Messages

hello, thanks, recently updated to `24.7.12_4`

opnsense will not boot, stuck at "Invoking start script 'freebsd'"

if i press 'ctrl+c', i get 'context canceled', then the boot continues and eventually, get to 'login:'

so, why will opnsense not boot fully, is it safe to use?

hello, thanks,

very confusing, do we use?
1. https://tailscale.com/kb/1097/install-opnsense
or
2. built-in Tailscale plugin

hello, thanks, hope i am posting in the correct section of the forum,

"System: Access: Users", i click on a user named `user01`

at "User Certificates", i want to add an already existing certificate, i do not want to create a new certificate.
but only i see the plus button, with the text "create new user certificate"

just want to assign an existing certificate to a user.

first, thanks for the reply.

i figured it out based on this topic from this forum.
The local and remote VPN endpoints cannot use

and the tricky thing for me was for to use the correct subnet mask for `/30`
"VPN: OpenVPN: Client Specific Overrides" - > "IPv4 Tunnel Network"
"10.10.0.42/30"

i am using this guide - https://docs.opnsense.org/manual/how-tos/sslvpn_client.html
i cannot get opnsense router to use the specifc ip address i want.

from "VPN: OpenVPN: Client Specific Overrides",
for common name "Donald", for "IPv4 Tunnel Network", i have tried variations of "10.0.10.16/24"


also, after making such a change, i always re-export the openvpn file and re-import it into my laptop.
do i need to do that or not?

hello, thanks, my first time, i setup the openvpn server with TOTP login. fantasic, it works great.
i figured out how to make a openvpn firewall rules and that also works well.
but now i need to allow a specific user to a specific machine and port.
how to change the source to a specific openvpn user?

currently, i have this rule

thanks,

does anyone run `opnsense` from a read-only source, such as a cd-rom or DiskOnModule?

hello, thanks,

i am confused, by default, if opnsense using a swap file?
and if so, how to move it to memory, same as "/var/log RAM disk" and "/tmp RAM disk"

from dashboard:
"SWAP usage 0 % ( 0/8192 MB )"

from system_advanced_misc.php, this setting is uncheck.
"Swap file Add a 2 GB swap file to the system"

from /etc/rc.conf, there is no "swapfile=", so does that mean, opnsense is not using swap.

swapinfo -k
Device          1K-blocks     Used    Avail Capacity
/dev/gpt/swapfs   8388608        0  8388608     0%

--------------

also, curious, what else does opnsense write to disk?
--- log files
if this is enabled, where does opnsense save logs?
Local Logging    Disable writing log files to the local disk

--- other stuff i would not know about, the so-called "unknown unkowns"

thanks, david

hello, thanks, using     OPNsense 23.1-amd64

using filezilla, when i try to connect to sftp, i get this, no idea why, please help?

Status:   Connecting to 192.168.62.1...
Response:   fzSftp started, protocol_version=11
Command:   keyfile "C:\data\c\combined\.self\opnsense\keys\root\opnsense-home.private.ssh"
Command:   open "root@192.168.62.1" 22
Error:   Connection timed out after 20 seconds of inactivity
Error:   Could not connect to server

[df]

hello, thanks,

an idea popped into my head, to use a DOM, instead of a hard drive.
when i checked the opnsense dashboard,
i was amazed that only this is used [
SWAP usage 0 % ( 0/8192 MB )
Disk usage 1% / [ufs] (5.4G/442G)

here is the output of df

root@OPNsense:~ # df
Filesystem      1K-blocks    Used     Avail Capacity  Mounted on
/dev/gpt/rootfs 463893544 5926272 420855792     1%    /
devfs                   1       1         0   100%    /dev
devfs                   1       1         0   100%    /var/dhcpd/dev

and then i found out at a supermicro dom 16GiB is approx $40.00

so i wanted to know a few things, please
--- has anyone done this, any advice?
--- any other overall comments?

thanks,
david

i got it working.
1. changed the IPv4 Tunnel Network to 10.11.0.0/24
2. changed the openvpn firewall to pass that ip range.

thanks

"shouldnt be necessary"
yeah, that is why i am looking for more protection.

thanks much

hello and thanks,

i have to connect to another openvpn server that uses.

Code Select Expand

IPv4 Address. . . . . . . . . . . : 10.10.0.21(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 10.10.0.1


my opnsense router for the openvpn connection uses

Code Select Expand


IPv4 Tunnel Network 10.10.0.0/24


so i need to change the setting for opnsense but not sure what to change it without locking myself out of the router.
would this work?

Code Select Expand

10.11.0.0/24

and if i make that change, do i need to re-export all the client config files?

thanks so much,

hello and thanks,

i could not find fail2ban package?

is it not supported or is there a opnsense version or alternative.
i am trying to better protect openvpn server.

thanks,
david

thanks.

from https://www.ipfingerprints.com/portscan.php
i get `23/tcp open|filtered telnet`

as per the opnsense firewall gui, there is not a `drop`.
only `pass, block, reject` where block = `block the packet is dropped silently`

sorry but i am confused about the terminology.
perhaps filtered is the same as blocked?