"
Hmm.. ok, so it's not an isolated incident.
Well, I don't know what's next. Maybe opening a bug on Github. I'll do this later today.
Thanks!
Well, I don't know what's next. Maybe opening a bug on Github. I'll do this later today.
Thanks!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
18.1 Legacy Series / Re: Unbound crashed
April 20, 2018, 02:16:56 PM
So am I the only one with this problem?
I disabled IDPS, curious if it will crash again...
I disabled IDPS, curious if it will crash again...
#3
18.1 Legacy Series / Re: Unbound crashed
April 17, 2018, 06:22:01 PM
So... crashed again... also while RDP-ing :)
This time, I found this in the logs:
And the same error as before in system:
Apr 17 19:11:18 gateway kernel: pid 90027 (unbound), uid 59: exited on signal 11
This time, I found this in the logs:
Code Select
Apr 17 19:11:18 gateway unbound: [90027:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Apr 17 19:11:18 gateway unbound: [90027:1] info: error sending query to auth server 9.9.9.9 port 853
Apr 17 19:11:18 gateway unbound: [90027:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Apr 17 19:11:18 gateway unbound: [90027:1] info: error sending query to auth server 9.9.9.9 port 853
Apr 17 19:11:18 gateway unbound: [90027:1] error: could not SSL_new crypto error:14FFF0E4:SSL routines:(UNKNOWN)SSL_internal:ssl ctx has no default ssl version
Apr 17 19:11:18 gateway unbound: [90027:1] info: error sending query to auth server 9.9.9.9 port 853
And the same error as before in system:
Apr 17 19:11:18 gateway kernel: pid 90027 (unbound), uid 59: exited on signal 11
#4
18.1 Legacy Series / Re: Use floating rule to allow dns query on OPNsense
April 11, 2018, 07:38:01 PM
It can contain whatever IP addresses you want to use and also FQDNs which will get resolved periodically (every 1 min if I'm not mistaken). You can type in any of these two and as many as you need :)
#5
Hardware and Performance / Re: OpenVPN performance differential (openWRT, pfSense & OPNsense)
April 10, 2018, 07:05:46 AMQuote from: Ilnahro on April 10, 2018, 12:07:29 AM
PS: Never would have occurred to me to look in the intrusion section for performance improvements ::)
dcol wrote those with IDPS performance enhancement in mind, but from my tests, had a significant impact on OpenVPN as well. I since deleted any custom OpenVPN settings, because:
1. They didn't help much (if at all)
2. I don't need them, since dcol's settings, OpenVPN works brilliantly, with or without IDPS enabled (better if IDPS is disabled, of course, which is absolutely normal)
#6
Hardware and Performance / Re: OpenVPN performance differential (openWRT, pfSense & OPNsense)
April 09, 2018, 10:07:14 PM
I'm often maxing out my upload (~500MB) over OpenVPN if i connect from another 1GB link.
This might help: https://forum.opnsense.org/index.php?topic=6590.0
This might help: https://forum.opnsense.org/index.php?topic=6590.0
#7
18.1 Legacy Series / Re: Unbound crashed
April 09, 2018, 07:34:44 PM
Unlikely, unless something is leaking, crashed and freed up the mem, but you never know.. i did check the Unbound logs, found nothing, but i was in a hurry, so maybe i missed something.
I'll get back to this if it happens again with more details.
Thanks!
I'll get back to this if it happens again with more details.
Thanks!
#8
18.1 Legacy Series / Re: Use floating rule to allow dns query on OPNsense
April 09, 2018, 05:08:56 PM
You can use one host(s) alias and add all these IPs. Then use the alias for your fw rules.
#9
18.1 Legacy Series / Re: /usr/local/etc/bogonsv6 too big
April 09, 2018, 09:11:19 AM
There you go, this is what i call support :)
Thank you Franco!
Thank you Franco!
#10
18.1 Legacy Series / Unbound crashed
April 08, 2018, 10:02:58 PM
I wasn't doing anything spectacular, i was working via a rdp connection when everything went dark, suddenly no more internet (apparently). When logging into the WebGUI, i noticed Unbound wasn't running anymore.
I found these in the logs:
What just happened? Did anybody notice anything similar?
First time i ever noticed this. Restarting Unbound got things working again.
I found these in the logs:
Code Select
Apr 8 21:35:04 gateway configd.py: [23ab9b35-a78b-4362-9cc8-d36317cc3d9d] Reloading filter
Apr 8 21:35:05 gateway configd.py: [d871e2ee-e679-4c7e-8d69-c522201e12b3] generate template OPNsense/Filter
Apr 8 21:35:05 gateway configd.py: generate template container OPNsense/Filter
Apr 8 21:35:05 gateway configd.py: [c640a92f-1db9-4516-b542-a8806bd48fc3] refresh url table aliases
Apr 8 21:35:16 gateway kernel: pid 19657 (unbound), uid 59: exited on signal 11
Apr 8 21:39:29 gateway configd.py: [eb29b026-4b4a-436b-b35a-81b9f13bd71e] updating dyndns WAN2_DHCP
What just happened? Did anybody notice anything similar?
First time i ever noticed this. Restarting Unbound got things working again.
#11
18.1 Legacy Series / Re: /usr/local/etc/bogonsv6 too big
April 08, 2018, 12:17:47 AM
It's not a bug, it's a feature :D It's just missing, so the actual bug would be that it is missing this feature :D
#12
Hardware and Performance / Re: Intel Wifi 8265 / 8275
April 07, 2018, 01:38:44 PM
Yes, FreeBSD is best for the wired stuff :)
My old WRT54GL is still running at one of my clients, powered by dd-wrt :)
My old WRT54GL is still running at one of my clients, powered by dd-wrt :)
#13
Hardware and Performance / Re: Intel Wifi 8265 / 8275
April 07, 2018, 10:05:17 AM
So sorry to hear this.
Better use an AP with another ethernet interface. That works, you could even create fw rules for that, and because an AP can handle more WIFI clients you will get much better performance as well.
Better use an AP with another ethernet interface. That works, you could even create fw rules for that, and because an AP can handle more WIFI clients you will get much better performance as well.
#14
18.1 Legacy Series / Re: ***call for testing*** DNS TLS encryption using Quad9 and Cloudflare DNS servers
April 07, 2018, 09:57:27 AM
Very nice summary, thank you!
Indeed, you're right. There's much to be done generally in order to get true security.
The only true security based on encryption is where you (to encrypt) and the decrypting party know the key. There is no other method. If you are not allowed to use your own key/password in any form and the decrypting party is not allowed to add that exact key to decrypt the communication, that's not true security.
For regular people, this is not an issue of course, most of the times.
Welcome to OPNsense!
Indeed, you're right. There's much to be done generally in order to get true security.
The only true security based on encryption is where you (to encrypt) and the decrypting party know the key. There is no other method. If you are not allowed to use your own key/password in any form and the decrypting party is not allowed to add that exact key to decrypt the communication, that's not true security.
For regular people, this is not an issue of course, most of the times.
Welcome to OPNsense!
#15
18.1 Legacy Series / Re: ***call for testing*** DNS TLS encryption using Quad9 and Cloudflare DNS servers
April 06, 2018, 01:12:45 PM
For fallback cases, yes. If you delete these custom options (tls forwards) and re-enable forwarding mode, the DNS servers configured under "General" will be used.
