Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - droumanet

Pages1
#1
General Discussion / Is my configuration correct for transparent proxy with UT blacklist?
June 11, 2025, 08:40:01 AM
I'm trying to use the transparent proxy functionality with my OPNsense firewall but I'm unsure it's ok.
First of all, I've followed the two tutorials:
I can read the list, choose categories, then download and apply.

On client side, I've downloaded the root certificate and it works for some websites... but a lot of sites fall on "access denied" squid error page.
My question is about the order: is the proxy block all but not access control list (categories) or it block categories and should let go for all others websites?
#2
Web Proxy Filtering and Caching / Re: UT1 blacklist not showing category.
April 07, 2025, 11:39:38 PM
Using 25.1.4 version and list UT1: categories are back.
Seems to be ok now.
#3
Web Proxy Filtering and Caching / Re: Help with Squid Web Proxy Filter
April 07, 2025, 11:32:14 PM
It's not possible, as is, because it's URLs that are checked.
When searching for a bad website, the URL is the search engine's URL...
#4
24.7, 24.10 Series / Re: Unable to use SSH when i disable Permit password login
December 23, 2024, 11:58:03 AM
The solution seems very secure, but I would to know more: how is generated the key on my laptop (linux)?
I'm not very aware about the SSH security.
I suppose the SSH key is present on my laptop and I've to share it with OPNsense server by the process explain by Patrick...
#5
Web Proxy Filtering and Caching / Re: Squid transparent mode not listening on SSL Proxy Port
December 22, 2024, 10:38:16 PM
On my version 24.7.11_2, I could find these lines in /usr/local/etc/squid/squid.conf

Code Select
# Setup transparent mode listeners on loopback interfaces
http_port 127.0.0.1:3128 intercept ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on
http_port [::1]:3128 intercept ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on
https_port 127.0.0.1:3129 intercept ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on
https_port [::1]:3129 intercept ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on

# Setup regular listeners configuration
http_port 172.31.0.1:3128  ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on
The file should not be manually modified, you should follow the documentation: https://docs.opnsense.org/manual/how-tos/proxytransparent.html (especially check SSL inspection in "Forward proxy" tabs)
Hope this could help you...
#6
Web Proxy Filtering and Caching / Re: Squid web proxy problem while filtering blacklist
December 22, 2024, 09:24:53 PM
Oh, I've forgot to say, I'm trying to use SNI function (opnsense forum about SNI)
#7
Web Proxy Filtering and Caching / Squid web proxy problem while filtering blacklist
December 22, 2024, 09:00:36 PM
I've a good hardware (Intel i5 6 cores, 12 GB RAM, 250GB harddrive), but when activating squid web proxy, after a random time, all access to Internet fails.

Here are some logs I've captured before stopping redirection to squid. Then all become right.

