Messages

Ahhh, thanks @Fright, now I see the problem, the cuerrent version I use of Safari Tech Preview browser does not show the trashcans aside of the line  :-\ . Firefox seems to work ok with the page.

Hi,

In earlier version there used to have a trashcan button on the right hand side of the GUI for removal of an IP. Currently I cannot find any...

So, How to remove an IP from an alias list?

Thanks! Applying this patch solved the issue for me after restarting the WebGUI-service.

[Firewall: Diagnostics: pfTables: [Find Referencies]]

Hi,

After upgrade the Firewall: Diagnostics: pfTables: [Find Referencies] button throws error as seen on the image.

Thanks @Fright, that was the problem. Removed the custom config and everything seems to be ok now.  :)

@fright  It returns "OK"

@cgone  Yes there are errors:

======
/var/unbound/etc/dot.conf:1: error: cannot open include file '/var/unbound/etc/dnsbl.conf': Permission denied
/var/unbound/ad-blacklist.conf:1: error: syntax error
read /var/unbound/unbound.conf failed: 2 errors in configuration file

=======
-rw-r--r--  1 unbound  unbound       2003 Mar 11 21:33 /var/unbound/etc/blacklists.ini
-rw-r-----  1 unbound  unbound  104124499 Mar 12 09:31 /var/unbound/etc/dnsbl.conf
-rw-r--r--  1 unbound  unbound          0 Oct 10 16:29 /var/unbound/etc/dnsbl.inc
-rw-r--r--  1 unbound  unbound          0 Mar 11 21:33 /var/unbound/etc/dot.conf
-rw-r--r--  1 unbound  unbound          0 Oct 10 16:29 /var/unbound/etc/lists.inc
-rw-r--r--  1 unbound  unbound          0 Mar 11 21:33 /var/unbound/etc/miscellaneous.conf
-rw-r--r--  1 unbound  unbound          0 Oct 10 16:29 /var/unbound/etc/whitelist.inc

=======
more /var/unbound/ad-blacklist.conf
local-zone: "0.0.0.0" refuse
local-zone: "000free.us" refuse
local-zone: "000owamail0.000webhostapp.com" refuse
local-zone: "005.free-counter.co.uk" refuse
=======

Hi,

After the latest upgrade to OPNsense 21.1.3-amd64, the Unbound service shows stopped after reboot in the Dashboard service list. It stays stopped state after click on the start button.

But, in terminal it seems to be ok:

=========

[spt@opnsense ~]$ unbound-checkconf
unbound-checkconf: no errors in /usr/local/etc/unbound/unbound.conf

[spt@opnsense ~]$ sudo unbound -dd
[1615497513] unbound[55165:0] notice: init module 0: validator
[1615497513] unbound[55165:0] notice: init module 1: iterator
[1615497513] unbound[55165:0] info: start of service (unbound 1.13.1).

=========
And when shutting down the service:

[1615498300] unbound[55165:0] info: service stopped (unbound 1.13.1).
[1615498300] unbound[55165:0] info: server stats for thread 0: 177 queries, 38 answers from cache, 139 recursions, 0 prefetch, 0 rejected by ip ratelimiting
[1615498300] unbound[55165:0] info: server stats for thread 0: requestlist max 12 avg 0.935252 exceeded 0 jostled 0
[1615498300] unbound[55165:0] info: average recursion processing time 0.530602 sec
[1615498300] unbound[55165:0] info: histogram of recursion processing times
[1615498300] unbound[55165:0] info: [25%]=0.176583 median[50%]=0.26093 [75%]=0.583752
[1615498300] unbound[55165:0] info: lower(secs) upper(secs) recursions
[1615498300] unbound[55165:0] info:    0.008192    0.016384 1
[1615498300] unbound[55165:0] info:    0.032768    0.065536 3
[1615498300] unbound[55165:0] info:    0.065536    0.131072 12
[1615498300] unbound[55165:0] info:    0.131072    0.262144 54
[1615498300] unbound[55165:0] info:    0.262144    0.524288 32
[1615498300] unbound[55165:0] info:    0.524288    1.000000 18
[1615498300] unbound[55165:0] info:    1.000000    2.000000 15
[1615498300] unbound[55165:0] info:    2.000000    4.000000 2
[1615498300] unbound[55165:0] info:    4.000000    8.000000 2

======

Hi,

Today after the update [20.7.4] the openvpn service didn't start up.  It can't be started due to the following:

Code Select Expand

2020-10-23T14:49:55   openvpn[13440]   Exiting due to fatal error2020-10-23T14:49:55   openvpn[13440]   Cannot load certificate file /var/etc/openvpn/server1.cert
2020-10-23T14:49:55   openvpn[13440]   OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
2020-10-23T14:49:55   openvpn[13440]   OpenSSL: error:0908F066:PEM routines:get_header_and_data:bad end line
2020-10-23T14:49:55   openvpn[13440]   Diffie-Hellman initialized with 4096 bit key
2020-10-23T14:49:55   openvpn[13440]   NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-10-23T14:49:55   openvpn[13440]   WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
2020-10-23T14:49:55   openvpn[13440]   MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server1.sock
2020-10-23T14:49:55   openvpn[69378]   library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
2020-10-23T14:49:55   openvpn[69378]   OpenVPN 2.4.9 amd64-portbld-freebsd12.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jul 28 2020


The server1.cert is present in the path.


UPDATE: I noticed that during the update process the server1.cert file got corrupted. Trying to generate a new one .

[/usr/local/opnsense/scripts/OPNsense/Sensei/scheduled_reports.sh]

Hi,

I'm getting the daily Sensei report stating this :

'Scheduled reports could not be generated. Probably elasticsearch service is not running or not working properly. Please check elasticsearch service manually.'


This is bit confusing as Sensei's backend db in use is Mongo.

If I run manually /usr/local/opnsense/scripts/OPNsense/Sensei/scheduled_reports.sh
I get the same result indicating elasticsearch is not running.

I mean, I can activate it on the opnsens as server and sensor, but I cannot use it's data in menu items like reports (better integration?).

Hi,  Yes the URL table IP Alias sound doable. Thanks!

Anyway, what is the purpose of it's integration with the GUI?

Hi,

I couldn't find any further info so I'm wondering if Maltrail blocks anything or is it just only for detection?
Can not see any logs either in the GUI.


rgds,