OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of LogicEthos »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - LogicEthos

Pages: [1] 2 3
1
22.1 Legacy Series / Re: Gateway offline after upgrade to 22.1.5
« on: April 29, 2022, 02:43:59 am »
Did you lose all connectivity?  I lost access to about half the internet. I gave up trying to figure it out, and reinstalled. All worked again, so tried to update, and same issue.

2
22.1 Legacy Series / Re: post upgrade updates fail with Certificate verification failure.
« on: February 05, 2022, 03:21:38 pm »

upload img

3
22.1 Legacy Series / Re: post upgrade updates fail with Certificate verification failure.
« on: February 05, 2022, 02:34:10 pm »
Quote from: Fright on February 05, 2022, 06:20:20 am
still not clear why the request with ipv6 is hitting the local port. perhaps the output of pfctl right after curl would help to understand.

It generates a lot of data.  This seems to be the relevant bit.

Code: [Select]
all tcp 2a02:my:ip:xxx::1[50482] -> 2001:1af8:4f00:a005:5::[443]       FIN_WAIT_2:FIN_WAIT_2

4
22.1 Legacy Series / Re: post upgrade updates fail with Certificate verification failure.
« on: February 04, 2022, 07:01:06 pm »
This is what I looks like with IPV6 enabled.

Code: [Select]
root@OPNsense:~ # curl -v https://pkg.opnsense.org
*   Trying 2001:1af8:4f00:a005:5:::443...
* Connected to pkg.opnsense.org (2001:1af8:4f00:a005:5::) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /usr/local/etc/ssl/cert.pem
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=GB; ST=Hampshire; L=Southampton; O=LogicEthos; emailAddress=stuart@something.com; CN=LE-Cert
*  start date: Feb  4 14:48:04 2022 GMT
*  expire date: Mar  8 14:48:04 2023 GMT
* SSL: certificate subject name 'LE-Cert' does not match target host name 'pkg.opnsense.org'
* Closing connection 0
* TLSv1.3 (OUT), TLS alert, close notify (256):
curl: (60) SSL: certificate subject name 'LE-Cert' does not match target host name 'pkg.opnsense.org'
More details here: https://curl.se/docs/sslcerts.html

5
22.1 Legacy Series / Re: post upgrade updates fail with Certificate verification failure.
« on: February 04, 2022, 06:40:56 pm »
I have just forced unbound to issue the IPV4 address, instead of the IPV6 address for pkg.opnsense.org
It now works!  ¯\_(ツ)_/¯

6
22.1 Legacy Series / Re: post upgrade updates fail with Certificate verification failure.
« on: February 03, 2022, 05:13:22 pm »
Quote from: MoonbeamFrame on February 03, 2022, 05:08:30 pm
Is the implication here that this is failing because the VM does not have a real external IP?

Perhaps you could try downloading changelog.txz as above.  When I do it from OpnSense console, it fails.  From my desktop (which is connected via OpnSense) it works.  The implication is there is an internal proxy, but I have not been able to find it.

7
22.1 Legacy Series / Re: post upgrade updates fail with Certificate verification failure.
« on: February 03, 2022, 11:11:09 am »
I tried removing port forwarding.  Same.
I deleted the certificate that was in my config file.  I created a new self-cert certificates

Code: [Select]
fetch: https://pkg.opnsense.org/FreeBSD:13:amd64/22.1/sets/changelog.txz: Authentication error
Updating OPNsense repository catalogue...
SSL certificate subject doesn't match host www.mirrorservice.org

From my web broser, I can download without problems.
Code: [Select]
https://pkg.opnsense.org/FreeBSD:13:amd64/22.1/sets/changelog.txz
but from the console I get

Code: [Select]
root@OPNsense:~ # curl https://pkg.opnsense.org/FreeBSD:13:amd64/22.1/sets/changelog.txz
curl: (60) SSL: certificate subject name 'LE Cert' does not match target host name 'pkg.opnsense.org'


8
22.1 Legacy Series / Re: post upgrade updates fail with Certificate verification failure.
« on: February 02, 2022, 02:45:22 pm »

I have this in my certificates.

