Messages

1

24.1 Legacy Series / Re: unable to upgrade from 23.7.12_5 to 24.1

« on: May 08, 2024, 06:21:23 pm »

well, I'm a bit disappointed no one was able to tell me how opnsense uses duckdb.  No I am not complaining about this forum or anyone who helps people on it. Just disappointed I got no response.  That said here is how I fixed my issue.

first I backed up the entire disk using DD then I backed up the configuration via the gui.
I then downloaded the older 23.7 installer and overwrote the original disk.

I set the wan/lan interfaces and set the lan ip  then upgraded from 23.7.x to 23.7.12_5
then I reapplied my configuration.
I had to manually reinstall my plugins but once installed the configs had been restored  (still need to test this)

once that was complete, I then ran the update to 24.1  which worked without issue.
then ran the update again to get to 24.1.6/freebsd 13.2-release-p11/opnssl 3.0.13

I'm not sure how the duckdb got messed up nor how opnsense uses it, but I hope this helps someone out if they end up with the same issue, I find it hard to believe I am the first person this has happened to.

-GF
 

2

23.7 Legacy Series / Re: system -> settings -> administration save fails

« on: March 21, 2024, 08:42:43 pm »

Thanks for the link! this is not something I have a lot of familiarity with.  I managed to get letencrypt working with the acme plugin which seems a much better solution in the first place.

Thanks again,

GF

3

23.7 Legacy Series / system -> settings -> administration save fails

« on: March 21, 2024, 07:27:54 pm »

opnsense 23.7.12_5

when into system -> settings -> admin   
just wanted to enable password protection on console menu  but when I hit save I get the error

"the following input errors were detected
    Certificate XXXX is not intended for server use "

and my change did not save. 

now, my browser says the cert is valid.  I did create it with my own internal CA

what does "not intended for server use " even mean?  note this is for opnsense not for  openvpn
and why does it work but I can't save any changes on this page?

I would like to solve this before tring to upgrade to 24.x

thanks,
GF

4

24.1 Legacy Series / unable to upgrade from 23.7.12_5 to 24.1

« on: March 19, 2024, 10:01:08 pm »

I attempted to upgrade from 23.7.12_5  to 24.1 but the upgrade crashes with an error with duckdb ??

I have always kept my firewall up to date so I'm not sure what this means.  How can i fix this ? What did I do wrong to get this error? 

I mean I can go to duckidb.org but I'm not sure how its being used with opnsense or how I would go about trying to import it into a new db since I'm guessing the new db version is part of the update so does not exist on my  23.7.12_5.   I'm not sure how to attack this problem.

any thoughts would be apricated!

GF

-----------   error message  -------------------

***GOT REQUEST TO UPGRADE***
Currently running OPNsense 23.7.12_5 at Tue Mar 19 16:43:04 EDT 2024
Fetching packages-24.1-amd64.tar: ... done
Fetching base-24.1-amd64.txz: ...................... done
Fetching kernel-24.1-amd64.txz: .......... done
Extracting packages-24.1-amd64.tar... done
Extracting base-24.1-amd64.txz... done
Extracting kernel-24.1-amd64.txz... done
Please reboot.
>>> Invoking upgrade script 'squid-plugin.php'
Squid web proxy is not active. Not installing replacement plugin.
>>> Invoking upgrade script 'unbound-duckdb.py'
Traceback (most recent call last):
  File "/usr/local/opnsense/site-python/duckdb_helper.py", line 65, in __enter__
    self.connection = duckdb.connect(database=self._path, read_only=self._read_only)
duckdb.IOException: IO Error: Trying to read a database file with version number 39, but we can only read version 51.
The database file was created with DuckDB version v0.6.0 or v0.6.1.

The storage of DuckDB is not yet stable; newer versions of DuckDB cannot read old database files and vice versa.
The storage will be stabilized when version 1.0 releases.

For now, we recommend that you load the database file in a supported version of DuckDB, and use the EXPORT DATABASE command followed by IMPORT DATABASE on the current version of DuckDB.

See the storage page for more information: https://duckdb.org/internals/storage

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/etc/rc.syshook.d/upgrade/20-unbound-duckdb.py", line 41, in <module>
    if export_database('/var/unbound/data/unbound.duckdb', '/var/cache/unbound.duckdb', 'unbound', 'unbound'):
  File "/usr/local/opnsense/site-python/duckdb_helper.py", line 147, in export_database
    with DbConnection(source, read_only=True) as db:
  File "/usr/local/opnsense/site-python/duckdb_helper.py", line 75, in __enter__
    raise StorageVersionException(str(e))
duckdb_helper.StorageVersionException: IO Error: Trying to read a database file with version number 39, but we can only read version 51.
The database file was created with DuckDB version v0.6.0 or v0.6.1.

