Messages

1

18.1 Legacy Series / Re: HE.net tunnel issue

« on: March 01, 2018, 10:51:23 am »

Yup, I've been following that how-to except that a GIF tunnel local address edit does not accept network mask so I've omitted a /64 mask.

My setup (addresses are changed):
1) HENET_V6 interface (2001:470:a:b::2).
2) VPN1 OpenVPN interface (fd00:a::1/112) for delegation to client.
3) Have a 2001:470:c::/48 network routed to HENET_V6 tunnel.
4) VPN client with 2001:470:c:1::/64 net is connected to the VPN1 interface.
5) Routing has been configured with OSPFv3.

So, this setup working perfectly. All VPN clients have their own delegated IPv6 net and everything works as intended, but no one can access a certain server running on HENET_V6 interface, but easily can access it on VPN1 OpenVPN interface. External IPv6 users can access server running on HENET_V6 interface.

...
After some investigation I've done it seems like that software has some issues with are not related to OPNsense.

Sorry for bothering you 

2

18.1 Legacy Series / HE.net tunnel issue

« on: February 26, 2018, 06:48:02 pm »

Hello,

I have configured a HE.net tunnel in OPNsense 18.1_2 like this (see untitled1.png), but script configures IP as  /128 instead of /64 (see untitled2.png). This leads to inaccessibility of services running on local endpoint.

Sorry for my English.

3

18.1 Legacy Series / Re: 18.1.1 & acme client

« on: February 26, 2018, 10:57:19 am »

acme.sh was updated. This is not the reason.

Well, there is very only thing left: Your validation method fails. Personally, I always used a non-standard port for GUI so a HTTP-01 method never worked for me. I use DNS-01 with Hurricane Electric. I've configured DigitalOcean 2 droplets in a week and both works with DNS-01 challenge and doesn't validate with HTTP-01.

4

18.1 Legacy Series / Re: 18.1.1 & acme client

« on: February 25, 2018, 01:40:12 pm »

Can't get a cert issued. Log shows 'Create domain key error'
I can see the key file was created.

What am I doing wrong?

Well, um, bro, update your acme.sh script or wait for 8.1.3 in a week or so  How to?  This has been answered few times some posts above 

5

18.1 Legacy Series / FRR does not start after reboot

« on: February 25, 2018, 01:34:49 pm »

Hello,

I've noticed some sad bug: frr daemon does not start after router reboot  I was sweating like an elephant after loosing access to my router from routed net via yet another VPN after reboot After logging in to the GUI I found FRR daemon is not running ...   

Kinda sad story  Is there any workaround for this illness? 

Thanks.

6

18.1 Legacy Series / Re: 18.1.1 & acme client

« on: February 12, 2018, 04:37:23 pm »

Nice!  Will you share your solution with everyone?

There is no special magic involved. I just replaced /usr/local/sbin/acme.sh with a new one and set permissions to 0555 using WinSCP 

7

18.1 Legacy Series / Re: 18.1.1 & acme client

« on: February 12, 2018, 03:42:58 pm »

ouch! well, updated acme.sh by myself and everything works fine 

8

18.1 Legacy Series / Re: 18.1.1 & acme client

« on: February 12, 2018, 03:01:08 pm »

acme.sh 2.7.6 has been released 3 days ago, any ETA on LE package update?

Thanks.

9

18.1 Legacy Series / Re: 18.1.1 & acme client

« on: February 03, 2018, 01:50:47 pm »

Hello,

Some additional info to 400 tos error:

PHP Warning:  cert_action_validator(): Node no longer exists in
/usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 122
PHP Warning:  cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 122

Crash always happens after cert issue attempt.

10

Development and Code Review / Re: Feature request: Shellcmd like GUI plugin

« on: October 27, 2017, 03:10:08 pm »

Hi,

We are not fond of arbitrary commands in the config models to proactively prevent faulty or malicious injection.

You can, however, persistently modify your system to meet your requirements:

https://docs.opnsense.org/development/backend/autorun.html
https://docs.opnsense.org/development/backend/configd.html

These two facilities can also be used to build plugins for easier distribution of your custom commands. Plugin repositories can be registered alongside official repositories if need be.

No quick fix, but really a lot of flexibility and scalability.


Cheers,
Franco

Awesome! Thanks. Just played with configd and it works! Is it possible to run my action after boot or I should use autorun?

11

Development and Code Review / Feature request: Shellcmd like GUI plugin

« on: October 27, 2017, 11:24:06 am »

Hello,

2 years ago Shellcmd was deleted from OPNsense, but nothing was added instead. It would be extra great and uber awesome to have some nice and sweet replacement for 2 years dead Shellcmd GUI.

Thanks.

12

Development and Code Review / Re: Feature request: OpenConnect client

« on: October 17, 2017, 03:16:47 pm »

That would be awesome!

13

Development and Code Review / Re: Feature request: OpenConnect client

« on: October 14, 2017, 03:52:33 pm »

And there is a webgui for that case? I'd like to see a package like TOR.

p.s: I don't care about server tho.

14

Development and Code Review / Feature request: OpenConnect client

« on: October 14, 2017, 01:40:37 pm »

Hello,

Is there any chance to get OpenConnect (a Cisco VPN client) integrated into OPNsense? It would be great!

Thanks.