"
So, I read your bug description again "...wider issue in the API response handling which could affect other parts of the system...", it means that this bug corrupt only CA certs writen by acme plugin and other CA certs in opnsense certificate store arent afffected? Or all CA cert will be somehow affected? And if I remove them manually, what will prevent to happen this all over again if we are currently in phase "The actual source of why the CA certificate data is corrupted is unknown." Thx for clarification.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
25.7, 25.10 Series / Re: OPNsense certificates showing error after update from 25.1 to 25.7
October 09, 2025, 09:22:02 PM #2
25.7, 25.10 Series / Re: OPNsense certificates showing error after update from 25.1 to 25.7
October 09, 2025, 10:37:37 AM
Thx for the patch. I just updated to 25.7.5 and certs showing up as usual.
What would you think is outlook-timeframe for resolving this?
What would you think is outlook-timeframe for resolving this?
#3
25.7, 25.10 Series / Re: OPNsense certificates showing error after update from 25.1 to 25.7
August 31, 2025, 11:49:03 PM
Nope, its a VM. I even tried a new install and backup import and result is same. Are there any changes in how 25.7 handles certs compared to 25.1? Could it be a somehow cripled cert wich 25.7 cant chew up? This newer happened before through updates and it is a big problem for me, because I use this feature a lot...acme certs for haproxy, local CA for client cert access for haproxy, vpn crt etc.
#4
25.7, 25.10 Series / Re: OPNsense certificates showing error after update from 25.1 to 25.7
August 31, 2025, 10:35:45 PM
Backup restore didnt have any effect on this problem.
#5
25.7, 25.10 Series / Re: System: Trust: Authorities - error
August 31, 2025, 06:24:27 PM
I found out that certificates work ok, until upgrade to 25.7 version. Last working version is OPNsense 25.1.12-amd64. After upgrade to 25.7, certificate trust inside opnsense stop showing certificates, dashboard plugin "certificates" showing error and certificate part of opnsense is dead :(
#6
25.7, 25.10 Series / OPNsense certificates showing error after update from 25.1 to 25.7
August 15, 2025, 11:19:43 PM
After update to 25.7, Certificates plugin in dashboard stop showing certs and get stack in constant loading.
When I go to "System: Trust: Authorities" it shows this error:
So Im efectively cut out from managing certificates on my box. Even if I cant access certificate management, certs are still in system because my HAproxy working ok with acme certs and even openvpn with internal certs. So there must be some bug when accessing internat cert storage.
Anybody with same problem here?
When I go to "System: Trust: Authorities" it shows this error:
So Im efectively cut out from managing certificates on my box. Even if I cant access certificate management, certs are still in system because my HAproxy working ok with acme certs and even openvpn with internal certs. So there must be some bug when accessing internat cert storage.
Anybody with same problem here?
#7
Web Proxy Filtering and Caching / Integration of GoAccess
May 19, 2025, 08:10:51 PM
Hello,
didnt found any results about goaccess, so I ask here. Did anybody managed to get goaccess working on opnsense? Has anybody working setup or functional workflow for using goaccess with haproxy or squid logs?
Thx.
didnt found any results about goaccess, so I ask here. Did anybody managed to get goaccess working on opnsense? Has anybody working setup or functional workflow for using goaccess with haproxy or squid logs?
Thx.
#8
Virtual private networks / Broken OpenVPN s2s function
August 14, 2024, 09:46:46 PM
Hi, does anybody have functional s2s openvpn setup with latest opnsense(OPNsense 24.7.1)? Im getting on client side of openvpn setup message: "ERROR: FreeBSD route add command failed: external program exited with error status: 1. "
Problem is descripted here : https://github.com/opnsense/core/issues/7269 , but looks like nobody cares. Such a basic thing must be functional no matter what new upgrade is rolled up. How can I trust new updates if it results in problems like this? Opnsense team need to do more testing of basic things like this before roll up of new updates. This is home setup, now imagine you deploy this for your customer...cmon guys........
Problem is descripted here : https://github.com/opnsense/core/issues/7269 , but looks like nobody cares. Such a basic thing must be functional no matter what new upgrade is rolled up. How can I trust new updates if it results in problems like this? Opnsense team need to do more testing of basic things like this before roll up of new updates. This is home setup, now imagine you deploy this for your customer...cmon guys........
#9
General Discussion / Re: HAProxy Client Certificate Authentication for specific backends
January 20, 2024, 09:24:26 PM
This is a little bit older post, but for those who searching for possible solution for this, I can offer main:
I just roll up separate public service with 444 port and dedicated it to specific backends which I want to connect with client cert. I dont need those backends on 443, as these arent ment for public. This is simple and fast solution....
I just roll up separate public service with 444 port and dedicated it to specific backends which I want to connect with client cert. I dont need those backends on 443, as these arent ment for public. This is simple and fast solution....
#10
General Discussion / DNAT+SNAT
September 29, 2021, 11:16:18 PM
I have group of intranet IPs 192.168.0.80-192.168.0.90. If pc with ip from this range make a request for WAN-IP address, it should be redirected to internal ip 192.168.0.20. With iptables, solution is this:
iptables -t nat -A PREROUTING -i $LAN_IF -m iprange --src-range 192.168.0.80-192.168.0.90 -p tcp -d $WAN_IP --dport 443 -j DNAT --to 192.168.0.20:443
iptables -t nat -A POSTROUTING -m iprange --src-range 192.168.0.80-192.168.0.90 -p tcp -d 192.168.0.20 --dport 443 -j SNAT --to-source $WAN_IP
How do I achive this with opnsense?
iptables -t nat -A PREROUTING -i $LAN_IF -m iprange --src-range 192.168.0.80-192.168.0.90 -p tcp -d $WAN_IP --dport 443 -j DNAT --to 192.168.0.20:443
iptables -t nat -A POSTROUTING -m iprange --src-range 192.168.0.80-192.168.0.90 -p tcp -d 192.168.0.20 --dport 443 -j SNAT --to-source $WAN_IP
How do I achive this with opnsense?
#11
General Discussion / Re: Block IP address from local LAN network
September 20, 2021, 07:34:35 PM
Hm, I has same config just with destination as WAN net and rule wasn work.
Anyway, thx for tip, it works with "any" as destinantion.
Anyway, thx for tip, it works with "any" as destinantion.
#12
General Discussion / Block IP address from local LAN network
September 20, 2021, 06:40:46 PM
Hello, Im unable to figure out howto simple block a single ip address from local lan. I have ip address 192.168.1.50 from local lan 192.168.1.0/24. On opnsense it represented by LAN interface. I just want to block this IP from accessing internet. With linux iptables it is simple "iptables -A FORWARD -i LANiface -s 192.168.1.50 -o WANiface -j REJECT" and thats all. How do I do this on opnsense? Thx.
Pages1