9
22.1 Legacy Series / Re: post upgrade updates fail with Certificate verification failure.
« on: February 02, 2022, 02:06:17 pm »
pkg = 1.16.3_1

Code: [Select]
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.1 (amd64/OpenSSL) at Wed Feb  2 13:05:06 UTC 2022
>>> Check installed kernel version
Version 22.1 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.1 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 65 dependencies to check.
Checking packages: .
beep-1.0_1 has no upstream equivalent
Checking packages: .
ca_root_nss-3.74 has no upstream equivalent
Checking packages: .
choparp-20150613 has no upstream equivalent
Checking packages: .
cpustats-0.1 has no upstream equivalent
Checking packages: .
dhcp6c-20200512_1 has no upstream equivalent
Checking packages: .
dhcpleases-0.2 has no upstream equivalent
Checking packages: .
dnsmasq-2.86_2,1 has no upstream equivalent
Checking packages: .
dpinger-3.0 has no upstream equivalent
Checking packages: .
expiretable-0.6_2 has no upstream equivalent
Checking packages: .
filterlog-0.6 has no upstream equivalent
Checking packages: .
flock-2.37.2 has no upstream equivalent
Checking packages: .
flowd-0.9.1_3 has no upstream equivalent
Checking packages: .
hostapd-2.10 has no upstream equivalent
Checking packages: .
ifinfo-13.0 has no upstream equivalent
Checking packages: .
iftop-1.0.p4 has no upstream equivalent
Checking packages: .
isc-dhcp44-relay-4.4.2P1 has no upstream equivalent
Checking packages: .
isc-dhcp44-server-4.4.2P1_1 has no upstream equivalent
Checking packages: .
lighttpd-1.4.63 has no upstream equivalent
Checking packages: .
monit-5.29.0_1 has no upstream equivalent
Checking packages: .
mpd5-5.9_6 has no upstream equivalent
Checking packages: .
ntp-4.2.8p15_4 has no upstream equivalent
Checking packages: .
openssh-portable-8.8.p1_1,1 has no upstream equivalent
Checking packages: .
openssl-1.1.1m_1,1 has no upstream equivalent
Checking packages: .
openvpn-2.5.5 has no upstream equivalent
Checking packages: .
opnsense-22.1 has no upstream equivalent
Checking packages: .
opnsense-installer-22.1 has no upstream equivalent
Checking packages: .
opnsense-lang-21.7.8 has no upstream equivalent
Checking packages: .
opnsense-update-22.1 has no upstream equivalent
Checking packages: .
pam_opnsense-19.1.3 has no upstream equivalent
Checking packages: .
pftop-0.7_9 has no upstream equivalent
Checking packages: .
php74-ctype-7.4.27 has no upstream equivalent
Checking packages: .
php74-curl-7.4.27 has no upstream equivalent
Checking packages: .
php74-dom-7.4.27 has no upstream equivalent
Checking packages: .
php74-filter-7.4.27 has no upstream equivalent
Checking packages: .
php74-gettext-7.4.27 has no upstream equivalent
Checking packages: .
php74-google-api-php-client-2.4.0 has no upstream equivalent
Checking packages: .
php74-json-7.4.27 has no upstream equivalent
Checking packages: .
php74-ldap-7.4.27 has no upstream equivalent
Checking packages: .
php74-openssl-7.4.27 has no upstream equivalent
Checking packages: .
php74-pdo-7.4.27 has no upstream equivalent
Checking packages: .
php74-pecl-radius-1.4.0b1_1 has no upstream equivalent
Checking packages: .
php74-phalcon4-4.1.3 has no upstream equivalent
Checking packages: .
php74-phpseclib-2.0.35 has no upstream equivalent
Checking packages: .
php74-session-7.4.27 has no upstream equivalent
Checking packages: .
php74-simplexml-7.4.27 has no upstream equivalent
Checking packages: .
php74-sockets-7.4.27 has no upstream equivalent
Checking packages: .
php74-sqlite3-7.4.27 has no upstream equivalent
Checking packages: .
php74-xml-7.4.27 has no upstream equivalent
Checking packages: .
php74-zlib-7.4.27 has no upstream equivalent
Checking packages: .
pkg-1.16.3_1 has no upstream equivalent
Checking packages: .
py38-Jinja2-3.0.1 has no upstream equivalent
Checking packages: .
py38-dnspython2-2.2.0 has no upstream equivalent
Checking packages: .
py38-netaddr-0.8.0 has no upstream equivalent
Checking packages: .
py38-requests-2.25.1 has no upstream equivalent
Checking packages: .
py38-sqlite3-3.8.12_7 has no upstream equivalent
Checking packages: .
py38-ujson-5.0.0 has no upstream equivalent
Checking packages: .
radvd-2.19_1 has no upstream equivalent
Checking packages: .
rrdtool-1.7.2_4 has no upstream equivalent
Checking packages: .
samplicator-1.3.8.r1_1 has no upstream equivalent
Checking packages: .
squid-4.15 has no upstream equivalent
Checking packages: .
strongswan-5.9.4 has no upstream equivalent
Checking packages: .
sudo-1.9.8p2 has no upstream equivalent
Checking packages: .
suricata-6.0.4_1 has no upstream equivalent
Checking packages: .
syslog-ng-3.35.1 has no upstream equivalent
Checking packages: .
unbound-1.14.0 has no upstream equivalent
Checking packages: .
wpa_supplicant-2.10 has no upstream equivalent
Checking packages: .
zip-3.0_1 has no upstream equivalent
***DONE***

