Messages

I am running OPNSense 25.1.12
I have 2 firewall rules on the LAN port. They are
Block In from Alias1 to 10.20.0.49 port *
Block Out from 10.20.0.49 to Alias1 port *
I apply the rules
I test doing: nc -zv <dns name in Alias1> 443
These are above the other rules that allow flow of data
and that succeeds. It shouldn't I don't have to reboot do I to have them applied?

Donated $50.

I am not sure if this is possible for OPNSense, but a patreon would be kind of nice. That way we could make continual donation.

I have setup nut client on OPNSense.  I get nothing in the Diagnostics and the logs tell me that: UPS [non-server-apc]: connect failed: Connection failure: Connection refused.  However when I log onto the system and do non-server-apc@<ip address>, I get the following
battery.charge: 84
battery.charge.low: 10
battery.charge.warning: 50
battery.date: 2001/09/25
battery.mfr.date: 2019/12/03
battery.runtime: 773
battery.runtime.low: 120
battery.type: PbAc
battery.voltage: 27.4
battery.voltage.nominal: 24.0
device.mfr: American Power Conversion
device.model: Back-UPS RS 1000MS
device.serial: 3B1949X21182 
device.type: ups
driver.name: usbhid-ups
driver.parameter.bus: 001
driver.parameter.pollfreq: 30
driver.parameter.pollinterval: 2
driver.parameter.port: auto
driver.parameter.product: Back-UPS RS 1000MS FW:950.e3 .D USB FW:e3
driver.parameter.productid: 0002
driver.parameter.serial: 3B1949X21182
driver.parameter.synchronous: auto
driver.parameter.vendor: American Power Conversion
driver.parameter.vendorid: 051D
driver.version: 2.8.0
driver.version.data: APC HID 0.98
driver.version.internal: 0.47
driver.version.usb: libusb-1.0.26 (API: 0x1000109)
input.sensitivity: medium
input.transfer.high: 144
input.transfer.low: 88
input.transfer.reason: input voltage out of range
input.voltage: 121.0
input.voltage.nominal: 120
ups.beeper.status: enabled
ups.delay.shutdown: 20
ups.firmware: 950.e3 .D
ups.firmware.aux: e3     
ups.load: 16
ups.mfr: American Power Conversion
ups.mfr.date: 2019/12/03
ups.model: Back-UPS RS 1000MS
ups.productid: 0002
ups.realpower.nominal: 600
ups.serial: 3B1949X21182 
ups.status: OL CHRG
ups.test.result: No test initiated
ups.timer.reboot: 0
ups.timer.shutdown: -1
ups.vendorid: 051d

Clearly it sees it. I am using "monuser" as the monitor user name. I have the correct passwords entered. Anybody have any ideas?

I was looking at the dhcp leases and I didn't recognize a connection.  I wanted to terminate the lease and see what quit working, but I couldn't figure out out to just terminate it. Any know how to do this?

I finally got it to work. I was totally and utterly stupid.  I wanted it to run every two minutes...not two minutes after each hour. I think I did find an odd bug. I need to do more testing first. 

There is nothing in /var/log/configd older than Oct 13.
Here is the script that is being executed:

Code Select Expand

#!/usr/local/bin/bash
baseDir="/home/mts/cron_scripts/"
errFile="/tmp/users.err"
cronFile="/tmp/getWho.cron"
users=$(/usr/bin/who -a)
if [ ${#users} -gt 0 ]; then
  ${baseDir}discordPush.sh "ALARM: ${users} logged on"
  touch ${errFile}
else
  if [ -f ${errFile} ]; then
    ${baseDir}discordPush.sh "OK: Users have logged off"
    rm ${errFile}
  fi
fi
echo "OK" > ${cronFile}
echo 0

Like I said in my previous post. It works when I do a configctl getwho update.  However, it never works after that. It is like the cron system doesn't even see it. However, when I look in /var/cron/tabs/nobody, I see the following:

Code Select Expand


# Origin/Description: cron/Checking for logged in users
2 * * * * /usr/local/sbin/configctl getwho update

Also, if I run the cron command by hand, it works just fine.

I have a cron job that lets me know when a user has logged in to my firewall. I have been following this:
https://docs.opnsense.org/development/backend/configd.html
Here are the particulars:
in usr/local/opnsense/service/conf/actions.d I have the following

Code Select Expand

cat actions_getwho.conf
[update]
command:/home/mts/cron_scripts/getWho.sh
parameters:
type:script
description: Check for logged in users
message:get who is logged in.
I perform the following:

Code Select Expand

service configd restart
configctl getwho update
on the command line.  I get a notice about who is logged in. I set the cron job in the interface. Nothing happens.

I am at a loss
Anybody have any idea what is going on?

I know I am just missing something but I can't seem to get a gateway set up properly. I have 5 interfaces:
WAN
LAN: 10.20.0.0/24
OPT1
OPT2
OPT3:173.20.2.0/24

I want to be able to get from my LAN to OPT3. I can't seem to figure out the gateway to get this to work.  Any hints would be beneficial.

Thank you in advance for your time.

Thanks much. I will look at that. It didn't occur to me to use configd for custom cron scripts.

I created some custom scripts to monitor things such as who logs in, load average, temps, etc.  I set these up so they would send a warning to my discord server.  These scripts required root privs, so added them to the root crontab. They didn't survive a reboot.  Is there a way to add custom cron jobs that will survive a reboot or upgrade?  I know that we have nrpe plugin, but I don't want to have another server just to receive nrpe notifications.  This works without the headache or cost of another server running.

Try downloading the VGA 64 bit version from any of the USA mirrors. It comes down as an IMG format. To complicate matters, I have tried ImgBurn and Windows. Both say that the image is corrupted or not a valid IMG format

I am trying to download the VGA version of OPNSense 20.1 and it is NOT in ISO format, it is in IMG format. Where is the ISO format?

I am getting the following warning in my OpenVPN log file:

Code Select Expand

openvpn[48501]: WARNING: POTENTIALLY DANGEROUS OPTION --verify-client-cert none|optional
(or --client-cert-not-required) may accept clients which do not present a certificate
I can't find a place in the server setting to require the client certificate.  How do I fix this? 

Thank you in advance for your help

Thanks. I had to add the rule to allow wan access when I installed OPNSense. I just allowed everything to get it running.  I modified this and all works.

Thanks again