Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - fxsaddict

Pages: [1]

24.1 Legacy Series / Re: i lost internet after a shutdown

« on: February 14, 2024, 12:00:47 am »

@MikeH
Internet-box 3 (Port 2.5G) -> FW Protectli
Seems to me i had not this problem with opnsense 23 !
@CJ
Internet-box 3 (Port 2.5G) -> FW Protectli
Sometimes I turn off the firewall.
When I turned it back on, I lost the internet connection.
By now I see the wan_gw is gone.
I do the maneuvers indicated above with system>wizard and I recover the internet connection. Same thing with some reboots.
Could be a variant of https://forum.opnsense.org/index.php?topic=38453.0

24.1 Legacy Series / i lost internet after a shutdown

« on: February 13, 2024, 12:47:06 pm »

I have a protectli i7, ram 16g, 480ssd, 6 ports, coreboot.
Due to some difficulties, I did a fresh installation with OPNsense 24.1.1-amd64, FreeBSD 13.2-RELEASE-p9, OpenSSL 3.0.13.
Sometimes I turn off the device. After a restart, the firewall loses internet. I have to do a wizard by setting the correct static address for wan, then a second wizard pass with dhcp. The wan takes the correct ip address from the swisscom router. And then everything is ok. The maneuver is reproducible after a shutdown.

Zenarmor (Sensei) / Re: unable to reinstall zenarmor

« on: May 31, 2023, 09:44:08 am »

hi,

Login as administrator and root (I check that).
But I receive the message "permission denied"
Is there somme specificities related to freebsd?
I gogle but didn't find any solution.
thanks for your help

Zenarmor (Sensei) / Re: OPNsense upgrade failure with Zenarmor (23.1.7)

« on: May 29, 2023, 09:56:15 am »

update:
i receive an answer from helpdesk:
Thanks for reaching out and letting us know about the problem.
"
Is the FW reachable? Can you try to stop Zenarmor packet Engine by runnig the command "service eastpect stop" on the console as root? Then please change the deployment mode to emulated driver in Configuration - General - Deployment Mode - L3 Routed mode with netmap emulated driver on GUI.
"
I start a new post because i was unable to reinstall zenarmor

Zenarmor (Sensei) / unable to reinstall zenarmor

« on: May 29, 2023, 09:52:35 am »

when i upgrade previously from 23.1.7, firewall go down.
i had to reinitialise everything.
everything works but zenarmor.
I upgrade to 23.1.8
I had to reinstall zenarmor
i check agree terms of service
I see :
cpu model: intel(R) core(TM)i7-8550 cpu @ 1.80ghz
cpu score 676572
physical memory size: 16gb
congratulations! your hadware looks great.
but the bar din't progress and nothing happens (1h).
I reinsttall zenarmor but no change.
protectli f6w dd 500g
active subscription from almost 3 y
what should i do?

Zenarmor (Sensei) / Re: OPNsense upgrade failure with Zenarmor (23.1.7)

« on: May 22, 2023, 08:57:14 pm »

23-7-1

Zenarmor (Sensei) / Re: OPNsense upgrade failure with Zenarmor (23.1.7)

« on: May 22, 2023, 08:55:55 pm »

I have à similar issue. Don’t upgrade. This is Bullshit.
Everything down.
I don’t use suricat.
I have a protection i7

Intrusion Detection and Prevention / Re: [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102), etc.

« on: October 31, 2022, 11:43:37 pm »

up help me please

Intrusion Detection and Prevention / [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102), etc.

« on: October 24, 2022, 12:53:51 pm »

[ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102), [ERRCODE: SC_ERR_INVALID_SIGNATURE(39), [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)]

I want to have suricat that inspects wan interface and zenarmon inspects lan, dmz and wifi. crowdsec runs also.
is snortrules-snapshot-29151.tar.gz compatible with the version of suricat provided by opnsense 22.7.6? (i have paid snort subscription and snort_vrt.oinkcode is ok).
the firewall is behind a router provides by isp. should i use advanced mode (settings page)? if yes, what should i put in home networks? leave blank? ip interface wan? ip lan, dmz, wifi?
thanks for help
regards

Code: [Select]


