Messages

1

20.7 Legacy Series / Re: Captive Portal DNS

« on: February 03, 2021, 02:08:31 pm »

I found the issue on this one.

I needed to add my DNS servers to the "Allowed Addresses" within the Captive Portal settings.
This wasn't obvious to me but problem solved.

Nick

2

20.7 Legacy Series / Captive Portal DNS [SOLVED]

« on: January 31, 2021, 01:01:25 pm »

Hi All,

Last week I setup a Captive Portal for my guest network, I used the following for guidance:
https://docs.opnsense.org/manual/how-tos/guestnet.html

Everything worked out great and I was able to get this working while the guest network was using the DNS (Unbound) of OPNsense.

With all my networks/vlan's DNS is usually by the following process:

Client - Pi-hole DNS - OPNsense (Unbound)

So the DHCP on OPNsense hands out the Pi-hole address which then queries OPNsense for anything it cannot answer.
In turn I have the required firewall rules for this to work.

When I do this for the guest network using the Captive Portal the portal won't load and any device that connects just comes up with no internet access.

I have confirmed that the Pi-hole can resolve the name used within the Captive Portal settings and I amend any firewall rules to match what I'm trying to do.

Any guidance on to where I am going wrong at all?

Thanks,

Nick

3

20.7 Legacy Series / Re: Update 20.7.6 to 20.7.7 Update ERR_SSL_PROTOCOL_ERROR

« on: January 15, 2021, 01:51:53 pm »

I had to run from the console or ssh if enabled:

Code: [Select]

opnsense-revert -r 20.7.6 lighttpd && configctl webgui restart
That got me into the GUI where I then forced an update of my LE certificates.

I then ran an update in the usual manner to bring lighttpd back up to date.

Hope this helps

4

20.7 Legacy Series / Re: Update 20.7.6 to 20.7.7 Update ERR_SSL_PROTOCOL_ERROR

« on: January 13, 2021, 06:24:26 pm »

Then it looks like lighttpd is not going to fix that issue. I can't imagine that this is an issue that can't be fixed from the system (switching cert maybe?). Because it is working for a representative amount of users...


Cheers,
Franco

I just updated both my backup and master, the master runs Let's Encrypt and I had to run:

Code: [Select]

opnsense-revert -r 20.7.6 lighttpd && configctl webgui restart
This got the GUI working again but on updating lighttpd the error came back.

Is it a case of wait for further update or is there something I can do?

Thanks,

Nick

EDIT: Proper schoolboy error and completely missed the 2nd page ignore me please

5

General Discussion / Networking Issue on one device

« on: December 07, 2020, 06:05:39 pm »

Hi All,

Bit of background on what I'm doing:

I've got Home Assistant all up and running and working lovely, I want to provide the kids with their own dashboards.

I have a separate network/vlan called SmartNet for any IOT related devices and Home Assistant sits in this network as well.
I have a network/vlan called ClientNet which myself and my partner are within and any of our devices etc
I have a network/vlan called KidsNet which the kids use this as it's more locked down and has it's own Pi-Hole DNS etc.
There are more networks/vlans but don't think they're all relevant.

I've a few rules setup where the kids can access two Chromecasts in the SmartNet network and Plex within a network called ServerNet and then a block rule that blocks all other network access.
All this works perfectly and as expected.

Over the weekend I added a rule to allow access to Home Assistant and was unable to access this from the KidsNet, if I allowed access to other web based devices the rule worked as expected.
If I disable the network block rule from the KidsNet I am able to access everything within SmartNet apart from Home Assistant.

As part of my tests I tried to ping Home Assistant from Opnsense and every interface apart from KidsNet was able to ping the Home Assistant device.

Lastly I also have Opnsense setup in HA and the same happens on the slave instance as well.

I am well and truly out of ideas so any input would be welcomed.

Thanks,

Nick

6

20.1 Legacy Series / Re: Let's Encrypt Automation upload certs via sftp

« on: June 05, 2020, 11:17:39 am »

At least I wasn't doing something stupid.

Thanks for letting me know.

Nick

7

20.1 Legacy Series / Let's Encrypt Automation upload certs via sftp

« on: June 04, 2020, 12:44:38 pm »

Hi All,

Been using the LE plugin for a longtime with no issues.

Today I've been trying to upload the certs to another server for usage but keep getting the following errors when I test the connection or click the "show identity" button.

Code: [Select]

[04-Jun-2020 11:38:07 Europe/London] PHP Warning:  "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php on line 302
[04-Jun-2020 11:38:13 Europe/London] PHP Warning:  "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php on line 302
[04-Jun-2020 11:38:17 Europe/London] PHP Warning:  "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php on line 302
[04-Jun-2020 11:38:18 Europe/London] PHP Warning:  "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php on line 302
This also triggers the system reporter and I get the "A problem was detected. Click here for more information." on the main dashboard.

I have submitted the report was just after some input on how I might resolve this issue?

Many thanks,

Nick

8

19.7 Legacy Series / Re: HA Proxy

« on: October 16, 2019, 10:39:37 am »

Hi All,

Looks like I had already figured this out by using the "HTTP Traffic" ACL.

My trouble was my sausage fingers when it came to configure the HTTP frontend as my IP was wrong.

9

19.7 Legacy Series / HA Proxy

« on: October 15, 2019, 03:28:26 pm »

Hi All,

I've been using OPNsense for a good while now and recently moved to an HA setup and in the process I'm now running the latest version.

I've migrated everything across but within HA Proxy I'm unable to get my http to https redirect to work.

Before I created an ACL using "SSL/TLS connection established" but this is no longer an option.

Am I supposed to do this another way or am I doing something silly here?

Thanks in advance,

Nick

10

18.7 Legacy Series / mDNS Repeater Spotify

« on: February 07, 2019, 03:19:40 pm »

Afternoon All,

Has anyone successfully got this plugin to broadcast Spotify connect across subnets/vlan's?

This is working okay for Chromecast devices but cannot get Spotify connect to work.

I have all smart devices such as Alexa devices on their own vlan with the clients on another vlan.

I have a VM setup running Avahi which has a leg into each network and when running this Chromecasts and Spotify work without issue.
I used the following guide back when I set the VM up: https://wiki.khicks.net/w/Chromecast

I just wanted to try and bring this service into Opnsense as it mostly works.

Thanks,

Nick

11

Web Proxy Filtering and Caching / Re: HA Proxy Config

« on: January 18, 2019, 06:01:24 pm »

Many thanks for your response.

No matter that I cannot import config from elsewhere as the intros for each section do a good job of explaining their uses/requirements.

I'm sure I'll muddle through and get it all up and running.

Thanks again,

Nick

12

Web Proxy Filtering and Caching / HA Proxy Config

« on: January 18, 2019, 05:16:01 pm »

Hello All,

I'm currently migrating from pfsense to opnsense and for the majority this has been fairly pain free as I've been configuring opnsense while using pfsense.

My last bit to do is HA Proxy to which I'm using as a reverse proxy with SSL offloading, the how to looks similar to that of the package used by pfsense but it looks like HA Proxy in opnsense has seen some significant updates since the documentation.

Is there anyway that I can take my config file from pfsense and load this into opnsense as it would save me a good bit of time.

Many thanks

Nick