1
24.7 Production Series / Re: Kernal Panic - WPA broken for wifi after 24.7 update
« on: October 17, 2024, 11:22:21 am »
nevermind, just ordered a cheap AP, too bad, it was nice not to have an extra device
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
24.7 Production Series / Re: Kernal Panic - WPA broken for wifi after 24.7 update
« on: October 15, 2024, 05:19:06 pm »
Hi,
just upgraded and facing the same issue. Any news?
just upgraded and facing the same issue. Any news?
Code: [Select]
root@myfw:~ # dmesg | grep run0
run0 on uhub0
run0: <Ralink 802.11 n WLAN, class 0/0, rev 2.00/1.01, addr 1> on usbus0
run0: MAC/BBP RT3070 (rev 0x0200), RF RT3020 (MIMO 1T1R), address 00:22:43:73:89:17
run0: [HT] Enabling 802.11n
wlan0: changing name to 'run0_wlan1'
run0: firmware RT2870 ver. 0.33 loaded
run0: firmware RT2870 ver. 0.33 loaded
run0: firmware RT2870 ver. 0.33 loaded
root@myfw:~ # tail /var/log/wireless/latest.log
<31>1 2024-10-15T17:07:21+02:00 myfw.signorini.in hostapd 17447 - [meta sequenceId="1"] run0_wlan1: WPA rekeying GTK
<31>1 2024-10-15T17:08:21+02:00 myfw.signorini.in hostapd 17447 - [meta sequenceId="1"] run0_wlan1: WPA rekeying GTK
<31>1 2024-10-15T17:09:21+02:00 myfw.signorini.in hostapd 17447 - [meta sequenceId="1"] run0_wlan1: WPA rekeying GTK
<31>1 2024-10-15T17:10:21+02:00 myfw.signorini.in hostapd 17447 - [meta sequenceId="1"] run0_wlan1: WPA rekeying GTK
<31>1 2024-10-15T17:11:21+02:00 myfw.signorini.in hostapd 17447 - [meta sequenceId="1"] run0_wlan1: WPA rekeying GTK
<31>1 2024-10-15T17:12:21+02:00 myfw.signorini.in hostapd 17447 - [meta sequenceId="1"] run0_wlan1: WPA rekeying GTK
<31>1 2024-10-15T17:13:21+02:00 myfw.signorini.in hostapd 17447 - [meta sequenceId="1"] run0_wlan1: WPA rekeying GTK
<31>1 2024-10-15T17:14:21+02:00 myfw.signorini.in hostapd 17447 - [meta sequenceId="1"] run0_wlan1: WPA rekeying GTK
<31>1 2024-10-15T17:15:21+02:00 myfw.signorini.in hostapd 17447 - [meta sequenceId="1"] run0_wlan1: WPA rekeying GTK
<31>1 2024-10-15T17:16:21+02:00 myfw.signorini.in hostapd 17447 - [meta sequenceId="2"] run0_wlan1: WPA rekeying GTK
3
23.1 Legacy Series / Re: gcloud command does not work anymore
« on: July 16, 2023, 04:39:52 pm »
Thanks!
4
23.1 Legacy Series / Re: gcloud command does not work anymore
« on: June 22, 2023, 09:27:50 am »
please, could someone help me and try the below command?
5
23.1 Legacy Series / Re: gcloud command does not work anymore
« on: June 17, 2023, 05:38:41 pm »
any idea?
does someone using it confirms it works, or can someone just launch it to tell me if same error appears?
you can try: gcloud info --run-diagnostics
does someone using it confirms it works, or can someone just launch it to tell me if same error appears?
you can try: gcloud info --run-diagnostics
6
23.1 Legacy Series / gcloud command does not work anymore
« on: June 04, 2023, 10:38:05 am »
Hi all,
gcloud command does not work anymore, I noticed now since my certificates are expired, so it could be an issue of like 2 or 3 months ago. I use acme with DNS validation.
Nothing relevant in the logs. I also tried to truss it, but still not useful info
gcloud command does not work anymore, I noticed now since my certificates are expired, so it could be an issue of like 2 or 3 months ago. I use acme with DNS validation.
