Messages

1

General Discussion / Re: Help configuring router for DIGI (RDS-RCS)

« on: April 01, 2023, 11:18:43 am »

Is this the same ISP? https://forum.opnsense.org/index.php?topic=7267.0

Yes it's the same. I did try unchecking everything as stated in that thread and followed every step but still no ipv6 on the test.

2

General Discussion / Help configuring router for DIGI (RDS-RCS)

« on: March 31, 2023, 04:51:33 pm »

Hello all,

I'm trying to configure my opnsense router for Digi with IPV6

Strangely enough it works on my desktop PC, but even when using a different PC with the same cable it doesn't work.

Also on https://test-ipv6.com/ i don't have an ipv6


This are my settings:

Interfaces: [LAN]

IPv4 Configuration Type: Static IPV4

IPv6 Configuration Type: Track interface

IPv4 address: 192.168.1.1

IPv4 Upstream Gateway: Auto-Detect

IPv6 Interface: WAN

IPv6 Prefix ID: 0


Interfaces: [WAN]

IPv4 Configuration Type PPPoE

IPv6 Configuration Type: DHPCv6

Configuration Mode: Basic

Request only an IPv6 prefix : X

Prefix delegation size: 64

Send IPv6 prefix hint: X

Use IPv4 connectivity: X

3

20.7 Legacy Series / [RESOLVE] Let's encrypt automation upload via SFTP permission_denied

« on: December 11, 2020, 05:28:46 pm »

Hi, i'm trying to do a SFTP certificate transmission on my Sinology but every time i get this:

Code: [Select]

Host does not permit a connection for the specified user & identity.

{ "actions": [ "connecting" ], "success": false, "permission_denied": true, "error": "MyUsername@192.168.0.7: Permission denied (publickey,password).", "connect_failed": true }
If i try to access instad with ssh from my router with

Code: [Select]

ssh -v MyUsername@192.168.0.7 everything it's working fine.

My configuration are:

Code: [Select]

SFTP Host : 192.168.0.7

Username : MyUsername

Identity Type : RSA

Remote Path : /
Thanks for your help and time.

Edit: apparently the problem resides in the rsa key i've used. The actual rsa key is located at /var/etc/acme-client/sftp-config/id.rsa.pub

4

20.7 Legacy Series / Re: DNS over TLS doesn't work

« on: August 03, 2020, 02:51:20 pm »

I thought you were not seeing packets on port 853 on WAN??

Sorry i did check udp on 853 at first that's why i didn't see anything. Because the normal query where on udp on port 53

5

20.7 Legacy Series / Re: DNS over TLS doesn't work

« on: August 03, 2020, 02:34:50 pm »

Apparently https://cloudflare-dns.com/help/ isn't accurate. I've tried spoofing on port udp 53 and tcp 853 and indeed it works.
Strangely any online test like this or tenta tells me it isn't covered by TLS, can't understand why.

6

20.7 Legacy Series / Re: DNS over TLS doesn't work

« on: August 03, 2020, 01:34:36 pm »

can you disable custom settings, enable dot via view and post content of /var/unbound/unbound.conf

I've removed the custom settings, saved, added the 1.1.1.1@853 and 1.0.0.1@853 to the DNS over TLS form in miscellaneous, saved and restarted unbound

Here is the unbound.conf
https://pastebin.com/Gqt8vitF

7

20.7 Legacy Series / [RESOLVED]DNS over TLS doesn't work

« on: August 03, 2020, 01:19:17 pm »

I've tried the new DNS over TLS function present in Miscelaneous but with 1.1.1.1@853 and 1.0.0.1@853 it doesn't work, there is no request on the 853 port and everything in port 53 is clear.

Then i've tried to use this custom config that should work but still same thing, no DNS over TLS and nothing on 853

Code: [Select]

server:
  minimal-responses: yes
  qname-minimisation: yes
  rrset-roundrobin: yes
  use-caps-for-id: yes
  tls-cert-bundle: /etc/ssl/cert.pem

forward-zone:
  name: "."
  forward-addr: 1.1.1.1@853
  forward-addr: 1.0.0.1@853
  forward-ssl-upstream: yes
Here there are my settings https://postimg.cc/gallery/fM2mBRh i've also disabled the rewrite of DNS in general config.

