1
21.7 Legacy Series / solved
« on: April 12, 2022, 04:59:56 pm »
This was a bug and got solved with https://github.com/opnsense/core/issues/5692
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
22.1 Legacy Series / Re: Unbound DNS issue
« on: April 07, 2022, 03:08:37 pm »
Does the DHCP client receive the DNS server address from the DHCP server? In other words: does the DHCP client know, which DNS server it is supposed to use?
Have you looked into Unbound's log? Not just error, i would set the log level to debug.
Have you looked into Unbound's log? Not just error, i would set the log level to debug.
3
21.7 Legacy Series / Re: Provide access for a specific account: Sessions ("pf_top)"
« on: September 18, 2021, 11:35:06 am »
Ok, i found something. I added an additional line to a configuration file:
I tried to trigger a reload of this configuration file, but i couldn't figure out how to do that. So i just did a full restart. Since restart, the separate account has access to the firewall sessions, the list is not empty anymore.
This is just a hack, but i wanted to share this experience.
Code: [Select]
# grep pf_top \
? /usr/local/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml
<pattern>ui/diagnostics/firewall/pf_top*</pattern>
<pattern>api/diagnostics/firewall/pf_top*</pattern>
<pattern>api/diagnostics/firewall/query_pf_top</pattern>
I tried to trigger a reload of this configuration file, but i couldn't figure out how to do that. So i just did a full restart. Since restart, the separate account has access to the firewall sessions, the list is not empty anymore.
This is just a hack, but i wanted to share this experience.
4
21.7 Legacy Series / Re: latest update messed firewall up
« on: September 17, 2021, 06:59:19 pm »
I think Bart was talking about a configuration backup, that's a simple XML file. This doesn't require installing any package.
Do you get any error message when you select that option 13?
Do you get any error message when you select that option 13?
5
21.7 Legacy Series / [SOLVED] Provide access for a specific account: Sessions ("pf_top)"
« on: September 17, 2021, 06:15:22 pm »
I created a separate account with limited access. OPNsense has a nice feature, allowing you to specify for each account, which parts of the web UI are accessible and which are not. This works very well for me, except for one area.
I managed to provide access to "pf_top", by adding "Diagnostics: Firewall sessions" to the privileges. But the session list is always empty. When i relog into the admin account, the list is not empty. How can i provide access to not only the menu entry, but also to the actual content?
The menu entry (Firewall -> Diagnostics -> Sessions) leads to the following URL: https://firewallhostname/ui/diagnostics/firewall/pf_top
OPNsense version is 21.7.2_1-amd64.
I managed to provide access to "pf_top", by adding "Diagnostics: Firewall sessions" to the privileges. But the session list is always empty. When i relog into the admin account, the list is not empty. How can i provide access to not only the menu entry, but also to the actual content?
The menu entry (Firewall -> Diagnostics -> Sessions) leads to the following URL: https://firewallhostname/ui/diagnostics/firewall/pf_top
OPNsense version is 21.7.2_1-amd64.
6
General Discussion / Re: Git plugin not authenticating
« on: July 03, 2021, 07:56:31 am »
I took a look into the source code of the plugin. The error message you got ("authentication failure") is displayed in more than one use case.
Personally i don't use Github, but i have used a similar service provider. I assume that you have registered your SSH key with your Github account ("GregTheHun"). But have you also linked this key with the repository ("opnsense-config") and granted full (read/write) permissions?
Code: [Select]
https://github.com/opnsense/plugins/blob/master/sysutils/git-backup/src/opnsense/mvc/app/library/OPNsense/Backup/Git.php
Code: [Select]
} elseif (strpos($pushtxt, 'Permission denied') || strpos($pushtxt, 'Authentication failed ')) {
$error_type = "authentication failure";
Personally i don't use Github, but i have used a similar service provider. I assume that you have registered your SSH key with your Github account ("GregTheHun"). But have you also linked this key with the repository ("opnsense-config") and granted full (read/write) permissions?
7
21.1 Legacy Series / Re: Traffic top talkers in and out same value
« on: July 02, 2021, 08:11:26 pm »8
21.1 Legacy Series / Re: Updates tab just spins - no output
« on: July 02, 2021, 03:15:34 pm »
I had a similar problem. So your post was helpful to me, even though i don't use Firefox.
In addition to the never ending icon animation, i got a "Fatal error: Uncaught Error: Class 'Phalcon\Session\Manager' not found ..." after the firmware update. I spent a few hours chasing this problem, until i read your post and cleared my browser cache.
