Messages

Thank you. That makes perfect sense.

Hi Franco,

thank you for your response, I have downloaded the new version of the firmware OPNsense 18.7.4-amd64 and noticed that the button for adding and removing leases from the Services: DHCPv4: Leases page, has been removed.

even tough the button sometimes would fail to add clients and redirected to the dashboard, Having the ability to manually delete dynamic assignments was very important specially when you have a limited dynamic scope of IP addresses for your  network. from an admin perspective that "feature" or ability to on demand manage your DHCP scope was very useful as it allowed you to add a static assignment on the fly or delete as necessary.

I would love for that button to make a comeback . Thanks.

Furthermore, I proceed to install the Nginx plugging and got the same result:

[Thu Sep 27 20:22:59 EDT 2018] d='*.domain.com'
[Thu Sep 27 20:22:59 EDT 2018] Getting webroot for domain='*.compsysnet.com'
[Thu Sep 27 20:22:59 EDT 2018] _w='/var/etc/acme-client/challenges'
[Thu Sep 27 20:22:59 EDT 2018] _currentRoot='/var/etc/acme-client/challenges'
[Thu Sep 27 20:22:59 EDT 2018] response='{"identifier":{"type":"dns","value":"*domain.com"},"status":"pending","expires":"2018-10-04T23:56:47Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6OO3wRPNSBJXB0zWzo-s0Y4v-Nvx88Ep0Jitv6GmvQs/176925645","token":"WaamP-I5y8EgbmZVakAC4h8Rz-CE-_bq8BpTf-TChYg"}],"wildcard": true}'
[Thu Sep 27 20:22:59 EDT 2018] entry
[Thu Sep 27 20:22:59 EDT 2018] Error, can not get domain token entry *.domain.com
[Thu Sep 27 20:22:59 EDT 2018] The supported validation types are: dns-01 , but you specified: http-01
[Thu Sep 27 20:22:59 EDT 2018] pid
[Thu Sep 27 20:22:59 EDT 2018] No need to restore nginx, skip.
[Thu Sep 27 20:22:59 EDT 2018] _clearupdns
[Thu Sep 27 20:22:59 EDT 2018] skip dns.
[Thu Sep 27 20:22:59 EDT 2018] _on_issue_err
[Thu Sep 27 20:22:59 EDT 2018] Please check log file for more details: /var/log/acme.sh.log
[Thu Sep 27 20:22:59 EDT 2018] _chk_vlist
[Thu Sep 27 20:22:59 EDT 2018] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2k-freebsd  26 Jan 2017
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.14.0
built with OpenSSL 1.0.2p  14 Aug 2018
TLS SNI support enabled
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --user=www --group=www --modules-path=/usr/local/libexec/nginx --with-file-aio --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx/access.log --with-http_v2_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-pcre --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --without-mail_smtp_module --with-mail_ssl_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-mail=dynamic --with-stream=dynamic --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/ngx_brotli-e26248e --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/naxsi-0.56/naxsi_src
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
   options:
      -V     print version and feature information to stdout, and exit
      -h|-?  print a help text describing command line options and addresses
      -hh    like -h, plus a list of all common address option names
      -hhh   like -hh, plus a list of all available address option names
      -d     increase verbosity (use up to 4 times; 2 are recommended)
      -D     analyze file descriptors before loop
      -ly[facility]  log to syslog, using facility (default is daemon)
      -lf<logfile>   log to file
      -ls            log to stderr (default if no other log)
      -lm[facility]  mixed log mode (stderr during initialization, then syslog)
      -lp<progname>  set the program name used for logging
      -lu            use microseconds for logging timestamps
      -lh            add hostname to log messages
      -v     verbose data traffic, text
      -x     verbose data traffic, hexadecimal
      -b<size_t>     set data buffer size (8192)
      -s     sloppy (continue on error)
      -t<timeout>    wait seconds before closing second channel
      -T<timeout>    total inactivity timeout in seconds
      -u     unidirectional mode (left to right)
      -U     unidirectional mode (right to left)
      -g     do not check option groups
      -L <lockfile>  try to obtain lock, or fail
      -W <lockfile>  try to obtain lock, or wait
      -4     prefer IPv4 if version is not explicitly specified
      -6     prefer IPv6 if version is not explicitly specified
   bi-address:
      pipe[,<opts>]   groups=FD,FIFO
      <single-address>!!<single-address>
      <single-address>
   single-address:
      <address-head>[,<opts>]
   address-head:
      create:<filename>   groups=FD,REG,NAMED
      exec:<command-line>   groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      fd:<num>   groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      gopen:<filename>   groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
      ip-datagram:<host>:<protocol>   groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recv:<protocol>   groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
      ip-sendto:<host>:<protocol>   groups=FD,SOCKET,IP4,IP6
      ip4-datagram:<host>:<protocol>   groups=FD,SOCKET,RANGE,IP4
      ip4-recv:<protocol>   groups=FD,SOCKET,RANGE,IP4
      ip4-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP4
      ip4-sendto:<host>:<protocol>   groups=FD,SOCKET,IP4
      ip6-datagram:<host>:<protocol>   groups=FD,SOCKET,RANGE,IP6
      ip6-recv:<protocol>   groups=FD,SOCKET,RANGE,IP6
      ip6-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP6
      ip6-sendto:<host>:<protocol>   groups=FD,SOCKET,IP6
      open:<filename>   groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
      openssl:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
      openssl-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
      pipe:<filename>   groups=FD,FIFO,NAMED,OPEN
      proxy:<proxy-server>:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
      pty   groups=FD,NAMED,TERMIOS,PTY
      sctp-connect:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
      sctp-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
      sctp4-connect:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
      sctp4-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
      sctp6-connect:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
      sctp6-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
      socket-connect:<domain>:<protocol>:<remote-address>   groups=FD,SOCKET,CHILD,RETRY
      socket-datagram:<domain>:<type>:<protocol>:<remote-address>   groups=FD,SOCKET,RANGE
      socket-listen:<domain>:<protocol>:<local-address>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
      socket-recv:<domain>:<type>:<protocol>:<local-address>   groups=FD,SOCKET,RANGE
      socket-recvfrom:<domain>:<type>:<protocol>:<local-address>   groups=FD,SOCKET,CHILD,RANGE
      socket-sendto:<domain>:<type>:<protocol>:<remote-address>   groups=FD,SOCKET
      socks4:<socks-server>:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      socks4a:<socks-server>:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      stderr   groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdin   groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdio   groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdout   groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      system:<shell-command>   groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      tcp-connect:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
      tcp-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
      tcp4-connect:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
      tcp4-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
      tcp6-connect:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
      tcp6-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
      udp-connect:<host>:<port>   groups=FD,SOCKET,IP4,IP6,UDP
      udp-datagram:<host>:<port>   groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
      udp-recv:<port>   groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-recvfrom:<port>   groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
      udp-sendto:<host>:<port>   groups=FD,SOCKET,IP4,IP6,UDP
      udp4-connect:<host>:<port>   groups=FD,SOCKET,IP4,UDP
      udp4-datagram:<remote-address>:<port>   groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
      udp4-recv:<port>   groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-recvfrom:<host>:<port>   groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
      udp4-sendto:<host>:<port>   groups=FD,SOCKET,IP4,UDP
      udp6-connect:<host>:<port>   groups=FD,SOCKET,IP6,UDP
      udp6-datagram:<host>:<port>   groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
      udp6-recv:<port>   groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-recvfrom:<port>   groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
      udp6-sendto:<host>:<port>   groups=FD,SOCKET,IP6,UDP
      unix-client:<filename>   groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-connect:<filename>   groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-listen:<filename>   groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
      unix-recv:<filename>   groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-recvfrom:<filename>   groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
      unix-sendto:<filename>   groups=FD,SOCKET,NAMED,RETRY,UNIX