The storage of DuckDB is not yet stable; newer versions of DuckDB cannot read old database files and vice versa.
The storage will be stabilized when version 1.0 releases.

For now, we recommend that you load the database file in a supported version of DuckDB, and use the EXPORT DATABASE command followed by IMPORT DATABASE on the current version of DuckDB.

See the storage page for more information: https://duckdb.org/internals/storage
>>> Error in upgrade script '20-unbound-duckdb.py'
***DONE***


-----------------------end message -------------------------------

5

21.1 Legacy Series / Re: vpn works but no dns

« on: May 18, 2021, 06:19:51 am »

Inxsible :
things i have tried:
     setting the vpn client dns to the ip address of my lan  (no joy, ip addresses work, but no names resolve
     I added the dns service to the vpn interface  and changed the vpn client to point to the vpn interface (vpn tunnel in my case this is 10.10.0.x  my lan is 192.168.10.x )  with the same results.

in both cases I can point a browser at the fw lan ip address and get a response so i know its not being blocked by an fw rule (or i should say i think it is not as i am clearly not an opnsense expert )

as noted when doing research i changed the vpn client dns server to 8.8.8.8 and that also worked (for external stuff anyway ) so it appears the issue is not with dns specifically nor with making a connection to the vpn.
i found a post on issues with open vpn and unbound  (https://forums.openvpn.net/viewtopic.php?t=26983 ) though it is from 2018 it did not have a solution.

this prompted me to take unbound out of the equation ( and also opnsense as well ) by building a forwarding dns server sitting inside my lan. it forwards requests to opnsense and this solution does work.

I'd really like to fix this issue rather than use yet another server. but i'm not sure what to check.

6

21.1 Legacy Series / Re: vpn works but no dns

« on: May 16, 2021, 04:57:33 am »

Inxsible :  thanks for the response,  when testing I did add the lan ip of my opnsense server under vpn server client settings.  when i connected with the client i could see in the logs dns server 192.168.10.1 was added. I just could not get a connection.    when i swapped that out with 8.8.8.8 i could then get to everything externally but then nothing internal would resolve.  when I set up a forwarding dns server inside my network and changed the vpn server client dns to use that ip, everything started to work.

when I did have the fw ip as the vpn server client dns, i was able to point a browser at the ip of the opnsense server and get a connection so i know its not a fw rule blocking me. I could also point my browser to any other internal ip.  the issue seems to be the vpn can not connect to the unbound dns server.


Errored out :  thanks for the response I completely missed that board when i posted my question!
   do you know if i can move a post from one board to another or if i should simply repost this on the other one?

7

21.1 Legacy Series / Re: vpn works but no dns

« on: May 14, 2021, 03:37:23 pm »

so my issue seems to be with the vpn client not being able to connect to the dns server on opnsense. 
i changed the dns in the vpn config to use 8.8.8.8 and i could resolve and connect to everything but my internal servers (which use opnsense unbound overrides )

then i set up an internal dns server which in turn forwards requests to opnsense and pointed my vpn clients to the new machine and everything seems to be working now.

so i'm guessing there is a FW rule missing ?  I tried adding rules to opensense lan interface to allow all traffic from the vpn interface but that didnt seem to help.

I have never used vpn before so i'm not quite sure how to attack this issue. Ideally i'd like to use the opnsense dns server directly instead of needing an intermediate box forwarding vpn requests to opnsense.

if there is any doc you could point me to i'd really appreciate it 

8

21.1 Legacy Series / vpn works but no dns

« on: May 06, 2021, 02:56:00 am »

I am using OPNsense 20.7.8-amd64

I am trying to get vpn to work and found the following
https://homenetworkguy.com/how-to/configure-openvpn-opnsense/

i am trying to set up vpn for my iphone and ipad. 

when i connect to the vpn, i can see i'm on the 10.10.0.x network which is the ipv4 tunnel network ( as described in the doc above )

I can get to my internal ip addresses  ( 192.168.x.x ) but I can't get to anything internal ( i have unbound dns running on opnsense )  via dns. 
I can see in the vpn log on the iphone it says dns server 192.168.10.1 was added its just not working. I CAN get to the IP address (and thus to the opnssense gui ) just not via the dns name.

i'm not sure what logs/config info would be helpful, but i'm happy to provide anything that would be helpful. Not sure what  i did wrong.

thanks for your time,
John