1
22.7 Legacy Series / Re: Upgrade to 22.7 corrupted nginx service
« on: September 06, 2022, 01:17:22 pm »
Thanks for your explanation! Nothing is perfect. I try to better understand opnsense and hopefully help to improve it in future.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
22.7 Legacy Series / Re: Upgrade to 22.7 corrupted nginx service
« on: September 06, 2022, 12:34:48 pm »
First, before I generated manually the files with dhparam, I tried to reinstall the plugin, but it doesn't worked.
After your proposal to press "apply", the nginx.conf changed:
ssl_protocols TLSv1.2 TLSv1.3;
ssl_dhparam /usr/local/opnsense/data/OPNsense/Nginx/dh-parameters.4096.rfc79
19;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_prefer_server_ciphers on;
ssl_stapling off;
and now I can find dh-parameters.4096.rfc79 in the path above and it still works ;-)
My approach also worked, but I tried to understand whats going wrong. As I know see, that after an update I have to press "apply" to every service to reload changed templates?
After your proposal to press "apply", the nginx.conf changed:
ssl_protocols TLSv1.2 TLSv1.3;
ssl_dhparam /usr/local/opnsense/data/OPNsense/Nginx/dh-parameters.4096.rfc79
19;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_prefer_server_ciphers on;
ssl_stapling off;
and now I can find dh-parameters.4096.rfc79 in the path above and it still works ;-)
My approach also worked, but I tried to understand whats going wrong. As I know see, that after an update I have to press "apply" to every service to reload changed templates?
3
22.7 Legacy Series / Re: Upgrade to 22.7 corrupted nginx service
« on: September 06, 2022, 11:07:52 am »
I think I started with a clean installation of 21.1. Since them I always used the update mechanism from the webui. It worked since the upgrade to 22.7. Here is the output of the health check.
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.7.3_2 (amd64/OpenSSL) at Tue Sep 6 11:05:03 CEST 2022
>>> Check installed kernel version
Version 22.7.3 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.7.3 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
os-clamav 1.7_1
os-dmidecode 1.1_1
os-git-backup 1.0_3
os-haproxy 3.11
os-iperf 1.0_1
os-nginx 1.29_1
os-postfix 1.23_2
os-redis 1.1_1
os-rspamd 1.12
os-smart 2.2
os-theme-cicada 1.29
os-wireguard 1.12
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 63 dependencies to check.
Checking packages: ................................................................. done
***DONE***
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.7.3_2 (amd64/OpenSSL) at Tue Sep 6 11:05:03 CEST 2022
>>> Check installed kernel version
Version 22.7.3 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.7.3 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
os-clamav 1.7_1
os-dmidecode 1.1_1
os-git-backup 1.0_3
os-haproxy 3.11
os-iperf 1.0_1
os-nginx 1.29_1
os-postfix 1.23_2
os-redis 1.1_1
os-rspamd 1.12
os-smart 2.2
os-theme-cicada 1.29
os-wireguard 1.12
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 63 dependencies to check.
Checking packages: ................................................................. done
***DONE***
4
22.7 Legacy Series / Upgrade to 22.7 corrupted nginx service
« on: September 06, 2022, 12:10:40 am »
After upgrading from 22.1.10_4-amd64 to 22.7.3_2-amd64 the nginx update broke the current setup. After restarting the nginx server, I continously got the error:
After looking via shell to the nginx.conf file and the file dh-parameters.4096, I found out that all dh-parameters.<keysize> files are missing.
After generating these files with:
and restarting nginx, I seems to work.
Any ideas why this have to be done manually after upgrading?
Code: [Select]
"BIO_new_file("/usr/local/etc/dh-parameters.4096") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/usr/local/etc/dh-parameters.4096','r') error:2006D080:BIO routines:BIO_new_file:no such file)"After looking via shell to the nginx.conf file and the file dh-parameters.4096, I found out that all dh-parameters.<keysize> files are missing.
After generating these files with:
Code: [Select]
/usr/bin/openssl dhparam -dsaparam -out /usr/local/etc/dh-parameters.1024 1024
/usr/bin/openssl dhparam -dsaparam -out /usr/local/etc/dh-parameters.2048 2048
/usr/bin/openssl dhparam -dsaparam -out /usr/local/etc/dh-parameters.4096 4096and restarting nginx, I seems to work.
Any ideas why this have to be done manually after upgrading?
