Messages

1

21.7 Legacy Series / Re: Firewall:Diagnostics:Aliases: An IP cannot be removed from interface

« on: September 12, 2021, 02:01:56 pm »

Ahhh, thanks @Fright, now I see the problem, the cuerrent version I use of Safari Tech Preview browser does not show the trashcans aside of the line  . Firefox seems to work ok with the page.

2

21.7 Legacy Series / Firewall:Diagnostics:Aliases: An IP cannot be removed from interface

« on: September 11, 2021, 04:22:44 pm »

Hi,

In earlier version there used to have a trashcan button on the right hand side of the GUI for removal of an IP. Currently I cannot find any...

So, How to remove an IP from an alias list?

3

21.1 Legacy Series / Re: Upgrade: 21.1.7: Error while fetching matching aliases

« on: June 17, 2021, 02:14:23 pm »

Thanks! Applying this patch solved the issue for me after restarting the WebGUI-service.

4

21.1 Legacy Series / Upgrade: 21.1.7: Error while fetching matching aliases

« on: June 16, 2021, 07:05:01 pm »

Hi,

After upgrade the Firewall: Diagnostics: pfTables: [Find Referencies] button throws error as seen on the image.

5

21.1 Legacy Series / Re: UNBOUND: Service cannot be started after latest upgrade

« on: March 12, 2021, 04:48:03 pm »

Thanks @Fright, that was the problem. Removed the custom config and everything seems to be ok now. 

6

21.1 Legacy Series / Re: UNBOUND: Service cannot be started after latest upgrade

« on: March 12, 2021, 02:47:09 pm »

@fright  It returns "OK"

@cgone  Yes there are errors:

 ======
/var/unbound/etc/dot.conf:1: error: cannot open include file '/var/unbound/etc/dnsbl.conf': Permission denied
/var/unbound/ad-blacklist.conf:1: error: syntax error
read /var/unbound/unbound.conf failed: 2 errors in configuration file

=======
-rw-r--r--  1 unbound  unbound       2003 Mar 11 21:33 /var/unbound/etc/blacklists.ini
-rw-r-----  1 unbound  unbound  104124499 Mar 12 09:31 /var/unbound/etc/dnsbl.conf
-rw-r--r--  1 unbound  unbound          0 Oct 10 16:29 /var/unbound/etc/dnsbl.inc
-rw-r--r--  1 unbound  unbound          0 Mar 11 21:33 /var/unbound/etc/dot.conf
-rw-r--r--  1 unbound  unbound          0 Oct 10 16:29 /var/unbound/etc/lists.inc
-rw-r--r--  1 unbound  unbound          0 Mar 11 21:33 /var/unbound/etc/miscellaneous.conf
-rw-r--r--  1 unbound  unbound          0 Oct 10 16:29 /var/unbound/etc/whitelist.inc

=======
more /var/unbound/ad-blacklist.conf
local-zone: "0.0.0.0" refuse
local-zone: "000free.us" refuse
local-zone: "000owamail0.000webhostapp.com" refuse
local-zone: "005.free-counter.co.uk" refuse
=======

7

21.1 Legacy Series / UNBOUND: Service cannot be started after latest upgrade

« on: March 11, 2021, 10:41:42 pm »

Hi,

After the latest upgrade to OPNsense 21.1.3-amd64, the Unbound service shows stopped after reboot in the Dashboard service list. It stays stopped state after click on the start button.

But, in terminal it seems to be ok:

=========

[spt@opnsense ~]$ unbound-checkconf
unbound-checkconf: no errors in /usr/local/etc/unbound/unbound.conf

[spt@opnsense ~]$ sudo unbound -dd
[1615497513] unbound[55165:0] notice: init module 0: validator
[1615497513] unbound[55165:0] notice: init module 1: iterator
[1615497513] unbound[55165:0] info: start of service (unbound 1.13.1).

