"
Hi Patrick,
thank you for your quick reply.
I'm going to fix the issue.
Regards
Dario
thank you for your quick reply.
I'm going to fix the issue.
Regards
Dario
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
General Discussion / disk full (flowd.log up to 40 GB) [solved]
June 14, 2025, 06:44:02 PM
Hello,
Opnsense 25.1.5_4-amd64
I got a warning about the disk space.
"Disk space on the root filesystem is critically full 42,00G or 91% used, 3,90G available).
This is the disk partitioning:
Filesystem Size Used Avail Capacity Mounted on
/dev/gpt/rootfs 50G 42G 3.9G 91% /
devfs 1.0K 0B 1.0K 0% /dev
devfs 1.0K 0B 1.0K 0% /var/dhcpd/dev
devfs 1.0K 0B 1.0K 0% /var/unbound/dev
/usr/local/lib/python3.11 50G 42G 3.9G 91% /var/unbound/usr/local/lib/python3.11
/lib 50G 42G 3.9G 91% /var/unbound/lib
Can someone please assure me that I can simply delete the /var/log/flowd.log file? (it currently takes up about 40 GB)
Thank you.
Dario
Opnsense 25.1.5_4-amd64
I got a warning about the disk space.
"Disk space on the root filesystem is critically full 42,00G or 91% used, 3,90G available).
This is the disk partitioning:
Filesystem Size Used Avail Capacity Mounted on
/dev/gpt/rootfs 50G 42G 3.9G 91% /
devfs 1.0K 0B 1.0K 0% /dev
devfs 1.0K 0B 1.0K 0% /var/dhcpd/dev
devfs 1.0K 0B 1.0K 0% /var/unbound/dev
/usr/local/lib/python3.11 50G 42G 3.9G 91% /var/unbound/usr/local/lib/python3.11
/lib 50G 42G 3.9G 91% /var/unbound/lib
Can someone please assure me that I can simply delete the /var/log/flowd.log file? (it currently takes up about 40 GB)
Thank you.
Dario
#3
24.7, 24.10 Series / System: Trust: Certificates issue?
September 11, 2024, 04:10:11 PM
I noticed that in 24.7.3_1 there is an inconsistency in System: Trust: Certificates.
Valid user certificates are indicated with "x" and revoked certificates are indicated with check mark.
Exactly the opposite of what happens for Web GUI SSL certificate and CA certificate.
Please take a look at the attached screenshot.
Greetings.
Dario
P.S. sorry for my broken English.
Valid user certificates are indicated with "x" and revoked certificates are indicated with check mark.
Exactly the opposite of what happens for Web GUI SSL certificate and CA certificate.
Please take a look at the attached screenshot.
Greetings.
Dario
P.S. sorry for my broken English.
#4
Virtual private networks / Opnsense HA - Client OpenVPN doesn't restart connection
August 31, 2024, 04:24:22 PM
Hello,
my environment:
2 OPNsense 24.7.3_1 in High Availability (CARP and pfsync work fine)
1 Public ip shared byy the firewalls
OpenVPN server 2.6.12
OpenVPN client 2.5.9
OpenVPN server configured on each firewalls
With OpenVPN client I get connection to both firewalls
Issue:
When the master firewall goes down OpenVPN client doesn't reconnect automatically (I must force reconnection from the client)
I would like to have a client automatic reconnection.
I tried with "persist-tun persist-key keepalive 2 10" but doesn't work
Can please anyone help me to solve this issue?
Greetings
Dario
my environment:
2 OPNsense 24.7.3_1 in High Availability (CARP and pfsync work fine)
1 Public ip shared byy the firewalls
OpenVPN server 2.6.12
OpenVPN client 2.5.9
OpenVPN server configured on each firewalls
With OpenVPN client I get connection to both firewalls
Issue:
When the master firewall goes down OpenVPN client doesn't reconnect automatically (I must force reconnection from the client)
I would like to have a client automatic reconnection.
I tried with "persist-tun persist-key keepalive 2 10" but doesn't work
Can please anyone help me to solve this issue?
Greetings
Dario
#5
Virtual private networks / Re: OpenVPN static IP using Viscosity client [solved]
August 10, 2024, 01:30:05 PM
configuring vpn server with Device mode = tap it works fine
#6
Virtual private networks / OpenVPN static IP using Viscosity client [closed]
August 10, 2024, 12:18:35 PM
environment:
OPNsense 24.7.1-amd64
FreeBSD 14.1-RELEASE-p3
OpenSSL 3.0.14
Vicosity client 1.11.2 (1820)
PC Windows 11
target:
always assign the same IP to the VPN client
Hello folks,
until today for VPN road warrior I used the OpenVPN client and to always assign the same IP address to the clients I configured the file /var/etc/openvpn-csc/1/username with the directive
ifconfig-push <client IP> <netmask>.
Following https://docs.opnsense.org/manual/how-tos/sslvpn_client.html I tried using the Viscosity client and the solution (/var/etc/openvpn-csc/1/username) doesn't work so I ask for help to solve the issue.
Thanks so much for the kind help.
Greetings.
