Messages

Noticed my certs were not updating.
I'm seeing this error in the audit logs:

action acme-http-challenge.start not found for user root

Any ideas? Haven't touched my ACME client in months.

Trying to figure out how to do subfolders.
Followed the steps in page 1 of this topic and everything works beautifully. 8 domains and multiple subdomains.

Now I would like to do this:
foo.example.com --> 192.168.1.10/
bar.example.com --> 192.168.1.10/subfolder/

I've found a handful of posts from other sites but most of them are from '95 and very vague.

Digging up an old post: https://forum.opnsense.org/index.php?topic=35218.0
This still seems to be a problem.
Trying to open up a mail chimp link, click.mailchimp.com is being blocked by seven black list.
After clicking on "Whitelist" in the reports tab it successfully added the link to the whitelist in Unbound but still blocks the site. Doing a DNS search and manually adding the offending CNAME record: mandrillapp.com the mail chimp link works.
Anyone have an idea as to when this will be resolved. We use mail chimp in our company and if at some point the CNAME record changes, I'll have to go through this process again.

Does anyone know where the templates are located in OPNsense?

I have 2 templates for a company's public wifi. One for when they are open and one for when they are closed.
As I can't see any way of setting a timer in the GUI to switch them, I thought of just uploading both sets of templates then use a cron job to rotate them.

Any ideas?

I have a rule setup that blocks access from the LAN(NWIC1-NWIC2) to a vlan(PlexNet).
If I specify a single IP for the source the rule works but I have a dozen ip's to block so I added them to an alias.
Changing the firewall rule from single IP to the defined alias list blocks everything to the vlan.
It should block everything from the lan > vlan except the specified hosts in the list.

Interface- LAN
Direction- in
Protocol- any
Source Invert- Checked
Source- Admin
Destination- vlan

I have DHCP configured for the vlan.

Hey everyone, been pulling my hair out most of the day now. This is driving me nuts!

I have a 4 port Protectli Vault. igc0=WAN, igc1=LAN and the other 2 (igc3 & igc4) are assigned interfaces.

I can not get a vlan to work on the LAN port but will work on either of the other 2 interfaces.
The VLAN interface will not give out an IP address from DHCP but I can ping it from the LAN IP.
If I setup vlans on either of the other 2 interfaces, they give out IP's, ping and have full access to internal and external networks with proper rules applied.

Testing with a WiFi AP that supports vlan and with my Proxmox server.

[Condition]

For anyone in the future reading this, here is a summery of what I did to strip the www from the domain name.

• Condition
  Name: StripWWW
  Condition type: Host starts with
  Host Prefix: www.example.ca
• Rule
  Name: StripWWW
  Select Conditions: StripWWW
  Execute functions: http-request redirect
  HTTP Redirect: scheme https://example.com
• Public Services
  Name: StripWWW
  Listen Addresses: 0.0.0.0:443 0.0.0.0:80
  Select Rules: StripWWW

Yes, I had changed my GUI port.
Been playing around with the rules since I sent my last message.
Figured it out by trial and error. I was looking at the rule for redirecting http > https and it has a "scheme" in the HTTP Redirect so I added it to my rule. "scheme https://example.com"
No backend or real server needed.

Sorry, still trying to wrap my head around OPNsense, migrateing from Untangle.
I guess that is what I'm missing (Public Service) but this wont apply "HAProxy configtest found critical errors"

See pic.

Didn't really want to use the pass through or modify from ssh, but that's what googling for hours has led me to.

I have already tried with no luck:
Condition> Host contains: www.example.com
Rule> if selected conditions, http-request redirect - https://example.com

How do I go about doing this from the GUI? Or is this something I need to do from the a ssh terminal?

Just did the update and needed to change the subdomain of one of my domains.
In HAProxy, removed the cert from Public Services, then deleted the cert from ACME and created a new with the different sub.
Went back into HAProxy to change the cert and now I have 2 certs with the same info.
Went through the process again and now I see 3 copies of the same cert.
I tried all 3 and they all show the same old domain sub in Chrome.
Why are the 3 same certs still showing? Only 1 shows in the ACME certs menu.
Checked in System->Settings->Admin->SSL Certificate. All 3 show their too.
Can I remove them from command line?

What happens when you add an entry for it in your hosts file?

Yup, that did the trick. Loads as quick as the direct approach. Thanks!