Messages

1

24.7 Production Series / Interfaces in the interfaces widget at the dashboard

« on: September 28, 2024, 07:25:02 am »

Hi,
is it possible to deselect the interfaces that are shown in the dashboard interfaces-widget. In my setup there are all the opt-interfaces with no real information beside the fact, that they exist. Would it be possible to make a selection in the widget to hide them?

2

23.1 Legacy Series / Re: Certificate gp12-file generated with Opnsense can't be imported in Zyxel GS1920

« on: May 29, 2023, 11:30:43 pm »

Hi,
I have tested everything the way you said and it seems to be that you are totally right.
First, the certificate is listed with CA: no, Server: yes in the Opnsense Gui.
When I add the Intermediate-CA-certificate with the certfile option in OpenSSL I get a file that is nearly the same size as the OPNsense-Gui generated file and it can't be imported. After coverting the Root_CA and Intermediate_CA certificates to PEM-Files and combine them with cat cert1.pem cert2.pem > cert.pem I've got a P12-File with 4 certificates by using the -certfile-Option. But this can't be imported too. The -chain option didn't work for me. I've always get an error-message. Since I am only a beginner with the certificate-stuff it is not clear to me what I have to do with the -nokeys -cacerts-Option. I haven't used it so maybe that coud be the reason why the import of the p12-File with all certificates won't work. But it seems to be a fact, that the switch has a problem with P12-Files that have more than one certificate.
I've told Zyxel about my problem with the certificates in their forum too, and they have a closer look on my problem at he moment. I've send them a link to this topic here and maybe someone have a look on the things you found out.
But what is not clear to me is what is the benefit of generating the P12-File in the WebGui with including the certificate for the Intermediate-CA. Does any szenario has a benefit of the second certificate? If not, why won't OPNsense change the way they generate the P12-File to only combine the key and the corresponding certificate? 

3

23.1 Legacy Series / Re: Certificate gp12-file generated with Opnsense can't be imported in Zyxel GS1920

« on: May 28, 2023, 11:05:33 am »

Hi,

I've generated the P12-File with OpenSSL and the new parameter -name and it can be imported as well, so you are right the friendly name seems to be not the problem.
And I have proofed, that the two certificates are different. The first one is the https-certificate and the second one is the certificate for the intermediate CA. The first one has 2136 chars whereas the second one has 2198 chars. The attributes shows that the issuer for the first certificate is my Intermediate CA and for the second one for the "root CA", so they are for sure different.
And to answer your last question, here is the firmware-info for my switch: V4.80(ABMH.0) and the file that I have used to upgrade the switch was GS1920-24v2_4.80(ABMH.0)C0.zip which is the newest version on the Zyxel-Homepage

4

23.1 Legacy Series / Re: Certificate gp12-file generated with Opnsense can't be imported in Zyxel GS1920

« on: May 25, 2023, 09:02:42 pm »

It is exactly as I said.
The WebGui-generated File has the two different certificates and the private-key and the attribute friendlyName: and the OpenSSL-generated file has one certificate and one key and is missing friendlyName: I proofed it now with the OpenSSl-installation from OPNsense via telnet.

5

23.1 Legacy Series / Re: Certificate gp12-file generated with Opnsense can't be imported in Zyxel GS1920

« on: May 23, 2023, 07:58:12 pm »

Hi,

I first made a mistake in testing the different files. After comparing the correct files with the command that you've said I can see that the WebGui-generated file consist of 2 certificates and 1 private key and the openssl-generated only of 1 certficate and 1 private key. So I think that it is as you had supposed.
With a little bit more investigation I found that there is another small difference between the files, under the attribute "Bag Attributes" there is the attribute "friendlyName:" that is missing in the openssl-file. Even though I think that this is the problem I want to tell you about it.

6

23.1 Legacy Series / Re: Certificate gp12-file generated with Opnsense can't be imported in Zyxel GS1920

« on: May 18, 2023, 08:53:26 pm »

Hi,
I did what you suggested and the result is really interesting.
1.) Download cert- and key-file and generate the P12-File with WinOpenSSL 1.1.1t. The File can be imported to the Zyxel-GS1920-24v2 switch and the switch can afterwards be reached via https. Filesize 3,08kb
2.) Download the p12 directly from Opnsense. The File can't be imported to switch. Filesize 4,75kb
3.) Copy the cert- and key-file that was used with WinOpenSSL to Opnsense, log in with putty and generate P12-File with Opnsense-Openssl. P12 can be imported and https is functional. Filesize 3,08kb
Command for generating the p12-File: openssl pkcs12 -export -out certificate.p12 -inkey certificate.key -in certificate.crt
It looks like the problem belongs to the automated generation of the P12-File in the WebGui.

7

23.1 Legacy Series / Re: Certificate gp12-file generated with Opnsense can't be imported in Zyxel GS1920

« on: May 18, 2023, 03:59:10 pm »

No,

the version that I've used is Win64OpenSSL-1_1_1t. I think that is the same version that Opnsense uses when I look it up under installed packages.

8

23.1 Legacy Series / Certificate gp12-file generated with Opnsense can't be imported in Zyxel GS1920

« on: May 18, 2023, 08:19:54 am »

Hi,
I had a problem with importing a self-signed certificate that I've generated with OPNsense couldn't be imported in a zyxel switch. I solved the problem with downloading the crt-file and the key-file separately and generate the P12-File with an Windows OpenSSL-Installation.
The two files differ in size. The p12-file that was downloaded directly in opnsense is ca. 20% bigger than the file that was generated with OpenSSL.
I am not so familiar with self signed certificates and don't know if the problem belongs to Zyxel or opensense.
But for other Zyxel-users this could be a working solution.

9

Tutorials and FAQs / Need some help in theming

« on: February 22, 2023, 07:33:27 pm »

Hi,

first of all I want to say thank you for this great piece of software. I am using OPNsense for a while now and I am very happy with it.
Maybe someone that is familiar with theming can help me. I am starting to do my own version of theme for OPNsense. Since I love the dark theme of AdGuard Home I am trying to build a theme that will use the style of this product.
I think I am on a good way but I have some problems. Attached you will find a screenshot that will show the problem. I've tried everything but I can't change the color neither of the badge nor of the background of the Destinations field. I am a little bit frustrated since I can't find any solution for this..
Since some of the dark themes like vicuna changed the color, there must be a solution. Can someone please help me...
Another problem is in the section System, Configuration, History. There is a black text in the text box with the header "Configuration diff..." I haven't found any solution to change this. Since all of the dark themes use this black color, I don't know if it is even possible at all.
The most challenging thing seems to be the themin of the colours of the traffic graphs. Can you give me some advice where I can find the information how to change this.
Thank you very much for any help and excuse my poor English

PS: Meanwhile i found the solution for my first problem theming the Destinations field with the help of the issues of the other dark themes. Sorry that I haven't seen this before. Maybe there is some more information there that I was missing, so I will have a closer look here first. But I will left the posting open till I found a solution for the other questions...