Messages

1

General Discussion / Fetchmail setup fingerprint error

« on: November 30, 2021, 06:38:22 am »

HI

    I want to use the plugin "Fetchmail", when I setup mailbox in fingerprint, it always show＂text validation error＂　and could't save. what's wrong? 

    I get the ssl fingerprint use below command, Is it any problem?

openssl s_client -connect $SERVER:$PORT -showcerts | openssl x509 -fingerprint -noout -md5

MD5 Fingerprint=35:20:B2:05:B8:AF:B4:7A:FB:77:A0:4D:D1:86:75:61

2

General Discussion / Re: Questions in using aliyun.com for Dynamic DNS

« on: November 30, 2021, 05:28:00 am »

I also need it, can someone help to include on plingin "ddns"?

3

21.1 Legacy Series / Re: Firewall:Aliases can't add new one

« on: February 03, 2021, 01:52:15 am »

Thanks. I can use opnsense WEB GUI normally, I change to chrome 89.0.4385.0, and all funtions look like fine.

4

21.1 Legacy Series / Re: Firewall:Aliases can't add new one

« on: February 02, 2021, 10:22:25 am »

The erroe message is like below

ncaught TypeError: string.replaceAll is not a function  tokenize2.js?v=d518ea4e6f99547a:1033
    at Tokenize2.escape (tokenize2.js?v=d518ea4e6f99547a:1033)
    at Tokenize2.dropdownAddItem (tokenize2.js?v=d518ea4e6f99547a:847)
    at Tokenize2.<anonymous> (tokenize2.js?v=d518ea4e6f99547a:121)
    at HTMLSelectElement.i (jquery-3.5.1.min.js:2)
    at HTMLSelectElement.dispatch (jquery-3.5.1.min.js:2)
    at HTMLSelectElement.v.handle (jquery-3.5.1.min.js:2)
    at Object.trigger (jquery-3.5.1.min.js:2)
    at HTMLSelectElement.<anonymous> (jquery-3.5.1.min.js:2)
    at Function.each (jquery-3.5.1.min.js:2)
    at S.fn.init.each (jquery-3.5.1.min.js:2)

my brower is chrome 84.0.4147.125

5

21.1 Legacy Series / Firewall:Aliases can't add new one

« on: February 02, 2021, 02:40:13 am »

When I upgrade opensense to 21.1 , The Aliases has a problem. old rules still display, but I can't edit it and can't add new rule.(click + , no respond)

6

Virtual private networks / Re: openvpn client login control issue about AD accounts

« on: January 29, 2021, 09:10:21 am »

OK, I see, thanks.

In our company, we use AD account to login all systems, not just openvpn service.  The openvpn service is not provided for all users. Sometimes is temporary (ex. one month or two month) for special user.  So I think disable the accounts from AD server is not friendly way in production.

Now I use "VPN: OpenVPN: Client Specific Overrides" to define everyone's account to control login status, it can control openvpn login and don't need to disable account in AD server.

7

Virtual private networks / IPSEC / VTI / one site public IP & one site PPPOE WAN?

« on: January 29, 2021, 08:55:16 am »

HI Sirs,

     Is any possible to use IPSEC Vti mode (route based) by one site public IP and the other site PPPoe WAN IP(or dymanic IP)? 
     I tried the setup for the two site both public IP is OK, but when I change the one site public IP and the other site PPPoe WAN IP is failed. The IPSEC status was green, but the two site network could't be connected

8

Virtual private networks / Re: openvpn client service auto restart method? (for site to site)

« on: January 29, 2021, 04:05:09 am »

I think this setting is not helpful to sovle my issus. Because when the primary WAN disconect to change to backup line, the openvpn connection is look like good always, but it will not have good quality between different ISP(loss packages).Use the setting "persist-tun" will not restore original connection(the same ISP connection).

9

Virtual private networks / Re: openvpn client login control issue about AD accounts

« on: January 29, 2021, 03:36:11 am »

Our openvpn auth uses remote AD server, So I need to disable the account from my AD server , not just disable account on opnsense, right?

10

Virtual private networks / Re: openvpn client login control issue about AD accounts

« on: January 28, 2021, 10:24:44 am »

So this means, If i want to block user to connect openvpn, I must disable account from opnsense and AD server?
I can't just disable account on opnsense? It's not smart I think.   

11

Virtual private networks / Re: openvpn client login control issue about AD accounts

« on: January 28, 2021, 05:14:05 am »

no guest account enabled in our AD server(win2003), and the AD account(sync from AD server) was disabled in opnsense. But still can login openvpn service now.

12

Virtual private networks / openvpn client login control issue about AD accounts

« on: January 26, 2021, 08:07:20 am »

Dear Sirs,

     The opnsense users can import from AD server, and I use these accounts for openvpn client, they can login openvpn service OK, but when they were disabled, they can still login openvpn service successfully, so is it normally?  (th local accounts is OK)

13

Virtual private networks / openvpn client service auto restart method? (for site to site)

« on: January 15, 2021, 07:40:41 am »

Hi sir,

    Our company use openvpn server with three WAN lines(different ISP provide[china telecom,china mobile,unicom]) to provide VPN service for each branch offices.
    The branch office use openvpn client service to connect to server with two WAN lines(Unicom,China telecom).
    But sometimes the network quility is not good, and the client will connect to wrong WAN line then the openvpn connection will lose packages(different ISP's connection is not always good in china).
    If the opnsense can build a funtion to detect the line survival to reconnect to better ISP in openvpn , or can provide a cron rule to restart openvpn client service automatically for user define, thanks.

For example,

     headquarter have three WAN Lines to provide openvpn service:

     1. china telecom ==> 192.168.1.1
     2. unicom telecom ==> 192.168.2.1
     3  china mobile ==> 192.168.3.1

     
     branch office have two WAN lines to connect to headquarter:

     1. china telecom ==>  192.168.1.2
     2. unicom telecom ==> 192.168.2.2

     branch office defaule setup  is use 192.168.2.2 to connect to 192.168.2.1 (the same ISP network, the quality is the best)
     but when unicom telecom network quality is abnormal, it will change to use 192.168.1.2 to connect to 192.168.2.1 (different ISP network), and the connection quality will not good.   

       




 

14

19.7 Legacy Series / Re: SMART tool Update?!

« on: July 03, 2019, 07:37:41 am »

I am using a samsung evo 950 ssd m.2.

1. Did you already deal with the bios?. maybe there is something not optimally set.
2. Have you ever tried to reinstall the smart widget?
3. Lastest firmware? https://www.supermicro.com/products/motherboard/atom/A2SDi-4C-HLN4F.cfm

I have the same issue. My disk is samsung 970 evo plus NVMe M.2 250G, when I install smart tools, it also shows that no SMART device is found.

 I guess the problem is the device ID different. The SATA type will be ada0, but NVMe type will be nvme0, so I used command "  /usr/local/sbin/smartctl -a /dev/nvme0" , it will show smart information normally. So I hope the web GUI can fixd this issue in the future thanks.

15

General Discussion / Re: Did 19.1.7 break NUT support?

« on: May 10, 2019, 08:04:26 am »

I'd guess not every APC UPS supports the apcsmart driver. The whole nut-tools software is quite a mess, so I'd rather be happy if it just works

Thanks a lot.

And I have another question, Can we setup the parameter with Nut by ourself to control the opnsense shutdown when lost power in the future?