Messages

1

Documentation and Translation / Re: How do I get the tor Control Port Password?

« on: April 28, 2022, 09:31:07 pm »

@chrisC as a VERY DIRTY solution you can add strrings to /usr/local/opnsense/service/templates/OPNsense/Tor/torrc

this one is template, which is used to generate config on each restart.

and it will allow to live a bit longer without editing exact torrc file till next time tor will be upgraded.

as a reminder, you can also add trigger to monit, that will send you message, where your line is absent.

2

20.7 Legacy Series / Re: How to install RTL8192CE device

« on: February 08, 2022, 09:56:36 pm »

hm... no one answers...

but issue still exist...

3

21.7 Legacy Series / Re: TOR and obfs4 bridges

« on: January 05, 2022, 11:06:55 pm »

there is an opened ticket already: https://github.com/opnsense/plugins/issues/961

4

21.7 Legacy Series / Re: TOR and obfs4 bridges

« on: December 17, 2021, 08:21:31 am »

i've tried to search by "tor" keyword, and there are toooo many links)
but for obfs4 found that: https://forum.opnsense.org/index.php?topic=19114.msg87568#msg87568

so sad, it doesn't have any comments

5

21.7 Legacy Series / TOR and obfs4 bridges

« on: December 17, 2021, 08:19:29 am »

Hello,

situation: tor is started to being blocked on country wide policy, and obviously it stopped to work.

How it was:
Tor plugin was receiving connections on 9040 port, firewall/NAT was set up to forward all "blocked" traffic to tor. And it was working really cool, till some days ago.

I tried to run fresh tor-browser from same network - it is working without issues.
Also, i've read that: https://blog.torproject.org/tor-censorship-in-russia/ and https://forum.torproject.net/t/tor-blocked-in-russia-how-to-circumvent-censorship/982

noticed, that there are talks about obfs4 bridges. so i've got some bridges, but looks like tor on opnsense doesn't support that.


So asking for advice - are there any workarounds?

6

Web Proxy Filtering and Caching / Re: nginx plugin and some custom settings like worker_rlimit_nofile

« on: July 29, 2021, 10:11:25 pm »

thank you!

so, soon it will work... cool.

7

Web Proxy Filtering and Caching / nginx plugin and some custom settings like worker_rlimit_nofile

« on: July 28, 2021, 09:40:02 pm »

Hello,

what is the best way to setup custom settings for nginx reverse-proxy in main part?

for example, i need to configure `worker_rlimit_nofile`?
i saw, that `worker_connections` exist on main configuration in UI... but what about things, which are not added?

also, is it possible to add some vhost.conf file, instead of configuring all thru UI?
would be cool, actually, if there will be special place in `Other` tab to add custom config, where it will be possible to add some things which are not implemented in UI.

ps. why? as it suggested by vendor: https://www.jetbrains.com/help/youtrack/standalone/Reverse-Proxy-Configuration.html#Nginx_Config

8

Web Proxy Filtering and Caching / Re: Multiple sites via HAproxy

« on: July 28, 2021, 09:35:25 pm »

you can setup HAproxy as with as many sites as you wish.

SSL certificates may be generated with lets encrypt plugin, or you can use your own. no need to use wildcard.
But you will need to define "frontend" and "backend" records, and then map it to each other.

from my opinion, setting up HAproxy is more complicated, then nginx... but still, you can do all things with one public IP.

9

General Discussion / Re: [SOLVED] Query status of GEOM Mirror (gmirror) RAID1

« on: December 28, 2020, 11:34:51 pm »

this is quite nice thing, but now it is not needed to write any sh scripts.

in most cases only need is to add service with:
Name: gmirror status
Type: Custom
Path: /sbin/gmirror status
Tests: NonZeroStatus

and that's it.
it will check `gmirror status` and trigger alerts if status is changed.

10

19.7 Legacy Series / Re: OpenVPN - retrieve connected clients

« on: October 15, 2019, 09:14:54 pm »

ok.

tried adding

Code: [Select]

status /usr/local/www/clients.log and it works as we need it: we can run curl https://192.168.0.1:8080/clients.log and parse it locally.

11

19.7 Legacy Series / OpenVPN - retrieve connected clients

« on: October 10, 2019, 10:25:14 pm »

Hello,

i need to set static IP for special openvpnclients... but, it doesn't work in the way how it was working on plain openvpn config: i'm trying to add "ifconfig-push 192.168.200.200 255.255.255.0"  to Client Override config.

client can't connect with this setting.

So, if there are problem to set static address - is it possible somehow to get ip addresses thru RestAPI (maybe there are hidden feature) or thru cli interface (like connect thru ssh and run "openvpn get clients")

both ways will work, also like setting static IP

12

19.1 Legacy Series / Re: nginx 1.7: banning, even if Learning Mode on.

« on: February 07, 2019, 10:03:49 pm »

great! thanks a lot!

13

19.1 Legacy Series / Re: nginx 1.7: banning, even if Learning Mode on.

« on: February 07, 2019, 06:46:55 pm »

Thank you, @fabian.

it make sense... but where to find this checkbox?

on server config i cant see it...


and yes, in mobile development customer asks to set special User Agent... like: okhttp/2.1.2.2

14

19.1 Legacy Series / Re: nginx 1.7: banning, even if Learning Mode on.

« on: February 07, 2019, 05:47:15 pm »

after several tests i found problem - this is "User Agent"

and this is actually sucks, that it blocks on nginx by incorrect user agent.

because this is first what spammers change.... but it blocks relevant traffic from scripts and other dev stuff.

15

19.1 Legacy Series / Re: nginx 1.7: banning, even if Learning Mode on.

« on: February 06, 2019, 08:43:33 pm »

also, i see 192.168.2.225 in banned list....
then im trying to look for log:

root@OPNsense:~ # cat /var/log/nginx/* | grep 2.225
root@OPNsense:~ #


and there is nothing!

how i can prevent it from being banned?