Messages

1

20.1 Legacy Series / XMLRPC Errors

« on: April 13, 2020, 07:38:37 pm »

Hello all,

I seem to be running into an issue on a current 20.1.4 system that is very much like the problem discussed

here https://forum.opnsense.org/index.php?topic=1218.0

and here https://github.com/opnsense/core/issues/3390

However I can get sync to work with a few of the boxes checked -

     Dashboard
     Users and Groups
     Virtual IPs

I have tried several others and get an error as soon as I try to sync with them on.  When sync works I get no feedback on the console from running /usr/local/etc/rc.filter_synchronize. But when I add another item to sync and it fails I get all of the sync data output to console and then a message "fetch error. remote host down?"

I also get a log message -

opnsense: /usr/local/etc/rc.filter_synchronize: An error occurred while attempting XMLRPC sync with username root and https://10.0.254.2/xmlrpc.php fetch error. remote host down?

Any help would be greatly appreciated.

Dan

2

18.1 Legacy Series / Re: Monit restart OpenConnect

« on: July 09, 2018, 11:01:00 pm »

In case this helps someone else, here is what I figured out.

Services / Monit / Service Test Settings
Create new test
Name - OpenConnect Ping
Condition - failed ping
Action - Restart

Services / Monit / Service Settings
Create new service
Enabled
Name - OpenConnect
Type - Remote Host
Address - IP Address on the other side of the VPN
Start - /usr/local/etc/rc.d/opnsense-openconnect start
Stop - /usr/local/etc/rc.d/opnsense-openconnect stop
Tests - OpenConnect Ping

Just tested it a couple times and seems to work so far.

3

18.1 Legacy Series / Monit restart OpenConnect

« on: July 09, 2018, 07:13:19 pm »

I am looking for a way to start and stop the OpenConnect service using Monit.

I started reading about configuring Monit to monitor a network host and that seems straight forward but now I'm stuck at the start and stop scripts. I have the OpenConnect plugin installed and just want to ping a host address on the other side of the tunnel and have the connection attempt to restart if the pings fail.

Thanks

4

18.1 Legacy Series / Re: OpenConnect with Wildcard Cert

« on: July 09, 2018, 07:08:33 pm »

How do I load the dev version of just a plugin?

5

18.1 Legacy Series / Re: OpenConnect with Wildcard Cert

« on: July 08, 2018, 10:14:34 am »

Thank you very much sir. Is there any way I can test for you?

6

18.1 Legacy Series / OpenConnect with Wildcard Cert

« on: July 07, 2018, 09:48:07 pm »

Hello,

I am trying to use the OpenConnect plugin to connect to my ASAs at work. We currently have a wildcard cert. I know, bad idea but it wasn't my choice I just get to managed it. So I've been trying to get the openconnect plugin to work and it seemed to work for a while and now it won't connect at all. Nothing seems to be logged and I can't tell that the plugin is even trying to connect.

By chance I happened to reboot one of my opnsense boxes while watching the console. I saw an error fly by saying something about the openconnect host certificate not matching the connection name given. It looked like there was some suggestion about adding a certificate hash to the startup command.

So my question is, where's the config file and can I put arguments in it?

Thanks

7

17.7 Legacy Series / Re: IPv6 Packed Loss

« on: September 21, 2017, 10:09:01 pm »

Interesting, so if I understand correctly your problem ended up just getting fixed on it's own?

8

17.7 Legacy Series / IPv6 Packed Loss

« on: September 21, 2017, 08:35:01 pm »

I'm getting some packet loss only over IPv6 which seemed to have gone away in 17.7.2 and now I updated to 17.7.3 and rebooted and I'm getting it again.

I have DHCPv6 enabled on the WAN and getting a /56 prefix, then tracking on 3 inside vlan interfaces which each have /64 prefixes. Everything seemed to be working fine in 17.7.1 and 17.7.2. Not sure if the update to 17.7.3 did it or possibly the reboot?

Anyone else see something similar?

Thanks