Nothing relevant in the logs. I also tried to truss it, but still not useful info
Code: [Select]
[root@myfw ~]# /usr/local/bin/gcloud dns record-sets list --name="www.signorini.ch." --type="A" -z "external-ch"
ERROR: gcloud crashed (AttributeError): 'NoneType' object has no attribute 'clean_version'
If you would like to report this issue, please run the following command:
gcloud feedback
To check gcloud for common problems, please run the following command:
gcloud info --run-diagnostics
[root@myfw ~]# gcloud info --run-diagnostics
Network diagnostic detects and fixes local network connection issues.
Checking network connection...failed.
ERROR: gcloud crashed (AttributeError): 'NoneType' object has no attribute 'clean_version'
If you would like to report this issue, please run the following command:
gcloud feedback
To check gcloud for common problems, please run the following command:
gcloud info --run-diagnostics
[root@myfw ~]# pkg which /usr/local/bin/gcloud
/usr/local/bin/gcloud was installed by package google-cloud-sdk-431.0.0
[root@myfw ~]# pkg info google-cloud-sdk-431.0.0
google-cloud-sdk-431.0.0
Name : google-cloud-sdk
Version : 431.0.0
Installed on : Fri May 26 11:26:15 2023 CEST
Origin : net/google-cloud-sdk
Architecture : FreeBSD:13:*
Prefix : /usr/local
Categories : net
Licenses : APACHE20
Maintainer : bofh@FreeBSD.org
WWW : https://developers.google.com/cloud/sdk/
Comment : Google Cloud SDK for Google Cloud Platform
Options :
BASH : on
ZSH : on
Annotations :
repo_type : binary
repository : OPNsense
Flat size : 326MiB
Description :
Google Cloud SDK contains tools and libraries that enable you to easily create
and manage resources on Google Cloud Platform, including App Engine, Compute
Engine, Cloud Storage, BigQuery, Cloud SQL, and Cloud DNS.
WWW: https://developers.google.com/cloud/sdk/
[root@myfw ~]# opnsense-version
OPNsense 23.1.9
[root@myfw ~]# find /usr/ /opt/ -type f | xargs grep -l clean_version 2>/dev/null
/usr/local/lib/perl5/5.32/CPAN/Meta/Converter.pm
/usr/local/google-cloud-sdk/lib/googlecloudsdk/core/util/platforms.py
/usr/local/google-cloud-sdk/lib/googlecloudsdk/core/util/__pycache__/platforms.cpython-39.pyc
/usr/local/google-cloud-sdk/lib/googlecloudsdk/core/__pycache__/transport.cpython-39.pyc
/usr/local/google-cloud-sdk/lib/googlecloudsdk/core/transport.py
^C
[root@myfw ~]# grep -10 clean_version /usr/local/google-cloud-sdk/lib/googlecloudsdk/core/util/platforms.py
return not self.__lt__(other)
@property
def version(self):
"""Returns the operating system version."""
if self == OperatingSystem.WINDOWS:
return platform.version()
return platform.release()
@property
def clean_version(self):
"""Returns a cleaned version of the operating system version."""
version = self.version
if self == OperatingSystem.WINDOWS:
capitalized = version.upper()
if capitalized in ('XP', 'VISTA'):
return version
if capitalized.startswith('SERVER'):
