Messages

Same here. ESXI 6.7u3
continous crashes with enabled suricata.
I had do disable suricate previus updateing to 20.7.
I have rolled back to 20.1.9. Long live the snapshot! ;-)

wer

Hi there

I am missing a "Advanced" field in the Net-SNMP config page.
Purpose of this is for example to add a custom SNMP MIB for external temperature monitoring.

Adding it to /usr/local/share/snmp/snmpd.conf works, but SSH access is required.

Example to add:
extend cpuTemp0 /sbin/sysctl dev.cpu.0.temperature | /usr/bin/sed 's/dev.cpu.0.temperature: //g' | /usr/bin/sed 's/C//g'
extend smartHealth0 /usr/local/sbin/smartctl --health /dev/ada0 | sed -n -e 's/^.*result: //p'

Editing the snmp settings removes the manually added lines.

Would it be possible to add this field to the GUI ?

Regards,
wer

Found a solution:

After removing all acme parts from the gateway and reinstalling it, the problem was still present.

Even tough the default local port 43580 is not in use (netstat -an | grep LISTEN) I have changed the local port to 4358 and additionally I have disabled the http->https redirection of the GUI.
Doing so, I was able to renew the certs on 2 of my systems....  Happy again...  :)

Hi,

I can confirm this issue in OPNsense 19.7.7-amd64


Before getting there I had to fix the syntax of the generated pf rules in
/var/etc/acme-client/configs/xxxx/acme_anchor_rules which are generated in the
/usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php file:

Line 57:
-$anchor_rules .= "rdr pass inet proto tcp from any to ${ip} port 80 -> 127.0.0.1 port ${local_http_port}\n";
+$anchor_rules .= "rdr pass on inet proto tcp from any to ${ip} port 80 -> 127.0.0.1 port ${local_http_port}\n";

But still, acme does not work...  :(

Kind Regards,
Wer