Messages

1

24.7 Production Series / Re: CARP Status Widget fail to load after upgrade to 24.7

« on: September 09, 2024, 05:09:37 pm »

Wooow!
you are right ! :-)
removed orphan IP Alias and voila, it's works!
Thanks a lot!

2

24.7 Production Series / Re: CARP Status Widget fail to load after upgrade to 24.7

« on: September 09, 2024, 11:06:29 am »

Hi!,
sorry, now corrected.

I updated step by step from 24.1.10_8 to 24.7.3_1.

browser console:
opnsense_widget_manager.js?v=4bb3464f732685dc:518 Failed to load content for widget: carp, Error: TypeError: Cannot read properties of null (reading 'interface')
    at Carp.js?t=1725872511531:70:70
    at Array.forEach (<anonymous>)
    at Carp.onWidgetTick (Carp.js?t=1725872511531:69:28)
    at async tick (opnsense_widget_manager.js?v=4bb3464f732685dc:487:17)
    at async WidgetManager._onMarkupRendered (opnsense_widget_manager.js?v=4bb3464f732685dc:495:9)
    at async Promise.all (index 4)
    at async WidgetManager._loadDynamicContent (opnsense_widget_manager.js?v=4bb3464f732685dc:423:9)
    at async WidgetManager.initialize (opnsense_widget_manager.js?v=4bb3464f732685dc:116:13)


Thanks a lot,

3

24.7 Production Series / Re: CARP Status Widget fail to load after upgrade to 24.7

« on: September 09, 2024, 09:38:44 am »

Hi !
I started  from 24.1.10_8 to 24.7 and so on to current version ...

4

24.7 Production Series / CARP Status Widget fail to load after upgrade to 24.7

« on: September 09, 2024, 09:31:44 am »

Hi People,
after upgrade to 24.7 the CARP Status Widget fails to load.
thanks a lot

5

24.7 Production Series / update 23.7 -> 24.1 problem with haproxy / ssl / tls

« on: June 17, 2024, 11:32:58 am »

Hello Community,
As the title suggests, after an upgrade, the IMAP(993) reverse proxy (with haproxy) no longer works for me.
I remember reading that old ciphers were deactivated, tls1.X, etc.
Unfortunately, I can't find a proper way to temporarily get IMAP working again until I have updated the IMAP server.
Any suggestions? Keywords?
Thanks in advance,

6

German - Deutsch / update 23.7 -> 24.1 problem mit haproxy / ssl / tls

« on: June 16, 2024, 06:19:07 pm »

Servus Community,
Wie der Titel andeutet, nach ein upgrade, funktionert bei mir das IMAP(993) reverse Proxy (mit haproxy) nicht mehr.
Ich erinnere mich gelesen zu haben das alten ciphers deaktiviert wurden, tls1.X, etc.
Ich finde leider keine richtige Einsatz um tempörär IMAP wieder zum laufen zu bringen bis ich den IMAP server auf neuen Stand gebracht habe.
Irgendein Vorschlag ? Stichworte ?
Vielen Dank im Voraus,

7

24.1 Legacy Series / dhcrelay and kea in parallel for different interfaces

« on: April 28, 2024, 07:02:31 pm »

Hello everyone,
My goal is to migrate step by step or interface by interface from a dhcp server to opnsense kea.

Can anyone confirm that dhcrelay and kea can run in parallel?
So far I have worked with dhcrelay (HA Mode) and forwarded all DHCP requests from the various interfaces (VLANs) to an external DHCP server (Linux).

Now I want to move one subnet at a time to “opnsense kea”, i.e. turn on kea in opnsense and configure the corresponding subnet etc. for one interface, while the others continue to be passed on via dhcrelay...
Should I pay attention to anything special?

Thanks in advance,

8

23.7 Legacy Series / Re: VPN: OpenVPN: Instances [new] Cipher

« on: November 13, 2023, 11:05:58 am »

I need the option too.
Have you found anything in the meantime other than adjusting the other partner?

9

German - Deutsch / Re: CheckMK Agent Standalone

« on: September 30, 2022, 09:32:15 am »

Moin !
Klasse Arbeit!
Ich habe eine Frage.
Auszug aus die OpenVPN section
...
2 "OpenVPN Client: rw @ workstation21" connectiontime=0|connections_ssl_vpn=0|if_in_octets=0|if_out_octets=0|expiredays=9 Nicht verbunden Cert Expire: 09.10.2022
...


Wie kann ich den status "Nicht verbunden" ignorieren aber trotzdem warnen dass über "Cert Expire" ?
Siehe Screenshot ...

Vielen Dank im Voraus !

10

Virtual private networks / Zertifikate widerrufen / löschen

« on: May 20, 2022, 11:55:35 am »

Servus,
kann ich ein Zertifikat nach den widerrufen löschen ?
Unter openvpn, ein nicht widergerufen aber gelöschte Zertifikat weiter akzeptiert wird deshalb die Frage.
Vielen Dank !

11

22.1 Legacy Series / Re: Intel X520-DA2 Series Connectivity Issues / Input-error after upgrade to 22.1

« on: April 15, 2022, 09:21:52 pm »

I upgraded to 22.1 last week and everything went off without a hitch.
A quick hardware overview.
I run Opnsense as pure Firewall (High Avail. Scenario, 2 Hosts, 2 Switch, LACP)
Hosts with  32G, Xeon E2620,  Intel x520-DA2.
1 host with Fiber/ 1 Host with DAC.

lacp over both ports on X520.
more vlans on top of lagg.

