Messages

1

24.1 Legacy Series / Re: 24.1 - DHCP server moves to KEA - implications?

« on: February 04, 2024, 01:01:51 pm »

Many thanks for the great work done in this project!

In ISC DHCP it was possible to activate "Deny unknow Clients" and "ARP-Table".
Will there also be this possibility in KEA in the future ?

2

23.7 Legacy Series / Re: 23.7.2 OpenVPN with Instances ->Client Overwrite not working

« on: August 30, 2023, 02:55:10 pm »

Thank you for the update.

Now I can leave the server entry in the overwrite rule blank and it works.
Unfortunately, the overwrite rule does not work if the server field contains
the instance for which this rule is actually created.

Thanks a lot !

3

23.7 Legacy Series / Re: 23.7.2 OpenVPN with Instances ->Client Overwrite not working

« on: August 28, 2023, 01:56:07 pm »

After installing a fresh OPNSense on a another allpiance I did following:

- created openvpn-instance
- created overwrite rule and select the created server-instance (no slash was in the list)
- the result was overwriting did not work

- then I created a server and delete it immedeately
- now the was a slash in the server-list of the overwrite rule. I selected the slash and the overwrite works.

Thanks a lot.

4

23.7 Legacy Series / Re: 23.7.2 OpenVPN with Instances ->Client Overwrite not working

« on: August 25, 2023, 03:49:55 pm »

I have found a solution.
In the overwrite, under Servers, you must not select the intance for which the overwrite should apply.
It works if you select the "/" instead.

5

23.7 Legacy Series / 23.7.2 OpenVPN with Instances ->Client Overwrite not working

« on: August 25, 2023, 02:28:59 pm »

For openvpn with intances, client overwrite is not attracted. In the log I can see that the name is correct on the connection, but the client does not get the correct IP. I have already adjusted the overwrites and would expect the client to get the IP from the "IPv4 Tunnel Network" field.

With the revocation-list the blocking works immediately if I enter the above mentioned commonname. Then the client can't connect anymore.

Thanks a lot.

6

22.7 Legacy Series / HAProxy API reconfigure failed

« on: October 04, 2022, 11:21:58 am »

I have a problem with the API of the Haproxy.
The modification of conditions and e.g. the status query via

curl -k -u $OPNS_KEY:$OPNS_SECRET https://$IPFW/api/haproxy/service/configtest

work without any problems.

But when I want to to apply my modifactions via:

curl -k -u $OPNS_KEY:$OPNS_SECRET https://$IPFW/api/haproxy/service/reconfigure

I get an error message:

{"status": "failed"}

Does anyone have a tip?

Thanks a lot

7

22.1 Legacy Series / 22.1.9 DHCP issues

« on: June 30, 2022, 02:32:25 pm »

With version 22.1.9(_1) our DHCP-V4 server crashes permanently. The hanging DHCP process could only be terminated via the console with kill -TERM $PID.
Only a downgrade with opnsense-revert -r 22.1.8 isc-dhcp44-server could restore stable operation.

We use an HA configuration. This behaviour was identical on the MAster and the slave.

Best regards

8

22.1 Legacy Series / Re: default deny rule not working on port 443

« on: March 24, 2022, 12:18:14 pm »

In the livelog I can find the rid (fae559338f65e11c53669fc3642c93c2) that lets 443 through.

On the console I'll get:
pfctl -sr | grep fae559338f65e11c53669fc3642c93c2

the following output:
pass out log all flags S/SA keep state allow-opts label "fae559338f65e11c53669fc3642c93c2"

Unfortunately, this doesn't really help me.

9

22.1 Legacy Series / Re: default deny rule not working on port 443

« on: March 24, 2022, 08:05:05 am »

Even if I add a block rule to "any" in the ruleset of the network,
communication via port 443 is possible.
There is no manual floating rules that allows port 443.

10

22.1 Legacy Series / default deny rule not working on port 443

« on: March 23, 2022, 03:17:57 pm »

With our installation of OPNSense 22.1.3 and 21.7.8, the automatic default deny rule did not work for port 443 any longer. The following entries appear in the LOG:

VL905 -> 2022-03-23T15:05:47 sourceip:54611 targetip:80 tcp Default deny rule
WAN <- 2022-03-23T15:05:44 sourceip:54612 targetip:443 tcp let out anything from firewall host itself

If you set up a new interface, a device can access to the internet via port 443 in this network, even though no FW rules have been created for it.
Does anyone have any idea what the reason for this could be?

Thanks, MiRei

11

22.1 Legacy Series / ZFS with Freeradius no Auth-Type found

« on: March 17, 2022, 03:39:04 pm »

When I install OPNSense 22.1.2 or 22.1.3 with ZFS, I reproducibly get the following error.
After restoring the backup authentication wit freeradius on Unifi APs no longer works.
The LOG of the radius server says:

Auth: (136) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject):

If I reinstall the system under vfs, the authentication works. The behaviour is identical on two completely different systems.

Does anyone have any ideas?

MiRei

12

21.7 Legacy Series / DHCP Issue

« on: October 27, 2021, 01:22:11 pm »

Hello,

we are using about 60 networks, which allocate the IPs via the DHCP server with the respective static mapping. With a change of entries the update over the WEBGui takes extremely long and ends mostly in DHCP stopped in the state display of the services and can also no longer be started.
Nevertheless the name resolution with unbound works immediately and under /var/dhcpd/etc/dhcpd.conf the new entry is also immediately visible. With ps I can see that the dhcpd service works.
Is it possible that the WEBGui does not receive a state update and therefore the service is considered stopped ?

Thanks a lot

13

21.7 Legacy Series / Re: WEBGUI not starting automatically

« on: October 15, 2021, 05:16:58 pm »

My interface was already only on LAN.

I changed the entry and the new connection dialog appers,
but the web-gui was not reachable. After restarting opnsense
I could login, changed back to only LAN interface.
Now no dialog appears. But after restarting opnsense the webgui
appears now.

Thank you very much!

Michael

14

21.7 Legacy Series / WEBGUI not starting automatically

« on: October 15, 2021, 11:46:42 am »

When starting my opnsense 21.7.3_3 I have to go the console
and execute

/usr/local/etc/rc.restart_webgui

Now I have Web-access to and the Firewall.
What can I do start the webgui automatically ?

Thanks a lot.

Michael

15

21.1 Legacy Series / Theme TUKAN

« on: May 17, 2021, 04:12:27 pm »

Is it possible to enable zebra-effect again.
It is much easier to read tables and lists with it.

Thanks a lot
MiRei