Messages

Hi there,

I had this issue and updated the secrets to be inclosed in "".

I just update to version 21.7.4 and get once again the message
Error: /usr/local/etc/raddb/clients.conf[2]: secret must be at least 1 character long

The secrets are still in inclosed with "". I remove the "" and still get the same error.

What do I need to do here?

Hi there,

I would like to extend the Captive Portal to support this workflow:

Guest user try to connect to my network an gets displayed a QR-Code and a login button. The QR-Code contains a new random user name and password.

Guest ask an allready authenticated user to create a voucher. Authenticated users scanns the QR-Code and gets displayed a message "Create new voucher for "user name" and an imput field for the expiry time.

After the authenticated user press "Create Voucher", a voucher will be created. The Guest clicks the login button and gets validated.

I am completly new to create these kind of customization. I scanned through the source code and found the "src\opnsense\mvc\app\library\OPNsense\Auth\Voucher.php" file.

What I would like to see here:
a) a function that returns a new random user name and password.
b) a function that creates a voucher for a given user name, password and expiry time.

Basically the functions are allready there, within the generateVouchers function.

I need someone who can guide me and will perform a code review :-)

Kind regards,
Sörnt

Why every, now I can access the box by name.

Thank you for your help.

Kind regards,
Sörnt

Hi Franco,

I can access the UI by using the IP-Address but not by name. Stupid me, I should have try that before posting.
So something is different with the DNS Server!?

Kind regards,
Sörnt

Hi Franco,

that is what I get for your commands:

Code Select Expand

root@jupiter:~ # pkg check -da
Checking all packages: 100%
root@jupiter:~ # pkg check -sa
Checking all packages: 100%
root@jupiter:~ # pkg info opnsense
opnsense-17.7.8
Name           : opnsense
Version        : 17.7.8
Installed on   : Thu Nov 23 10:20:50 2017 CET
Origin         : opnsense/opnsense
Architecture   : FreeBSD:11:amd64
Prefix         : /usr/local
Categories     : sysutils www
Licenses       : BSD2CLAUSE
Maintainer     : franco@opnsense.org
WWW            : https://opnsense.org/
Comment        : OPNsense release package
Annotations    :
        repo_type      : binary
        repository     : OPNsense
Flat size      : 20.1MiB
Description    :
3a28080b7
root@jupiter:~ #

Hi there,

after the update to 17.7.8 I can not access the Web-UI. I get this:

Code Select Expand

Not Found

The requested URL / was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Apache/2.4.27 Server at jupiter.poppe.de Port 443

Also: I can connect to to the box via ssh, but my password is not accepted anymore.

I can connect to the box via a serial cable.

All clients can access the internet.

I never get such a situation during the updates I did before.

What I need to do in order to get the WebUI up and running?

Kind regards,
Sörnt Poppe

I backuped my configuration and installed OpenSense from download. After restoring my configuration, the NAT is working again.

The latest version to download is 17.1.4. Is there a change to update to 17.1.8 instead of 17.1.9 (latest)?
I can't find a download for 17.1.5, 17.1.6, 17.1.7 and 17.1.8

Did I miss here someething?

Hi there,

I updated to 17.1.9 and now a configured NAT port forwarding is not working anymore.
Strange thing: I use the FTP-Proxy plugin which also uses port forwarding and that is working correctly.

I deleted the port forwarding and recreated it again. Also I did a reboot after that but nothing helped :-(

I attached some screen shots what I have configured:
I would like to forward HTTP and HTTPS to 192.168.90.2

Any ideas what I should do here?

Kind regards,
Sörnt

After update to 17.1.5 all VLAN Clients did not get the Standard-Gateway via the DHCP Server.

What fixes the issue for me: At the DHCP Server (for the VLAN) I entered in the Gateway IP-Adresse, restart the DHCP Server and did a ipconfig / renew at my windows clients.

I am allmost sure that was not need before the update.

Kind regards,
Sörnt

Wenn der Drucker nicht mit VLANs umgehen kann, kannst Du den Drucker nicht in alle Netze mit jeweils einer eigenen IP-Adresse bringen.

Ich würde den Drucker über Routing in alle Netze bringen. Am Druckertreiber muss dann die IP-Adresse eingetragen werden - da eine automatisches Suche eventuell fehlschlägt (Meist wird über ein Broadcast im Subnetz gesucht).

[Authentisierung per URL]

Hallo zusammen,

Ich verwalte meine Domainen mit der dem Anbieter "Deutsche Domainbank". Die bieten auch einen DynDNS - Dienst an.