# Allow Server + 4 digits for year.
return version[:11].replace(' ', '_')
[root@myfw ~]# find /usr/local/google-cloud-sdk/ -type f | xargs grep -l NoneType 2>/dev/null
/usr/local/google-cloud-sdk/.install/.backup/lib/third_party/oauth2client/crypt.py
/usr/local/google-cloud-sdk/.install/.backup/lib/third_party/oauth2client/__pycache__/crypt.cpython-37.pyc
/usr/local/google-cloud-sdk/.install/.backup/lib/third_party/websocket/_core.py
/usr/local/google-cloud-sdk/.install/.backup/lib/third_party/apitools/base/py/encoding_helper.py
/usr/local/google-cloud-sdk/.install/.backup/lib/third_party/apitools/base/py/__pycache__/encoding_helper.cpython-37.pyc
/usr/local/google-cloud-sdk/.install/.backup/platform/bq/third_party/oauth2client_4_0/crypt.py
/usr/local/google-cloud-sdk/.install/.backup/platform/bq/third_party/oauth2client_4_0/__pycache__/crypt.cpython-37.pyc
/usr/local/google-cloud-sdk/.install/.backup/platform/gsutil/gslib/vendored/oauth2client/oauth2client/crypt.py
/usr/local/google-cloud-sdk/.install/.backup/platform/gsutil/gslib/vendored/oauth2client/oauth2client/__pycache__/crypt.cpython-37.pyc
/usr/local/google-cloud-sdk/.install/.backup/platform/gsutil/third_party/apitools/apitools/base/py/encoding_helper.py
/usr/local/google-cloud-sdk/.install/.backup/platform/gsutil/third_party/apitools/apitools/base/py/__pycache__/encoding_helper.cpython-37.pyc
/usr/local/google-cloud-sdk/lib/googlecloudsdk/api_lib/compute/iap_tunnel_lightweight_websocket.py
/usr/local/google-cloud-sdk/lib/third_party/oauth2client/crypt.py
/usr/local/google-cloud-sdk/lib/third_party/oauth2client/__pycache__/crypt.cpython-37.pyc
/usr/local/google-cloud-sdk/lib/third_party/oauth2client/__pycache__/crypt.cpython-38.pyc
/usr/local/google-cloud-sdk/lib/third_party/oauth2client/__pycache__/crypt.cpython-39.pyc
/usr/local/google-cloud-sdk/lib/third_party/apitools/base/py/encoding_helper.py
/usr/local/google-cloud-sdk/lib/third_party/apitools/base/py/__pycache__/encoding_helper.cpython-37.pyc
/usr/local/google-cloud-sdk/lib/third_party/apitools/base/py/__pycache__/encoding_helper.cpython-39.pyc
/usr/local/google-cloud-sdk/lib/third_party/apitools/base/py/__pycache__/encoding_helper.cpython-38.pyc
/usr/local/google-cloud-sdk/lib/third_party/websocket/_core.py
/usr/local/google-cloud-sdk/lib/third_party/jmespath/functions.py
/usr/local/google-cloud-sdk/platform/bq/third_party/oauth2client_4_0/crypt.py
/usr/local/google-cloud-sdk/platform/bq/third_party/oauth2client_4_0/__pycache__/crypt.cpython-37.pyc
/usr/local/google-cloud-sdk/platform/gsutil/gslib/vendored/oauth2client/oauth2client/crypt.py
/usr/local/google-cloud-sdk/platform/gsutil/gslib/vendored/oauth2client/oauth2client/__pycache__/crypt.cpython-37.pyc
/usr/local/google-cloud-sdk/platform/gsutil/third_party/apitools/apitools/base/py/encoding_helper.py
/usr/local/google-cloud-sdk/platform/gsutil/third_party/apitools/apitools/base/py/__pycache__/encoding_helper.cpython-37.pyc
/usr/local/google-cloud-sdk/platform/gsutil_py2/gslib/vendored/oauth2client/oauth2client/crypt.py
/usr/local/google-cloud-sdk/platform/gsutil_py2/third_party/apitools/apitools/base/py/encoding_helper.py
7
Intrusion Detection and Prevention / Re: suricata not blocking nmap scan
« on: October 27, 2022, 02:26:21 pm »
try a tcpdump on opnsense wan interface to actually see the scan is incoming, don't you have a modem/router in between which only NAT specific ports?
