Messages

Hello all!

Is there a way to remove multiple SSL certificates at once?

Problem: We have over 400 revoked certificates and I suspect that they are affecting the loading time of the Trust page and OpenVPN server settings...

Many thanks.

My bad.

For some reason it wasn't showing up, but I restarted the server and the option reappeared.

Sorry guys.

[SYSTEM]

Hello.

I'm using version 24.7.2 and I need to access the API.

In previous releases it is in SYSTEM>ACCESS>USERS>[user]>API KEYS

Will we no longer have access to the API or has it been moved?  :o  :D

[OPNsense 24.1.6]

Hi all! Big Friday! lol

So... I installed OPNsense 24.1.6, created the CA, the server certificate and configured OpenVPN, but when I try to connect I am shown the errors below.

Packages:
base 24.1.5
openssh-portable 9.7.p1,1
openssl 3.0.13_3,1
easy-rsa 3.1.7
openvpn 2.6.10

Code Select Expand

MANAGEMENT: Client connected from /var/etc/openvpn/instance-f66d5a6f-08c6-49c3-bfb4-6497f183d284.sock
201.43.198.169:49300 SIGUSR1[soft,tls-error] received, client-instance restarting
201.43.198.169:49300 TLS Error: TLS handshake failed
201.43.198.169:49300 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
MANAGEMENT: Client disconnected
MANAGEMENT: CMD 'quit'
MANAGEMENT: CMD 'status 2'
MANAGEMENT: Client connected from /var/etc/openvpn/instance-f66d5a6f-08c6-49c3-bfb4-6497f183d284.sock
201.43.198.169:49300 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
201.43.198.169:49300 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
201.43.198.169:49300 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Re-using SSL/TLS context
MULTI: multi_create_instance called
201.43.198.169:49300 SIGUSR1[soft,tls-error] received, client-instance restarting
201.43.198.169:49300 TLS Error: TLS handshake failed
201.43.198.169:49300 TLS Error: TLS object -> incoming plaintext read error
201.43.198.169:49300 TLS_ERROR: BIO read tls_read_plaintext error
201.43.198.169:49300 OpenSSL: error:0A000086:SSL routines::certificate verify failed:
201.43.198.169:49300 Sent fatal SSL alert: unsupported certificate
201.43.198.169:49300 VERIFY ERROR: depth=0, error=unsuitable certificate purpose: C=XX, ST=XX, L=XXX, O=XXX, emailAddress=XXX, CN=sslvpn-certificate, serial=1
201.43.198.169:49300 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
201.43.198.169:49300 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
201.43.198.169:49300 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Re-using SSL/TLS context
Connection Attempt MULTI: multi_create_instance called

PS1: I have another server with the same version and this problem does not occur.
PS2: For privacy reasons, I changed the certificate information in the post code.
PS3: I tested with several versions of OpenVPN Client.
PS4: If I don't require the certificate, it works.


Anyone with this same problem?
Cheers!

No error messages in the logs...

Testing using 2 Apache web servers...

I'll keep investigating...

[load balance]

I'm trying to configure a load balance of the upstream servers, but apparently it's not working...

In Edit Upstream in Upstream:

• Description: upstream_test_44310
• Server Entries: Upstream_Server_01,Upstream_Server_02
• Load Balancing Algorithm: Weighted Round Robin

In Edit Location in Location:

• Description: location_upstream_test_44310
• Upstream Servers: upstream_test_44310

The issue is that the load balance is not working, the connections are only going to Upstream_Server_01.
I already changed the Server Priority priority in Upstream Server, but it didn't work.


Any tips?

Oh, I need update my version of the nginx / opnsense to view this option.

Thank you for your help!

Hi, thx for your reply.

Sorry, I dont see this option "Default Server" in the HTTP Server.

Hi guys.

So... this is not directly about OPNsense, but about NGINX.

I set up a reverse proxy for my website (www.domain.com), but strangely enough, it is accepting any sub-domain (dev.domain.com, xxx.domain.com).

How do I strictly restrict it to only accepting www.domain.com?

Happy new year for all of us!

Oh thank you man.

It worked for me ;D

[PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 119541760 bytes)]

Hi all!

Is there any option to configure PHP parameters through the WEB interface or is there another way to make this adjustment?

I have the following error:
PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 119541760 bytes)

But if I change the /usr/local/etc/php.ini file in the cli, it doesn't work because it is generated by configd.

Thank you all!!

[I440FX Chipset with BIOS]

As information, was configuration on oVirt.

I had change the chipset for I440FX Chipset with BIOS.
Interesting that with pure FreeBSD 12 didn't need to change.

But, it's no problem. Problem resolved.

[virtio]

Hi all!!

Did any of you have a problem running OPN on oVirt 4.4.4?
I tried to run a VM with both a virtio and e1000 driver and it didn't work.
With the virtio driver the OPN does not recognize the interfaces and with the e1000 driver falls on a "db>" screen with kernel panic

There is no error in the virtualization log messages.
This I found strange.

I posted this on the oVirt forum too, because I don't know if the error is at the hypervisor layer or the VM layer.

Any tips?

Thank you all.

[ngx_http_stub_status_module]

Hello, could you help me?

How do I enable the basic_status page through OPNsense to monitor with the Zabbix agent? I saw that the ngx_http_stub_status_module module is enabled.

https://nginx.org/en/docs/http/ngx_http_stub_status_module.html

Or, how and where do I collect the data from the address /ui/nginx/index/vts?

Thank you all!

[ETC/GMT -3]

Hi Franco, I found the problem.

On OPNsense:

If I set the time zone settings ETC/GMT -3, the OPN advance time to 3 more hours.
If I set the time zone settings ETC/GMT +3, the OPN delay time to 3 more hours.

On FreeBSD it's Ok.

I think these two time zones are inverted.

Anyway, I think it's resolved, I guess lol