Messages

1

24.7 Production Series / Re: OAuth2 support for opnsense/monit?

« on: October 25, 2024, 03:57:24 pm »

I guess this is not right.

Postfix is a server and can send emails to other servers. I have never seen Postfix to behave as client and authenticate itself as client - MSA. But mybe it is doable with some specific steps.

Anyway here we are talking about clients sending emails -> clients mean Outlook, Thunderbird or any other application behaving as client to the server. Here monit. But other gear may have similar.

Often such clients can send email without authentication to local server.
But to use some public provider, today you need authenticate.

So use SMTP "AUTH" - and very often plain -simple user/password.
Now MS will remove it and will use OATH authentication.

So no, MS does not remove SMTP AUTH, just changes the auth method and client has to support it.

2

24.7 Production Series / Re: snapshot auto recovery

« on: October 21, 2024, 04:30:37 pm »

I see that freebsd has cron with @reboot and 'at' so in theory that could be general option in cron to run after reboot and after reboot + delay.

3

24.7 Production Series / Re: snapshot auto recovery

« on: October 17, 2024, 10:34:43 am »

My point was about remote systems only.

I think there are 2 different scenarios:
1. own upgrade is fine ->  it boots up and works, but admin cannot login back for management.
For example due to some bug, the PPPoE client does not auth, vpn tunnel is down so box not accesible from outside, or other functional problem

2. the own upgrade fail - the system does not boot up -> broken kernel, kernel panic, wrongly written data to disk etc.


My point was to resolve scenario 1.

I use something similar on Mikrotiks.

point 1 on MT:
- have a script which switch active partition and reboot
- before upgrade, I enable scheduler which run the script 10m after boot up
- if I can login, do some test with positive results, then I disable the scheduler
- if cannot login the system reverts back to backup partition and all should work as before

point 2 on MT:
- they wrote in docs that there is some fallback/recovery to next partition if system does not boot up
- I've never experienced
- I do not know how that do that, but they have too own bootloader/bios (even watchdog feature), so it can be bounded
and if system not boot up then the bios will reboot and boot next partition. Do not know.

Anyway my point was to resolve somehow the scenario 1. Idea was through some cron job.
Anyway it should be manual process - enable the cron job for revert snapshot and reboot and then admin to disable the job
if all is OK.

Nothing big to do, just have an option for controlled revert.

The point 2 can much more complicated to think about and implement.

4

24.7 Production Series / snapshot auto recovery

« on: October 16, 2024, 10:37:50 am »

I've recently switched to ZFS to have a snapshots.
Looking a way for automatic snapshot activation and reboot to get original state.

Do not see such option in cron section. Could that be added?

The scenario when doing remote upgrade is below:
- create new snapshot with known good state
- create cron job 20/30m in future
- run upgrade
- if I cannot log in back to box and manage it -> cron will change active snapshot and reboot
- if I can log in, just disable the cron job

The goal is auto recovery from state when vpn tunnel is down, PPPoE does not come up with new version etc.

The best would up autostart the recovery some time after boot up, anyway the cron job to specific time is sufficient, just could accept the name of snaphost to activate.

5

24.7 Production Series / Error with certs

« on: October 16, 2024, 10:24:54 am »

Hi,

got small error, no impact, just looking how to fix it.

1. I have SD card with UFS, upgraded to 24.7.6 from previous version -> no error.

2. new install
- took new SD card and put ZFS. Installed 24.7
- load old config from 24.7 hotfix 5 to get internet quickly
- upgraded to 24.7.6
- install missing packages
- restore config for 24.7.6 from SD card 1

All works, except error below. I think it showed up after the install of 24.7.

Error:
Traceback (most recent call last):
  File "/usr/local/opnsense/scripts/system/certctl.py", line 203, in <module>
    cmds[sys.argv[1]]()
  File "/usr/local/opnsense/scripts/system/certctl.py", line 160, in cmd_rehash
    os.symlink(src_filename, dst_filename)
FileNotFoundError: [Errno 2] No such file or directory: '/usr/share/certs/untrusted/Staat_der_Nederlanden_c' -> '/etc/ssl/blacklisted/03179a64.0'


It looks like the blacklisted dir is missing. Is there a way to fix this? thx

6

24.7 Production Series / Re: serial console not working when no monitor plugged in

« on: August 18, 2024, 07:17:47 pm »

Take a new serial cable.
I had before similar issues, nothing I have tried worked. Just got new cable and all works flawlessly.

7

General Discussion / Re: Interfaces in Multiple Groups

« on: March 18, 2022, 12:20:02 pm »

Got the same problem. Thanks for test.

Another example can be. Wnat some rules for all interfaces and some rules for subset only.

Group_A: LAN1, LAN2, LAN3, DMZ1, DMZ2
Group_B: LAN1, LAN2, LAN3

The sort is now based on the 'name'.

Maybe good point to be confirmed by dev and to be documented.