Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - chelming

#1
error=self signed certificate

Import your CA on your device?
#2
I ran "configctl template cleanup OPNsense/Freeradius" followed by "configctl template reload OPNsense/Freeradius" and things seem to be working now. :shrug:
#3
This isn't new with 22.7. I had the same issue on 22.1 as well. If I add a FreeRADIUS user via the WebUI and click apply the user never appears in "/usr/local/etc/raddb/users" (restarting the service doesn't help any either).

If I run "configctl template reload OPNsense/Freeradius" the user gets added.

Any ideas where to look to see why the apply button isn't adding users to FreeRADIUS?

When I hit apply, I can see that reconfigure is being called and returning {"status": "ok"}.
#4
Do I need to add firewall rules to make this work? I added the SSDP and mDNS to UDP Broadcast Relay and I can see my three Roku devices for casting and can select them in the Roku app after about a 7 second delay.

I cannot see any of my chromecast devices.

All of my IOT devices are on the 40_IOT net and my phone is on the 10_Trusted net.

UDP Broadcast Relay setup:


my firewall rules are pretty non-existant and the same on both interfaces:


mDNS Repeater is currently disabled. I tried adding an allow in rule on the 10_Trusted net for all traffic whose source is 40_IOT and that didn't work either.

I can see all the chromecasts, google devices and speaker groups in wireshark from 10_Trusted:
11   11.823222   192.168.10.1   224.0.0.251   MDNS   419   Standard query response 0x0000 PTR Google-Home-Mini-6b0461727bacfded14f5c854c4d4437f._googlecast._tcp.local TXT, cache flush SRV, cache flush 0 0 8009 6b046172-7bac-fded-14f5-c854c4d4437f.local A, cache flush 192.168.40.27

Any ideas?
#5
20.1 Legacy Series / Multiple DHCPv6 PD requests
March 22, 2020, 08:51:18 PM
OPNsense 20.1.3-amd64
FreeBSD 11.2-RELEASE-p17-HBSD
OpenSSL 1.1.1d 10 Sep 2019

I'm moving from Ubiquiti to OpnSense and have an ISP that only gives me a /64. My workaround in Ubiquiti-land was to do a separate prefix request for each VLAN.

Is there a way to do this in OpnSense? I've tried setting my interfaces to DHCPv6 but it appears that they're trying to DHCPv6 off my WAN interface instead of from my ISP.

In UBNT-land I did it with the following json:
"interfaces": {
                "ethernet": {
                        "eth0": {
                                "dhcpv6-pd": {
                                        "pd": {
                                                "0": {
                                                        "interface": {
                                                                "eth1": {
                                                                        "prefix-id": "0"
                                                                }
                                                        },
                                                        "prefix-length": "64"
                                                },
                                                "10": {
                                                        "interface": {
                                                                "eth1.10": {
                                                                        "prefix-id": "0"
                                                                }
                                                        },
                                                        "prefix-length": "64"
                                                },
                                                "20": {
                                                        "interface": {
                                                                "eth1.20": {
                                                                        "prefix-id": "0"
                                                                }
                                                        },
                                                        "prefix-length": "64"
                                                },
etc., etc.,