Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - spetrillo

Pages1 2 3 ... 59
#1
General Discussion / Download Failure
April 14, 2026, 09:13:16 PM
Hello all,

I have a Plesk server behind my OPNsense firewall. Everything has been working but recently I cannot seem to download an updated installer file, as Plesk says the following:

Getting new version of Plesk Installer...
Downloading file parallels_installer_Ubuntu_22.04_x86_64.md5sum: 100% was finished.
Downloading file parallels_installer_Ubuntu_22.04_x86_64 (retry 3 of 3): Operation too slow. Less than 500 bytes/sec transferred the last 30 seconds           
ERROR: The required version '3.77.1' was not found on the server.
This could happen because of configuration error at the installation source.
Failed to download the file http://autoinstall.plesk.com/Installer/3.77.1/parallels_installer_Ubuntu_22.04_x86_64 (84.17.59.10):
Operation too slow. Less than 500 bytes/sec transferred the last 30 seconds
Not all packages were installed.
Please try to install packages again later.
Please resolve this issue and try to install the packages again.
Visit https://support.plesk.com/ to search for a solution.
exit status 1

I spoke with Plesk support and they indicated:

It may be due to some firewall restriction or outbound traffic is filtered. I suppose it is related to network/MTU. Large file uses full TCP window and due to that fragmentation needed. NAT/router drops fragmented packets and due to that connection stalls. As the issue is server wide, please contact your server/network provider to check the network/NAT gateway settings to allows to download bigger files.

Where 8n OPNsense would I look for anything related to NAT settings? I have been running Plesk behind OPNsense for almost 2 years and not sure what changed.

Thanks,
Steve
#2
Web Proxy Filtering and Caching / Caddy and DDNS
February 03, 2026, 06:21:48 PM
My OPNsense firewall is behind my ISP router and setup as a DMZ host. I have setup DDNS on the ISP router, since it has the public WAN IP. This has been working for over 2 years. I now want to put a web server behind my OPNsense firewall, but I would like to use Caddy on the OPNsense firewall, for proxy and certificate management. Would it be advisable to use HTTP or DDNS for certificate issuance and management? In my mind's eye I would like to register the domain name, in this case *.petrilloconsulting.net, to Caddy and then use subdomains to identify the actual web services.
#3
Hardware and Performance / Re: Adding Speed Parameters to X550 Config
February 03, 2026, 05:25:45 PM
Yes I was running bare metal. You should not worry about upgrading your VM, as its the hypervisor's version that is in charge.
#4
Intrusion Detection and Prevention / IDS Web Server
February 02, 2026, 07:08:45 PM
Hello all,

Does Suricata have a web interface that I could expose, so ppl could have read access to see the alerts?

Thanks,
Steve
#5
Intrusion Detection and Prevention / Re: Performance tuning for IPS maximum performance
February 02, 2026, 07:07:51 PM
Is this information still relevant for Suricata 8.03?
#6
General Discussion / Certificate Removal
February 02, 2026, 06:59:46 PM
Hello all,

I had used Let's Encrypt to protect a web server that is proxied by Caddy. I would like to revoke the certs in OPNsense but its not doing as it shows it should work. What is the right process?

Thanks,
Steve
#7
26.1, 26,4 Series / 26.1 - Success
February 02, 2026, 06:27:47 PM
Hello all,

I have upgraded 3 firewalls to 26.1 and they all have been successful. This is the first time in at least 2 years where I did not have an issue with the upgrade, so kudos to the team. On 2 of the 3 firewalls I have also migrated my firewall rules...all without issue. The 3rd is a production firewall and will be done in my upgrade window next weekend.

Way to go team!

Steve
#8
26.1, 26,4 Series / Re: 26.1.rc1 -> 26.1 rc2 ..... worked
January 28, 2026, 12:55:50 AM
Here you go Franco!
#9
26.1, 26,4 Series / Re: 26.1.rc1 -> 26.1 rc2 ..... worked
January 27, 2026, 05:37:40 PM
Quote from: franco on January 27, 2026, 08:40:30 AMok, nice, thanks for the feedback :)

FYI @franco I was not able to see R2. I am on R1 and its telling me I have no update.
#10
25.7, 25.10 Legacy Series / Unbound to DNSmasq/KEA?
January 20, 2026, 08:10:20 PM
Hello all,

I am still using ISC for DHCP and would like to rip the band aid off and migrate to KEA for DHCP, DNSMasq for local DNS, and Unbound as the DNS that talks to the Internet. Has anyone done this? Is this a good plan or is there a better solution? Is there a document that talks about making the split? I did not find one.

Thanks,
Steve
#11
25.7, 25.10 Legacy Series / Re: CSRF Check
January 20, 2026, 07:09:41 PM
Quote from: d0shie on January 20, 2026, 04:25:07 AMHi Steve, I have a faint suspicion that you're having problems with the new Automatic Discovery feature in Interfaces -> Neighbors. This is unfortunately enabled by default on the latest update and known to cause excessive logging as well as high CPU usage. Log into the console and run
Code Select
du -h / | sort -rh | headto see if your disk has run out of space. I'll bet that it has, and all taken up by /var/log/hostwatch.
Remove the logs and disabling the service will solve your issue.

Disk is only 8% used, but I did apply the new fix for excessive log messages. I wonder if that was the cause of intermittent disconnects that my web servers were seeing.
#12
25.7, 25.10 Legacy Series / CSRF Check
January 19, 2026, 07:35:44 PM
Hello all,

Ever since I upgraded to 25.7.11 I am getting the following when I login:

CSRF check failed. Your form session may have expired, or you may not have cookies enabled.

I have rebooted OPNsense but it does not fix this. What is this about?

Thanks,
Steve
#13
General Discussion / Dual Public IP Usage
January 07, 2026, 01:05:59 AM
Hello all,

I have a /29 of public IPs from my ISP.

I have production and test web servers that need to be public facing. My production servers go out via the normal WAN interface. I have begun to setup the test servers and setup a virtual IP in OPNsense, using another of the public IPs. I have setup NATs and firewall rules, which are attached. When both the prod and test rules are active I cannot issue SSL certificates to either the prod or test servers.

Does anyone know what I am doing wrong? I need both test and prod rules running.

Thanks,
Steve
#14
General Discussion / Virtual IP Question
January 06, 2026, 05:04:04 PM
Hello all,

I have a /29 of public IPs. I am using one for the WAN interface, but now I want to separate prod and test web services, by using a second of the /29 to assign to my test web stuff. I have added the virtual IP but I specified it with a /32. Is this correct or should I be using the /29 instead.

Thanks,
Steve
#15
25.7, 25.10 Legacy Series / Re: Unbound DNS Questions
December 30, 2025, 08:22:01 PM
One thing I did see between two servers on the same subnet.

If you run resolvectl status on one server it returns the following:

Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (ens160)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.0.3.1
       DNS Servers: 10.0.3.1
        DNS Domain: regulatoryintelligence.com rics.prod

If you run it on the second server it returns the following:

Global
         Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub

Link 2 (ens33)
    Current Scopes: DNS
         Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.0.2.1
       DNS Servers: 10.0.2.1
        DNS Domain: rics.prod regulatoryintelligence.com

As an additional question why is the domain order different between these servers?
Pages1 2 3 ... 59