Interface Statistics for lagg0

In/out packets   716441825 / 712558018 (358.71 GB / 284.60 GB)
In/out packets (pass)   716347241 / 712557150 (358.70 GB / 284.60 GB)
In/out packets (block)   4574009 / 868 (92 KB / 44 KB)
In/out errors   6801598 / 1657


Interface Statistics for ix0
In/out errors   6738215 / 0

Interface Statistics for ix1
In/out errors   63383 / 0

Same behavior with DAC or Fiber Gbic's
Same behavior for both Hosts

Any Hints ?

sysctl -A | grep -i "dev.ix.[0-1].mac_stats" | grep err
dev.ix.1.mac_stats.checksum_errs: 107297
dev.ix.1.mac_stats.rec_len_errs: 0
dev.ix.1.mac_stats.byte_errs: 0
dev.ix.1.mac_stats.ill_errs: 0
dev.ix.1.mac_stats.crc_errs: 0
dev.ix.1.mac_stats.rx_errs: 107297
dev.ix.0.mac_stats.checksum_errs: 3467726
dev.ix.0.mac_stats.rec_len_errs: 0
dev.ix.0.mac_stats.byte_errs: 0
dev.ix.0.mac_stats.ill_errs: 0
dev.ix.0.mac_stats.crc_errs: 0
dev.ix.0.mac_stats.rx_errs: 3467726

12

Tutorials and FAQs / Re: Tutorial 2021/12: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: March 13, 2022, 09:42:06 pm »

I got this error

[WARNING] (20353) : Proxy '1_HTTP_frontend': L6 sample fetches ignored on HTTP proxies (declared at /usr/local/etc/haproxy.conf.staging:70).
Warnings were found.
Configuration file is valid

What is wrong?

on Step:
Services --> HAProxy --> Settings --> Rules & Checks --> Conditions
Here we will only create a "NoSSL_condition", which is necessary in order to identify non-HTTP traffic.


Please replace "req.ssl_ver gt 0" with "ssl_fc" also, select "custom" and on custom field enter "ssl_fc"

https://redmine.pfsense.org/issues/9261

13

German - Deutsch / Re: HAProxy warnung nach update auf 22.1 - L6 sample fetches ignored on HTTP proxies

« on: March 13, 2022, 09:32:52 pm »

Es scheint das Problem hier zu liegen:

#### haproxy/conditions
### Traffic is SSL (TCP request content inspection)

--> # ACL: SSLEstablished
--> acl acl_5f60ac7b7738e3.07651849 req.ssl_ver gt 0

es soll hier gegen "Custom" und dann
ssl_fc

ersetzt werden.


Erklärung im Netz:

Please replace req.ssl_ver gt 0 with ssl_fc

https://redmine.pfsense.org/issues/9261

14

22.1 Legacy Series / Re: Interface errors after Upgrade

« on: February 24, 2022, 12:14:34 pm »

Hi !
2 cases with same Problem after update to 22.1

 sysctl -A | grep -i "dev.ix.[0-1].mac_stats" | grep err
dev.ix.1.mac_stats.checksum_errs: 103470
dev.ix.1.mac_stats.rec_len_errs: 0
dev.ix.1.mac_stats.byte_errs: 0
dev.ix.1.mac_stats.ill_errs: 0
dev.ix.1.mac_stats.crc_errs: 0
dev.ix.1.mac_stats.rx_errs: 103470
dev.ix.0.mac_stats.checksum_errs: 1257491
dev.ix.0.mac_stats.rec_len_errs: 0
dev.ix.0.mac_stats.byte_errs: 0
dev.ix.0.mac_stats.ill_errs: 0
dev.ix.0.mac_stats.crc_errs: 0
dev.ix.0.mac_stats.rx_errs: 7283759

dev.ix.1.%desc: Intel(R) X520 82599ES (SFI/SFP+)
dev.ix.0.%desc: Intel(R) X520 82599ES (SFI/SFP+)

X520-DA2 % X520-SR2

same problem with 10Gbe DAC cabling or original 10Gbe Gbic adapters,

HPE Switch's with LACP. Tested without LACP too, no changes ...

Cheers,

15

22.1 Legacy Series / Intel X520-DA2 Series Connectivity Issues / Input-error after upgrade to 22.1

« on: February 23, 2022, 10:07:18 am »

I upgraded to 22.1 last week and everything went off without a hitch.
A quick hardware overview.
I run Opnsense as pure Firewall (High Avail. Scenario, 2 Hosts, 2 Switch, LACP)
Hosts with  32G, Xeon E2620,  Intel x520-DA2.
1 host with Fiber/ 1 Host with DAC.

lacp over both ports on X520.
more vlans on top of lagg.

Interface Statistics for lagg0

In/out packets   716441825 / 712558018 (358.71 GB / 284.60 GB)
In/out packets (pass)   716347241 / 712557150 (358.70 GB / 284.60 GB)
In/out packets (block)   4574009 / 868 (92 KB / 44 KB)
In/out errors   6801598 / 1657


Interface Statistics for ix0
In/out errors   6738215 / 0

Interface Statistics for ix1
In/out errors   63383 / 0

Same behavior with DAC or Fiber Gbic's
Same behavior for both Hosts

Any Hints ?