8
Intrusion Detection and Prevention / Re: Suricata to protect WebServer
« on: February 03, 2021, 12:48:21 pm »Hi,
we have many Web Server with e-commerce (Magento, Prestashop, etc...) and some Windows Servers that must be reachable via RDP on non standar Port (Port forward vs 3389) and we want to test OPNsense to use it as our new firewall. The Web Servers have to be reachable via FTP and SSH from well known IPs (for ssh we will use non standar port). Of course the most important feature for us is Suricata as IPS/IDS. Naturally we will use ET Pro Telemetry, now the questions are:We will use OPNsense as VM under Proxmox (KVM), could you give me some advice on how to optimize the OPNSense configuration?
- which are the rules to enable to protect our Servers?
- And what about false positive?
- Is it enough to enable Suricata only on the WAN Interface?
Does Sensei help me?
Thank you to all
A web server should only expose web service (better with a reverse proxy to protect it), really bad idea to allow ssh. And FTP, really?
If you need SSH access you should evaulate to use a jump server reachable with VPN
9
21.1 Legacy Series / suricata: cannot edit action anymore
« on: January 31, 2021, 03:13:17 pm »
wanted to change some pt.research rule from drop to alert, it's not possible anymore, both from the alert tab and the rules tab itself, the change is not taken
10
20.7 Legacy Series / Re: Blocked traffic on LAN via Default deny rule
« on: November 14, 2020, 10:18:07 am »Hi there. I'm seeing a ton of blocked LAN traffic on my FW, where one thing on my LAN is attempting to talk to another thing on my LAN. I cannot for the life of me understand why this is happening.
__timestamp__ Nov 13 17:54:07
ack 386885594
action [block]
anchorname
datalen 0
dir [in]
dst 192.168.1.52
dstport 55240
ecn
id 31958
interface em0
interface_name lan
ipflags DF
label Default deny rule
length 40
offset 0
proto 6
protoname tcp
reason match
rid 02f4bab031b57d1e30553ce08e0ec131
ridentifier 0
rulenr 8
seq
src 192.168.1.5
srcport 443
subrulenr
tcpflags A
tcpopts
tos 0x0
ttl 64
urp 128
version 4
it's maybe an ACK package for a connection not active anymore in the firewall
11
General Discussion / Re: What Are You Using as a Network Monitoring Solution
« on: November 05, 2020, 07:31:18 am »
I don't know a way to discover new VLAN, but I am far to be an expert of zabbix
To discover new devices I opened the ping from zabbix server to any and configured zabbix like this (see attachment)
To discover new devices I opened the ping from zabbix server to any and configured zabbix like this (see attachment)
12
20.7 Legacy Series / Re: User created cron job issues
« on: November 02, 2020, 08:28:05 am »
do you see something strange in the last log in /var/log/configd?
what's the content of /home/mts/cron_scripts/getWho.sh?
it could be just an environment issue, maybe in the PATH variable
what's the content of /home/mts/cron_scripts/getWho.sh?
it could be just an environment issue, maybe in the PATH variable
13
General Discussion / Re: What Are You Using as a Network Monitoring Solution
« on: October 27, 2020, 06:39:26 pm »Which network do you have your PI on?on a network I call "management network" in a dedicated interface of the OPNsense
Ahh so you are using the default LAN interface, and then everything else is vlan on other interfaces? Are you using a switch to connect the LAN interface and the PI or are you directly connecting the PI to the physical interface of your OPNsense device?
Actually my configuration is a bit more complex, I have 2 interfaces in link aggregation and connected to a switch, this link is a trunk of several vlans. Then I have the management LAN untagged and connected to another switch. On this management network I have several stuff, my NTP servers, monitoring, openvas security scanner, and all management related stuff. But this is not significant, you can call it "default LAN" if you like
14
General Discussion / Re: What Are You Using as a Network Monitoring Solution
« on: October 27, 2020, 05:49:07 pm »Which network do you have your PI on?on a network I call "management network" in a dedicated interface of the OPNsense
15
General Discussion / Re: What Are You Using as a Network Monitoring Solution
« on: October 27, 2020, 05:35:59 pm »
I use zabbix, I have the server on a Raspberry Pi 4, then there is the plugin for OPNsense. You can even install proxy plugin in case you want to retrieve info of devices on different vlans without opening the fw rules