8

20.7 Legacy Series / Re: DNS over TLS Servers

« on: August 03, 2020, 11:54:52 am »

The view will be rewritten to use a grid layout, so currently the hash sign is forbidden.

Yes but shouldn't the custom setting works?

I think if you trust google in general you can also trust DNS connection to 8.8.8.8 without the certificate verification?

Just to test if the dns over lts works, i've always used cloudflare.

Btw here are my current non working settings
https://postimg.cc/gallery/fM2mBRh

9

20.7 Legacy Series / Re: DNS over TLS Servers

« on: August 03, 2020, 10:46:11 am »

9.9.9.9@853#dns.quad9.net is currently not supported yet, only without verification

Not even cloudflare or googledns?

I've tried also this configuration i've found in this forum but it doesen't works either

Code: [Select]

server:
  minimal-responses: yes
  qname-minimisation: yes
  rrset-roundrobin: yes
  use-caps-for-id: yes
  tls-cert-bundle: /etc/ssl/cert.pem

forward-zone:
  name: "."
  forward-addr: 1.1.1.1@853
  forward-addr: 1.0.0.1@853
  forward-ssl-upstream: yes

10

20.7 Legacy Series / Re: DNS over TLS Servers

« on: August 01, 2020, 06:47:56 pm »

Which is the correct syntax: 9.9.9.9@853#dns.quad9.net or 9.9.9.9@853 ?

The second one, if you try to add any dns with #domain.something it gives validation error

I remember reading in another post that 'Enable Forwarding Mode' can be unchecked

I did uncheck it, like i've showed in the pictures. I've tried restarting unbound and also i've tried reinstalling unbound.

11

20.7 Legacy Series / Re: DNS over TLS Servers

« on: August 01, 2020, 05:44:51 pm »

Here is my settings https://imgur.com/a/koO1LWY

12

20.7 Legacy Series / Re: DNS over TLS Servers

« on: August 01, 2020, 04:51:56 pm »

Can't find any option regardin DoT, i've also added to the DNS over TLS field 1.0.0.1@853  (under miscellaneous tab) but on https://cloudflare-dns.com/help/ i keep on getting no to the DNS over TLS check.
Please could you tell us how to do it? Thanks.

13

20.1 Legacy Series / Re: Add service to diagnostic service list

« on: February 24, 2020, 07:49:12 pm »

You need a function like that one to register it:

https://github.com/opnsense/plugins/blob/master/www/nginx/src/etc/inc/plugins.inc.d/nginx.inc#L38

Thanks a lot, i've succeded but i can't figure a way of adding the check for $config[node-red][enabled]
i've checked other rc.d files but couldn't find a way of implementing or understanding how it works.
I'm using this rc.d script to handle node-red.
https://gist.github.com/apearson/56a2cd137099dbeaf6683ef99aa43ce0

Could you please tell me how to do it?

EDIT: it appears to be related to "pluginctl -s", but there isn't any nodered service in the list.

14

20.1 Legacy Series / Add service to diagnostic service list

« on: February 24, 2020, 01:23:43 pm »

Hi, i wanted to know how i can add a service to the diagnostic service list in the frontend.
I've created the rc.d script and the action config file but it won't appear.




action_node-red.conf

Code: [Select]

[start]
command:/usr/local/etc/rc.d/node-red start
parameters:
type:script
message:starting node-red
[restart]
command:/usr/local/etc/rc.d/node-red restart
parameters:
type:script
message:restarting node-red
[stop]
command:/usr/local/etc/rc.d/node-red stop
parameters:
type:script
message:stopping node-red

15

General Discussion / Re: No hope for mosquitto?

« on: February 22, 2020, 04:49:11 pm »

Thanks for the response.
There is any mqtt broker alternative that i can use?

EDIT: i've found a mqtt broker for node.js called aedes