Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - dym8

Pages1

21.1 Legacy Series / Very strange API

June 29, 2021, 08:38:54 AM

Hello.

I heed to disable one of my routes by API. I run this command

Quotecurl -X POST -d '{"disabled":"1"}' -H "Content-Type: application/json" -k -u %KEY%:%SECRET% https://10.10.1.1/api/routes/routes/toggleroute/2c7375ab-2500-45a5-a952-50c34ea26b9d

and got {"result":"Disabled"}

But then I run this command again I got {"result":"Enabled"}

I run the one again and got {"result":"Disabled"}

Why? I thought I have to change command to {"disabled":"0"} for enabling. No?

21.1 Legacy Series / Re: OpenVPN timeout session [SOLVED]

June 24, 2021, 08:03:17 AM

Yeah, You was right. I added this line into .ovpn file and it fixed a problem
reneg-sec 0

21.1 Legacy Series / OpenVPN timeout session

June 23, 2021, 12:52:00 PM

Hello.

I have an OpenVPN server and imported users from AD and AD authentication and OTP. But every an hour user session is broken. Log says

Quoteopenvpn[39817] user/8.22.8.11:59250 SIGUSR1[soft,ping-restart] received, client-instance restarting
openvpn[39817] user/8.22.8.11:59250 [UNDEF] Inactivity timeout (--ping-restart), restarting
openvpn[39817] user/8.22.8.11:59250 TLS Error: TLS handshake failed
openvpn[39817] user/8.22.8.11:59250 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
openvpn[39817] MANAGEMENT: Client disconnected
openvpn[39817] MANAGEMENT: CMD 'quit'
openvpn[39817] MANAGEMENT: CMD 'status 2'
openvpn[39817] MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
openvpn[39817] user/8.22.8.11:59250 TLS Error: TLS handshake failed
openvpn[39817] user/8.22.8.11:59250 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

I made next:
- set Renegotiate time to 0
- insert keepalive 10 120 into an Advanced field

But there aren't any results with an user session. Every an hour session is out any way.

User connect log

Quote
openvpn[39817]MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
openvpn[39817]user/8.22.8.11:59250 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn[39817]user/8.22.8.11:59250 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn[39817]user/8.22.8.11:59250 Data Channel: using negotiated cipher 'AES-256-GCM'
openvpn[39817]user/8.22.8.11:59250 SENT CONTROL [user]: 'PUSH_REPLY,route 172.16.0.0 255.255.252.0,dhcp-option DOMAIN sex.com,dhcp-option DNS 172.16.1.1,dhcp-option DNS 172.16.1.1,route 10.0.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.0.0.6 10.0.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
openvpn[39817]user/8.22.8.11:59250 PUSH: Received control message: 'PUSH_REQUEST'
openvpn[39817]user/8.22.8.11:59250 MULTI: primary virtual IP for user/8.22.8.11:59250: 10.0.0.6
openvpn[39817]user/8.22.8.11:59250 MULTI: Learn: 10.0.0.6 -> user/8.22.8.11:59250
openvpn[39817]user/8.22.8.11:59250 MULTI_sva: pool returned IPv4=10.0.0.6, IPv6=(Not enabled)
openvpn[39817]8.22.8.11:59250 [user] Peer Connection Initiated with [AF_INET]8.22.8.11:59250
openvpn[39817]8.22.8.11:59250 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384
openvpn[39817]8.22.8.11:59250 TLS: Username/Password authentication succeeded for username 'user' [CN SET]
openvpn[72783]user 'user' authenticated using 'AD2FA'
openvpn[39817]8.22.8.11:59250 peer info: IV_GUI_VER=OpenVPN_GUI_11
openvpn[39817]8.22.8.11:59250 peer info: IV_TCPNL=1
openvpn[39817]8.22.8.11:59250 peer info: IV_COMP_STUBv2=1
openvpn[39817]8.22.8.11:59250 peer info: IV_COMP_STUB=1
openvpn[39817]8.22.8.11:59250 peer info: IV_LZO=1
openvpn[39817]8.22.8.11:59250 peer info: IV_LZ4v2=1
openvpn[39817]8.22.8.11:59250 peer info: IV_LZ4=1
openvpn[39817]8.22.8.11:59250 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-128-CBC
openvpn[39817]8.22.8.11:59250 peer info: IV_NCP=2
openvpn[39817]8.22.8.11:59250 peer info: IV_PROTO=6
openvpn[39817]8.22.8.11:59250 peer info: IV_PLAT=win
openvpn[39817]8.22.8.11:59250 peer info: IV_VER=2.5.2
openvpn[39817]8.22.8.11:59250 TLS: Initial packet from [AF_INET]8.22.8.11:59250, sid=8cd968f4 aa698363