10
22.1 Legacy Series / Re: post upgrade updates fail with Certificate verification failure.
« on: February 01, 2022, 10:13:57 pm »
I had this problem too before updating.  Still got it.  Must be something wrong with my configuration file.


Code: [Select]
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 22.1 (amd64/OpenSSL) at Tue Feb  1 21:10:47 UTC 2022
Fetching changelog information, please wait... Certificate verification failed for /C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense
34374492160:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1916:
fetch: https://pkg.opnsense.org/FreeBSD:13:amd64/22.1/sets/changelog.txz: Authentication error
Updating OPNsense repository catalogue...
Certificate verification failed for /C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1916:


11
22.1 Legacy Series / Re: Set PPPoE MRU MTU independent
« on: January 18, 2022, 09:16:05 pm »
Quote from: seed on January 17, 2022, 08:09:59 pm

To view the statistics you just need to edit the mpd5 configuration file (/var/etv/mpd_wan.conf) and add this:

set user foo bar admin
set web self 127.0.0.1 5006
set web open

Just what I was looking for, thank you.

12
22.1 Legacy Series / Re: Set PPPoE MRU MTU independent
« on: January 13, 2022, 05:55:23 pm »
Would be nice if PPPoE could get a better UI.  Realtime status of connection attempts, and server responses.

13
22.1 Legacy Series / Re: Is version 22 being built on FreeBSD 13
« on: December 28, 2021, 09:43:28 pm »
Looks like it.
https://opnsense.org/about/road-map/

14
21.7 Legacy Series / Re: Unable to check for updates.
« on: September 30, 2021, 04:42:58 pm »
No.

I don't remember there being a reboot, after the last update.  Maybe that's it.  I'll try that when things are quiet.

Thanks.

15
21.7 Legacy Series / Re: Unable to check for updates.
« on: September 30, 2021, 04:37:12 pm »
Looks like it, yet from the LAN side there is no problem.  I tried using curl from shell, and it fails with "self signed certificate".

Pages: [1] 2 3
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2