Dario
OPNsense 24.7.1-amd64
FreeBSD 14.1-RELEASE-p3
OpenSSL 3.0.14
Vicosity client 1.11.2 (1820)
PC Windows 11
target:
always assign the same IP to the VPN client
Hello folks,
until today for VPN road warrior I used the OpenVPN client and to always assign the same IP address to the clients I configured the file /var/etc/openvpn-csc/1/username with the directive
ifconfig-push <client IP> <netmask>.
Following https://docs.opnsense.org/manual/how-tos/sslvpn_client.html I tried using the Viscosity client and the solution (/var/etc/openvpn-csc/1/username) doesn't work so I ask for help to solve the issue.
Thanks so much for the kind help.
Greetings.
Dario
#7
24.7, 24.10 Series / Re: 24.7_9 VPN config
August 10, 2024, 11:42:34 AM
I solved using Viscosity client
Kind regards
Dario
Kind regards
Dario
#8
24.7, 24.10 Series / Re: 24.7_9 VPN config
August 05, 2024, 02:42:29 PM
Hello Meyergru,
Thanks so much for your reply.
I'm still expertize problems with the new users certificate generation method but I'm working around.
Thanj you a lot
Dario
Thanks so much for your reply.
I'm still expertize problems with the new users certificate generation method but I'm working around.
Thanj you a lot
Dario
#9
24.7, 24.10 Series / 24.7_9 VPN config [closed]
July 30, 2024, 03:14:18 PM
Hello,
is there a doc explaning how to configure VPN (better OpenVPN) road warrior on release 24.7_9?
Kind regards
Dario
is there a doc explaning how to configure VPN (better OpenVPN) road warrior on release 24.7_9?
Kind regards
Dario
#10
24.1, 24.4 Legacy Series / dual wan doesn't work
April 08, 2024, 01:13:42 PM
Hello,
Opnsense rel 24.1-amd64
I configured two wan interfaces and one client interface:
WAN (active gateway)
192.168.1.2/24
gw: 192.168.1.1
WAN2
10.150.48.1/24
gw: 10.150.48.254
my goal is to have the automatic switch between the two wans when the active one falls
I followed this: https://docs.opnsense.org/manual/how-tos/multiwan.html
but when I disconnect the DSL connector from the router of the active connection (WAN) the second connection is not established.
If I manually change the priority of the gateways the connections correctly switch.
Can someone please help me?
Greetings
Dario
Opnsense rel 24.1-amd64
I configured two wan interfaces and one client interface:
WAN (active gateway)
192.168.1.2/24
gw: 192.168.1.1
WAN2
10.150.48.1/24
gw: 10.150.48.254
my goal is to have the automatic switch between the two wans when the active one falls
I followed this: https://docs.opnsense.org/manual/how-tos/multiwan.html
but when I disconnect the DSL connector from the router of the active connection (WAN) the second connection is not established.
If I manually change the priority of the gateways the connections correctly switch.
Can someone please help me?
Greetings
Dario
#11
24.1, 24.4 Legacy Series / Re: web proxy
March 23, 2024, 02:01:12 PM
I found it as "os-squid"
Dario
Dario
#12
24.1, 24.4 Legacy Series / web proxy
March 23, 2024, 12:43:41 PM
Hello folks,
Opnsense rel 24.1.3_1
Where is "web proxy" in rel. 24.1?
Thank you
Greetings
Dario
Opnsense rel 24.1.3_1
Where is "web proxy" in rel. 24.1?
Thank you
Greetings
Dario
#13
Virtual private networks / Re: revoked cert still works
November 02, 2023, 04:57:46 PM
Great job Patrick, now it works fine
have you a nice day
thanks a lot
Dario
have you a nice day
thanks a lot
Dario
#14
Virtual private networks / Re: revoked cert still works
November 02, 2023, 02:19:01 PM
Hi Patrick,
I only create the CRL under:
System / Trust / Revocation
(and I revoked the cert, the cert associated to the user is marked as "Revoke")
I toke a look under OpenVPN Server but I don't found the way to configure the CRL
Can you please show me the way / give me instructions?
Thanks a lot
Dario
I only create the CRL under:
System / Trust / Revocation
(and I revoked the cert, the cert associated to the user is marked as "Revoke")
I toke a look under OpenVPN Server but I don't found the way to configure the CRL
Can you please show me the way / give me instructions?
Thanks a lot
Dario
#15
Virtual private networks / revoked cert still works
November 02, 2023, 01:34:48 PM
Hello folks,
I'm stuck on certificate revocation.
I always used username and cert to create VPN clients:
1) create user / password
2) create user-cert
3) bind user and user-cert
4) OpenVPN client export
I revoked a cert:
1) create CA Revocation List
2) revoke the cert
but the user still connetcs using VPN
This is embarazing.
Can someone please help me to solve this issue?
Greetings
Dario
I'm stuck on certificate revocation.
I always used username and cert to create VPN clients:
1) create user / password
2) create user-cert
3) bind user and user-cert
4) OpenVPN client export
I revoked a cert:
1) create CA Revocation List
2) revoke the cert
but the user still connetcs using VPN
This is embarazing.
Can someone please help me to solve this issue?
Greetings
Dario