Die Dokumentation der Deutschen Domainbank hinsichtlich DynDNS sagt folgendes:

Authentisierung per URL

Für Webbrowser oder andere Programme (fetch, curl, lwp-request) die die Authentisierung per URL Übertragen können.

http://username:password@direkt-domains.de/nic/update?hostname=yourhostname&myip=ipaddress

Raw HTTP GET Anfrage

HTTP requests sollten wie folgt aussehen. Bitte beachten Sie das die hier abgebildeten Headers das minimum darstellen und durchaus ausführlicher sein können. Alle Anfragen sollten von einer leeren Zeile gefolgt sein.
Der Teil base-64-authorization sollte Base 64 encodiert durchgeführt werden "username:password".

Code Select Expand

GET /nic/update?hostname=yourhostname&myip=ipaddress HTTP/1.0
Host: direkt-domains.de
Authorization: Basic base-64-authorization
User-Agent: Company - Device - Version Number

Ich habe jetzt die URL mit Benutzernamen, Passwort Hostnamen und IP wie folgt zusammengesetzt:

Code Select Expand

https://Fred:PasswortVonFred@direkt-domains.de/nic/update?hostname=MeineDomain&myip=%IP%

%IP% wird von opnSense ersetzt.

und in das Feld Update URL eingetragen.

Das scheint zu funktionieren auch wenn Benutzernamen und Passwort nicht BASE64 codiert sind.

ich habe die Abfrage mal per FireFox abgeschickt und ich bekomme folgendes im Browser angezeigt:

Code Select Expand

good 91.96.39.230

Bei wiederholten mal bekomme ich:

Code Select Expand

nochg 91.96.39.230

Das ist laut den Return Codes des DynDNS Protokolls (https://help.dyn.com/remote-access-api/return-codes/) alles gut.

In der Maske von opnSense gibt es noch das Feld "Result Match". Was sollte ich hier eintragen?
Sowas wie:

Code Select Expand

good &IP%

was passiert dann mit:

Code Select Expand

nochg &IP%
?

Ich habe die Option "Verbose logging" eingeschaltet. Im Bereich "Services->DNS Tools->Log File" hätte ich jetzt klare Erfolgs- oder Fehlermeldung erwartet. Da stehen zwar Einträge, mir ist aber nicht klar ob die Anfrage nun gut oder nicht gut gegangen sind.

In der Übersicht der DynDNS Einträge steht mein Eintrag mit grüner "Cached IP".

