Messages

1

24.7 Production Series / Re: Can't delete user certificates

« on: August 29, 2024, 06:57:21 am »

Been working with PCEngines hardware. Took my config from my current APU2C2 and moved it over to my older ALIX.6E1 and then was able to remove the certificates. Then saved the config and moved the config over to the newer APU2C2 and that worked. A real Kludge but better than having to go to factory default settings and then add back in all of the configuration manually.

2

24.7 Production Series / Re: Can't delete user certificates

« on: August 28, 2024, 06:52:24 am »

I recently updated my OPNSense from version 19.7 to 24.1. Now I'm trying to remove a couple of certificates under System>>>Trust>>>Certificates but I get "Item is in use by" "step9 - {wizardtemp.step9}" and "Item is in use by" "webgui - {system.webgui}".

I have disabled https and now use http. So the webgui should not be using a certificate anymore. Also, I have removed OpenVPN server so that other certificate should not be in use either.

The alternative is to restore factory detault settings and then manually restore only my desired configuration. Don't really want to do this. I would be willing to run a command line command as root to delete these two certificates. Any suggestions?

3

General Discussion / Re: OPNsense on Netgate SG-2220

« on: January 22, 2021, 09:04:29 pm »

I just tried to install OPNsense 20.7 on Netgate SG-2220.  It stalls on installation on the serial console.  Funny thing is that also the pfsense 2.4.5x stock download also has troubles on the installation and stalls on the serial console.  Come to find out that it's required to make a special request to Netgate to get an ADI pfsense image that allows a clean serial installation of pfsense.  Read somewhere that the Intel Atom used has some bugs that needs a workaround.  In other words the Netgate SG-2220 is proprietary and requires a proprietary image.

I'm bummed but I successfully have migrated my two router/firewall setup to two PCEngines APU2 boxes and successfully migrated all of my previous configurations.  Success !  Unfortunately, I cannot transition my SG-2220 from pfsense to OPNsense.  Bummer as I have a mSATA drive and a 802.11n WiFi mPCIe installed.  Should probably sell it.

4

Virtual private networks / Re: ovpn site to site (server waiting, client up)

« on: January 21, 2021, 10:09:57 pm »

Mea culpa.  Now have Peer to Peer Shared Key (Site to Site) and Remote Access (SSL/TLS + User Auth) both working.

However, I did learn more than the online documentation, stumbled across a youtube video online that was just over 20 minutes that enlightened me about having two VPN on a single appliance that also included setting the Floating Rules and the Single Gateway and new VPN interface assignments.  The title included VPN between 2 OPNsense boxes and also OPNsense and pfsense.

I'm very pleased with migration to two OPNsense boxes.

5

Virtual private networks / Re: ovpn site to site (server waiting, client up)

« on: January 19, 2021, 05:49:23 pm »

I'm using version 20.7 on both OPNsense appliances.

6

Virtual private networks / ovpn site to site (server waiting, client up)

« on: January 18, 2021, 07:05:06 pm »

I've just deployed OPNSense 20.7 on two APUC2 appliances at two different sites wiith public IPs and I'm struggling to get the ovpn site-to-site server side to come up.  The client is up but the server is stuck in 'waiting' connection status.

I've got a couple of questions:

#1 Followed the documentation in detail on the docs.opnsense.org site for Setup SSL VPN site to site tunnel.  On the client side ... Where is the configuration for the Server Certificate SSLVPN Server Certificate (CA: SSL VPN CA) ? I cannot find where to set this configuration item.

#2 How can I resolve the issue with the status on the server and client sides that in the logs shows as

server
--snip
openvpn[21380]      MANAGEMENT: Client disconnected   
openvpn[21380]   MANAGEMENT: CMD 'quit'   
openvpn[21380]    MANAGEMENT: CMD 'status 2'
--snip

client
--snip
openvpn[18974]   MANAGEMENT: Client disconnected   
openvpn[18974]   MANAGEMENT: CMD 'status 2'   
openvpn[18974]   MANAGEMENT: CMD 'state all'
--snip

p.s.
1. I have the road warrier vpn working in both directions
2. Just migrated the two appliances from pfsense to opnsense