1
Hardware and Performance / Re: Intel I217LM - 100baseTX <full-duplex>(not working at gigabit)
« on: March 17, 2022, 02:21:57 am »
anyone have any ideas? I have been holding off building the drivers.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
22.1 Legacy Series / Re: cyrus-sasl
« on: March 07, 2022, 04:10:30 pm »
Can confirm working as expected with the latest release.
Thank you for all your work and support!
Thank you for all your work and support!
3
22.1 Legacy Series / Re: Config Backup XML is HTML page
« on: March 07, 2022, 04:08:33 pm »
I was able to boot the old machine offline, backup the config with the following process and then import it into the new install via the web.
Not sure if there is anything else I should backup for plugin configs. Everything seems to be back up and working.
Code: [Select]
mkdir /media/usb
mount_msdosfs /dev/da0s1 /media/usb
cp -R /conf /media/usbNot sure if there is anything else I should backup for plugin configs. Everything seems to be back up and working.
4
Hardware and Performance / Intel I217LM - 100baseTX <full-duplex>(not working at gigabit)
« on: March 06, 2022, 08:23:01 am »
Any help would be appreciated. What I tried:
Still will not connect at 1000baseT <full-duplex>
OPNsense 22.1.2_1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021
I did find this post that says not to but compile from source. Wondering if that would help?
edit: hw probe
I did try different cables!
Code: [Select]
vi /usr/local/etc/pkg/repos/FreeBSD.conf
FreeBSD: { enabled: yes }
pkg update
pkg install intel-em-kmod
vi /boot/loader.conf.local
if_em_updated_load="YES"
RebootStill will not connect at 1000baseT <full-duplex>
Code: [Select]
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: LAN
options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
ether 70:4d:7b:x:x:x
inet x.x.x.x netmask 0xffffff00 broadcast x.x.x.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>OPNsense 22.1.2_1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021
I did find this post that says not to but compile from source. Wondering if that would help?
edit: hw probe
I did try different cables!
5
22.1 Legacy Series / Config Backup XML is HTML page
« on: March 06, 2022, 05:02:42 am »
I saved the backup of the config by clicking download and saving the config-[myrouterdns]-[date]-xml file.
I then replaced the hardware, installed a fresh copy opnsense, setup the basic config, and downloaded backup of a fresh config.
I went to compare the 2 xml files to migrate settings and realized that both xml files are actually the webpage.
Running:
OPNsense 22.1.2_1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021
I then replaced the hardware, installed a fresh copy opnsense, setup the basic config, and downloaded backup of a fresh config.
I went to compare the 2 xml files to migrate settings and realized that both xml files are actually the webpage.
Code: [Select]
<!doctype html>
<!--[if IE 8 ]><html lang="en-US" class="ie ie8 lte9 lte8 no-js"><![endif]-->
<!--[if IE 9 ]><html lang="en-US" class="ie ie9 lte9 no-js"><![endif]-->
<!--[if (gt IE 9)|!(IE)]><!--><html lang="en-US" class="no-js"><!--<![endif]-->
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="robots" content="noindex, nofollow, noodp, noydir" />
<meta name="keywords" content="" />
<meta name="description" content="" />
<meta name="copyright" content="" />
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" />
<title>Backups | Configuration | System | [myrouterdns] </title>
...
Running:
OPNsense 22.1.2_1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021
6
22.1 Legacy Series / Re: cyrus-sasl
« on: March 02, 2022, 08:25:04 pm »
Understandable, as a preemptive measure and to be respectful of your time: when the security/health checks are complete and issues were found, a link could be presented that takes end users to an opnsense webpage with information suitable to end users with general diagnosis procedures as you have presented, that could be updated with any pertinent or ongoing information. Again I appreciate your assistance.