Code Select Expand


Feb 11 13:34:54 dnsmasq[13538]: read /var/etc/dnsmasq-hosts - 27 addresses
Feb 11 13:34:54 dnsmasq[13538]: read /etc/hosts - 2 addresses
Feb 11 13:34:54 dnsmasq[13538]: read /var/etc/dnsmasq-hosts - 24 addresses
Feb 11 13:34:54 dnsmasq[13538]: read /etc/hosts - 2 addresses
Feb 11 13:34:54 dnsmasq[13538]: using nameserver 80.190.187.210#53
Feb 11 13:34:54 dnsmasq[13538]: using nameserver 8.8.8.8#53
Feb 11 13:34:54 dnsmasq[13538]: using nameserver 2.2.2.2#53
Feb 11 13:34:54 dnsmasq[13538]: using nameserver 212.6.64.162#53
Feb 11 13:34:54 dnsmasq[13538]: ignoring nameserver 127.0.0.1 - local interface
Feb 11 13:34:54 dnsmasq[13538]: reading /etc/resolv.conf
Feb 11 13:34:54 dnsmasq[13538]: DNS service limited to local subnets
Feb 11 13:34:54 dnsmasq[13538]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect no-inotify
Feb 11 13:34:54 dnsmasq[13538]: started, version 2.76 cachesize 10000
Feb 11 13:34:54 dnsmasq[50997]: exiting on receipt of SIGTERM
Feb 11 13:10:01 dnsmasq[50997]: read /var/etc/dnsmasq-hosts - 27 addresses
Feb 11 13:10:01 dnsmasq[50997]: read /etc/hosts - 2 addresses
Feb 11 13:08:36 dnsmasq[50997]: failed to send packet: Host is down
Feb 11 13:08:36 dnsmasq[50997]: failed to send packet: Host is down
Feb 11 13:08:36 dnsmasq[50997]: failed to send packet: Host is down
Feb 11 13:08:27 dnsmasq[50997]: failed to send packet: Host is down
Feb 11 12:49:11 dnsmasq[50997]: read /var/etc/dnsmasq-hosts - 28 addresses
Feb 11 12:49:11 dnsmasq[50997]: read /etc/hosts - 2 addresses
Feb 11 12:49:11 dnsmasq[50997]: read /var/etc/dnsmasq-hosts - 24 addresses
Feb 11 12:49:11 dnsmasq[50997]: read /etc/hosts - 2 addresses
Feb 11 12:49:11 dnsmasq[50997]: using nameserver 80.190.187.210#53
Feb 11 12:49:11 dnsmasq[50997]: using nameserver 8.8.8.8#53
Feb 11 12:49:11 dnsmasq[50997]: using nameserver 2.2.2.2#53
Feb 11 12:49:11 dnsmasq[50997]: using nameserver 212.6.64.162#53
Feb 11 12:49:11 dnsmasq[50997]: ignoring nameserver 127.0.0.1 - local interface
Feb 11 12:49:11 dnsmasq[50997]: reading /etc/resolv.conf
Feb 11 12:49:11 dnsmasq[50997]: DNS service limited to local subnets
Feb 11 12:49:11 dnsmasq[50997]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect no-inotify
Feb 11 12:49:11 dnsmasq[50997]: started, version 2.76 cachesize 10000
Feb 11 12:49:10 dnsmasq[40360]: exiting on receipt of SIGTERM
Feb 11 12:45:25 dnsmasq[40360]: read /var/etc/dnsmasq-hosts - 28 addresses
Feb 11 12:45:25 dnsmasq[40360]: read /etc/hosts - 2 addresses
Feb 11 12:45:25 dnsmasq[40360]: read /var/etc/dnsmasq-hosts - 24 addresses
Feb 11 12:45:25 dnsmasq[40360]: read /etc/hosts - 2 addresses
Feb 11 12:45:25 dnsmasq[40360]: using nameserver 80.190.187.210#53
Feb 11 12:45:25 dnsmasq[40360]: using nameserver 8.8.8.8#53
Feb 11 12:45:25 dnsmasq[40360]: using nameserver 2.2.2.2#53
Feb 11 12:45:25 dnsmasq[40360]: using nameserver 212.6.64.162#53
Feb 11 12:45:25 dnsmasq[40360]: ignoring nameserver 127.0.0.1 - local interface
Feb 11 12:45:25 dnsmasq[40360]: reading /etc/resolv.conf
Feb 11 12:45:25 dnsmasq[40360]: DNS service limited to local subnets
Feb 11 12:45:25 dnsmasq[40360]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect no-inotify
Feb 11 12:45:25 dnsmasq[40360]: started, version 2.76 cachesize 10000
Feb 11 12:45:25 dnsmasq[9136]: exiting on receipt of SIGTERM
Feb 11 12:40:23 dnsmasq[9136]: read /var/etc/dnsmasq-hosts - 28 addresses
Feb 11 12:40:23 dnsmasq[9136]: read /etc/hosts - 2 addresses


Gut wäre wenn es beim Editieren eines DynDNS Eintrags einen Schalter "Testen" gäbe. Dann wäre es klar ob es nun funktioniert oder eben nicht.

Mir ist nicht klar wann opnSense versucht die DynDNS Einträge zu aktualisieren. Zeitliches Intervall? Oder merkt opnSense wenn sich die WAN-IP ändert?

Grüße
Sörnt

Hi Frank,

It is working fine here now. That was stupid mistake on my side :-[

My workstation is at the VLAN Interface, and I just blindly followed the HowTo. I need to use the VLAN Interface and not the LAN Interface to configure the Port Forwarding *facepalm*

I woundered why I didn't see any output of the debug proxy at the console, I changed the switch ports to the LAN Interface and et voilà I got some output and the FTP-Client was working....

Thank you for your help and this wounderfull Plug-In!

Kind regards,
Sörnt

[2000 Port command succesfullSTOR IMG_4711.JPG <- Try to transfer an jpg - file.425 Cannot open data connection.]

Hi Frank,

no, leaving the defaults and setting up the NAT Portforwarding as in your How-To, is not working for me.

I guess, the FritzBox may be the problem.

I just configured at the FritzBox the so called "Exposed Host" to target the OPNsense Box (192.180.50).
The FritzBox will forward all incomming traffic to the OPNsense box. That didn't help either.

This is what the FTP-Client is telling me, if I try to open, list and transfer a file

"The authentification is successfull...." but than later...
.
.
MLSD
PORT failed, try PASV mode!
PASV
TYPE I
299 Type set to I.
PASV
227 Entering Passive Mode (85,214,41,245,245,238)
PORT 192,168,10,10,218,6
2000 Port command succesfull
STOR IMG_4711.JPG     <- Try to transfer an jpg - file.
425 Cannot open data connection.


