Messages

1

24.7 Production Series / Cron Job "Update and reload firewall aliases" not working

« on: September 24, 2024, 10:22:01 pm »

Many thanks franco. Fully understand your point.
Sorry for my additional question:
As far as I read inside this forum and github, the refresh frequency of any alias will be checked every minute and be fetched/updated automatically without any triggered cron job.

Possible source: https://github.com/opnsense/core/commit/c5555b2ebc4c2285fb40d3a1a22c1966820bc64e

Therefore, I assume that the cron job will never be fast enough to update any aliases before the aliases will do it by itself. It checks every minute and will fetch/updates it once the refresh frequency is over.

So can it be, that this cron job has no right to exist anymore? 😉

Or does fetching the Alias not updates the according NAT/Rules? Is the update and reload cron job always needed?

Many thanks and take care,
Wrigleys

2

24.7 Production Series / Cron Job "Update and reload firewall aliases" not working

« on: September 24, 2024, 06:22:17 pm »

Hi all

I would like to update my URL Tables (Aliases) at specific times during a day (eg. 6PM) and setup a specific Cron Job for that case "Update and reload firewall aliases".

I see the Log-Entry for it, but no Aliases gets updated:

Code: [Select]

2024-09-24T18:00:00 Notice configd.py [7d88bb16-4d1d-41bd-91a1-60eeb3b86689] refresh url table aliases
Does this Cron Job work for you or are you all using the "Refresh Frequency" attribute inside the URL Table Alias?

Updating URL Tables with "Refresh Frequency" setup works, but the updates will not occur on a specific time (eg. 6PM).

Many thanks for your help.

All the best,
Wrigleys

3

Tutorials and FAQs / Re: How to enable automatic microcode updates

« on: August 21, 2024, 08:26:30 pm »

Hi all,

I can confirm that after reverting the tuneables to default and deleting the line "microcode_update_enable="YES"" in /etc/rc.conf, the microcode update will still be performed after reboot.

Many thanks franco and the whole team for another seamless and struggle-free update.

All the best,
Wrigleys

4

Intrusion Detection and Prevention / Suricata logs gets automatically deleted

« on: August 11, 2024, 09:43:42 pm »

Update from my end:

After triggering some test log entries, the log Date and timestamp (dropdown on top right) gets renewed (really don‘t know why), but the logs are still visible.

Therefore no logs are getting deleted.

Thread closed.

5

Intrusion Detection and Prevention / [SOLVED] Suricata logs gets automatically deleted

« on: August 11, 2024, 11:46:03 am »

Dear Community

I decided to give Suricata with the latest Update to 24.7.1 another try.

My goal is to drop any matching Rule from abuse.ch. As far so good. I noticed, that the Alert Log inside WebGUI gets deleted really often. Sometimes every 20 minutes or at least every few hours. My log rotation is set to Weekly and my logs are stored on RAM. I have used 2GB of my 16GB RAM and 50% of the capacity could be filled by logs.

The suricata service runs stable and it seems working normally exept of missing potential log history.

Did you experience something similar to my findings?

Many thanks for your help.

Best regards
Wrigleys

6

24.1 Legacy Series / Re: Banking App: "something has gone wrong"

« on: June 01, 2024, 06:23:42 pm »

Good evening

I had a similar issue since 24.1.8.
I’m getting strange DNS Resolution issues since the latest Update. After a short period of time, more and more Websites doesn‘t load.

I‘m using Quad9 DNS over TLS inside Unbound and I‘ve listed both IPv4 and IPv6 DNS Resolvers.

After deleting all IPv6 Servers, my DNS issues seems solved (as far as I tested it). This setting was never an issue since a few days.

Hopefully, I can bring some light in this Topic.

Best regards
Wrigleys

7

24.1 Legacy Series / Re: 24.1 - DHCP server moves to KEA - implications?

« on: February 08, 2024, 07:57:52 am »

Good morning everyone

After the migration to KEA DHCP I‘ve noticed that not always all DHCP leases where shown on the Leases Page.
Sometimes a lease showing up and some time later the same lease isn‘t listed anymore, but the corresponding client is still active/online.

Did you noticed missing devices on the lease page too?

All the best and thanks to the Devs for this awesome release!

regards,
Wrigleys

8

German - Deutsch / Re: os-firewall (missing) after Update

« on: January 30, 2024, 08:10:01 pm »

Hi MrsUSBStick

Please have a look at this topic: https://forum.opnsense.org/index.php?topic=38437.0
You can try to "automatic resolve the conflict" by clicking on the button at the Firmware Update Page.
If it's not resolved automatically, try "resetting the conflict".

This should help.

Best regards,
Wrigleys

9

22.7 Legacy Series / Re: Feature Request Poll: "wg genpsk" command in WireGuard GUI

« on: October 12, 2022, 07:16:12 am »

No worries. You all did a great job and will ever do.
A tools-tab is awesome, too.

Please let me know, if I should open a feature request.

