"Quote from: Patrick M. Hausen on March 31, 2026, 09:32:18 AMWeren't you offered that option?Maybe I overlooked something .
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
26.1, 26,4 Series / Re: After the Migration of Firewall rules : What toi to with the old interface
March 31, 2026, 04:20:58 PM #2
26.1, 26,4 Series / Re: After the Migration of Firewall rules : What toi to with the old interface
March 31, 2026, 09:22:22 AM
Thanks a lot fr the fast reply. I conclude that I can delete all entries in the OLD lists then ? This would help too.
#3
26.1, 26,4 Series / After the Migration of Firewall rules : What toi to with the old interface
March 30, 2026, 12:01:41 PM
Hello all,
some days ago I updated Opnsense to 26.1.5 and migrated my firewall rules to the new format. I made some changes and noticed thet these are NOT reflected in the old interface .
Is this normal ?
If yes I would appreciate a chance to switch the old interface off.
Thanks for listening !
Norbert
some days ago I updated Opnsense to 26.1.5 and migrated my firewall rules to the new format. I made some changes and noticed thet these are NOT reflected in the old interface .
Is this normal ?
If yes I would appreciate a chance to switch the old interface off.
Thanks for listening !
Norbert
#4
German - Deutsch / Weiterer vergeblicher Versuch
May 15, 2025, 10:10:34 AM
Ich habe nochmal versucht, das User-Interface nachzubauen mit diesem Aufruf, aber unverändertem Ergebnis:
Code Select
curl -k -s -v -u $key:$secret $URL/dhcpv4/leases/searchLease -H 'content-type: application/json;charset=UTF-8'
--data-raw '{"current":1,"rowCount":-1,"sort":{"starts":"desc"},"searchPhrase":"","inactive":true,"selected_interfaces":[]}'
#5
German - Deutsch / CANCEL API Aufrufe mit curl liefern keine Daten (und keine Fehler)
May 15, 2025, 09:30:11 AM
Hallo zusammen,
ich habe mir vor Monaten ein Shellscript zusammengebastelt, das über curl allerlei Informationen aus der Sense holt und mit `jq` aufbereitet. Im Dezember hat das auch funktioniert und Dateien erzeugt. Ich hatte einen speziellen API-User mit der Berechtigung All pages eingerichtet und dessen API-Key verwendet.
Jetzt habe ich dieses Skript mal wieder laufen lassen und bekomme keinerlei Output. Auch keinen Fehler.
Das script sieht auszugsweise so aus:
Das produziert jetzt keine Daten, auch nicht, wenn ich die Weiterleitung nach jq weglasse:
Ich kann das auch am bash-Prompt reproduzieren:
ergibt:
Ich habe meine Aufrufe auch mit der Dokumentation abgeglichen und keine Änderungen entdeckt. Ich bin seit März auf
OPNsense 25.1.3-amd64
FreeBSD 14.2-RELEASE-p2
OpenSSL 3.0.16
Hat irgend jemand von Euch eine Idee ?
Vielen Dank schon mal !
Norbert
ich habe mir vor Monaten ein Shellscript zusammengebastelt, das über curl allerlei Informationen aus der Sense holt und mit `jq` aufbereitet. Im Dezember hat das auch funktioniert und Dateien erzeugt. Ich hatte einen speziellen API-User mit der Berechtigung All pages eingerichtet und dessen API-Key verwendet.
Jetzt habe ich dieses Skript mal wieder laufen lassen und bekomme keinerlei Output. Auch keinen Fehler.
Das script sieht auszugsweise so aus:
Code Select
export key=txxxxxxF
export secret=ddkkkkkkkkkkkkkkkkkkkkkkkkkk
##
export URL=https://opnsense.fm174.intern/api
echo "dhcp"
curl -k -s -u $key:$secret $URL/dhcpv4/leases/searchLease | \
jq '.rows |.[] |= del (.starts, .ends, .status, .cltt) |[.[] | to_entries | sort_by (.key) | from_entries] | sort_by(.mac)' \
> ${OUTDIR}/opnsense/dhcp/v4_leases.json
Das produziert jetzt keine Daten, auch nicht, wenn ich die Weiterleitung nach jq weglasse:
Ich kann das auch am bash-Prompt reproduzieren:
Code Select
# erst einmal die exports wie im shell-script ...
# dann
curl -k -vv -u $key:$secret $URL/core/firmware/status
ergibt:
Code Select
* Trying [2a00:6020:4023:8c80:6662:66ff:fe22:6ed0]:443...