Russian - Русский / Re: Маршрутизация OpenVPN

June 20, 2021, 02:02:29 PM

В настройках OpenVPN сервера поставить чек-бокс в Inter-client communication и на клиентах настроить шлюзы в удаленные сети. Возможно, потребуется настроить еще Firewall для прохождения трафика. Надо будет смотреть лог.

Russian - Русский / Re: LDAP пользователи не логинятся

June 20, 2021, 01:49:34 PM

А ты права на веб пользователям выдал?

21.1 Legacy Series / Re: kick out from group (may be bug)

June 18, 2021, 02:35:35 PM

I have had set a checkbox here

Read properties
Synchronize groups

And I have Nothing selected for Limit groups.

ADD: Oh, I see. I added a group like AD name to the OPNsense and all work correctly. Thank you.

21.1 Legacy Series / kick out from group

June 18, 2021, 02:21:31 PM

I have the last version OPNsense 21.1.7_1-amd64.
I have imported an user from Active Directory and added him to a local group. This group has permissions for login to the Lobby:Password. But the user is member of this group until his GUI login. After a first login used is kicked out from the group immediately. It happened always with any AD imported users.

All users from the LocalDatabase don't have a problem like this.

21.1 Legacy Series / Disabled routers from shell

June 10, 2021, 04:07:48 PM

Hello.

I have some routers here System: Routes: Configuration
Can I disabled and enabled one from shell?

21.1 Legacy Series / Site to site OpenVPN like backup connection

June 09, 2021, 09:08:22 PM

Hello.

I have two offices and use two OPNsense instances like routers by direct connection over a dedicated access line (L2 VPN). I want to create a backup connection over Internet by OpenVPN. I created an OpenVPN Site-to-Site and created FailOver GW there is a dedicated access GW is main (Tair 1). I almost got all I want. But ff the dedicated access line is down then I need to restart an OpenVPN connect for recreate a routing table. And a connect between oficcess is restored again. How can I automatic restart or just start an OpenVPN connect by lost packets of a main GW?

#10

21.1 Legacy Series / Re: OpenVPN + TOTP. How to get QR code?

June 08, 2021, 03:51:15 PM

Thank you so much for your help. Well done.

#11

21.1 Legacy Series / Re: OpenVPN + TOTP. How to get QR code?

June 08, 2021, 09:47:12 AM

Thank you.
But I didn't understand how it can helps me. Can you describe step by step?
What I did.
1. I created a new AD user.
2. I imported this one to Opnsens here System > Access > Users
3. I created a new group OTP and selected it here System> Settings> Administration > User OTP seed
4. I added a new user into this group
5. I tried to login by this user into Lobby and got Wrong username or password

The log file shows "user testvpn could not authenticate for WebGui. [using OPNsense\Auth\Services\WebGui + OPNsense\Auth\Local]"

What do I have to do?

#12

21.1 Legacy Series / OpenVPN + TOTP. How to get QR code?

June 07, 2021, 04:18:45 PM

Hello.

I have OpenVPN server setup and TOTP authentication is enabled. But when user setups his Google Authenticator I have to make QR-code for him by myself. Is there way to get QR-code by an user himself without my action?

Thank you.

#13

21.1 Legacy Series / No User Import Option when setting LDAP server

June 05, 2021, 10:59:09 PM

Hello.

ADD: So sorry. I have found solution. This topic can be deleted. :'(

Pages1