7
22.1 Legacy Series / Re: cyrus-sasl
« on: March 02, 2022, 08:00:42 pm »
Franco, so what you are saying is that it is installed by something other than the core firewall. Got it. That still does not resolve the issue of opnsense health saying there it is vulnerable. Nor help figure what is causing the problem. I appreciate your attention, please understand I am an end user not a opnsense programmer.
"Indirectly" would seem to indicate plugins in the opnsense repo? Are these verified compatible somehow with new release versions and made sure they are not vulnerable? The only issue I noticed after upgrading is that os-dyndns was marked as misconfigured so I reinstalled that, then I saw that it is marked as legacy now, so I will work on switching to os-ddclient. I also am not using squid.
Quote
it's a relatively safe bet that when we do not configure SASL use from core that the vulnerable code is never used by us, even indirectly.
"Indirectly" would seem to indicate plugins in the opnsense repo? Are these verified compatible somehow with new release versions and made sure they are not vulnerable? The only issue I noticed after upgrading is that os-dyndns was marked as misconfigured so I reinstalled that, then I saw that it is marked as legacy now, so I will work on switching to os-ddclient. I also am not using squid.
8
22.1 Legacy Series / Re: cyrus-sasl
« on: March 02, 2022, 07:26:55 pm »Quote
Please stop trolling and start reading. This is ridiculous.
Cheers,
Franco, I am not trolling.
This is a response that I would typically see in pfsense. I legit do not see a resolution in your previous post, I see you posted some information on diagnosing, but no fix. I did a google search and found that 2.1.28 was updated 2.23.22 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262133 But I do not see an update for opnsense or how to get this fix.
9
22.1 Legacy Series / Re: Audits post latest update
« on: March 02, 2022, 06:19:13 pm »
for those that don't want to search... not sure why it was so hard to post.
Not sure why this was left around on the community build but I am sure lots of people will have this issue.
Still left with the "cyrus-sasl-2.1.27_2 is vulnerable:" error on the latest community build.
Code: [Select]
pkg remove py37-markupsafeNot sure why this was left around on the community build but I am sure lots of people will have this issue.
Still left with the "cyrus-sasl-2.1.27_2 is vulnerable:" error on the latest community build.
11
21.7 Legacy Series / Re: ACME Client - Validation Failed
« on: January 02, 2022, 07:00:25 pm »
Having this issue and can't remember how to fix it. This post came up first in the search result.
13
21.7 Legacy Series / Re: [SOLVED] Problem with SSL Certificate / ACME / HAproxy
« on: October 06, 2021, 03:56:43 am »
Didn't work form me. I got ERR_CERT_DATE_INVALID after following your instructions.
14
20.7 Legacy Series / Re: OpenVPN not saving settings
« on: October 10, 2020, 07:04:16 pm »Are you sure you are not running in live mode? When you trashed the server, did it go through the installation wizard? (disk choice, etc.)
Bart...
Not in live mode. This is install on desktop machine. I meant the openvpn wizard not the full install wizard.
15
20.7 Legacy Series / OpenVPN not saving settings
« on: October 10, 2020, 04:35:04 am »
I am having problems setting up the road warrior vpn. I am using OPNsense 20.7.3-amd64
When I try and use the Wizard it doesn't make any WAN rules to open the port I select. It creates the new interface but does not enable it. The firewall after enabling opt1 then has rules for OpenVPN and OPT1.
When I edit the server nothing is saved.
VPN -> OpenVPN -> Servers
Click pencil icon to edit, make any changes, Click save
Go back and edit again and the no changes were made.
I have to trash the openvpn server to try again.
When I try and use the Wizard it doesn't make any WAN rules to open the port I select. It creates the new interface but does not enable it. The firewall after enabling opt1 then has rules for OpenVPN and OPT1.
When I edit the server nothing is saved.
VPN -> OpenVPN -> Servers
Click pencil icon to edit, make any changes, Click save
Go back and edit again and the no changes were made.
I have to trash the openvpn server to try again.
Pages: [1] 2