Code Select
Date                            Gravité Process     Ligne
2024-12-19T10:51:28.446 949822 172.31.0.94 TCP_TUNNEL/200 378 CONNECT ads.betweendigital.com:443 - ORIGINAL_DST/188.42.196.115 -
2024-12-19T10:51:28.446 939400 172.31.0.94 TCP_TUNNEL/200 6692 CONNECT user-sync-api.anyclip.com:443 - ORIGINAL_DST/52.4.153.165 -
2024-12-19T10:51:28.446 930495 172.31.0.97 TCP_TUNNEL/200 0 CONNECT nuage03.apps.education.fr:443 - ORIGINAL_DST/194.167.72.51 -
2024-12-19T10:51:28.446 10130846 172.31.0.51 TCP_TUNNEL/200 7239 CONNECT client.wns.windows.com:443 - ORIGINAL_DST/172.172.255.218 -
2024-12-19T10:51:28.446 1565178 172.31.0.60 TCP_TUNNEL/200 463 CONNECT mqtt-mini.facebook.com:443 - ORIGINAL_DST/157.240.196.34 -
2024-12-19T10:51:28.446 999533 172.31.0.1 TCP_MISS_TIMEDOUT/502 38071 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:51:28.446 999533 172.31.0.1 TCP_MISS_TIMEDOUT/502 13542 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 120589 172.31.0.158 TCP_TUNNEL/200 6877 CONNECT pixel.rubiconproject.com:443 - ORIGINAL_DST/69.173.146.5 -
2024-12-19T10:49:38.720 65435 172.31.0.158 TCP_TUNNEL/200 5267 CONNECT www.googleadservices.com:443 - ORIGINAL_DST/172.217.29.98 -
2024-12-19T10:49:38.720 65435 172.31.0.158 TCP_TUNNEL/200 5267 CONNECT www.googleadservices.com:443 - ORIGINAL_DST/172.217.29.98 -
2024-12-19T10:49:38.720 12554 172.31.0.38 TCP_TUNNEL/200 1054 CONNECT x.com:443 - ORIGINAL_DST/104.244.42.1 -
2024-12-19T10:49:38.720 908495 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908495 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908496 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908496 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908496 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908496 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908496 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908496 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908497 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908497 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908497 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908497 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908497 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908498 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908498 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908498 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908498 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908498 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908499 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908499 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908499 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908499 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908499 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908500 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908500 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908500 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908500 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908500 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908501 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908501 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908501 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908501 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908501 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908502 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908502 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908502 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908502 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908502 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908502 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908503 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908503 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908503 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908503 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908503 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908504 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908504 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908504 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908504 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908505 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908505 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908505 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908505 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908505 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908530 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908530 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908530 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908530 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908531 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908531 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908531 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908531 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908531 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908532 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908532 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908532 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908532 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908532 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908532 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908533 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908533 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908533 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908533 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908533 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908534 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908534 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908534 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908534 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908534 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908535 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908535 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908535 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908535 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908535 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908536 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908536 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908536 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908536 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908536 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908537 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908550 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908550 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908550 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908551 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908551 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908551 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908551 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908551 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908566 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908566 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908566 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908566 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908567 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908567 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 907971 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 908087 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/504 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 text/html
2024-12-19T10:49:38.720 8724 172.31.0.1 NONE_NONE/000 0 CONNECT 172.31.0.1:443 - HIER_NONE/- -
2024-12-19T10:49:30.069 81 172.31.0.1 TCP_TUNNEL/200 0 CONNECT 172.31.0.1:443 - ORIGINAL_DST/172.31.0.1 -
2024-12-19T10:49:30.069 899916 172.31.0.1 TCP_MISS_TIMEDOUT_ABORTED/000 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 -
2024-12-19T10:49:30.069 80 172.31.0.1 NONE_NONE/000 0 CONNECT 172.31.0.1:443 - HIER_NONE/- -
2024-12-19T10:49:29.996 899843 172.31.0.1 TCP_MISS_ABORTED/000 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 -
2024-12-19T10:49:29.989 2 172.31.0.1 TCP_TUNNEL/200 0 CONNECT 172.31.0.1:443 - ORIGINAL_DST/172.31.0.1 -
2024-12-19T10:49:29.989 899836 172.31.0.1 TCP_MISS_ABORTED/000 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 -
2024-12-19T10:49:29.989 1 172.31.0.1 NONE_NONE/000 0 CONNECT 172.31.0.1:443 - HIER_NONE/- -
2024-12-19T10:49:29.988 7 172.31.0.1 TCP_TUNNEL/200 0 CONNECT 172.31.0.1:443 - ORIGINAL_DST/172.31.0.1 -
2024-12-19T10:49:29.988 899836 172.31.0.1 TCP_MISS_ABORTED/000 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 -
2024-12-19T10:49:29.988 1 172.31.0.1 NONE_NONE/000 0 CONNECT 172.31.0.1:443 - HIER_NONE/- -
2024-12-19T10:49:29.988 899835 172.31.0.1 TCP_MISS_ABORTED/000 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 -
2024-12-19T10:49:29.987 13 172.31.0.1 TCP_TUNNEL/200 0 CONNECT 172.31.0.1:443 - ORIGINAL_DST/172.31.0.1 -
2024-12-19T10:49:29.987 899834 172.31.0.1 TCP_MISS_ABORTED/000 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 -
2024-12-19T10:49:29.987 6 172.31.0.1 NONE_NONE/000 0 CONNECT 172.31.0.1:443 - HIER_NONE/- -
2024-12-19T10:49:29.981 15 172.31.0.1 TCP_TUNNEL/200 0 CONNECT 172.31.0.1:443 - ORIGINAL_DST/172.31.0.1 -
2024-12-19T10:49:29.981 899829 172.31.0.1 TCP_MISS_ABORTED/000 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 -
2024-12-19T10:49:29.981 7 172.31.0.1 NONE_NONE/000 0 CONNECT 172.31.0.1:443 - HIER_NONE/- -
2024-12-19T10:49:29.980 899828 172.31.0.1 TCP_MISS_ABORTED/000 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 -
2024-12-19T10:49:29.973 16 172.31.0.1 TCP_TUNNEL/200 0 CONNECT 172.31.0.1:443 - ORIGINAL_DST/172.31.0.1 -
2024-12-19T10:49:29.973 899822 172.31.0.1 TCP_MISS_ABORTED/000 0 GET http://172.31.0.1/ - ORIGINAL_DST/172.31.0.1 -
What's could be wrong, my configuration or is there a bug? Help...

#8
Web Proxy Filtering and Caching / Re: UT1 blacklist not showing category.
December 20, 2024, 09:23:20 AM
Issue has been submitted and confirmed: https://github.com/opnsense/plugins/issues/4392

Edit 2024-12-27: By the way, I manage an other OPNSense firewall in 24.1 version and it's able to manage categories, read list and so on... a bug is probably the cause in 24.7 version.
#9
Virtual private networks / Method to log duration connexion with OpenVPN
November 06, 2024, 09:17:20 PM
Hi everybody,

I like OPNsense and I use it at my school, for my students. OPNsense protect the classroom and permit them to connect to their classroom computer (servers farm).
However, I can't figure how to use OpenVPN log's to manage how much time a user still connected.
I've got the start of authentication through AD, but never the end of communication.
I've read a post on OpenVPN (seems to be old) on disconnect event missing (https://serverfault.com/questions/681249/openvpn-doesnt-log-user-disconnect-event).

Any idea if it's possible and how to do this?

Thanks,
#10
Virtual private networks / Re: OpenVPN Instances - Ignore Redirect Gateway
September 27, 2024, 10:52:38 PM
I'm really interested on how to avoid all traffic through firewall. My students only needs the VPN for acces to a VM in my school (subnet in 172.16/16). I don't want them to use the bandwidth for Youtube/Spotify and others usages.
#11
21.1 Legacy Series / Re: Failed, signature invalid
March 22, 2021, 02:36:53 PM
Hi there,

I've got the same problem without any other messages.
Code Select
***GOT REQUEST TO UPGRADE: maj***
Fetching packages-21.1-OpenSSL-amd64.tar: .............................................
... failed, signature invalid
***DONE***

I've tried with two different sources ("WJComms, UK" and default): one is loading a tar file rather other is tgz file.

With SSH console, I've first validated minor update before choosing 21.1 option.

Any others ideas?  ::)
Pages1