v6/t6: 2003:f2:6748:ecf4:6eb3:11ff:fe1b:aede/64
50_IoT (igb0_vlan50) -> v4: 172.16.50.254/24
                    v6/t6: 2003:f2:6748:ecf5:6eb3:11ff:fe1b:aede/64
60_Dev (igb0_vlan60) -> v4: 172.16.60.254/24
                    v6/t6: 2003:f2:6748:ecf6:6eb3:11ff:fe1b:aede/64
70_WiFi (igb0_vlan70) -> v4: 172.16.70.254/24
                    v6/t6: 2003:f2:6748:ecf7:6eb3:11ff:fe1b:aede/64
80_Server (igb0_vlan80) -> v4: 172.16.80.254/24
                    v6/t6: 2003:f2:6748:ecf8:6eb3:11ff:fe1b:aede/64
90_Clients (igb0_vlan90) -> v4: 172.16.90.254/24
                    v6/t6: 2003:f2:6748:ecf9:6eb3:11ff:fe1b:aede/64
LAN (igb0)      -> v4: 172.16.17.254/24
                    v6/t6: 2003:f2:6748:ecf0:6eb3:11ff:fe1b:aede/64
PIA_VPN (ovpnc1) -> v4: 10.49.112.204/24
WAN (igb1)      -> v4: 192.168.217.2/24
                    v6/DHCP6: fe80::6eb3:11ff:fe1b:aedf/64


Here is my Sensei Setup:


Yes, i know that it is experimental. But since i have the setup with VLAN on the same interface as the physical, there is no other option that i can use (so far i know).

I would like to debug the problem. What information can i provide to bring the function up and running ?

OPNsense Information:
- KVM under Proxmox
- Both WAN and LAN are same Intel Network Chips (dual card)
- Sensei Version 1.8
- OPNsense 21.1.3_3-amd64

Thanks for any help!
Cheers BeNe

Thanks @Ralf -  Problem solved  :o

I switched to OpenSSL in OPNsense 21.1 for a quick workaround.
HAProxy is working fine after that change.

I will check the next release for a LibreSSL fix to switch back in future version.

Cheers,
BeNe

Hi Ralf,

thanks for that information! And yes, i use the LibreSSL instead of OpenSSL.
I will give it a try and come back with a report.

Thanks for that hint.

Cheers!
BeNe

Hi Community,

i updated my OPNsense box from OPNsense 20.7.7_1-amd64 to the current 21.1 Version. The Update was without errors and so far everything is fine expect HAProxy. HAProxy is extremely slow and does not deliver all content. I host Nextcloud, Weewx Wheater etc. and none of the sites are usable after the update.

I did not changed any config or so - just update from OPNsense 20.7.7_1-amd64 to OPNsense 21.1.
I rolled back my snapshot to 20.7.7_1 and everything runs fast as expected. The Problem starts in OPNsense 20.7.8. I did the update again in steps. And in 20.7.8 the sites behind the HAProxy are not usable anymore.
So i will stay at 20.7.7_1 this time and need to find the needle in the hay.

Someone else with the same problem ?
Thanks, BeNe

Hi,

i updated to OPNsense 20.7.6 since some days. I have a strange problem with OpenVPN in Client Mode.
The OPNsense connects to a VPN Provider (Private Internet Access in my case) as Client.

The VPN Tunnel is established and i traffic goes trough. So there is no problem.
But in the GUI i have the message "Unable to contact daemon Service not running?"
The VPN Tunnel is shown as down - but it isn´t.

Here are some screenshots








Directly after a reboot everything is fine and up in the GUI. Looks like the behavior starts after a reconnect in the night (by my Internet Provider (Telekom))

I´m running OPNsense inside a Proxmox VM with Intel Network Cards (successfully since 2 years)

Any logs needed ?
Any hints ?

Thanks for your help!

I just came across this thread here because i encounter also strange routing problems as VPN Client (PIA VPN)
Fixed the problem by add this change here by hand in 20.7.5-> https://github.com/opnsense/core/commit/0ad3ec432ff0d1ee45d9969424b7e5b19eb903e2

More about the issue -> https://github.com/opnsense/core/issues/4419

May it helps the one or other!

Reboot of the machine fixed the problem!  ::)

Hello!

i upgraded very successful to 20.1 - thanks for that.
All Services excluded OpenVPN-Server are running fine. The OpenVPN Server stopped and i´m unable to start it.
It worked fine before in 19.x

Here is the Log:

Code Select Expand


2020-02-01T20:31:42 openvpn[33750]: Exiting due to fatal error
2020-02-01T20:31:42 openvpn[33750]: Cannot open TUN/TAP dev /dev/tun2: Device busy (errno=16)
2020-02-01T20:31:42 openvpn[33750]: TUN/TAP device ovpns2 exists previously, keep at program end
2020-02-01T20:31:42 openvpn[33750]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-02-01T20:31:42 openvpn[33750]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
2020-02-01T20:31:42 openvpn[31339]: library versions: LibreSSL 3.0.2, LZO 2.10
2020-02-01T20:31:42 openvpn[31339]: OpenVPN 2.4.8 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jan 29 2020


Here are the current devices:

Code Select Expand


:/dev # ls -lha | grep tun
crw-------   1 uucp  dialer     0x76 Jan 31 20:57 tun0
crw-------   1 uucp  dialer     0x62 Feb  1 20:45 tun1
crw-------   1 uucp  dialer     0x63 Jan 31 20:57 tun2
crw-------   1 uucp  dialer     0x65 Jan 31 20:57 tun3
crw-------   1 uucp  dialer     0x67 Jan 31 20:57 tun4


Is there anything else i can test or provide to debug ?
Thank you!

I generated new Keys and also added a new endpoint. Checked both keys and the Wireguard Service is coming up.  8)

Thanks for your time and help!