Messages

I found the issue on this one.

I needed to add my DNS servers to the "Allowed Addresses" within the Captive Portal settings.
This wasn't obvious to me but problem solved.

Nick

Hi All,

Last week I setup a Captive Portal for my guest network, I used the following for guidance:
https://docs.opnsense.org/manual/how-tos/guestnet.html

Everything worked out great and I was able to get this working while the guest network was using the DNS (Unbound) of OPNsense.

With all my networks/vlan's DNS is usually by the following process:

Client - Pi-hole DNS - OPNsense (Unbound)

So the DHCP on OPNsense hands out the Pi-hole address which then queries OPNsense for anything it cannot answer.
In turn I have the required firewall rules for this to work.

When I do this for the guest network using the Captive Portal the portal won't load and any device that connects just comes up with no internet access.

I have confirmed that the Pi-hole can resolve the name used within the Captive Portal settings and I amend any firewall rules to match what I'm trying to do.

Any guidance on to where I am going wrong at all?

Thanks,

Nick

I had to run from the console or ssh if enabled:

Code Select Expand

opnsense-revert -r 20.7.6 lighttpd && configctl webgui restart

That got me into the GUI where I then forced an update of my LE certificates.

I then ran an update in the usual manner to bring lighttpd back up to date.

Hope this helps

Then it looks like lighttpd is not going to fix that issue. I can't imagine that this is an issue that can't be fixed from the system (switching cert maybe?). Because it is working for a representative amount of users...


Cheers,
Franco

I just updated both my backup and master, the master runs Let's Encrypt and I had to run:

Code Select Expand

opnsense-revert -r 20.7.6 lighttpd && configctl webgui restart

This got the GUI working again but on updating lighttpd the error came back.

Is it a case of wait for further update or is there something I can do?

Thanks,

Nick

EDIT: Proper schoolboy error and completely missed the 2nd page ignore me please

Hi All,

Bit of background on what I'm doing:

I've got Home Assistant all up and running and working lovely, I want to provide the kids with their own dashboards.

I have a separate network/vlan called SmartNet for any IOT related devices and Home Assistant sits in this network as well.
I have a network/vlan called ClientNet which myself and my partner are within and any of our devices etc
I have a network/vlan called KidsNet which the kids use this as it's more locked down and has it's own Pi-Hole DNS etc.
There are more networks/vlans but don't think they're all relevant.

I've a few rules setup where the kids can access two Chromecasts in the SmartNet network and Plex within a network called ServerNet and then a block rule that blocks all other network access.
All this works perfectly and as expected.

Over the weekend I added a rule to allow access to Home Assistant and was unable to access this from the KidsNet, if I allowed access to other web based devices the rule worked as expected.
If I disable the network block rule from the KidsNet I am able to access everything within SmartNet apart from Home Assistant.

As part of my tests I tried to ping Home Assistant from Opnsense and every interface apart from KidsNet was able to ping the Home Assistant device.

Lastly I also have Opnsense setup in HA and the same happens on the slave instance as well.

I am well and truly out of ideas so any input would be welcomed.

Thanks,

Nick

At least I wasn't doing something stupid.

Thanks for letting me know.

Nick

Hi All,

Been using the LE plugin for a longtime with no issues.

Today I've been trying to upload the certs to another server for usage but keep getting the following errors when I test the connection or click the "show identity" button.

Code Select Expand

[04-Jun-2020 11:38:07 Europe/London] PHP Warning:  "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php on line 302
[04-Jun-2020 11:38:13 Europe/London] PHP Warning:  "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php on line 302
[04-Jun-2020 11:38:17 Europe/London] PHP Warning:  "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php on line 302
[04-Jun-2020 11:38:18 Europe/London] PHP Warning:  "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php on line 302

This also triggers the system reporter and I get the "A problem was detected. Click here for more information." on the main dashboard.

I have submitted the report was just after some input on how I might resolve this issue?

Many thanks,

Nick

Hi All,

Looks like I had already figured this out by using the "HTTP Traffic" ACL.

My trouble was my sausage fingers when it came to configure the HTTP frontend as my IP was wrong.

Hi All,

I've been using OPNsense for a good while now and recently moved to an HA setup and in the process I'm now running the latest version.

I've migrated everything across but within HA Proxy I'm unable to get my http to https redirect to work.

Before I created an ACL using "SSL/TLS connection established" but this is no longer an option.

Am I supposed to do this another way or am I doing something silly here?

Thanks in advance,

Nick

Afternoon All,

Has anyone successfully got this plugin to broadcast Spotify connect across subnets/vlan's?

This is working okay for Chromecast devices but cannot get Spotify connect to work.

I have all smart devices such as Alexa devices on their own vlan with the clients on another vlan.

I have a VM setup running Avahi which has a leg into each network and when running this Chromecasts and Spotify work without issue.
I used the following guide back when I set the VM up: https://wiki.khicks.net/w/Chromecast

I just wanted to try and bring this service into Opnsense as it mostly works.

Thanks,

Nick

Many thanks for your response.

No matter that I cannot import config from elsewhere as the intros for each section do a good job of explaining their uses/requirements.

I'm sure I'll muddle through and get it all up and running.

Thanks again,

Nick

Hello All,

I'm currently migrating from pfsense to opnsense and for the majority this has been fairly pain free as I've been configuring opnsense while using pfsense.

My last bit to do is HA Proxy to which I'm using as a reverse proxy with SSL offloading, the how to looks similar to that of the package used by pfsense but it looks like HA Proxy in opnsense has seen some significant updates since the documentation.

Is there anyway that I can take my config file from pfsense and load this into opnsense as it would save me a good bit of time.

Many thanks

Nick