1
23.7 Legacy Series / Re: Wireguard interface not coming up on reboot, error in logs
« on: December 04, 2023, 08:38:02 pm »
Hey jbattermann. Did you solve this issue?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
Development and Code Review / Re: Command as a daemon
« on: June 09, 2023, 04:12:55 pm »
Hi 9axqe,
I've setup cloudflared on a Proxmox server instead, but I've written down for myself what my solution back then was. I'm sure there's a better way to do it now.
These are the steps I did back then to enable it as a service:
1. My config is in /root/.cloudflared/config.yml
2. Create this file: /etc/rc.d/argotunnel
4. Add to /etc/rc.conf:
I've setup cloudflared on a Proxmox server instead, but I've written down for myself what my solution back then was. I'm sure there's a better way to do it now.
These are the steps I did back then to enable it as a service:
1. My config is in /root/.cloudflared/config.yml
2. Create this file: /etc/rc.d/argotunnel
Code: [Select]
#!/bin/sh
. /etc/rc.subr
name="argotunnel"
rcvar="argotunnel_enable"
argotunnel_flags="tunnel --config /root/.cloudflared/config.yml"
command_args="run"
command="/usr/local/bin/cloudflared"
load_rc_config $name
run_rc_command "$1"
3. chmod +x /etc/rc.d/argotunnel4. Add to /etc/rc.conf:
Code: [Select]
argotunnel_enable='YES'5. Create this script: /root/.cloudflared/automatic_restart.shCode: [Select]
#!/bin/bash
SERVICE="cloudflared"
if pgrep -x "$SERVICE" >/dev/null
then
echo "$SERVICE is running"
else
echo "$SERVICE stopped"
/usr/sbin/daemon /etc/rc.d/argotunnel start
fi6. Create a cron action: /usr/local/opnsense/service/conf/actions.d/actions_argotunnel.confCode: [Select]
[start]
command:/bin/sh /root/.cloudflared/automatic_restart.sh
parametes:
type:script
message:starting cloudflared if necessary
description:Check and restart cloudflared7. Restart cron servicesCode: [Select]
service configd restart
8. Create a cron in the OPNsense UI with "Check and restart cloudflared” as command
3
23.1 Legacy Series / Re: How to route both IPv6 and IPv4 via CloudFlare WARP
« on: May 23, 2023, 02:36:39 am »
I’ve been trying this for a long time now. Can you explain how you’ve set it up in detail? Would really appreciate it!!
4
General Discussion / Re: CloudFlare Warp Plus Wireguard
« on: September 21, 2021, 10:15:37 am »
Same for me 
This is some more info I found how to do it: https://www.reddit.com/r/PFSENSE/comments/owg78a/sending_traffic_over_cloudflare_warp/
This is some more info I found how to do it: https://www.reddit.com/r/PFSENSE/comments/owg78a/sending_traffic_over_cloudflare_warp/
5
General Discussion / Re: CloudFlare Warp Plus Wireguard
« on: May 26, 2021, 08:59:41 am »
Hey mrancier, did you manage to get this working?
6
General Discussion / Re: Anyone using DoT or recommend added security for my new OPNsense install?
« on: April 06, 2021, 10:45:23 am »
Hi all,
First of all, this is to setup DoT using Cloudflare Teams, not just Cloudflare. Teams is free under 50 users.
Both fields under Miscellaneous are empty.
Once you've setup this, you should see the DNS requests in the logs on your Cloudflare Teams Dashboard as well (Logs > Gateway).
First of all, this is to setup DoT using Cloudflare Teams, not just Cloudflare. Teams is free under 50 users.
Do you have DoT setup (https://1.1.1.1/help)?Yes! This is my result: https://1.1.1.1/help#eyJpc0NmIjoiTm8iLCJpc0RvdCI6IlllcyIsImlzRG9oIjoiTm8iLCJyZXNvbHZlcklwLTEuMS4xLjEiOiJZZXMiLCJyZXNvbHZlcklwLTEuMC4wLjEiOiJZZXMiLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMTExIjoiTm8iLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMDAxIjoiTm8iLCJkYXRhY2VudGVyTG9jYXRpb24iOiJCUlUiLCJpc1dhcnAiOiJObyIsImlzcE5hbWUiOiJDbG91ZGZsYXJlIiwiaXNwQXNuIjoiMTMzMzUifQ==
Did you add the above to Custom options with your gateway ID?Yes, you should add the above code into Custom Options, but change the xxxxxxxxx with your gateway ID from Cloudflare.
Under Miscellaneous do you have anything under DNS over TLS Servers?
Both fields under Miscellaneous are empty.
Cadish, your example has a bunch of xxxxxxxxx in it, is that default or are we supposed to plug in some type of information there?Yes, the xxxxxxxxx is something you need to replace with your Gateway ID from Cloudflare. It's an ID which is linked to a Location that you've set. You can find it in your Cloudflare Teams Dashboard > Gateway > Locations > Edit (on a location). On that page, you can find the ID's to replace the xxxxxxxxx with.
Once you've setup this, you should see the DNS requests in the logs on your Cloudflare Teams Dashboard as well (Logs > Gateway).
7
General Discussion / Re: Anyone using DoT or recommend added security for my new OPNsense install?
« on: April 03, 2021, 08:33:49 pm »
I'm using Cloudflare Teams and Unbound as well. This way I also can set some extra policies at Cloudflare to increase my security level even more.
