OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of jorgevisentini »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - jorgevisentini

Pages: [1] 2 3 ... 5
1
24.7 Production Series / Re: Where is the API access?
« on: August 22, 2024, 10:28:17 pm »
My bad.

For some reason it wasn't showing up, but I restarted the server and the option reappeared.

Sorry guys.

2
24.7 Production Series / Where is the API access?
« on: August 22, 2024, 10:02:46 pm »
Hello.

I'm using version 24.7.2 and I need to access the API.

In previous releases it is in SYSTEM>ACCESS>USERS>[user]>API KEYS

Will we no longer have access to the API or has it been moved?  :o  :D

3
Virtual private networks / Sent fatal SSL alert: unsupported certificate
« on: April 26, 2024, 04:46:15 pm »
Hi all! Big Friday! lol

So... I installed OPNsense 24.1.6, created the CA, the server certificate and configured OpenVPN, but when I try to connect I am shown the errors below.

Packages:
base 24.1.5
openssh-portable 9.7.p1,1
openssl 3.0.13_3,1
easy-rsa 3.1.7
openvpn 2.6.10

Code: [Select]
MANAGEMENT: Client connected from /var/etc/openvpn/instance-f66d5a6f-08c6-49c3-bfb4-6497f183d284.sock
201.43.198.169:49300 SIGUSR1[soft,tls-error] received, client-instance restarting
201.43.198.169:49300 TLS Error: TLS handshake failed
201.43.198.169:49300 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
MANAGEMENT: Client disconnected
MANAGEMENT: CMD 'quit'
MANAGEMENT: CMD 'status 2'
MANAGEMENT: Client connected from /var/etc/openvpn/instance-f66d5a6f-08c6-49c3-bfb4-6497f183d284.sock
201.43.198.169:49300 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
201.43.198.169:49300 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
201.43.198.169:49300 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Re-using SSL/TLS context
MULTI: multi_create_instance called
201.43.198.169:49300 SIGUSR1[soft,tls-error] received, client-instance restarting
201.43.198.169:49300 TLS Error: TLS handshake failed
201.43.198.169:49300 TLS Error: TLS object -> incoming plaintext read error
201.43.198.169:49300 TLS_ERROR: BIO read tls_read_plaintext error
201.43.198.169:49300 OpenSSL: error:0A000086:SSL routines::certificate verify failed:
201.43.198.169:49300 Sent fatal SSL alert: unsupported certificate
201.43.198.169:49300 VERIFY ERROR: depth=0, error=unsuitable certificate purpose: C=XX, ST=XX, L=XXX, O=XXX, emailAddress=XXX, CN=sslvpn-certificate, serial=1
201.43.198.169:49300 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
201.43.198.169:49300 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
201.43.198.169:49300 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Re-using SSL/TLS context
Connection Attempt MULTI: multi_create_instance called
PS1: I have another server with the same version and this problem does not occur.
PS2: For privacy reasons, I changed the certificate information in the post code.
PS3: I tested with several versions of OpenVPN Client.
PS4: If I don't require the certificate, it works.


Anyone with this same problem?
Cheers!

4
23.7 Legacy Series / Re: NGINX - How to work Load Balance
« on: December 21, 2023, 08:55:25 pm »
No error messages in the logs...

Testing using 2 Apache web servers...

I'll keep investigating...

5
23.7 Legacy Series / NGINX - How to work Load Balance
« on: December 20, 2023, 04:05:09 pm »
I'm trying to configure a load balance of the upstream servers, but apparently it's not working...

In Edit Upstream in Upstream:
  • Description: upstream_test_44310
  • Server Entries: Upstream_Server_01,Upstream_Server_02
  • Load Balancing Algorithm: Weighted Round Robin

In Edit Location in Location:
  • Description: location_upstream_test_44310
  • Upstream Servers: upstream_test_44310

The issue is that the load balance is not working, the connections are only going to Upstream_Server_01.
I already changed the Server Priority priority in Upstream Server, but it didn't work.


Any tips?