This is what the FTP-Server is telling me:

[TIME] new connection from XXXXX on 85.214.41.254:21
[TIME] hostname resolved : dyndsl-XXXXXX.ewe-ip-backbone.de
[TIME] sending welcome message.
[TIME] 220 Gene6 FTP Server v3.10.0 (Build 2) ready...
[TIME] USER userXYZ
[TIME] userXYZ, 331 Password required for userXYZ.
[TIME] userXYZ, PASS ****
[TIME] userXYZ, logged in as "userXYZ".
[TIME] userXYZ, 230 User userXYZ logged in.
[TIME] userXYZ, SYST
[TIME] userXYZ, 215 UNIX Type: L8
[TIME] userXYZ, FEAT
[TIME] userXYZ, 211-Extensions supported:
[TIME] userXYZ,  AUTH TLS
[TIME] userXYZ,  CCC
[TIME] userXYZ,  CLNT
[TIME] userXYZ,  CPSV
[TIME] userXYZ,  EPRT
[TIME] userXYZ,  EPSV
[TIME] userXYZ,  MDTM
[TIME] userXYZ,  MFCT
[TIME] userXYZ,  MFMT
[TIME] userXYZ,  MLST type*;size*;create;modify*;
[TIME] userXYZ,  MODE Z
[TIME] userXYZ,  PASV
[TIME] userXYZ,  PBSZ
[TIME] userXYZ,  PROT
[TIME] userXYZ,  REST STREAM
[TIME] userXYZ,  SIZE
[TIME] userXYZ,  SSCN
[TIME] userXYZ,  TVFS
[TIME] userXYZ,  UTF8
[TIME] userXYZ,  XCRC "filename" SP EP
[TIME] userXYZ,  XMD5 "filename" SP EP
[TIME] userXYZ,  XSHA1 "filename" SP EP
[TIME] userXYZ, 211 End.
[TIME] userXYZ, CLNT Total Commander (UTF-8)
[TIME] userXYZ, 200 Noted.
[TIME] userXYZ, OPTS UTF8 ON
[TIME] userXYZ, 200 UTF8 OPTS ON
[TIME] userXYZ, PWD
[TIME] userXYZ, 257 "/" is current directory.
[TIME] userXYZ, TYPE A
[TIME] userXYZ, 200 Type set to A.
[TIME] userXYZ, MODE Z
[TIME] userXYZ, 200 Mode Z ok.
[TIME] userXYZ, PORT 91,96,35,57,217,235
[TIME] userXYZ, 200 Port command successful.
[TIME] userXYZ, MLSD
[TIME] userXYZ, 425 Cannot open data connection.
[TIME] userXYZ, PASV
[TIME] userXYZ, 227 Entering Passive Mode (85,214,41,254,227,226)
[TIME] userXYZ, STOR IMG_1693.JPG
[TIME] userXYZ, asked to upload '/IMG_4711.JPG' -> 'D:\IMG_4711.JPG' resuming at 0 --> Access allowed.
[TIME] userXYZ, 425 Cannot open data connection. 
[TIME] userXYZ, TYPE A
[TIME] userXYZ, 200 Type set to A.
[TIME] userXYZ, PORT 91,96,35,57,218,8
[TIME] userXYZ, 200 Port command successful.
[TIME] userXYZ, MLSD
[TIME] userXYZ, 425 Cannot open data connection.
[TIME] userXYZ, PASV
[TIME] userXYZ, 227 Entering Passive Mode (85,214,41,254,45,46)
[TIME] userXYZ, 421 Connection closed, timed out.
[TIME] userXYZ, disconnected. (00d00:05:01)

If i connect my Workstation via LAN to the FritzBox, I have no issues.
Can you please guide me here to get FTP working?

Kind regards,
Sörnt

Great!

Just update to "16.7.8-amd64" without any issues - wounderfull!
And installed the "os-ftp-proxy" PlugIn.

This is my network setup, I want to get an FTP-Connection from my Workstation to the FTP-Server:

Workstation         OPNsense                    FritzBox (Modem/Router)   FTP-Server

                   *-------------------------*  *----------------------*  *---------------*
                   | WAN Fix: 192.168.180.50 |  | WAN: Dyn. IP by ISP  |  | 85.214.41.254 | 
*---------------*  | LAN    : 192.168.1.1    |  | LAN: 192.168.180.1   |  *---------------*
| 192.168.10.50 |  | VLAN10 : 192.168.10.1   |  *----------------------*
*---------------*  *-------------------------*


I am not sure what I need to enter in the fields for a new FTP-Proxy-Server:

Listen address: 127.0.0.1 (preconfigured)
Source address: ?
Reverse address: ?
Reverse port   : 21 (preconfigured)

Can someone help me here please?

Regards,
Sörnt

Hi there,

I really appreciate the effort faunsen has done with this Plug-In!

I would like to see that Plug-In within the next 16.7.X release.

Cheers,
Sörnt