This is my config:
This is my config:
Code: [Select]
# TLS Config
tls-cert-bundle: "/etc/ssl/cert.pem"
# Forwarding Config
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 172.64.36.1@853#xxxxxxxxx.cloudflare-gateway.com
forward-addr: 172.64.36.2@853#xxxxxxxxx.cloudflare-gateway.com
forward-addr: 2a06:98c1:54::28a@853#xxxxxxxxx.cloudflare-gateway.com
8
General Discussion / Unbound - see blocked domains
« on: March 18, 2021, 10:54:41 am »
Hi,
I've setup Unbound, but on some sites I have trouble to login. It is very difficult to get this solved as I need to whitelist every domain the sites are linking to, which is sometimes a very tedious job.
Is it possible to see somewhere which domains have been blocked in the last period?
Thanks
Cadish
I've setup Unbound, but on some sites I have trouble to login. It is very difficult to get this solved as I need to whitelist every domain the sites are linking to, which is sometimes a very tedious job.
Is it possible to see somewhere which domains have been blocked in the last period?
Thanks
Cadish
9
21.1 Legacy Series / Re: Very strange cron behaviour
« on: February 25, 2021, 09:17:45 am »
The issue seems to be solved by removing unreachable URL tables. Rebooted a few times and the cron jobs run just fine now.
It's quite strange to me that these could influence the correct starting of the cron jobs.
Regards,
Cadish
It's quite strange to me that these could influence the correct starting of the cron jobs.
Regards,
Cadish
10
21.1 Legacy Series / Re: Very strange cron behaviour
« on: February 24, 2021, 05:48:30 pm »
I removed some old url tables from the firewall aliases (which were redirecting to 404's), and the cron jobs seems to load fine now. Don't know if this is possible or just coincidence?
Will reboot a couple of times in the next days, but hopefully my problem is solved now...
Will reboot a couple of times in the next days, but hopefully my problem is solved now...
11
21.1 Legacy Series / Re: Very strange cron behaviour
« on: February 24, 2021, 11:43:02 am »
Thanks for your reply jonf!
I will try to move my file somewhere else. But I notice that it's also affecting cron jobs not created by me, like "ids update" by Suricata. It doesn't run at 23h45, unless cron is restarted manually. So I guess something bigger than my own script is blocking cron to run after a reboot...
This is my /var/cron/tabs/nobody file:
I will try to move my file somewhere else. But I notice that it's also affecting cron jobs not created by me, like "ids update" by Suricata. It doesn't run at 23h45, unless cron is restarted manually. So I guess something bigger than my own script is blocking cron to run after a reboot...
This is my /var/cron/tabs/nobody file:
Code: [Select]
# DO NOT EDIT THIS FILE -- OPNsense auto-generated file
#
# User-defined crontab files can be loaded via /etc/cron.d
# or /usr/local/etc/cron.d and follow the same format as
# /etc/crontab, see the crontab(5) manual page.
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
#minute hour mday month wday command
# Origin/Description: IDS/ids rule updates
45 23 * * * /usr/local/sbin/configctl ids update
# Origin/Description: cron/Check connection and reboot if necessary
*/5 * * * * /usr/local/sbin/configctl ping_check load
12
21.1 Legacy Series / Re: Very strange cron behaviour
« on: February 24, 2021, 08:58:17 am »
To add to the strange behaviour: sometimes the cron is loaded correctly after a reboot, sometimes not...
And this goes for all cron jobs, not only the one above... no cron jobs run until I hit "Apply" on the cron page.
Am I really the only one with this problem? What's the best approach to get this issue fixed? Really don't know what to look for, as I have no errors or whatsoever... (that I know of)
Cadish
And this goes for all cron jobs, not only the one above... no cron jobs run until I hit "Apply" on the cron page.
Am I really the only one with this problem? What's the best approach to get this issue fixed? Really don't know what to look for, as I have no errors or whatsoever... (that I know of)
Cadish
13
General Discussion / Re: Looking to install OPNsense and Ad blocking.
« on: February 20, 2021, 05:02:05 pm »
Adguard is only installed on some devices, not all. I don't know if Sensei is adding a lot of value in top or not... Probably all of these have a lot of overlap, but why not just do it if it's possible... An ad (or malware) which is not blocked by one is hopefully blocked by the other...
14
21.1 Legacy Series / Very strange cron behaviour
« on: February 19, 2021, 09:04:50 am »
Hi all,
I've setup a cron job to restart my WAN interface when my connection drops and reboot if this doesn't help, according to the post of marjohn56.
I've setup a cron job in the GUI as described (see attachment).
Now comes the strange thing: after a reboot, the cron job doesn't start, unless I hit "Apply" on the cron page again. So after each reboot, I must hit the "Apply" button (even without changing anything) before the cron job starts successfully every 5 minutes.
Any clue what can be wrong?
Thanks
Cadish
I've setup a cron job to restart my WAN interface when my connection drops and reboot if this doesn't help, according to the post of marjohn56.
I've setup a cron job in the GUI as described (see attachment).
Now comes the strange thing: after a reboot, the cron job doesn't start, unless I hit "Apply" on the cron page again. So after each reboot, I must hit the "Apply" button (even without changing anything) before the cron job starts successfully every 5 minutes.
Any clue what can be wrong?
Thanks
Cadish
15
General Discussion / Re: Looking to install OPNsense and Ad blocking.
« on: February 14, 2021, 08:18:52 pm »
I have a combination of unbound with proper blacklists, sensei free and adguard on my devices. Works very well!
Pages: [1] 2