Messages

1

General Discussion / Re: UDP Broadcast Relay

« on: December 17, 2021, 05:01:22 pm »

First of all, thank you for this plugin!
I managed to install it offline after a lot of searching for the source files. I am new to OPNSense and to FreeBSD in general and finding those 2 files was not easy for me. 
The issue that I have now is that in my case, I need to use the broadcast address 255.255.255.255 as it is hard-coded by the application, but when I try to set this address in the plugin, the plugin stops after the Save button is pressed and does not start anymore even if I try to start it from the System > Diagnostics > Services area.
In the General log:
/usr/local/etc/rc.d/os-udpbroadcastrelay: WARNING: failed to start osudpbroadcastrelay

It looks like this address is not supported and it may be a value validity check inside the plugin that does not expect this one and gives an error.
Is there a reason why this address is not accepted by the plugin, or maybe, are there some other settings outside this plugin that could cause this issue?

2

21.7 Legacy Series / Re: Web GUI certificate automatic deployment

« on: December 08, 2021, 06:13:33 pm »

Thank you!
I have searched the php scripts again and I think I found my mistake. The cert strings to be imported should already be in PEM form initially, which is a certificate in Base64 format from what I know, but then, the cert_import script is converting those strings again to Base64 using the "base64_encode" php function.
My mistake, I assumed the input cert strings are binary and the conversion to Base64 certs is done by the "/usr/bin/openssl base64".

So, most likely, the previously mentioned script should still be working in the current version.

3

21.7 Legacy Series / Web GUI certificate automatic deployment

« on: December 08, 2021, 11:07:38 am »

I am using the 21.7.1 version and I am trying to deploy automatically inside the OPNSense new SSL and CA certificates. I found this post for an older version: https://forum.opnsense.org/index.php?topic=15139.0 and I tried to adapt it but I got stuck with the insertion of the Base64 certificate string inside the config.xml file.

I do not know how it used to be before, but what I am seeing now, after downloading the config.xml file, is that the cert fields inside the xml do not hold the actual PEM string, but some other string that looks like an encrypted or otherwise modified string, as it is comparable in size with the actual PEM string. The cleartext PEM strings can still be found in the actual cert files: cert.pem and key.pem.

The problem is that if I inject the cleartext PEM certificate strings inside the XML, the webgui fails to restart, probably because of the unexpected cleartext PEM strings inside - which seem to have worked in the past based on the sample script from the older forum post above.

Is this really changed and if so, how can I obtain the modified string to be injected into the config.xml file starting from the cleartext PEM (base64) string?