Attempting to create a create a wild-card certificate using a different domain name than listed in the post (changed for privacy reasons) with the Open-sense firewall?

There is an error in the validation process of the firewall. the error specifies that the validation type is incorrect:


File Details : /var/log/acme.sh.log

[Thu Sep 27 20:22:59 EDT 2018] entry
[Thu Sep 27 20:22:59 EDT 2018] Error, can not get domain token entry *.domain.com
[Thu Sep 27 20:22:59 EDT 2018] The supported validation types are: dns-01 , but you specified: http-01
[Thu Sep 27 20:22:59 EDT 2018] pid
[Thu Sep 27 20:22:59 EDT 2018] No need to restore nginx, skip.
[Thu Sep 27 20:22:59 EDT 2018] _clearupdns
[Thu Sep 27 20:22:59 EDT 2018] skip dns.
[Thu Sep 27 20:22:59 EDT 2018] _on_issue_err
[Thu Sep 27 20:22:59 EDT 2018] Please check log file for more details: /var/log/acme.sh.log
[Thu Sep 27 20:22:59 EDT 2018] _chk_vlist
[Thu Sep 27 20:22:59 EDT 2018] Diagnosis versions:
openssl:openssl


openssl:openssl
OpenSSL 1.0.2k-freebsd  26 Jan 2017
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.

Thanks good to know.

Thank :'( you kindly for your responses, The issue was intermittent at times the button just worked at other times it didn't. it was hard to find a cause for the issue. I think that removing the feature will do more harm than good.  I t may have been an isolated issue on my system

Not sure if anyone is experiencing this issue with the new version of OPNsense 18.7.2-amd64 that when selecting to add a new static IP in DHCPv4 the GUI jumps back to the Dashboard. Please note that restarting the FW or the plug-in also does not fix the issue.

Not sure if this is a known bug and if there are any logs that I can submit to troubleshoot the issue. Please advise. Thanks.

system details:

Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz (2 cores)

State table size   
0 % ( 107/391000 )
MBUF Usage   
0 % ( 2030/242968 )
Memory usage   
6 % ( 256/3917 MB )
SWAP usage   
0 % ( 0/8192 MB )
Disk usage   


OPNsense 18.7.2-amd64
FreeBSD 11.1-RELEASE-p13
OpenSSL 1.0.2p 14 Aug 2018

silly question, will opnsense make the transition to ARM in the near future?