Messages

1

17.1 Legacy Series / Firewall unreachable over network

« on: April 11, 2017, 07:41:25 am »

Hey folks,

I have no idea what happened. When I entered the office this morning I found our firewall unreachable over the network. So I connected the USB serial console cable and saw the debug prompt (db>). I also saved the output of my "debug session" and may send it to you for further investigation. After a reboot everything went back to normal operation. We run OPNsense 17.1.4-amd64; FreeBSD 11.0-RELEASE-p8; LibreSSL 2.4.5 on a OPN20078B.

Where can I find the dump file saved by the following command?

db> dump
Dumping 351 out of 4046 MB:..5%..14%..23%..32%..41%..51%..64%..73%..82%..92%
Dump complete

Thanks and

BR,
Matthias

2

17.1 Legacy Series / Re: Upgrade to 17.1 breaks OpenVPN Peer CRL check

« on: February 09, 2017, 06:24:32 pm »

Hi Franco,

Thank you very much for your support!

I just updated to 17.1.1 and the OpenVPN Peer CRL check works again.

Please keep up this excellent work

Cheers,
Matthias

3

17.1 Legacy Series / [SOLVED] Upgrade to 17.1 breaks OpenVPN Peer CRL check

« on: February 01, 2017, 09:43:06 am »

Hey guys,

first of all a big Thank you for the great work making the upgrade to 17.1 so smooth! Everything except for one little detail worked out at our end.

We use OpenVPN for remote dial in with TLS authentication along with user authentication against our AD.
To issue the client certificates, we use a built-in CA and do also maintain the certificate revocation list with this built-in tools.
After the upgrade to 17.1 the Peer CRL check performed by the OpenVPN server upon connection of a client fails, since it cannot find the CRL file at the specified location in the file system. This leads to rejection of all client certificates (also the valid ones). My current work around is to disable the Peer CRL check ind order to make VPN work again. But this is only a temporary solution. Could you please have a look into this?

Best Regards,

Matthias