6
22.7 Legacy Series / Re: OFF TOPIC - Nginx restrict domains
« on: January 10, 2023, 04:03:34 pm »
Oh, I need update my version of the nginx / opnsense to view this option.

Thank you for your help!

7
22.7 Legacy Series / Re: OFF TOPIC - Nginx restrict domains
« on: January 05, 2023, 03:07:15 pm »
Hi, thx for your reply.

Sorry, I dont see this option "Default Server" in the HTTP Server.

8
22.7 Legacy Series / OFF TOPIC - Nginx restrict domains
« on: January 05, 2023, 02:05:00 pm »
Hi guys.

So... this is not directly about OPNsense, but about NGINX.

I set up a reverse proxy for my website (www.domain.com), but strangely enough, it is accepting any sub-domain (dev.domain.com, xxx.domain.com).

How do I strictly restrict it to only accepting www.domain.com?

Happy new year for all of us!

9
21.1 Legacy Series / Re: PHP Fatal error
« on: June 25, 2021, 08:30:54 pm »
Oh thank you man.

It worked for me ;D

10
21.1 Legacy Series / PHP Fatal error
« on: June 24, 2021, 09:54:26 pm »
Hi all!

Is there any option to configure PHP parameters through the WEB interface or is there another way to make this adjustment?

I have the following error:
PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 119541760 bytes)

But if I change the /usr/local/etc/php.ini file in the cli, it doesn't work because it is generated by configd.

Thank you all!!


11
20.7 Legacy Series / Re: Virtualization in oVirt 4.4.4
« on: December 12, 2020, 05:22:26 pm »
As information, was configuration on oVirt.

I had change the chipset for I440FX Chipset with BIOS.
Interesting that with pure FreeBSD 12 didn't need to change.

But, it's no problem. Problem resolved.

12
20.7 Legacy Series / Virtualization in oVirt 4.4.4
« on: December 12, 2020, 02:58:33 am »
Hi all!!

Did any of you have a problem running OPN on oVirt 4.4.4?
I tried to run a VM with both a virtio and e1000 driver and it didn't work.
With the virtio driver the OPN does not recognize the interfaces and with the e1000 driver falls on a "db>" screen with kernel panic

There is no error in the virtualization log messages.
This I found strange.

I posted this on the oVirt forum too, because I don't know if the error is at the hypervisor layer or the VM layer.

Any tips?

Thank you all.

13
20.1 Legacy Series / Reverse Proxy - Nginx - Zabbix
« on: August 24, 2020, 11:34:24 pm »
Hello, could you help me?

How do I enable the basic_status page through OPNsense to monitor with the Zabbix agent? I saw that the ngx_http_stub_status_module module is enabled.

https://nginx.org/en/docs/http/ngx_http_stub_status_module.html

Or, how and where do I collect the data from the address /ui/nginx/index/vts?

Thank you all!

14
19.7 Legacy Series / Re: Brazil save time daylight
« on: November 06, 2019, 09:05:24 pm »
Hi Franco, I found the problem.

On OPNsense:

If I set the time zone settings ETC/GMT -3, the OPN advance time to 3 more hours.
If I set the time zone settings ETC/GMT +3, the OPN delay time to 3 more hours.

On FreeBSD it's Ok.

I think these two time zones are inverted.

Anyway, I think it's resolved, I guess lol

15
19.7 Legacy Series / Re: Brazil save time daylight
« on: November 06, 2019, 08:16:33 pm »
Sorry my english...

I didn't find the change on this github code, but on the file https://data.iana.org/time-zones/releases/tzdb-2019c.tar.lz, yes.

On southamerica file, line 946, show the decree signed at May 04, finishing up with the save time daylight in Brazil.

But, I dont know how I fixe it on OPNsense.

Time zone: America/Sao_Paulo
On OPN interface: Wed Nov 6 17:13:50 -02 2019
On FreeBSD cli: Wed Nov  6 16:14:11 -03 2019

Pages: [1] 2 3 ... 5
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2