Thank you :-)
In addition to the never ending icon animation, i got a "Fatal error: Uncaught Error: Class 'Phalcon\Session\Manager' not found ..." after the firmware update. I spent a few hours chasing this problem, until i read your post and cleared my browser cache.
Thank you :-)
9
21.1 Legacy Series / Re: Disable writing log files to the local disk
« on: June 29, 2021, 07:42:02 am »
Thank you for your research!
I confirm that this combination actually changed the logging behaviour. Now that i have "Disable circular logs" unchecked and "Local Logging - Disable writing log files to the local disk" checked, i don't see any new logging entries.
I also think this behaviour is not intended, because otherwise i would expect this correlation being mentioned in the documentation of "Local Logging".
My questions are answered and i know what to do. Thanks again :-)
I confirm that this combination actually changed the logging behaviour. Now that i have "Disable circular logs" unchecked and "Local Logging - Disable writing log files to the local disk" checked, i don't see any new logging entries.
I also think this behaviour is not intended, because otherwise i would expect this correlation being mentioned in the documentation of "Local Logging".
My questions are answered and i know what to do. Thanks again :-)
10
General Discussion / Re: Git plugin not authenticating
« on: June 28, 2021, 01:02:12 pm »
The password based authentication method seems to be deprecated anyway:
https://forum.opnsense.org/index.php?topic=23232
https://forum.opnsense.org/index.php?topic=23232
11
21.1 Legacy Series / Re: Disable writing log files to the local disk
« on: June 26, 2021, 07:18:42 pm »
Thank you for your reply.
Enabling this RAM disk option prevents the logs from being written to the local hard disk, with logs still being written. But i am wondering what the other option ("Disable writing log files to the local disk") does, or what it is supposed to do? I expected it to disable writing local logs completely, and it looks like this option doesn't change anything.
Enabling this RAM disk option prevents the logs from being written to the local hard disk, with logs still being written. But i am wondering what the other option ("Disable writing log files to the local disk") does, or what it is supposed to do? I expected it to disable writing local logs completely, and it looks like this option doesn't change anything.
12
21.1 Legacy Series / Re: OpenVPN timeout session
« on: June 23, 2021, 02:39:43 pm »
I assume OPNSense is providing the OpenVPN server, and the logs you posted are from this server side. Did you take a look into the client's log?
Is there an option to increase the log level? That might provide additional information about what causes the handshake to fail.
Did you set the renegotiation time to 0 only on the server side? I assume you would need to configure this on both sides (client and server) and otherwise, if the client has a renegotiation time of 60 minutes configured, the client will trigger a renegotiation after 60 minutes, even if the server has this disabled.
Is there an option to increase the log level? That might provide additional information about what causes the handshake to fail.
Did you set the renegotiation time to 0 only on the server side? I assume you would need to configure this on both sides (client and server) and otherwise, if the client has a renegotiation time of 60 minutes configured, the client will trigger a renegotiation after 60 minutes, even if the server has this disabled.
13
General Discussion / Re: [SOLVED] 2 LAN …. No communication
« on: June 23, 2021, 12:37:15 pm »
I didn't receive a notification mail about your recent post, but i saw it just now. I'm glad that you finally found a solution and posted it here :-)
14
21.1 Legacy Series / [SOLVED] Disable writing log files to the local disk
« on: June 23, 2021, 12:26:15 pm »Quote
System -> Settings -> Logging -> Disable writing log files to the local disk
I have this checkbox enabled, so i expected not to have any log files. But there are new log files stored in /var/log/. Since /var/ is not a ram disk, the logs survive reboots.
The Documentation (https://docs.opnsense.org/manual/settingsmenu.html) says:
Quote
Useful to avoid wearing out flash memory (if used). Remote logging can be used to save the logs instead if desired.
Does this mean that i have to set up remote logging, to make this setting effective?
Is there any way to disable log files, without using remote logging? I probably could shutdown the syslog service. But still, i am wondering what this setting is supposed to do, when remote logging is not configured?
15
General Discussion / Re: 2 LAN …. No communication
« on: June 01, 2021, 11:22:53 am »
Hmm, you didn't mention before that there is a VPN involved? That's a factor, that would have been good to know from the beginning (not on page 2).
I have a feeling that i can't help you any further. I know that moving targets are a thing, but this one is moving too fast for me.
I have a feeling that i can't help you any further. I know that moving targets are a thing, but this one is moving too fast for me.