Messages

My OPNsense firewall is behind my ISP router and setup as a DMZ host. I have setup DDNS on the ISP router, since it has the public WAN IP. This has been working for over 2 years. I now want to put a web server behind my OPNsense firewall, but I would like to use Caddy on the OPNsense firewall, for proxy and certificate management. Would it be advisable to use HTTP or DDNS for certificate issuance and management? In my mind's eye I would like to register the domain name, in this case *.petrilloconsulting.net, to Caddy and then use subdomains to identify the actual web services.

Yes I was running bare metal. You should not worry about upgrading your VM, as its the hypervisor's version that is in charge.

Hello all,

Does Suricata have a web interface that I could expose, so ppl could have read access to see the alerts?

Thanks,
Steve

Is this information still relevant for Suricata 8.03?

Hello all,

I had used Let's Encrypt to protect a web server that is proxied by Caddy. I would like to revoke the certs in OPNsense but its not doing as it shows it should work. What is the right process?

Thanks,
Steve

Hello all,

I have upgraded 3 firewalls to 26.1 and they all have been successful. This is the first time in at least 2 years where I did not have an issue with the upgrade, so kudos to the team. On 2 of the 3 firewalls I have also migrated my firewall rules...all without issue. The 3rd is a production firewall and will be done in my upgrade window next weekend.

Way to go team!

Steve

Here you go Franco!

ok, nice, thanks for the feedback :)

FYI @franco I was not able to see R2. I am on R1 and its telling me I have no update.

Hello all,

I am still using ISC for DHCP and would like to rip the band aid off and migrate to KEA for DHCP, DNSMasq for local DNS, and Unbound as the DNS that talks to the Internet. Has anyone done this? Is this a good plan or is there a better solution? Is there a document that talks about making the split? I did not find one.

Thanks,
Steve

Hi Steve, I have a faint suspicion that you're having problems with the new Automatic Discovery feature in Interfaces -> Neighbors. This is unfortunately enabled by default on the latest update and known to cause excessive logging as well as high CPU usage. Log into the console and run

Code Select Expand

du -h / | sort -rh | headto see if your disk has run out of space. I'll bet that it has, and all taken up by /var/log/hostwatch.
Remove the logs and disabling the service will solve your issue.

Disk is only 8% used, but I did apply the new fix for excessive log messages. I wonder if that was the cause of intermittent disconnects that my web servers were seeing.

[CSRF check failed. Your form session may have expired, or you may not have cookies enabled.]

Hello all,

Ever since I upgraded to 25.7.11 I am getting the following when I login:

CSRF check failed. Your form session may have expired, or you may not have cookies enabled.

I have rebooted OPNsense but it does not fix this. What is this about?

Thanks,
Steve

Hello all,

I have a /29 of public IPs from my ISP.

I have production and test web servers that need to be public facing. My production servers go out via the normal WAN interface. I have begun to setup the test servers and setup a virtual IP in OPNsense, using another of the public IPs. I have setup NATs and firewall rules, which are attached. When both the prod and test rules are active I cannot issue SSL certificates to either the prod or test servers.

Does anyone know what I am doing wrong? I need both test and prod rules running.

Thanks,
Steve

Hello all,

I have a /29 of public IPs. I am using one for the WAN interface, but now I want to separate prod and test web services, by using a second of the /29 to assign to my test web stuff. I have added the virtual IP but I specified it with a /32. Is this correct or should I be using the /29 instead.

Thanks,
Steve

One thing I did see between two servers on the same subnet.

If you run resolvectl status on one server it returns the following:

Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (ens160)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.0.3.1
       DNS Servers: 10.0.3.1
        DNS Domain: regulatoryintelligence.com rics.prod

If you run it on the second server it returns the following:

Global
         Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub

Link 2 (ens33)
    Current Scopes: DNS
         Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.0.2.1
       DNS Servers: 10.0.2.1
        DNS Domain: rics.prod regulatoryintelligence.com

As an additional question why is the domain order different between these servers?

Hello all,

I am running Unbound as my DNS server. I have a server who's resolv.conf is setup as:

nameserver 127.0.0.53
options edns0 trust-ad
search rics.prod regulatoryintelligence.com

The hosts file is setup as:

10.0.2.21       app1.rics.prod app1 

When I run nslookup app1 it responds as:

Server:         127.0.0.53
Address:        127.0.0.53#53

Name:   app1.rics.prod
Address: 10.0.2.21

Why am I not seeing my Unbound server in the server or address section? Should I not see this, since Unbound is the only DNS server? Am I misconfigured?

Thanks,
Steve