2022-10-24T12:42:58	Error	suricata	[103231] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Oracle GlassFish Server authentication bypass attempt"; flow:to_server,established; content:"GET"; nocase; http_method; content:"/applications/upload"; http_uri; pcre:"/^(Frame)?\.jsf/R"; content:!"JSESSIONID="; flowbits:set,glassfish_unauth_attempt; metadata:policy max-detect-ips drop, service http; reference:bugtraq,47438; reference:cve,2011-0807; classtype:attempted-admin; sid:20159; rev:9;)" from file /usr/local/etc/suricata/opnsense.rules/snort_vrt.server-webapp.rules at line 3546	
2022-10-24T12:42:58	Error	suricata	[103231] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - pcre with /R (relative) needs preceding match in the same buffer	
2022-10-24T12:42:58	Error	suricata	[103231] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Multiple products DVR admin password leak attempt"; flow:to_server,established; content:"/device.rsp"; fast_pattern:only; http_uri; content:"uid="; http_raw_cookie; content:"cmd=list"; http_uri; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2018-9995; classtype:web-application-attack; sid:46825; rev:2;)" from file /usr/local/etc/suricata/opnsense.rules/snort_vrt.server-webapp.rules at line 1122	
2022-10-24T12:42:58	Error	suricata	[103231] <Error> -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'http_raw_cookie'.	
2022-10-24T12:42:58	Error	suricata	[103231] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Grandstream UCM6202 series SQL injection attempt"; flow:to_server,established; content:"user_name="; fast_pattern:only; http_uri; urilen:4; content:"/cgi"; nocase; http_uri; pcre:"/[?&]user_name=[^&]*?([\x27\x22\x3b\x23\x28]|\x2f\x2a|\x2d\x2d)/Ui"; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2020-5722; classtype:web-application-attack; sid:53858; rev:2;)" from file /usr/local/etc/suricata/opnsense.rules/snort_vrt.server-webapp.rules at line 202

22.7 Legacy Series / Re: OPNsense 22.7_4: Loss of Network Connectivity

« on: August 11, 2022, 12:27:39 pm »

I don't understand the discussion : did you solve the problem?
My firewall's backup 22.1.10 was in nextcloud. By now, I can't have this file: Murphy's law!
What can I do?
thanks

22.7 Legacy Series / Re: Fetching changelog information, please wait... fetch: transfer timed out

« on: August 11, 2022, 11:45:04 am »

small lan (pcs linuxmint or win, mac, microservers ubuntu/linuxmint - ufw no ipv6, managed switch -no ipv6, wifi) -> firewall (no ipv6 in initial setup-> box internet provider (no ipv6).

The initial setup was made without ipv6.

No change was made recently (without exception regular update)

If somebody tells me where I can can double check the config, i will...

Other facts:

system logfiles bakend
2022-08-10T08:16:46   Error   configd.py   [d5095e33-7fea-4571-bb7e-c463be8a315e] Script action failed with Command 'pkg update -q && pkg rquery -U "%n|||%v|||%c|||%sh|||0|||0|||%L|||%R|||%o" ' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 482, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command 'pkg update -q && pkg rquery -U "%n|||%v|||%c|||%sh|||0|||0|||%L|||%R|||%o" ' returned non-zero exit status 1.
2022-08-10T07:56:30   Error   configd.py   Timeout (120) executing : firmware remote
2022-08-10T01:50:22   Error   configd.py   [677b51f3-0277-4d8d-a4ce-d568a1b36010] Script action stderr returned "b'pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: No address record\npkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: No address record\npkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz'"

system logfiles general
2022-08-11T00:22:32   Error   opnsense   /usr/local/etc/rc.newwanip: On (IP address: 192.168.2.131) (interface: WAN[wan]) (real interface: igb1).
2022-08-11T00:22:32   Error   opnsense   /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'igb1'
2022-08-11T00:22:32   Error   dhclient   unknown dhcp option value 0x7d
2022-08-11T00:19:42   Error   send_heartbeat.py   connection error sending heartbeat to https://opnsense.emergingthreats.net/api/v1/telemetry

22.7 Legacy Series / Re: Fetching changelog information, please wait... fetch: transfer timed out

« on: August 10, 2022, 07:19:05 pm »

is it normal i see 22.7.1, 22.7 (installed) with changelog instead of 22.7_4 ?
is it discrepancy?

