Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - sewi

#1
You're right, there's something else amiss.
I was confused, because it always worked, the only thing I changed was the TOTP setting and installing updates, and the log by default didn't show me anything.

After changing the level to informational, I see that the PubkeyAcceptedAlgorithms default must have changed during one of the updates and as such, the login failed. =/

Thanks!
#2
Hey there,

I've been using public keys to automatically access my opnsense boxes. Ever since I switched the authentication to TOTP, public key over SSH no longer works (password auth with the TOTP token prepended does work).

Is that intentional / how do I incorporate the TOTP token into the SSH public key authentication?
#3
As an update, I reinstalled, logs started working again,
then I imported the config backup, and now the logs are dead once more - same as before.

I'd rather not redo the entire configuration ...
#4
Hi there,

I'm having this problem for a while now, and I wonder if that can be fixed without scrapping the entire system and reinstalling.

Basically, I don't get any logging from the firewall at all, meaning:
Live View: shows an empty table that simply stays empty.
Overview: shows "no data available" on all tabs.
Plain View: shows "no results found!"

On the console, filter.log is empty and untouched (timestamp stays at the timestamp when the logs were last cleared, and the file itself is empty).

Any other log files work.
Changing "Disable circular logs" makes no difference, the "syslog-ng" service is running, and restarting / stopping and then restarting it makes no difference.
"Log Firewall Default Blocks" are all checked.
A remote syslog server is used, and it's receiving log entries - but nothing from the firewall, even though there are rules that should log something.

Running OPNsense 21.1.2-amd64 at the moment.


Anything else I can check?
Thanks!
#5
Hi,

opn.sense.nz was what was configured by default (curl.haxx.se appears to be the official website of curl).
If I set it to anything else (currently using ServerBase AG in Zurich), updating works.

In the attachment is what my firmware page suggests (note the opn.sense.nz entry). Frankfurt is the closest location, so I picked that mirror. I haven't changed anything else about the updates, as far as I can remember.

I installed opnSense from the "OPNsense-20.7-OpenSSL-dvd-amd64.iso.bz2" file, downloaded on Aug 21, 2020 8:38 CEST (SHA1: 98 56 39 c4 5c e4 1e 8d 5a f0 2b 9b 25 63 39 b5 6e d9 f4 7a).

#6
Hey there -

When trying to update my opnSense installation (OPNsense 20.7-amd64), I get certificate errors:

# pkg update
Updating OPNsense repository catalogue...
SSL certificate subject doesn't match host opn.sense.nz
SSL certificate subject doesn't match host opn.sense.nz
SSL certificate subject doesn't match host opn.sense.nz
pkg: https://opn.sense.nz/FreeBSD:12:amd64/20.7/latest/meta.txz: Authentication error


Here's a curl to that URI:

# curl https://opn.sense.nz/FreeBSD:12:amd64/20.7/latest/packagesite.txz
curl: (60) SSL: no alternative certificate subject name matches target host name 'opn.sense.nz'
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.


When opening https://opn.sense.nz I get a certificate issued to cloud.computerfritze.net (see attached file), running a NextCloud installation, so the certificate rejection is legit.

# host opn.sense.nz
opn.sense.nz has address 85.214.164.108
opn.sense.nz has address 85.214.164.111
opn.sense.nz has address 85.214.164.113
opn.sense.nz has address 85.214.164.110
opn.sense.nz has address 85.214.163.76
opn.sense.nz has address 85.215.87.199
opn.sense.nz has IPv6 address 2a01:238:42d8:f300:8b23:ec47:1e30:aa9c
opn.sense.nz has IPv6 address 2a01:238:43e2:2d00:315c:85b7:ed77:1ae5
opn.sense.nz has IPv6 address 2a01:238:4363:4a00:ea69:e1e:6281:95fe
opn.sense.nz has IPv6 address 2a01:238:427b:8e00:81ca:d012:b06e:f0fd
opn.sense.nz has IPv6 address 2a01:238:4302:1d00:22d2:99da:2007:6f99
opn.sense.nz has IPv6 address 2a01:238:4215:c00:fca0:f2ae:3d66:3e7f
# host cloud.computerfritze.net
cloud.computerfritze.net has address 85.214.164.108
cloud.computerfritze.net mail is handled by 5 smtpin.rzone.de.



I can replicate that in the company network, as well as the home network, both using the Austrian A1 provider.
Nameservers are 8.8.8.8 and 8.8.4.4.

Any ideas?
Any ideas?