"
It works now after uninstalling the plugin and deleting the directory /usr/local/etc/crowdsec/. Then I reinstalled the plugin and everything worked.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
General Discussion / Problem setting up crowdsec on 25.1.5_5
Today at 10:41:17 AM
I have registered an account https://app.crowdsec.net/
I just installed the Crowdsec plugin, but when the plugin is started, I can see
time="2025-04-28T10:35:40+02:00" level=fatal msg="api server init: unable to run local API: authenticate watcher (39c802cb69db11eda3cb207c14a24ab467P3tf3hl3fpnX7w): API error: Unauthenticated"
in /var/log/crowdsec/crowdsec.log
When I try to enroll the instance with the enrollment command provided in my Crowdsec dashboard, I get
cscli console enroll -e context cma0sq2mx0003ib08raXXXXXX
Error: could not enroll instance: Post "https://api.crowdsec.net/v3/watchers/enroll": API error: Unauthenticated
What's wrong?
Thanks
Roland
I just installed the Crowdsec plugin, but when the plugin is started, I can see
time="2025-04-28T10:35:40+02:00" level=fatal msg="api server init: unable to run local API: authenticate watcher (39c802cb69db11eda3cb207c14a24ab467P3tf3hl3fpnX7w): API error: Unauthenticated"
in /var/log/crowdsec/crowdsec.log
When I try to enroll the instance with the enrollment command provided in my Crowdsec dashboard, I get
cscli console enroll -e context cma0sq2mx0003ib08raXXXXXX
Error: could not enroll instance: Post "https://api.crowdsec.net/v3/watchers/enroll": API error: Unauthenticated
What's wrong?
Thanks
Roland
#3
24.7, 24.10 Legacy Series / Re: Duplicate Echo Reply Received
October 07, 2024, 10:44:07 PM
I am seeing the same messages from my dual WAN setup.
2024-10-07T22:36:00 Warning dpinger WAN2_DHCP 8.8.4.4: duplicate echo reply received
2024-10-07T21:16:09 Warning dpinger WAN2_DHCP 8.8.4.4: duplicate echo reply received
2024-10-07T21:02:47 Warning dpinger WAN2_DHCP 8.8.4.4: duplicate echo reply received
2024-10-07T18:33:54 Warning dpinger WAN2_DHCP 8.8.4.4: duplicate echo reply received
2024-10-07T22:36:00 Warning dpinger WAN2_DHCP 8.8.4.4: duplicate echo reply received
2024-10-07T21:16:09 Warning dpinger WAN2_DHCP 8.8.4.4: duplicate echo reply received
2024-10-07T21:02:47 Warning dpinger WAN2_DHCP 8.8.4.4: duplicate echo reply received
2024-10-07T18:33:54 Warning dpinger WAN2_DHCP 8.8.4.4: duplicate echo reply received
#4
General Discussion / High latency pinging the Opnsense LAN interface
November 08, 2023, 09:52:10 PM
Still observing random high latency pinging the Opnsense LAN interface 192.168.1.1 From the same PC I am pinging two other internal IP's 192.168.1.2 and 192.168.1.192 with no latency issues.
This is really annoying because my latency-sensitive voice applications (internet-based) don't like it.
This is really annoying because my latency-sensitive voice applications (internet-based) don't like it.
#5
General Discussion / Re: High Latency - every 8 hours
November 08, 2023, 08:05:35 AM
When switching off REPORTING: NETFLOW the observed high-latency disappears.
#6
General Discussion / Re: High Latency - every 8 hours
November 07, 2023, 03:15:39 PM
in /var/log/system/latest.log I see these log entries every time this happens.
<13>1 2023-11-07T04:01:09+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum dst_port_000300.sqlite
<13>1 2023-11-07T04:01:09+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum dst_port_003600.sqlite
<13>1 2023-11-07T04:01:09+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum dst_port_086400.sqlite
<13>1 2023-11-07T04:05:20+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum src_addr_details_086400.sqlite
<13>1 2023-11-07T04:08:13+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum src_addr_000300.sqlite
<13>1 2023-11-07T04:08:13+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum src_addr_003600.sqlite
<13>1 2023-11-07T04:08:13+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum src_addr_086400.sqlite
<13>1 2023-11-07T04:09:29+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum interface_000030.sqlite
<13>1 2023-11-07T04:09:30+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum interface_000300.sqlite
<13>1 2023-11-07T04:09:31+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum interface_003600.sqlite
<13>1 2023-11-07T04:09:31+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="4"] vacuum interface_086400.sqlite
<13>1 2023-11-07T04:09:31+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="5"] vacuum done
<13>1 2023-11-07T12:01:48+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum dst_port_000300.sqlite
<13>1 2023-11-07T12:01:48+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum dst_port_003600.sqlite
<13>1 2023-11-07T12:01:48+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum dst_port_086400.sqlite
<13>1 2023-11-07T12:05:56+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum src_addr_details_086400.sqlite
<13>1 2023-11-07T12:08:17+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum src_addr_000300.sqlite
<13>1 2023-11-07T12:08:17+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum src_addr_003600.sqlite
<13>1 2023-11-07T12:08:17+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum src_addr_086400.sqlite
<13>1 2023-11-07T12:09:24+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum interface_000030.sqlite
<13>1 2023-11-07T12:09:25+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum interface_000300.sqlite
<13>1 2023-11-07T12:09:26+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum interface_003600.sqlite
<13>1 2023-11-07T12:09:26+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="4"] vacuum interface_086400.sqlite
<13>1 2023-11-07T12:09:26+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="5"] vacuum done
Has this something to do with reporting?