5
22.1 Legacy Series / Re: os-dyndns (misconfigured)
« on: February 07, 2022, 03:03:48 pm »
Perfect. Thanks!
br,
Jochen
br,
Jochen
6
22.1 Legacy Series / Re: os-dyndns (misconfigured)
« on: February 07, 2022, 01:42:45 pm »
Thanks! That was the problem. It use the same entry in the menu bar. Both use Dynamic DNS.
br,
Jochen
br,
Jochen
7
22.1 Legacy Series / Re: os-dyndns (misconfigured)
« on: February 07, 2022, 01:37:03 pm »
Hi Franco,
If I compare the settings from 21.7 with 22.1, see also https://docs.opnsense.org/manual/dynamic_dns.html. I only get a few options for configuration.
Br,
Jochen
If I compare the settings from 21.7 with 22.1, see also https://docs.opnsense.org/manual/dynamic_dns.html. I only get a few options for configuration.
Br,
Jochen
8
22.1 Legacy Series / Re: os-dyndns (misconfigured)
« on: February 07, 2022, 01:20:10 pm »
Hi,
we used os-dyndns in the release 21.7. with "custom options" for strato. As far as I see it is not possible anymore?
br,
Jochen
we used os-dyndns in the release 21.7. with "custom options" for strato. As far as I see it is not possible anymore?
br,
Jochen
9
German - Deutsch / Re: Postfix / ldap
« on: July 21, 2020, 09:36:31 am »
Kann mir jemand einen Tip geben, wie man Plugins entwickelt bzw. bestehende Plugins erweitern kann? Ein Hinweis auf ein Tutorial würde mir sehr helfen. Vielen Dank im Voraus.
10
German - Deutsch / Re: Postfix / ldap
« on: July 17, 2020, 08:49:03 am »
Ich habe hierzu ein Ticket angelegt: https://github.com/opnsense/plugins/issues/1926
11
German - Deutsch / Re: Postfix / ldap
« on: July 17, 2020, 08:35:54 am »
OK. Werde ich machen.
Im Prinzip müsste dann in main.cf der Eintrag
relay_recipient_maps = ldap:/etc/postfix/ldap_relay_recipient_maps.cf
hinzugefügt werden und dann in dieser Datei folgende Parameter aus meiner Sicht gesetzt werden.
server_host = ad-01.example.com
ad-02.example.com
search_base = dc=example, dc=com
version = 3
bind_dn = CN=postfix,CN=Users,DC=example,DC=com
bind_pw = password
query_filter = (proxyAddresses=smtp:%s)
result_attribute = mail
Im Prinzip müsste dann in main.cf der Eintrag
relay_recipient_maps = ldap:/etc/postfix/ldap_relay_recipient_maps.cf
hinzugefügt werden und dann in dieser Datei folgende Parameter aus meiner Sicht gesetzt werden.
server_host = ad-01.example.com
ad-02.example.com
search_base = dc=example, dc=com
version = 3
bind_dn = CN=postfix,CN=Users,DC=example,DC=com
bind_pw = password
query_filter = (proxyAddresses=smtp:%s)
result_attribute = mail
12
German - Deutsch / Re: Postfix / ldap
« on: July 16, 2020, 05:40:55 pm »
Ich bin ein Opnsense Neuling. Gibt es eine gute Anleitung, wie man solche Plugins entwickelt bzw. erweitert? Ich würde meine "Verbesserung" gerne allen zur Verfügung stellen. Oder ist das ein Feature was man bewusst nicht unterstützen will, weil es die Sicherheit von Opnsense negativ beeinflusst?
13
German - Deutsch / Postfix / ldap
« on: July 16, 2020, 01:58:40 pm »
Hallo,
ich versuche gerade Postfix als Mail-Gateway für einen Exchange Server zu konfigurieren. Hierzu soll postfix über das ActiveDirectory prüfen, ob der Empfänger bekannt ist. Dazu habe ich verschiedene Anleitungen gefunden, wie man das machen kann. Leider funktioniert die Abfrage über LDAP nicht, stattdessen bekomme ich die Fehlermeldung "postmap: fatal: unsupported dictionary type: ldap". Kann es sein, dass ldap nicht "reinkompiliert" ist? Ich verwende die aktuelle Version (20.1) von opnsense. Danke im Voraus.
Gruß Jochen
ich versuche gerade Postfix als Mail-Gateway für einen Exchange Server zu konfigurieren. Hierzu soll postfix über das ActiveDirectory prüfen, ob der Empfänger bekannt ist. Dazu habe ich verschiedene Anleitungen gefunden, wie man das machen kann. Leider funktioniert die Abfrage über LDAP nicht, stattdessen bekomme ich die Fehlermeldung "postmap: fatal: unsupported dictionary type: ldap". Kann es sein, dass ldap nicht "reinkompiliert" ist? Ich verwende die aktuelle Version (20.1) von opnsense. Danke im Voraus.
Gruß Jochen
Pages: [1]