Messages

This was a bug and got solved with https://github.com/opnsense/core/issues/5692

Does the DHCP client receive the DNS server address from the DHCP server? In other words: does the DHCP client know, which DNS server it is supposed to use?

Have you looked into Unbound's log? Not just error, i would set the log level to debug.

Ok, i found something. I added an additional line to a configuration file:

Code Select Expand


# grep pf_top \
? /usr/local/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml
            <pattern>ui/diagnostics/firewall/pf_top*</pattern>
            <pattern>api/diagnostics/firewall/pf_top*</pattern>
            <pattern>api/diagnostics/firewall/query_pf_top</pattern>


I tried to trigger a reload of this configuration file, but i couldn't figure out how to do that. So i just did a full restart. Since restart, the separate account has access to the firewall sessions, the list is not empty anymore.

This is just a hack, but i wanted to share this experience.

I think Bart was talking about a configuration backup, that's a simple XML file. This doesn't require installing any package.

Do you get any error message when you select that option 13?

I created a separate account with limited access. OPNsense has a nice feature, allowing you to specify for each account, which parts of the web UI are accessible and which are not. This works very well for me, except for one area.

I managed to provide access to "pf_top", by adding "Diagnostics: Firewall sessions" to the privileges. But the session list is always empty. When i relog into the admin account, the list is not empty. How can i provide access to not only the menu entry, but also to the actual content?

The menu entry (Firewall -> Diagnostics -> Sessions) leads to the following URL: https://firewallhostname/ui/diagnostics/firewall/pf_top

OPNsense version is 21.7.2_1-amd64.

I took a look into the source code of the plugin. The error message you got ("authentication failure") is displayed in more than one use case.

Code Select Expand


https://github.com/opnsense/plugins/blob/master/sysutils/git-backup/src/opnsense/mvc/app/library/OPNsense/Backup/Git.php


Code Select Expand


} elseif (strpos($pushtxt, 'Permission denied') || strpos($pushtxt, 'Authentication failed ')) {
            $error_type = "authentication failure";


Personally i don't use Github, but i have used a similar service provider. I assume that you have registered your SSH key with your Github account ("GregTheHun"). But have you also linked this key with the repository ("opnsense-config") and granted full (read/write) permissions?

I noticed this too.

https://forum.opnsense.org/index.php?topic=23163.0

I had a similar problem. So your post was helpful to me, even though i don't use Firefox.

In addition to the never ending icon animation, i got a "Fatal error: Uncaught Error: Class 'Phalcon\Session\Manager' not found ..." after the firmware update. I spent a few hours chasing this problem, until i read your post and cleared my browser cache.

Thank you :-)

Thank you for your research!

I confirm that this combination actually changed the logging behaviour. Now that i have "Disable circular logs" unchecked and "Local Logging - Disable writing log files to the local disk" checked, i don't see any new logging entries.

I also think this behaviour is not intended, because otherwise i would expect this correlation being mentioned in the documentation of "Local Logging".

My questions are answered and i know what to do. Thanks again :-)

The password based authentication method seems to be deprecated anyway:

https://forum.opnsense.org/index.php?topic=23232

Thank you for your reply.

Enabling this RAM disk option prevents the logs from being written to the local hard disk, with logs still being written. But i am wondering what the other option ("Disable writing log files to the local disk") does, or what it is supposed to do? I expected it to disable writing local logs completely, and it looks like this option doesn't change anything.

I assume OPNSense is providing the OpenVPN server, and the logs you posted are from this server side. Did you take a look into the client's log?

Is there an option to increase the log level? That might provide additional information about what causes the handshake to fail.

Did you set the renegotiation time to 0 only on the server side? I assume you would need to configure this on both sides (client and server) and otherwise, if the client has a renegotiation time of 60 minutes configured, the client will trigger a renegotiation after 60 minutes, even if the server has this disabled.

I didn't receive a notification mail about your recent post, but i saw it just now. I'm glad that you finally found a solution and posted it here :-)

System -> Settings -> Logging -> Disable writing log files to the local disk

I have this checkbox enabled, so i expected not to have any log files. But there are new log files stored in /var/log/. Since /var/ is not a ram disk, the logs survive reboots.

The Documentation (https://docs.opnsense.org/manual/settingsmenu.html) says:

Useful to avoid wearing out flash memory (if used). Remote logging can be used to save the logs instead if desired.

Does this mean that i have to set up remote logging, to make this setting effective?

Is there any way to disable log files, without using remote logging? I probably could shutdown the syslog service. But still, i am wondering what this setting is supposed to do, when remote logging is not configured?

Hmm, you didn't mention before that there is a VPN involved? That's a factor, that would have been good to know from the beginning (not on page 2).

I have a feeling that i can't help you any further. I know that moving targets are a thing, but this one is moving too fast for me.