* Connected to opnsense.fm174.intern (2a00:6020:4023:8c80:6662:66ff:fe22:6ed0) port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
* Server certificate:
* subject: C=DE; ST=NRW; L=Erftstadt; O=Klamann IT-Beratung; CN=*.fm174.intern
* start date: Nov 29 14:19:15 2024 GMT
* expire date: Dec 31 14:19:15 2025 GMT
* issuer: C=DE; ST=NRW; L=Erftstadt; O=Klamann IT-Beratung; CN=Klamann-Root-CA 202411
* SSL certificate verify result: self-signed certificate in certificate chain (19), continuing anyway.
* using HTTP/2
* Server auth using Basic with user 'txxxxxx'
* h2h3 [:method: GET]
* h2h3 [:path: /api/core/firmware/status]
* h2h3 [:scheme: https]
* h2h3 [:authority: opnsense.fm174.intern]
* h2h3 [authorization: Basic xxxxxxxx
* h2h3 [user-agent: curl/7.88.1]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x564b18e83780)
> GET /api/core/firmware/status HTTP/2
> Host: opnsense.fm174.intern
> authorization: Basic xxxxxxxx
> user-agent: curl/7.88.1
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/2 200
< server: Caddy
< content-length: 0
< date: Thu, 15 May 2025 07:22:59 GMT
<
* Connection #0 to host opnsense.fm174.intern left intact
Ich habe meine Aufrufe auch mit der Dokumentation abgeglichen und keine Änderungen entdeckt. Ich bin seit März auf
OPNsense 25.1.3-amd64
FreeBSD 14.2-RELEASE-p2
OpenSSL 3.0.16
Hat irgend jemand von Euch eine Idee ?
Vielen Dank schon mal !
Norbert
#6
24.7, 24.10 Legacy Series / [SOLVED]Re: I would like to make some Services invisible in dashboard
January 30, 2025, 03:44:30 PM
Late, but ...
This works as user css
This works as user css
Code Select
#Services > a[href="#Services_DHCRelay"]{
display: none !important
}
#Services > a[href="#Services_CaptivePortal"]{
display: none !important
}
#7
24.7, 24.10 Legacy Series / [CANCEL]Unbound DNS : Alases don't show even when the Override is selected
November 29, 2024, 01:04:26 PM
I have a similar problem as in this old bug https://github.com/opnsense/core/issues/5752
I made shure that I indeed selected the override. I also pressed the refresh button in the detail form.
And i am shure that the alias 'npm' exists for this override because it works . I just want to delete it and use several others.
Is there a workaround with the command line ?
[UODATE] User Error, wrong Override selected
I made shure that I indeed selected the override. I also pressed the refresh button in the detail form.
And i am shure that the alias 'npm' exists for this override because it works . I just want to delete it and use several others.
Is there a workaround with the command line ?
[UODATE] User Error, wrong Override selected
#8
24.7, 24.10 Legacy Series / Re: I botched my Certificate (self made outside of opnsense)
November 28, 2024, 03:44:30 PMQuote from: Monviech (Cedrik) on November 28, 2024, 02:53:14 PM
Just use the docs:
https://docs.opnsense.org/troubleshooting/webgui.html
Thanks a lot ! That is by far the simplest solution.And it works too ;-)
#9
24.7, 24.10 Legacy Series / Re: I botched my Certificate (self made outside of opnsense)
November 28, 2024, 01:25:42 PMQuote from: dseven on November 28, 2024, 01:00:35 PM
Login with ssh or on the console and select option 13 (Restore a backup)?
Unfortunately the change was a long time ago and this is quite risky because it would overwrite any changes.
In theory I just have to simulate
System: Settings: Administration: SSL Certificate
But how ?
