Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - evilgenius

Pages1
#1
24.7, 24.10 Production Series / Re: Failing widgets after upgrade to 24.7
August 01, 2024, 01:38:25 PM
@Franco

Hi Franco,
the patch work for me also. After the patch saving widgets also work... before I tried to add Thermal Sensor Widget withou sucess. After the patch it works.

The Traffic Widget also didn't display any kind of information. It's complete empty (white)

BR Andreas, thanks for the patch :)
#2
Virtual private networks / Re: 2nd OpnVPN Client-to-site server make 1rst OpnVPN Site-to-Site not routing
August 18, 2021, 10:08:09 PM
Hi,

the  IPv4 Tunnel Network should be 192.168.1.0/30... than you have max to hosts in the network (192.168.1.1 and 192.168.1.2). Than you can push routes for both sides

Datacenter (192.168.0.0/24) example:
Code Select

dev ovpns5
verb 3
dev-type tun
dev-node /dev/tun5
writepid /var/run/openvpn_server5.pid
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-128-CBC
auth SHA256
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
local 192.168.181.20
tls-server
ifconfig 192.168.1.1 192.168.1.2
tls-verify "deleted"
lport 1198
management /var/etc/openvpn/server5.sock unix
push "route 192.168.2.0 255.255.255.0"
push "route 192.168.3.0 255.255.255.0"

Client side:
push "route 192.168.0.0 255.255.255.0"

and on the client side the way back. Also have in mind to create firewall rules.

For the second tunnel you can use next /30 netmask 192.168.1.5 - 192.168.1.6 192.168.1.4/30...
If you choose /24 in your example it didn't work because the client get an dynamic adresse...

Br Andreas
#3
Virtual private networks / OpenVPN Site2Site tunnel not working after upgrade tp 21.7.1
August 18, 2021, 09:57:51 PM
Hi together,

after I upgrade my main firewall from 21.7 to 21.7.1 the site2site VPN's aren't working. It is a problem in the server config of openvpn.

Working config in 21.7:
Code Select
dev ovpns5
verb 3
dev-type tun
dev-node /dev/tun5
writepid /var/run/openvpn_server5.pid
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-128-CBC
auth SHA256
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
local 192.168.181.20
tls-server
ifconfig 10.100.5.1 10.100.5.2
tls-verify "deleted"
lport 1198
management /var/etc/openvpn/server5.sock unix
push "route 10.100.0.0 255.255.255.0"


This part in 21.7 "ifconfig 10.100.5.1 10.100.5.2" show up in the WebUI as IPv4 Tunnel Network 10.100.5.0/30.
After the Upgrade to 21.7.1 the subnetmask /30 prevent the tunnel to be started... /28 /27 /26 and so on are working but breaking the routing...

Error message in the WebUI: openvpn Unable to contact daemon

Is this a known bug?

BR Andreas

#4
Web Proxy Filtering and Caching / Re: Errors in Proxy Cache Log?
July 09, 2020, 11:52:42 PM
Hi togther,

I have the same problem. Release is OPNsense 20.1.8_1. No IPv6 addresses are configured..
2020-07-09T23:43:37   | FATAL: pinger: Unable to open any ICMP sockets.
2020-07-09T23:43:37   | pinger: Unable to start ICMPv6 pinger.
2020-07-09T23:43:37   | Open icmp_sock: (1) Operation not permitted
2020-07-09T23:43:37   | pinger: Unable to start ICMP pinger.
2020-07-09T23:43:37   | Open icmp_sock: (1) Operation not permitted
2020-07-09T23:43:37   | pinger: Initialising ICMP pinger ...
2020-07-09T23:43:37   kid1| Accepting SSL bumped HTTP Socket connections at local=xxx.xxx.xxx.xxx:3128 remote=[::] FD 28 flags=9
2020-07-09T23:43:37   kid1| Finished loading MIME types and icons.
2020-07-09T23:43:37   kid1| Pinger socket opened on FD 30
2020-07-09T23:43:37   kid1| HTCP Disabled.
2020-07-09T23:43:37   kid1| helperOpenServers: Starting 5/5 'security_file_certgen' processes

Fresh installation. It looks like a permission problem:
ls -lisa /usr/local/libexec/squid/pinger
492072 192 -r-xr-xr-x  1 root  wheel  195008 May 19 06:11 /usr/local/libexec/squid/pinger
chmod 4755 /usr/local/libexec/squid/pinger
ls -lisa /usr/local/libexec/squid/pinger
492072 192 -rwsr-xr-x  1 root  wheel  195008 May 19 06:11 /usr/local/libexec/squid/pinger

Now Squid starts...
Source:
https://muhdzamri.blogspot.com/2010/12/solving-squids-pinger-error.html

Maybe that solution is a security risk, and i don't no if this is permanent (reboot persistens)
evilgenius
#5
20.1 Legacy Series / Re: Question LetsEncrypt Plugin - Automated SFTP upload
April 02, 2020, 10:20:10 PM
Hi mimugmail,

thx for the info. That are great news.

BR

Andreas
#6
20.1 Legacy Series / Question LetsEncrypt Plugin - Automated SFTP upload
April 01, 2020, 11:23:45 PM
Hi together  :),

I have a question regarding the LetsEncrypt Plugin - Automated SFTP upload:
- The upload is working fine (cert.pem, key.pem, ca.pem) but I can't select the fullchain.pe
- I need this for one of my server (dovecot/postfix), as work around I'll created this file via a cron job on the server

Is it possilble to upload the fullchain.pem also?
If it is possible how can I do that?

Best regards
Andreas
Pages1