Messages

[GIF tunnel local address]

Yup, I've been following that how-to except that a GIF tunnel local address edit does not accept network mask so I've omitted a /64 mask.

My setup (addresses are changed):
1) HENET_V6 interface (2001:470:a:b::2).
2) VPN1 OpenVPN interface (fd00:a::1/112) for delegation to client.
3) Have a 2001:470:c::/48 network routed to HENET_V6 tunnel.
4) VPN client with 2001:470:c:1::/64 net is connected to the VPN1 interface.
5) Routing has been configured with OSPFv3.

So, this setup working perfectly. All VPN clients have their own delegated IPv6 net and everything works as intended, but no one can access a certain server running on HENET_V6 interface, but easily can access it on VPN1 OpenVPN interface. External IPv6 users can access server running on HENET_V6 interface.

...
After some investigation I've done it seems like that software has some issues with are not related to OPNsense.

Sorry for bothering you  ::)

Hello,

I have configured a HE.net tunnel in OPNsense 18.1_2 like this (see untitled1.png), but script configures IP as  /128 instead of /64 (see untitled2.png). This leads to inaccessibility of services running on local endpoint.

Sorry for my English.

acme.sh was updated. This is not the reason.

Well, there is very only thing left: Your validation method fails. Personally, I always used a non-standard port for GUI so a HTTP-01 method never worked for me. I use DNS-01 with Hurricane Electric. I've configured DigitalOcean 2 droplets in a week and both works with DNS-01 challenge and doesn't validate with HTTP-01.

Can't get a cert issued. Log shows 'Create domain key error'
I can see the key file was created.

What am I doing wrong?

Well, um, bro, update your acme.sh script or wait for 8.1.3 in a week or so  8) How to?  :o This has been answered few times some posts above  :-\

Hello,

I've noticed some sad bug: frr daemon does not start after router reboot  :-[ I was sweating like an elephant after loosing access to my router from routed net via yet another VPN after reboot :o After logging in to the GUI I found FRR daemon is not running ...   :o

Kinda sad story  :'( Is there any workaround for this illness?  ???

Thanks.

Nice!  Will you share your solution with everyone? :)

There is no special magic involved. I just replaced /usr/local/sbin/acme.sh with a new one and set permissions to 0555 using WinSCP  :o

ouch! well, updated acme.sh by myself and everything works fine  :o

acme.sh 2.7.6 has been released 3 days ago, any ETA on LE package update?

Thanks.

Hello,

Some additional info to 400 tos error:

PHP Warning:  cert_action_validator(): Node no longer exists in
/usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 122
PHP Warning:  cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 122

Crash always happens after cert issue attempt.

Hi,

We are not fond of arbitrary commands in the config models to proactively prevent faulty or malicious injection.

You can, however, persistently modify your system to meet your requirements:

https://docs.opnsense.org/development/backend/autorun.html
https://docs.opnsense.org/development/backend/configd.html

These two facilities can also be used to build plugins for easier distribution of your custom commands. Plugin repositories can be registered alongside official repositories if need be.

No quick fix, but really a lot of flexibility and scalability. :)


Cheers,
Franco

Awesome! Thanks. Just played with configd and it works! Is it possible to run my action after boot or I should use autorun?

Hello,

2 years ago Shellcmd was deleted from OPNsense, but nothing was added instead. It would be extra great and uber awesome to have some nice and sweet replacement for 2 years dead Shellcmd GUI.

Thanks.

That would be awesome!

And there is a webgui for that case? I'd like to see a package like TOR.

p.s: I don't care about server tho.

Hello,

Is there any chance to get OpenConnect (a Cisco VPN client) integrated into OPNsense? It would be great!

Thanks.