Messages

1

Zenarmor (Sensei) / Zenarmor Non-Root User Permissions not working

« on: May 24, 2024, 10:59:55 pm »

I recently gave a user full Zenarmor permission "Zenarmor: Dashboard/Report access" to be able to configure all Zenarmor configurations but when the user selects the zenarmor options it initially shows all available options then when selecting any option it drops them down to showing only Dashboard, Reports, Live sessions.  Live Sessions will not allow the user to "Allow" a blocked site. I should note that the user is part of a group that gives the users their permissions. Am I wrong in thinking the user is supposed to have full access with this Zenarmor permission?

2

23.7 Legacy Series / Re: 23.7 Fetch stops for unknown reason - Update not working

« on: October 18, 2023, 02:10:02 pm »

I figured out what I had changed that caused the issue! I had started to play with RSS and enabled it as per OPNsense's guide setting net.inet.rss.enabled = 1. I set it back to '0' and everything started to pull correctly!

newsense, thank you for your suggestions! I did set the query forward settings but that didn't resolve the issue. made the RSS change, removed the query forward configuration, and did a reboot and the system is still back to working.

BruceOS, if you set up the RSS try disabling and running again.

Franco, I think something may be off with RSS which is denying the ability to fetch update status and reach the update server.

3

23.7 Legacy Series / Re: 23.7 Fetch stops for unknown reason - Update not working

« on: October 18, 2023, 03:27:26 am »

Here are my screenshots from unbound

4

Web Proxy Filtering and Caching / Re: Web Proxy SSL Bump External Dynamic Lists URL Categories

« on: October 18, 2023, 02:48:43 am »

isqnd

I did not find a solution. I believe at this point is to script it yourself and offer it up to the OPNsense team for implementation, however their will still be an issue of having a repository of categorized URLs to apply to this, which I haven't found a less costly method as of yet. I know Zenarmor has some of this capability built into their plugin but having spoken with some of their team, they only have it available for their business version.

5

23.7 Legacy Series / Re: 23.7 Fetch stops for unknown reason - Update not working

« on: October 18, 2023, 02:14:17 am »

BruceOS

I am receiving this same error with only 1 WAN interface on multiple boxes. I too am at wits end, but the only solution I found was to disable the firewall and go and run updates which works but reinstating firewall goes back to the same issues. I receive the error of:

Fetching changelog information, please wait... fetch: transfer timed out
fetch: /usr/local/opnsense/changelog/changelog.txz appears to be truncated: 0/115144 bytes

The configs didn't change, so I am inclined to think the error isn't with that. I've tried the disabling IPS from previous posts that had something similar. I can use OPNsense to ping from LAN, WAN and 127.0.0.1 to 89.149.222.99 as well as computer with all pings going through. I can even open the URL for the updates without issue.

Performing a Status verification takes minutes, much longer than normal. At one point it showed a Firmware: Reporter error but I can't get it to show again. If I remember correctly, it was a phalcon MVC error in pulling the status.

6

Web Proxy Filtering and Caching / Web Proxy SSL Bump External Dynamic Lists URL Categories

« on: September 10, 2023, 06:33:49 pm »

I want to set up the HTTPS transparent inspection for my TLS traffic, but I want to be able to have a bump list (URL Category based) to bypass specific categories for all users' traffic being inspected. Based on the OPNsense documentation, using something like the UT1 category for blacklisting, I am trying to figure out if there is a way to use a system like this to be able to bypass specific categories such as financial URLs and not to have it used as a blacklist? If this is not possible within the Web Proxy, can an ALIAS URL list be created and used to divert traffic from the Block HTTPS Bypass rule using the UT1 Categories list?

7

Zenarmor (Sensei) / Re: Zenarmor User Permissions help

« on: July 11, 2023, 04:05:45 pm »

Sy,

I really appreciate your response and am excited to for those updates! I will continue to work with using the full permission ACL that I had tested above for now!

8

Zenarmor (Sensei) / Re: Zenarmor User Permissions help

« on: July 07, 2023, 04:39:00 am »

I tried adding this configuration change and all the options showed up:

   <page-sensei>
            <name>Zenarmor: </name>
            <patterns>
                <pattern>ui/sensei/*</pattern>
                <pattern>api/sensei/query/*</pattern>
                <pattern>api/sensei/policy/*</pattern>
                <pattern>api/sensei/settings/*</pattern>
                <pattern>api/sensei/service/*</pattern>
                <pattern>api/sensei/engine/*</pattern>
                <pattern>api/sensei/update/*</pattern>
                <pattern>api/sensei/tools/*</pattern>
            </patterns>
        </page-sensei>

This leads me to believe that the issue is the page identification </page-sensei-policies> that is the error, any help identifying this landing pages title would be greatly appreciated!

9

Zenarmor (Sensei) / Zenarmor User Permissions help

« on: July 07, 2023, 02:04:56 am »

I am trying to allow a Normal User to have access to the Zenarmor Policies section. I have updated the configuration in usr/local/opnsense/mvc/app/models/OPNsense/Sensei/ACL/ACL.xml file with:

        <page-sensei-policies>
            <name>Zenarmor: Policies</name>
            <patterns>
                <pattern>ui/sensei/#/policies/*</pattern>
                <pattern>api/sensei/query/*</pattern>
                <pattern>api/sensei/policy/*</pattern>
                <pattern>api/sensei/settings/*</pattern>
                <pattern>api/sensei/service/*</pattern>
                <pattern>api/sensei/engine/*</pattern>
                <pattern>api/sensei/update/*</pattern>
                <pattern>api/sensei/tools/*</pattern>
            </patterns>
        </page-sensei-policies>

Once added, the User permissions shows this as an available option to add to a Normal User, but the option doesn't show up in the sidebar once the permission has been granted to the user. *rebooted to verify, also added to User Group with no avail.

I followed the UI scheme identified in the /tmp/opnsense_menu_cache.xml:

       <Policies order="40" VisibleName="Policies" url="/ui/sensei/#/policies" cssClass="fa fa-exchange fa-fw"/>

and the policy shows up in the /conf/config.xml under the user's profile. Can anyone help me figure out why the Policies option isn't showing up in the sidebar for my Normal User after I've added the permission to the profile?