Messages

1

20.7 Legacy Series / Re: Update failed 20.1 -> 207 with Sensei

« on: August 02, 2020, 05:05:08 pm »

Same here. ESXI 6.7u3
continous crashes with enabled suricata.
I had do disable suricate previus updateing to 20.7.
I have rolled back to 20.1.9. Long live the snapshot! ;-)

wer

2

20.1 Legacy Series / Net-SNMP Config - Advanced field missing

« on: February 17, 2020, 10:41:09 am »

Hi there

I am missing a "Advanced" field in the Net-SNMP config page.
Purpose of this is for example to add a custom SNMP MIB for external temperature monitoring.

Adding it to /usr/local/share/snmp/snmpd.conf works, but SSH access is required.

Example to add:
extend cpuTemp0 /sbin/sysctl dev.cpu.0.temperature | /usr/bin/sed 's/dev.cpu.0.temperature: //g' | /usr/bin/sed 's/C//g'
extend smartHealth0 /usr/local/sbin/smartctl --health /dev/ada0 | sed -n -e 's/^.*result: //p'

Editing the snmp settings removes the manually added lines.

Would it be possible to add this field to the GUI ?

Regards,
wer

3

19.7 Legacy Series / Re: os-acme-client (Let's Encrypt) - HTTP-01 validation not responding to acme chall

« on: December 27, 2019, 04:55:10 pm »

Found a solution:

After removing all acme parts from the gateway and reinstalling it, the problem was still present.

Even tough the default local port 43580 is not in use (netstat -an | grep LISTEN) I have changed the local port to 4358 and additionally I have disabled the http->https redirection of the GUI.
Doing so, I was able to renew the certs on 2 of my systems....  Happy again... 

4

19.7 Legacy Series / Re: os-acme-client (Let's Encrypt) - HTTP-01 validation not responding to acme chall

« on: December 18, 2019, 11:50:42 am »

Hi,

I can confirm this issue in OPNsense 19.7.7-amd64


Before getting there I had to fix the syntax of the generated pf rules in
/var/etc/acme-client/configs/xxxx/acme_anchor_rules which are generated in the
/usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php file:

Line 57:
-$anchor_rules .= "rdr pass inet proto tcp from any to ${ip} port 80 -> 127.0.0.1 port ${local_http_port}\n";
+$anchor_rules .= "rdr pass on inet proto tcp from any to ${ip} port 80 -> 127.0.0.1 port ${local_http_port}\n";

But still, acme does not work... 

Kind Regards,
Wer