<13>1 2023-11-07T04:01:09+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum dst_port_000300.sqlite
<13>1 2023-11-07T04:01:09+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum dst_port_003600.sqlite
<13>1 2023-11-07T04:01:09+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum dst_port_086400.sqlite
<13>1 2023-11-07T04:05:20+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum src_addr_details_086400.sqlite
<13>1 2023-11-07T04:08:13+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum src_addr_000300.sqlite
<13>1 2023-11-07T04:08:13+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum src_addr_003600.sqlite
<13>1 2023-11-07T04:08:13+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum src_addr_086400.sqlite
<13>1 2023-11-07T04:09:29+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum interface_000030.sqlite
<13>1 2023-11-07T04:09:30+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum interface_000300.sqlite
<13>1 2023-11-07T04:09:31+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum interface_003600.sqlite
<13>1 2023-11-07T04:09:31+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="4"] vacuum interface_086400.sqlite
<13>1 2023-11-07T04:09:31+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="5"] vacuum done
<13>1 2023-11-07T12:01:48+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum dst_port_000300.sqlite
<13>1 2023-11-07T12:01:48+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum dst_port_003600.sqlite
<13>1 2023-11-07T12:01:48+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum dst_port_086400.sqlite
<13>1 2023-11-07T12:05:56+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum src_addr_details_086400.sqlite
<13>1 2023-11-07T12:08:17+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum src_addr_000300.sqlite
<13>1 2023-11-07T12:08:17+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum src_addr_003600.sqlite
<13>1 2023-11-07T12:08:17+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum src_addr_086400.sqlite
<13>1 2023-11-07T12:09:24+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum interface_000030.sqlite
<13>1 2023-11-07T12:09:25+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum interface_000300.sqlite
<13>1 2023-11-07T12:09:26+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum interface_003600.sqlite
<13>1 2023-11-07T12:09:26+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="4"] vacuum interface_086400.sqlite
<13>1 2023-11-07T12:09:26+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="5"] vacuum done
Has this something to do with reporting?
#7
General Discussion / High Latency - every 8 hours
November 07, 2023, 03:01:07 PM
I am observing high-latency pings to the local wired Interface of the Opnsense firewall from the LAN. Starting at 4 am (CET) latency climbs to 2500 for about 2-3 minutes, repeating every 8 hours.
I can replicate the issue on every interface. For troubleshooting purposes, I have configured a new interface put a Windows machine in the newly configured Network, and connected it with an ethernet cable directly to the Opnsense firewall, with no switch in between. Just the Win PC -- ethernet cable - Opnsense. I don't see any interface errors or collisions in the statistics.
Again the issue repeats every 8 hours, starting at 4am. Trying to understand what is causing this behavior.
I can replicate the issue on every interface. For troubleshooting purposes, I have configured a new interface put a Windows machine in the newly configured Network, and connected it with an ethernet cable directly to the Opnsense firewall, with no switch in between. Just the Win PC -- ethernet cable - Opnsense. I don't see any interface errors or collisions in the statistics.
Again the issue repeats every 8 hours, starting at 4am. Trying to understand what is causing this behavior.
#8
General Discussion / Re: DNS weirdness - Unbound DNS
October 31, 2023, 04:55:40 PM
Nope, wrong direction. Zenarmor was the problem. Zenarmor -> servers.rmnoise.com -> parked domain, returns 100.64.3.4. Now fixed
#9
General Discussion / Re: DNS weirdness - Unbound DNS
October 31, 2023, 04:27:25 PM
The FW gets the correct IP's
16:23:46.614491 IP 84-73-XXX-XXX.dclient.hispeed.ch.48804 > dns.google.domain: 61194+ [1au] A? servers.rmnoise.com. (48)
16:23:46.633358 IP dns.google.domain > 84-73-XXX-XXX.dclient.hispeed.ch.48804: 61194 2/0/1 A 174.170.161.132, A 184.80.221.105 (80)
16:23:46.614491 IP 84-73-XXX-XXX.dclient.hispeed.ch.48804 > dns.google.domain: 61194+ [1au] A? servers.rmnoise.com. (48)
16:23:46.633358 IP dns.google.domain > 84-73-XXX-XXX.dclient.hispeed.ch.48804: 61194 2/0/1 A 174.170.161.132, A 184.80.221.105 (80)
#10
General Discussion / Re: DNS weirdness - Unbound DNS
October 31, 2023, 03:56:42 PM
No overrides configured
#11
General Discussion / DNS weirdness - Unbound DNS
October 31, 2023, 03:13:04 PM
I am puzzled. A DNS request for servers.rmnoise.com returns IP address 100.64.3.4 while the real IP addresses are 184.80.221.105 AND 174.170.161.132. 192.168.1.1 is my Opnsense FW. Here is a Wireshark capture.
I don't have any DNS issues at all besides the one with servers.rmnoise.com.
Any ideas?
I don't have any DNS issues at all besides the one with servers.rmnoise.com.
Any ideas?
#12
Web Proxy Filtering and Caching / Re: Prevent download of password protected ZIP
December 04, 2022, 01:18:29 AM
Apparently this is not possible which is a bit concerning as this attack vector is quite common.
#13
Web Proxy Filtering and Caching / Prevent download of password protected ZIP
November 24, 2022, 03:06:43 PM
Is this somehow possible ?
Thanks
Thanks
Pages1