Lobby.dashboard
Versions   OPNsense 22.7_4-amd64
FreeBSD 13.1-RELEASE
OpenSSL 1.1.1q 5 Jul 2022
Updates   Click to view pending updates.
CPU type   Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz (4 cores, 8 threads)
Memory usage 18 % ( 2953/16244 MB )
Disk usage 1% / [ufs] (4.2G/424G)

System:Firmware:status
Type   opnsense
Version   22.7_4
Architecture   amd64
Flavour   OpenSSL
Commit   909dcabd5
Mirror   https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Repositories   OPNsense, SunnyValley
Updated on   Wed Aug 10 00:21:08 CEST 2022
Checked on   Wed Aug 10 10:48:45 CEST 2022

System:Firmware: changelog
Version   Date
22.7.1   2022-08-09
22.7 (installed)   2022-07-28
22.1.10   2022-07-07

22.7 Legacy Series / Re: Fetching changelog information, please wait... fetch: transfer timed out

« on: August 10, 2022, 10:04:56 am »

other hints:

# /sbin/ping -4 -c '3' 'google.com'
ping: cannot resolve google.com: Host name lookup failure

# /sbin/ping -4 -c '3' 'pkg.opnsense.org'
ping: cannot resolve pkg.opnsense.org: Host name lookup failure

# /sbin/ping -4 -c '3' '89.149.211.205'
PING 89.149.211.205 (89.149.211.205): 56 data bytes

--- 89.149.211.205 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

behind the firewall, ping seems ok

# /sbin/ping -4 -c '3' '192.168.x0.y0y'
PING 192.168.x0.y0y (192.168.x0.y0y): 56 data bytes
64 bytes from 192.168.x0.y0y: icmp_seq=0 ttl=255 time=0.321 ms
64 bytes from 192.168.x0.y0y: icmp_seq=1 ttl=255 time=0.436 ms
64 bytes from 192.168.x0.y0y: icmp_seq=2 ttl=255 time=0.448 ms

--- 192.168.x0.y0y ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.321/0.402/0.448/0.057 ms

inside lan, dmz, ... we can reach everything

22.7 Legacy Series / Re: Fetching changelog information, please wait... fetch: transfer timed out

« on: August 10, 2022, 08:24:48 am »

same situation as above.
before upgrading everything was ok
please help Mr Franco
thanks a lot for opnsense
best regerds

Code: [Select]

upgraded from 22.1.10 to 22.7
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 22.7_4 (amd64/OpenSSL) at Wed Aug 10 07:54:30 CEST 2022
Fetching changelog information, please wait... fetch: transfer timed out
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: No address record
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: No address record
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: No address record
Unable to update repository OPNsense
Updating SunnyValley repository catalogue...
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.7/OpenSSL/latest/meta.txz: No address record
repository SunnyValley has no meta file, using default settings
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.7/OpenSSL/latest/packagesite.pkg: No address record
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.7/OpenSSL/latest/packagesite.txz: No address record
Unable to update repository SunnyValley
Error updating repositories!
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.

***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 22.7_4 (amd64/OpenSSL) at Wed Aug 10 08:22:32 CEST 2022
No IPv4 address could be found for host: pkg.opnsense.org
No IPv6 address could be found for host: pkg.opnsense.org
***DONE***

