Messages

1

24.7 Production Series / Help diagnosing run away processes

« on: October 15, 2024, 02:51:54 pm »

Last night at exactly 1:00am, my router looks like it just started spawning endless processes until it ate all the memory on the system and caused it to start doing some strange things and eventually crash. I've checked and there are no cron jobs that start at this time so I'm wondering is there an automatic cleanup process that possibly got stuck?

This is the second time this has happened in the last 2 weeks.  Both times it started exactly at 1:00am.  This only started with 24.7.5

Where would I even begin to look to see if I can find out what was spawning out of control?

2

23.7 Legacy Series / [Solved] ACME Cert Automation Issues

« on: December 17, 2023, 07:01:33 pm »

I'm using Opnsense to get the cert from letsencrypt, then the idea is to the copy the cert to the necessary server and restart nginx.  I've got the restarting of nginx working properly, but I cannot get the cert to copy over automatically.  I'm using the "upload certificate via sftp"

When I use the upload via sftp I get no error, it just doesn't copy anything.  When I "test connection" I get confirmation that connection and upload test succeeded.

I can manually scp the files from the firewall to the server without issue.

Edit: For some reason i had to delete the old files on the server before it would upload the new ones.  Probably a permissions issue on the server.  I'm tackling it from that end.

3

Virtual private networks / [Solved] OpenVPN: Instances & Client Overrides

« on: October 16, 2023, 08:30:10 pm »

I've got my OpenVPN setup switched over to the new OpenVPN: Instances, but the client specific overrides no longer work.  Is there a new way of doing client specific overrides with OpenVPN: Instances?

I'm trying to set a specific client with a static IP address.

Currently running 23.7.5 but I don't really see anything in the release notes that would lead me to believe that 23.7.6 would resolve the issue.

Resolved Update: I was able to correct the issue by deleting the client override and just recreating it from scratch.

4

23.7 Legacy Series / [Solved] ACME Automations with automated login

« on: October 13, 2023, 02:42:38 pm »

I'm trying to use ACME automations to copy certificates to other servers on the network.  Where would I find the key on OPNSense that I need to add to the servers ~/ssh/authorized_keys file to allow login?
I generated a key using ssh-keygen but when I try to use it I get the following.

Load key "/root/.ssh/id_rsa.pub": invalid format

Nevermind.  I realized I'm not a smart person.  You have to use /root/.ssh/id_rsa NOT the .pub file.

5

23.7 Legacy Series / Solved: Distributing Letsencrypt certs to other servers

« on: August 06, 2023, 10:42:29 pm »

Oh ffs.  I can't tell you how many hours I've messed with this using the wrong certs.  As soon as I used the correct ones, now everything works perfectly.

Thanks!

6

23.7 Legacy Series / Solved: Distributing Letsencrypt certs to other servers

« on: August 05, 2023, 09:00:18 pm »

I am trying to use OPNsense to create a wildcard cert for my domain name then distribute that cert to my bitwarden server through automations.  I'm copying the certs from the /var/etc/acme-client/certs/randomnumbers to my bitwarden server, but I feel like these are not the correct cert files that need to be moved over.  Is there a different location for certs?

Am I just missing something here or is this not actually possible with the acme plugin?

7

23.1 Legacy Series / ACME client with DynDNS

« on: June 27, 2023, 11:03:07 pm »

I'm looking for someone who has set up the ACME client with DynDNS.org

I use DynDNS.org for my dynamic dns and I'm trying to setup ACME/LetsEncrypt using a DNS challenge.  I've got everything set up, but I have no idea what I need to use for the attached field.  I contacted Dyn support but, unsurprisingly, they weren't much help.

Is there anyone who has done this combination who knows what needs to be used here?  Or maybe there is a way to generate the DNS record from the CLI and just manually enter it in to opnsense. 

8

Virtual private networks / Re: OpenVPN Access to Internal Resources via DNS Name

« on: May 16, 2023, 08:20:34 pm »

I was making this way harder than it needed to be.
I was able to resolve the issue by simply adding the OpenVPN interface to all the existing NAT rules that I wanted to use.

9

Virtual private networks / [Solved] OpenVPN Access to Internal Resources via DNS Name

« on: March 28, 2023, 10:59:52 pm »

Brief setup overview:
I've have an OpenVPN setup that is working.  I can access tunneled resources via IP without issue.
I'm using Dynamic DNS to translate my external IP to a DNS name.
I'm using NAT reflection so my LAN clients can access the LAN resources by DNS name.
I'm using Unbound DNS for all LAN and VPN clients.
All VPN traffic is forced through the tunnel.  No split tunneling.

Problem:
VPN users are not able to access LAN resources by the DNS name.

I'm not sure if this is a firewall rule I need to set or a NAT setting that needs to be changed.
I'm sure this has been covered before, but I was having a tough time searching.