Messages

Just want to thank the developers and confirm that the patches made in issue fixes the problem. Great work!

https://github.com/opnsense/plugins/issues/769

If you can't wait for the update, here are the patch apply commands:
opnsense-patch 6e759fb
opnsense-patch 31e3f7

After applying these patches, multiselect boxes are fixed, but there are other problems/bugs yet.

The applied rules are not shown, but they are still applied. Same effect with the certificate in use, but in this case it is not shown in the dropdown. "Listen addresses" box is blank, too, but the background configuration is fine for this option.

I don't know if these bugs are solved in the new 18.7.1, too, but it would be nice :)

Thanks!

I am facing this same issue. Tons of upsc always running, GUI freezed even when having "Enable NUT" unchecked.

Maybe this log line helps:

Code Select Expand

Aug  8 18:58:29 firewall configd[46715]: Timeout (120) executing : nut upsstatus 'eaton@127.0.0.1'

It seems that I have no luck with this plugin, but I'd like to have it running.

When clicking in the plugin web page, it starts to launch several connections to the API endpoint "https://<host>/api/nut/service/upsstatus" even when NUT is NOT enabled. Perhaps this is one bug, but not the only one. This is the cause that freezes the GUI, at least in my case.

I can perform any test you want or need  ::)

Thanks!

Hi there,

Yes, it's not on the roadmap, but last time I checked Ad already started a bit of work in this direction. :)

We have more authentication improvements coming with native PAM module to e.g. plug SSH and console login into OPNsense and therefore all supported OPNsense methods (making 2FA work with these low-level types). I think this will be used to remove Xauth capabilities from IPsec as well in order to be able to do a patch-free StrongSwan authentication.

Furthermore, there is a fully pluggable authentication framework in opnsense-devel (what is going to be 17.1) so that new methods can be written without the firmware updates getting in the way.

And one contributor is working on Single-Sign-On for the proxy, which required some larger changes that have been phased into the system since 16.7.x.

17.1 will be all about authentication, and I don't see why LDAP+2FA can't be part of it as well. But let me double-check to be sure...


Cheers,
Franco

PS: For most of these changes, we do not have to wait for January 2017 when people help test these features on opnsense-devel we can backport them to 16.7.x sooner. :)

Hello Franco,

I think that this enhancement is not yet developed, is it? If not, is this finally included in any roadmap?

Thanks,
Best regards

Hello,

I am trying to config a dyndns with OVH DynHost, but being behind a NAT. So, my OPNsense does not see the public IP address directly.

There is an existing "OVH Dynhost" option, but I cannot choose to monitor something different than a local interface.

How should I do it? Is there any way to use "OVH DynHost" supported option of OPNsense to monitor the public IP not existing in a OPNsense interface?

I saw the "custom" service type, but it seems that it is linked to an interface, too. Anyway, I don't know how to test it with OVH DynHost, nor how to create a cronjob to check it every 15 minutes instead of linking it to a interface status change.

Thanks,
Best regards

Ah, ok, thanks. I thought that maybe I was doing something wrong.

Hello!

I am trying to install iodine to work as VPN over DNS server. I saw that iodine is in the OPNsense ports list but I am not able to install it using "pkg install iodine"

root@firewall:~ # pkg install iodine
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'iodine' have been found in the repositories
root@firewall:~ #

How can I install this package?

Thanks!

Hello there!

It is not possible to send syslog messages using TCP from OPNsense, althought most syslog clients allow this option.

It could be implemented adding a new checkbox (enabled = TCP; disabled = UDP) next to each remote syslog server configured in "System > Settings > Logging" section.

The only thing to add would be an IF clause to set @IP if that checkbox is unchecked and @@IP if that checkbox is checked.

Many companies use some load balancers to manage the syslog traffic and it is better doing it via TCP. For example, the balancer included in OPNsense does not support UDP balancing :P . In addition, TCP gives more confidentiality to every log sent this way.

Thanks,
Best regards

Vote up for this improvement!!

This is the only "core" service I need to implement in a dedicated VM at this moment  :o