#10
24.7, 24.10 Legacy Series / [SOLVED] I botched my Certificate (self made outside of opnsense)
November 28, 2024, 12:50:19 PM
Hello all,
i created a root ca and a pem outside of opnsense and managed to botch my Opnsense Web UI.
Edge complains with the helpful ERR_SSL_PROTOCOL_ERROR
Librewolf (FF Fork ) says SSL_ERROR_INTERNAL_ERROR_ALERT
curl -k from an other linux box works
How can I roll back to the defaults ?
I tried
But nothing changed .
Many thanks for any pointer !
Norbert
i created a root ca and a pem outside of opnsense and managed to botch my Opnsense Web UI.
Edge complains with the helpful ERR_SSL_PROTOCOL_ERROR
Librewolf (FF Fork ) says SSL_ERROR_INTERNAL_ERROR_ALERT
curl -k from an other linux box works
How can I roll back to the defaults ?
I tried
Code Select
configctl webgui restart renew
But nothing changed .
Many thanks for any pointer !
Norbert
#11
24.7, 24.10 Legacy Series / [SOLVED] Web GUI certificate with an external CA
November 05, 2024, 11:46:48 AM
Hello all,
I want to use a self-signed certificate for the OPNSense WebGUI, but certified with another CA. I did an upload of the certificate and it shows up in the list.
But it is not 'in use' . (see screenshot) What do I have to do so that the webserver uses this certificate ?
Thanks for any hints
Norbert
I want to use a self-signed certificate for the OPNSense WebGUI, but certified with another CA. I did an upload of the certificate and it shows up in the list.
But it is not 'in use' . (see screenshot) What do I have to do so that the webserver uses this certificate ?
Thanks for any hints
Norbert
#12
24.7, 24.10 Legacy Series / I would like to make some Services invisible in dashboard
September 02, 2024, 10:50:52 AM
Hello all,
I would like to make some some services (which I do not use at the moment) invisible in the browser (I use librewolf/firefox) .
I presume some kind of CSS or browse hack is in order ....
Does anyone have a tip for me ?
Thanks a lot
Norbert
I would like to make some some services (which I do not use at the moment) invisible in the browser (I use librewolf/firefox) .
I presume some kind of CSS or browse hack is in order ....
Does anyone have a tip for me ?
Thanks a lot
Norbert
#13
German - Deutsch / Re: Übersicht der Regeln behalten?
June 07, 2024, 11:42:43 AM
Ich finde das auch schon in kleineren Netzen schwierig.
Ich suche nach einem Überblick, der die existirenden Regeln erst mal klar anzeigt und habe dabei mit dem API experimentiert. Ist ein ziemlich wildes gehampel.
Aber vielleicht ist es am besten ,
Das ist die Wahrheit über den Status quo in einer Datei.Und da sieht man auhc schön, wo man noch aliase definieren sollte.
Ich suche nach einem Überblick, der die existirenden Regeln erst mal klar anzeigt und habe dabei mit dem API experimentiert. Ist ein ziemlich wildes gehampel.
Aber vielleicht ist es am besten ,
Code Select
/tmp/rules.debug zu parsen. Das ist die Wahrheit über den Status quo in einer Datei.Und da sieht man auhc schön, wo man noch aliase definieren sollte.
#14
Tutorials and FAQs / Re: How to sideload FreeBSD packages
June 07, 2024, 11:35:57 AM
Much simpler indeed. And of course you are right about the possible consequences.
#15
Tutorials and FAQs / How to sideload FreeBSD packages
June 07, 2024, 10:13:36 AM
To install packages from the FreeBSD universe to your opnsense box the script from this quite verbous medium article works.
https://medium.com/@mihakralj/the-direct-route-installing-freebsd-packages-on-opnsense-d002ac0c56b8
It can be used like this:
I attached the script for convenience, make shure it has LF as Linfeed.
HTH
Norbert
https://medium.com/@mihakralj/the-direct-route-installing-freebsd-packages-on-opnsense-d002ac0c56b8
It can be used like this:
Code Select
./opnsense_sideload.sh <packagename>
I attached the script for convenience, make shure it has LF as Linfeed.
HTH
Norbert
