Messages

Ok, thanks for confirming that. I will renew all and take care next time :-)

Just want to do that because I have much more servers than clients...

I did try what I suggested but seems not working... Clients are complaining not recognizing the server certificate, even if the CA was signed with the initial private key... I fear that I will have to renew all my stuff, just did it 2 weeks ago and did not noticed the CA expiration coming soon... My fault...

Dear all,

Just a basic question there. I use OPNSense to manage all my internal SSL certificates. My internal certificate authority is going to expire in a couple of weeks and I'm just wondering whether it is possible to renew the existing CA. If a create a new one, I'll need to renew all my SSL certificates within my network.

I think I may avoid this by using the existing CA private key to sign the renewed CA, but I don't know how to do it on OPNSense.

Should I simply create a new CA on an external system, using the current private key for signature?

Cheers,
R.

Franco, you are just amazing  ;D

I'm able to sign my certs again.

Cheers

# opnsense-patch 854350f14bc

Digging a little be more into it, here is the pkg check output.

Do you think this may by linked?

Code Select Expand

root@mercure:~ # pkg check -da
Checking all packages: 100%
py37-markupsafe has a missing dependency: python37
py37-markupsafe has a missing dependency: py37-setuptools
py37-markupsafe is missing a required shared library: libpython3.7m.so.1.0

>>> Missing package dependencies were detected.
>>> Found 2 issue(s) in the package database.

pkg: No packages available to install matching 'python37' have been found in the repositories
pkg: No packages available to install matching 'py37-setuptools' have been found in the repositories
>>> Summary of actions performed:

python37 dependency failed to be fixed
py37-setuptools dependency failed to be fixed

>>> There are still missing dependencies.
>>> Try fixing them manually.

>>> Also make sure to check 'pkg updating' for known issues.

Dear all,

I've upgraded to OPNSense version 22.7.6 and since then, I'm no more able to sign my SSL certificates for my internal PKI.  :-[

This is what I do:

System > Trust > Certificates > Sign a Certificate Signing Request

The Show Details looks great.

Then Next and I get the message Unknown Error Occurred. Try Again.

The crash reporter indicates the following:

Code Select Expand

[22-Oct-2022 07:57:33 Europe/Paris] PHP Fatal error:  Uncaught Error: Call to undefined method phpseclib3\File\X509::getOID() in /usr/local/www/system_certmanager.php:134
Stack trace:
#0 /usr/local/www/system_certmanager.php(411): parse_csr('-----BEGIN CERT...')
#1 {main}
  thrown in /usr/local/www/system_certmanager.php on line 134

Code Select Expand

User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Safari/605.1.15
FreeBSD 13.1-RELEASE-p2 stable/22.7-n250239-dde4437e8f2 SMP amd64
OPNsense 22.7.6 2eef9015b
Plugins os-net-snmp-1.5_1 os-ntopng-1.2_1 os-redis-1.1_1 os-vmware-1.5_1 os-zabbix-agent-1.13
Time Sat, 22 Oct 2022 08:00:50 +0200
OpenSSL 1.1.1q  5 Jul 2022
Python 3.9.14
PHP 8.0.24

I'm just stuck at that stage, because I have a lot of clients relying on this authority  :-\

Any idea?

Cheers

Yes I guess this is the clue thank you!

I've found the following thread where someone encountered the same issue :

https://forum.opnsense.org/index.php?topic=19378.0

Sometime amazing how you can waste time for almost nothing. I did check everything but Mac addresses 😤

Hi there,

I've been struggling for two days with a very weird problem.

I run OPNSense on a VM on ESXi 6.7 with 3 interfaces (LAN, WAN and DMZ). No rocket science till now.

I wanted to add a new interface for a 4G backup connection. However, as soon as a add this new interface in VmWare (just adding this new interface, nothing more), when I reboot OPNSense, the LAN interface does not respond anymore. If a have a look at startup summary, the IP is the good one, on my LAN network plan. I use static IPs.

I don't understand why just adding a new interface could lead to unresponsiveness on my LAN IF  :-\

Totally stuck at that point.

Any advice would be very appreciated.....

Hi there,

Still having some trouble with those strange pflog0: promiscuous mode disabled / enabled in my log file.

What is pflog0 actually ?

Cheers,

R.

Hi there!

Obviously my post is confusing I do apologize.

When I say I lost the connection, that's due to the fact OPNSense becomes unresponsive.

Digging a little bit in ESXi log file, I found the following strange message happening from time to time, related to the VM linked to OPNSense

Code Select Expand

2021-02-12T18:32:47.919Z| vmx| I125: Destroying virtual dev for scsi0:0 vscsi=8336
2021-02-12T18:32:47.919Z| vmx| I125: VMMon_VSCSIStopVports: No such target on adapter

I didn't found yet is this may be a root cause.

Just thinking about my underlaying VMWare infrastructure rather than a faulty OPNSense...

Cheers

Dear all,

This is a desperate call for help because I'm now struggling for months with disconnection issues, happening randomly on OPNSense.

My setup :
PowerEdge R240 - ESXi 6.7 and OPNSense 21.1 running in a VM.

Everything worked smoothly for months and the first issue happened since version 20.7.
I do experience random network disconnection. When this happens, OPNSense interfaces becomes totally unresponsive, but access to console remains possible.
I've checked for logs, but nothing really significant neither on ESXi side, nor in OPNSense. The only thing correlated with this frozen state, is a bunch of pflog0: promiscuous mode enabled / disabled in OPNSense log file. Sometimes hundreds of entries, looks like if something is looping.

I don't know how / what investigate further and this issue just makes me crazy.

Just thinking about switching to pfSense to see if this issue still remains.

I've seen dozen of similar issues in this forum, but never seen any outcome / resolution.

Any help would be really appreciated.

Cheers

Ok.... Same here.

And do you have open-vm tools installed? I think I don't  ???

R.

Thanks ! I've only 2 other VM running Debian...

Are you using VMXNET3 adaptor? For all of OPSense interfaces?

Hi there,

Looks like I've a very similar issue here... OPNSense was running well for months but suddenly interfaces begun to be stuck. Rebooting OPNSense usually solves temporarily the problem, but if I reboot the hypervisor itself then I'm quiet for several days. This issue just makes me nuts because I've a lot of services relying on my network connection.

I suspected Wireguard, but seems to occurs even if the service if off...

An answer I received this morning told me about another VM that could cause the system NIC to freeze. I remember my problem appeared suddenly one day, without having changed anything on the system... but perhaps a new VM

Do you remember if you noticed this issue after having added a new VM?

R.

Maybe it's time to have a look at faulty RAM or network interfaces? Just saying...

From time to time I see this DEVD detach/attach for WAN, mostly directly after rebooting the boxes. No system freeze included though.

I did run a memory test ok.

Is there a way to identify a faulty NIC?

When rebooting the box, this message appears systematically but just once.

R.