Messages

1

Tutorials and FAQs / Re: ACME sftp automation

« on: December 28, 2022, 02:40:54 am »

Ok, think I've got it working (well, I got the green "Connection and upload test successful" message)
I didn't take full notes as I've been trying all sorts of things over the last week, but I think this is how I did it 
(Intermediate steps may be missing)

• On the ubuntu box, create a user id (non admin), for opnsense to log into using sftp
• ssh into the firewall and get the contents of /var/etc/acme-client/sftp-config/id.ecdsa.pub
• ssh into the ubuntu box as the id that will be used by opnsense acme for the sftp.
• Add the contents of the id.ecdsa.pub file to the .ssh/authorized_keys file.
• ssh into the firewall as admin account.
• sudo su - to get the opnsense menu
• Option 8 to get the shell
• sftp to the ubuntu box as the id that will be used by opnsense acme for the sftp.
• Enter 'yes' to accept the fingerprint
• On the acme automations gui, create the new automation and select the 'upload certificate via SFTP' Run Command.
  
  • SFTP Host - the host name of the ubuntu box
  • Host Key - leave blank
  • Username - the id that will be used by opnsense acme for the sftp
  • Identity Type - leave as ECDSA
  • Remote Path - leave blank.
  • Hit 'Save' (possibly overkill)
  • Re-edit the automation and hit the 'Test Connection' button

2

Tutorials and FAQs / ACME sftp automation

« on: December 25, 2022, 05:02:52 am »

Does anyone have simple, step-by-step instructions on getting the sftp automation to work? It's doing my head in. 
I just want to upload the new certs to a folder on an Ubuntu box.

Going in circles as to what to put in the 'Host Key' field and what I need to do on the Ubuntu box itself.

User to be used on Ubuntu has been created and I can successfully log in as it via command-line ssh and sftp.

TIA

3

22.1 Legacy Series / Re: OPNSense, UPS, Nut, SNMP-Driver, SNMPv1 or SNMPv3

« on: July 31, 2022, 07:27:31 am »

I believe it's a MIB issue. Have the mib file, beyond my current skill level to make it work though.

4

22.1 Legacy Series / Re: OPNSense, UPS, Nut, SNMP-Driver, SNMPv1 or SNMPv3

« on: July 20, 2022, 04:02:54 am »

Bashing my head against the wall here.
Followed your instructions (finally, someone who's documented the snmp config process fully)
Config appears ok ie. Nut service is running and diagnostics is showing correctly and updating (tested by switching off the power, input.voltage etc dropped to 0

battery.charge: 100
battery.current: 0
battery.runtime: 3780
battery.runtime.elapsed: 0
battery.voltage: 27
battery.voltage.nominal: 24
device.contact: Administrator
device.description: UPS SNMP Card
device.location: [redacted]
device.mfr: CYBERPOWER
device.model: OLS1000ERT2UA
device.serial: [redacted]
device.type: ups
driver.name: snmp-ups
driver.parameter.authProtocol: SHA
driver.parameter.pollinterval: 2
driver.parameter.port: [redacted]
driver.parameter.PrivProtocol: AES
driver.parameter.secLevel: authPriv
driver.parameter.snmp_version: v3
driver.parameter.synchronous: auto
driver.version: 2.8.0
driver.version.data: cyberpower MIB 0.51
driver.version.internal: 1.21
input.frequency: 50
input.voltage: 242.50
output.current: 0
output.frequency: 50
output.voltage: 240
ups.delay.reboot: 0
ups.delay.shutdown: 180
ups.delay.start: 0
ups.firmware: OS02RV11
ups.load: 8
ups.mfr: CYBERPOWER
ups.model: OLS1000ERT2UA
ups.serial: [redacted]
ups.status:

The System General log file on the other hand is showing errors:

Date   Severity   Process   Line
2022-07-20T11:56:16   Notice   upsmon   UPS cyberpower is unavailable   
2022-07-20T11:56:11   Notice   upsmon   Communications with UPS cyberpower lost   
2022-07-20T11:56:06   Error   upsmon   Login on UPS [cyberpower] failed - got [ERR ACCESS-DENIED]   
2022-07-20T11:56:06   Warning   upsd   /usr/local/etc/nut/upsd.users is world readable   
2022-07-20T11:56:06   Warning   upsd   /usr/local/etc/nut/upsd.conf is world readable   
2022-07-20T11:56:05   Error   snmp-ups   [cyberpower] unhandled ASN 0x5 received from .1.3.6.1.4.1.3808.1.1.1.7.2.7.0   
2022-07-20T11:54:49   Error   upsd   mainloop: Interrupted system call   
2022-07-20T11:54:49   Error   upsmon   upsmon parent: read

Any suggestions as to where to look?
Trying to avoid a usb connection if I can.
TIA