Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - advcron

Pages1 2
#1
19.1 Legacy Series / Re: Alias Group Problem
April 21, 2019, 10:53:45 PM
Problem solved!

1. Empty pftables
Removing all three "|encode_idna" in file
Code Select
/usr/local/opnsense/service/templates/OPNsense/Filter/filter_tables.conf
2. After delete alias entry in pftables still exist
Code Select
opnsense-patch e784027
3. Alias group not update immediately after click apply
Code Select
opnsense-patch 3dc5f71

https://github.com/opnsense/core/issues/3431
https://github.com/opnsense/core/issues/3432
#2
19.1 Legacy Series / Re: Alias Group Problem
April 19, 2019, 03:49:11 PM
Quote from: Steven on April 19, 2019, 01:40:05 PM
Quote6. Delete alias not erase files in /var/db/aliastables and still exist in pftable.

If you reboot firewall this will clear out deleted alias from pfTable.
But it is not normal. I can not alwayes reboot firewall after delete aliases.

Wysłane z mojego Mi-4c przy użyciu Tapatalka

#3
19.1 Legacy Series / Re: Move anti-lockout rules
April 19, 2019, 12:34:30 PM
I think anti-lockout rules is connected only with lan zone.
You can disable anti-lockout rule, and create standard firewall rule giving access to the router on another zone.
#4
19.1 Legacy Series / Re: Alias Group Problem
April 18, 2019, 11:24:03 AM
More detail:
1. Opnense was installed from OPNsense-19.1.4-OpenSSL-dvd-amd64.iso
2. Host Alias with content of ip/net working/update well. Except situation in point 4.
3. Host Alias with content of anather alias (alias group). Not working.
a) Max entries of exist alias in alias group is five.
With max 5 entires files contains correct list of addresses. :
/var/db/aliastables/self.txt
/var/db/aliastables/md5.txt
/var/db/aliastables/*.txt
4. More then 5 entries couse that the anather host aliases (not group alias)  stop working well. Not update.
5. ALL alias group files (even witch three entries) dosen't update when we click Apply. We have to delete or change md5 sum file in /var/db/aliastables.
6. Delete alias not erase files in /var/db/aliastables and still exist in pftable.


Update:
Removing all three "|encode_idna" in file
Code Select
/usr/local/opnsense/service/templates/OPNsense/Filter/filter_tables.conf
fix Problem in point 3,4

Error in point 5,6 still exist.
#5
19.1 Legacy Series / Re: Alias Group Problem
April 17, 2019, 10:04:41 PM
I have apply those patch:
opnsense-patch 50c25ea
opnsense-patch ea2f217cf

still doesn't work   :-[
#6
19.1 Legacy Series / [Solved] Alias Group Problem
April 17, 2019, 02:58:58 PM
OPNsense ver: 19.1.6

I can't add more then 4 exist alias to new alias (alias group). The file /var/db/aliastables/IP_Serwery_ALL.txt shows only content of first 4 alias ip.

/var/db/aliastables/IP_Serwery_ALL.txt
192.168.1.10 -> Serwer_IPXE
192.168.0.11 -> Serwer_Nagios
192.168.0.12 -> Serwer_NAS
192.168.0.13 -> Serwer_AV

Should be :

/var/db/aliastables/IP_Serwery_ALL.txt
192.168.1.10 -> Serwer_IPXE
192.168.0.11 -> Serwer_Nagios
192.168.0.12 -> Serwer_NAS
192.168.0.13 -> Serwer_AV
192.168.0.14 -> Serwer_AD


Also After click Apply button this kind of alias not update.
Update only when I remove  /var/db/aliastables/IP_Serwery_ALL.md5.txt or change md5 sum



#7
18.7 Legacy Series / Re: multiple IP addresses assigned to the LAN interface
August 13, 2018, 04:47:42 PM
Add alias on the interface.

Wysłane z mojego Mi-4c przy użyciu Tapatalka

#8
18.7 Legacy Series / Re: Miising alias description
August 03, 2018, 10:54:04 AM
Yes. I also think this is only way.
But I notice one issue:
When you have this "Alias group" and rename individual host alias. In alias group name chaged. This is correct.
When you delete individual host alias, the entry in alias group not delete. This is not correct.
@franco I don't now it is possible to prevent from delete "individual host/port alias, when it use in alias group or delete this entry in alias group.
#9
18.7 Legacy Series / Re: Miising alias description
August 02, 2018, 02:59:13 PM
OK. I understand.
Will there be any tool for identifying alias entries?

For example, I have 10 ip addresses in host alias, and I would like to now which workstation has certain address.
#10
18.7 Legacy Series / Miising alias description
August 02, 2018, 07:47:56 AM
After upgrade to 18.7 alias description/detail is missing (in attach).
But in configuration backup exist.
Code Select

    <alias>
      <name>FQDN_CRL</name>
      <type>host</type>
      <descr>Adresy List CRL ocsp</descr>
      <address>crl.certum.pl ovcasha2.ocsp-certum.com tg.symcd.com tg.symcb.com gj.symcb.com gj.symcd.com repository.certum.pl crl2.alphassl.com ocsp2.globalsign.com crl3.digicert.com crl4.digicert.com ocsp.digicert.com cacerts.digicert.com</address>
      <detail>CRL Certum||OCSP Certum||OCSP Thawte||CRL Thawte||CRL GeoTrust||OCSP Geotrust||CERT Info Certum||CRL GlobalSign||OCSP GlobalSign||CRL DigiCert||CRL DigiCert||OCSP Digicert||Wystawca Digicert</detail>
    </alias>


This is Bug ?
This field was very helpfull to identify specific entry.
#11
18.1 Legacy Series / dnsmasq vs unbound dns
April 10, 2018, 08:41:45 AM
Probably a stupid question. But what is the difference between dnsmasq and  Unbound DNS ?
#12
18.1 Legacy Series / Openvpn config localization [SOLVED]
February 25, 2018, 07:08:51 PM
Where is openvpn config file (in shell).
In /usr/local..?
Thank you for answer.

I found:
/var/etc/openvpn/server1.conf

#13
18.1 Legacy Series / Re: Sorting aliases
February 10, 2018, 09:01:40 PM
Thank you very much it works !!!
#14
18.1 Legacy Series / Re: Unbound Problems
February 10, 2018, 06:00:13 PM
What about configure dnsmasq to forward ad domain to dc?

Wysłane z mojego Mi-4c przy użyciu Tapatalka

#15
18.1 Legacy Series / Re: annoying interface IP view
February 09, 2018, 05:02:57 PM

Yes the same.

Wysłane z mojego Mi-4c przy użyciu Tapatalka

Pages1 2