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.7_4 (amd64/OpenSSL) at Wed Aug 10 08:23:16 CEST 2022
>>> Check installed kernel version
Version 22.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
SunnyValley
OPNsense
>>> Check installed plugins
os-dnscrypt-proxy 1.12
os-dyndns 1.27_3
os-etpro-telemetry 1.6_1
os-intrusion-detection-content-snort-vrt 1.1_1
os-nextcloud-backup 1.0_1
os-sensei 1.11.4
os-sensei-updater 1.11
os-sunnyvalley 1.2_2
os-wireguard 1.11
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 63 dependencies to check.
Checking packages: .
beep-1.0_1 has no upstream equivalent
Checking packages: .
ca_root_nss-3.80 has no upstream equivalent
Checking packages: .
choparp-20150613 has no upstream equivalent
Checking packages: .
cpustats-0.1 has no upstream equivalent
Checking packages: .
dhcp6c-20200512_1 has no upstream equivalent
Checking packages: .
dnsmasq-2.86_4,1 has no upstream equivalent
Checking packages: .
dpinger-3.2 has no upstream equivalent
Checking packages: .
expiretable-0.6_2 has no upstream equivalent
Checking packages: .
filterlog-0.6 has no upstream equivalent
Checking packages: .
flock-2.37.2 has no upstream equivalent
Checking packages: .
flowd-0.9.1_3 has no upstream equivalent
Checking packages: .
hostapd-2.10_5 has no upstream equivalent
Checking packages: .
ifinfo-13.0 has no upstream equivalent
Checking packages: .
iftop-1.0.p4 has no upstream equivalent
Checking packages: .
isc-dhcp44-relay-4.4.2P1 has no upstream equivalent
Checking packages: .
isc-dhcp44-server-4.4.2P1_1 has no upstream equivalent
Checking packages: .
lighttpd-1.4.65 has no upstream equivalent
Checking packages: .
monit-5.32.0 has no upstream equivalent
Checking packages: .
mpd5-5.9_9 has no upstream equivalent
Checking packages: .
ntp-4.2.8p15_5 has no upstream equivalent
Checking packages: .
openssh-portable-8.9.p1_4,1 has no upstream equivalent
Checking packages: .
openssl-1.1.1q,1 has no upstream equivalent
Checking packages: .
openvpn-2.5.7 has no upstream equivalent
Checking packages: .
opnsense-22.7_4 has no upstream equivalent
Checking packages: .
opnsense-installer-22.1 has no upstream equivalent
Checking packages: .
opnsense-lang-22.7 has no upstream equivalent
Checking packages: .
opnsense-update-22.7 has no upstream equivalent
Checking packages: .
pam_opnsense-19.1.3 has no upstream equivalent
Checking packages: .
pftop-0.8 has no upstream equivalent
Checking packages: .
php80-ctype-8.0.20 has no upstream equivalent
Checking packages: .
php80-curl-8.0.20 has no upstream equivalent
Checking packages: .
php80-dom-8.0.20 has no upstream equivalent
Checking packages: .
php80-filter-8.0.20 has no upstream equivalent
Checking packages: .
php80-gettext-8.0.20 has no upstream equivalent
Checking packages: .
php80-google-api-php-client-2.4.0 has no upstream equivalent
Checking packages: .
php80-ldap-8.0.20 has no upstream equivalent
Checking packages: .
php80-pdo-8.0.20 has no upstream equivalent
Checking packages: .
php80-pecl-radius-1.4.0b1_2 has no upstream equivalent
Checking packages: .
php80-phalcon-5.0.0.r2 has no upstream equivalent
Checking packages: .
php80-phpseclib-2.0.37 has no upstream equivalent
Checking packages: .
php80-session-8.0.20 has no upstream equivalent
Checking packages: .
php80-simplexml-8.0.20 has no upstream equivalent
Checking packages: .
php80-sockets-8.0.20 has no upstream equivalent
Checking packages: .
php80-sqlite3-8.0.20 has no upstream equivalent
Checking packages: .
php80-xml-8.0.20 has no upstream equivalent
Checking packages: .
php80-zlib-8.0.20 has no upstream equivalent
Checking packages: .
pkg-1.17.5_1 has no upstream equivalent
Checking packages: .
py39-Jinja2-3.0.1 has no upstream equivalent
Checking packages: .
py39-dnspython-2.2.1_1,1 has no upstream equivalent
Checking packages: .
py39-netaddr-0.8.0 has no upstream equivalent
Checking packages: .
py39-requests-2.28.1 has no upstream equivalent
Checking packages: .
py39-sqlite3-3.9.13_7 has no upstream equivalent
Checking packages: .
py39-ujson-5.0.0 has no upstream equivalent
Checking packages: .
py39-vici-5.9.3 has no upstream equivalent
Checking packages: .
radvd-2.19_1 has no upstream equivalent
Checking packages: .
rrdtool-1.7.2_6 has no upstream equivalent
Checking packages: .
samplicator-1.3.8.r1_1 has no upstream equivalent
Checking packages: .
squid-4.15 has no upstream equivalent
Checking packages: .
strongswan-5.9.6_2 has no upstream equivalent
Checking packages: .
sudo-1.9.11p3 has no upstream equivalent
Checking packages: .
suricata-6.0.6 has no upstream equivalent
Checking packages: .
syslog-ng-3.37.1 has no upstream equivalent
Checking packages: .
unbound-1.16.1 has no upstream equivalent
Checking packages: .
wpa_supplicant-2.10_6 has no upstream equivalent
Checking packages: .
zip-3.0_1 has no upstream equivalent
***DONE***

Pages: [1]