Messages

Hello everybody,

I wanted to try to always reserve the same ip when a specific user connects via VPN but, after a few attempts since it didn't work, I deleted the profile created from the "Client Specific Overrides" section.
I tried everything with my account.
Although I have also exported the new configuration file, the Openvpn client continues to look for the old custom parameters set.
I haven't restarted the Openvpn server because I can't do it in office hours I would cut off a hundred connections, is this what needs to be done to have a complete delete of the old test configuration or is there another less destructive way?

Thank you all.

Hello everybody,

I have a need but I don't know if it is possible to make it happen.
I wish I could choose which VPN users can or cannot reach individual servers and multiple servers without allowing each user to get anywhere.

Thank you all.

Hello to all,

I would like to be able to always associate the same IPs to certain users who connect via VPN in such a way as to be able to authorize them to reach only certain servers on the internal network.
How can I do and how should I configure the firewall at the level of openpvn server and rules?

Thank you all.

Hello everyone again.
I solved the problem by simply going to the "firewall"> "Aliases" menu and clicking apply on both "aliases" and "geoip settings".
I hope this bug which I believe is a GUI bug will be fixed in the next versions.

Thanks.

Hello to all,
as per object I have this serious problem.
After updating from version 21.1 to version 21.7 I noticed that if I create new rules and apply the changes none of these new rules are applied and the traffic is dropped from the logs.
Haven't tried rebooting as it's a production firewall and wanted to figure out if it's possible to fix without doing it.
I hope it is possible as it would be incredible to have to do this for every rule created.

Thank you all.

Hello to all,
the problem was solved by simply reapplying the plugin configuration.
It is also sufficient to just change the logging level and apply.

Hello to all,

I have updated my two nodes (active-passive) to the latest version and everything works fine but I noticed an anomaly that I could not solve.
Among the services listed in the dashboard, the ACME client on the master node is stopped while on the slave it is started.
If I try to start it on the master by clicking on play it does not start.
I also tried from shell to identify which service is connected but I did not find it.
The plugin works as it handles https calls to internal servers well.

Thank you all.

If your asking to test the work around as posted by HAPROXY, I can't see any guidance on how to test it.

For myself, I trust that the vendor's workaround is correct. If you want more assurance including some sort of test (which could involve crafting a malicious header), that's not something I'd every try.

Perhaps you could go back to HAPROXY and post on their forums to ask for information, it's certainly well beyond the scope of OPNsense.

https://www.haproxy.com/blog/september-2021-duplicate-content-length-header-fixed/

Hello,

thanks again for all the support.

Hi Nzkiwi68,

Thank you very much, for the precise indication.
Can you also tell me how I could test everything maybe even using if there is any tool?

Thanks again.

Hi Sorano,

how can I apply the two mitigation strings indicated at the end of the article directly from the plugin configuration GUI?

https://www.haproxy.com/blog/september-2021-duplicate-content-length-header-fixed/

Thanks

Sorano thanks again, I found there certificates.
So I guess I'll have to replicate the let's encrypt plugin configuration by hand right?
Isn't there a way to sync it automatically?

Thanks

Sorano thanks.

The option to synchronize the certificates was already enabled but when I go to see on the slave, under the heading certificates of the let's encrypt plugin, there is no certificate and no other settings that are present on the master.

Thanks again

Hello to all,
I have this problem: I have installed and configured the Let's Encrypt plugin to use HTTPS for some services and everything works great.
I also configured HA proxy and everything is ok but let's encrypt configuration it is not possible to synchronize it with my second backup node as it does not appear among the selectable items in the high reliability menu.
How can I do it in such a way that I switch to the second node also through this I can use HTTPS?

Thank you all.

Hello everybody,

we have two firewalls in HA and both are two Hyper-V VMs.
For about a month now our vpn connection established with openvpn client is constantly disconnected.
It can happen after 5 minutes, after 15 or after 2 etc.
Previously we had never had problems with disconnections and everything started for about a month.
In this period we have not changed any important configuration, indeed we have not touched anything fundamental for months.
I have enabled the deep log of the openvpn server and it would seem, from some online research, that it could be a problem related to an excessive network load and among the things they recommend is to switch from UDP to TCP.
But before changing the protocol in the openvpn server configuration I wanted to update the physical server to the latest patches and then also upgrade the firewalls but I also wanted to ask you something:
connecting to the console of the two nodes I noticed that both the slave and the master show the message you find attached.
Could it be related to the issue of openvpn disconnections?
And what does it mean?

Thank you all.

Hello everybody,

after updating my two nodes in HA to the latest version I noticed that if I look for updates on the slave from the web gui, the search remains in loop without showing any message while everything is ok on the master.
If I run the search for updates from the shell everything works telling me that there are no updates available.

Thank you all.