=========
And when shutting down the service:

[1615498300] unbound[55165:0] info: service stopped (unbound 1.13.1).
[1615498300] unbound[55165:0] info: server stats for thread 0: 177 queries, 38 answers from cache, 139 recursions, 0 prefetch, 0 rejected by ip ratelimiting
[1615498300] unbound[55165:0] info: server stats for thread 0: requestlist max 12 avg 0.935252 exceeded 0 jostled 0
[1615498300] unbound[55165:0] info: average recursion processing time 0.530602 sec
[1615498300] unbound[55165:0] info: histogram of recursion processing times
[1615498300] unbound[55165:0] info: [25%]=0.176583 median[50%]=0.26093 [75%]=0.583752
[1615498300] unbound[55165:0] info: lower(secs) upper(secs) recursions
[1615498300] unbound[55165:0] info:    0.008192    0.016384 1
[1615498300] unbound[55165:0] info:    0.032768    0.065536 3
[1615498300] unbound[55165:0] info:    0.065536    0.131072 12
[1615498300] unbound[55165:0] info:    0.131072    0.262144 54
[1615498300] unbound[55165:0] info:    0.262144    0.524288 32
[1615498300] unbound[55165:0] info:    0.524288    1.000000 18
[1615498300] unbound[55165:0] info:    1.000000    2.000000 15
[1615498300] unbound[55165:0] info:    2.000000    4.000000 2
[1615498300] unbound[55165:0] info:    4.000000    8.000000 2

======

8

20.7 Legacy Series / 20.7.4: OpenVPN: Cannot load certificate file /var/etc/openvpn/server1.cert

« on: October 23, 2020, 05:13:00 pm »

Hi,

Today after the update [20.7.4] the openvpn service didn't start up.  It can't be started due to the following:

Code: [Select]

2020-10-23T14:49:55   openvpn[13440]   Exiting due to fatal error2020-10-23T14:49:55   openvpn[13440]   Cannot load certificate file /var/etc/openvpn/server1.cert
2020-10-23T14:49:55   openvpn[13440]   OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
2020-10-23T14:49:55   openvpn[13440]   OpenSSL: error:0908F066:PEM routines:get_header_and_data:bad end line
2020-10-23T14:49:55   openvpn[13440]   Diffie-Hellman initialized with 4096 bit key
2020-10-23T14:49:55   openvpn[13440]   NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-10-23T14:49:55   openvpn[13440]   WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
2020-10-23T14:49:55   openvpn[13440]   MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server1.sock
2020-10-23T14:49:55   openvpn[69378]   library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
2020-10-23T14:49:55   openvpn[69378]   OpenVPN 2.4.9 amd64-portbld-freebsd12.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jul 28 2020

The server1.cert is present in the path.


UPDATE: I noticed that during the update process the server1.cert file got corrupted. Trying to generate a new one .

9

20.1 Legacy Series / SENSEI DAILY REPORT: Probably elasticsearch service is not running

« on: May 19, 2020, 03:06:23 pm »

Hi,

I'm getting the daily Sensei report stating this :

'Scheduled reports could not be generated. Probably elasticsearch service is not running or not working properly. Please check elasticsearch service manually.'


This is bit confusing as Sensei's backend db in use is Mongo.

If I run manually /usr/local/opnsense/scripts/OPNsense/Sensei/scheduled_reports.sh
I get the same result indicating elasticsearch is not running.

10

19.7 Legacy Series / Re: Does Maltrail block?

« on: September 14, 2019, 07:47:22 pm »

I mean, I can activate it on the opnsens as server and sensor, but I cannot use it's data in menu items like reports (better integration?).

11

19.7 Legacy Series / Re: Does Maltrail block?

« on: September 14, 2019, 07:26:11 pm »

Hi,  Yes the URL table IP Alias sound doable. Thanks!

Anyway, what is the purpose of it's integration with the GUI?

12

19.7 Legacy Series / Does Maltrail block?

« on: September 14, 2019, 03:17:38 pm »

Hi,

I couldn't find any further info so I'm wondering if Maltrail blocks anything or is it just only for detection?
Can not see any logs either in the GUI.


rgds,