Many thanks and take care
Wrigleys

10

22.7 Legacy Series / Re: Feature Request Poll: "wg genpsk" command in WireGuard GUI

« on: October 11, 2022, 09:48:49 pm »

We could add a Tools tab and add some buttons with such commands

Hi mimugmail

This would be awesome and improve security for everyone. 
Stupid question: would it make sense to place this button right next to the „Shared Secret“ Text-Field? Like the „Generate keypair-Button“ in the WireGuard App.

Have a nice evening.

Best,
Wrigleys

11

22.7 Legacy Series / Re: Feature Request Poll: "wg genpsk" command in WireGuard GUI

« on: October 11, 2022, 02:45:53 pm »

Hi chemlud

Not really, but sounds interesting

12

22.7 Legacy Series / Re: Feature Request Poll: "wg genpsk" command in WireGuard GUI

« on: October 11, 2022, 11:24:55 am »

Dear Patrick

Many thanks for your quick reply. Therefore I would like to thank you all @mimugmail, @franco and you @pmhausen for your hard work.

This is correct for the local instance, but primarly I mean when adding a new Endpoint (peer) as @Greelan wrote above --> thanks for that.
There you have a field called "Shared Secret" which will stay empty by default. In my case (security enthusiast), I generate a PSK in the CLI with the command "wg genpsk" and copy the output in that field and also in the client config (for example a phone or tablet).

Sorry for being imprecise in my wording above.

All the best,
Wrigleys

13

22.7 Legacy Series / Feature Request Poll: "wg genpsk" command in WireGuard GUI

« on: October 11, 2022, 09:53:47 am »

Dear all

The current WireGuard plugin is almost perfect. (many thanks to pmhausen).
Except for the generation of the pre-shared key, all settings can be made via the GUI.
The PSK needs to be generated on the CLI itself (wg genpsk).

Now I would like to ask you if you also miss such kind of generation button in the GUI?

@pmhausen: Is such implementation of a generation button possible in the GUI?

If there is an demand of such function, I will open a "feature request" on GitHub.

Many thanks for every reply and all the best
Wrigleys

14

German - Deutsch / Re: RTL+ / TVNow Streamingprobleme auf Apple TV mit OPNsense

« on: August 11, 2022, 10:25:34 am »

Hallo petrosilius,

Vielen Dank für deine Rückmeldung. Ja das habe ich am laufen und habe nun diese URL auf die Whitelist gesetzt.
Läuft einwandfrei! Du hast echt was gut bei mir. TOP! Tausend Dank.

Ich habe bewusst die Blacklist-Funktion in Unbound deaktiviert, aber es ging trotzdem nicht. Vermutlich hatte ich vergessen, den Service neu zu starten. Zudem dachte ich, ein WebUI-Reset löscht alle Einstellungen, aber das macht es nicht. Wer lesen kann ist im Vorteil :-D

Nice, wieder mal was gelernt. Du hast mir wirklich den Tag gerettet.

Beste Grüsse
Wrigleys

PS: Thread kann geschlossen/als gelöst markiert werden. Vielen Dank.

15

German - Deutsch / [GELÖST] RTL+ / TVNow Streamingprobleme auf Apple TV mit OPNsense

« on: August 11, 2022, 09:20:57 am »

Hallo zusammen

Nutzt jemand von euch zufällig RTL+ in Kombination mit OPNsense und einer Apple TV?

Das Login, die Profilauswahl sowie die Mediathek lädt korrekt. Beim starten des Streamings bleibt das Bild jedoch schwarz und lädt nicht (auch keinen Ton). Leider wird auch keine Fehlermeldung angezeigt. Es scheint, als ob der Stream geblockt wird und somit nichts geladen wird.
Auf anderen Endgeräten (iPhones, iPads etc.) läuft alles einwandfrei. Ich habe keine Client-spezifischen Einstellungen aktiv.

Nachfolgendes Diagramm beschreibt mein Netzwerk:

Code: [Select]

      WAN / Internet
            :
            : Public IP from Provider Wingo
            :
      .-----+-----.
      | ISP Router| 192.168.0.254/24
      '-----+-----'
            |
      | DHCP 192.168.0.10/24
            |
      .-----+------.
      |  OPNsense  | 10.10.10.1/24
      '-----+------'
            |
        LAN | DHCP 10.10.10.10-240/24
            |
      .-----+------.
      | LAN-Switch |
      '-----+------'
            |
    ...-----+------... (Clients/Servers)
Was habe ich bereits getestet?

• Factory Reset bei der OPNsense (Version 22.7.1) und ohne Konfiguration/Wizard (Standardeinstellungen). Dies funktionierte leider nicht.
• Wenn ich jedoch die Opnsense durch einen ASUS RT-AC86U Router in der Standardkonfiguration (Factory Reset) ersetze, klappt es auch auf der Apple TV.

Ich bin überzeugt, dass dies mit der OPNsense möglich ist und ich einfach eine Einstellung übersehen habe.

Habt ihr diesbezüglich Erfahrungen / Tipps?

Ich wäre euch sehr dankbar! Besten Dank für jede Rückmeldung.

Beste Grüsse
Daniel