Messages

1

24.7 Production Series / Re: WAN gateway not going back up after Internet outage

« on: October 29, 2024, 02:01:18 pm »

The patch in question was added to 24.7.x already. You can add the "Manual gateway switch" cron job to adjust the situation.

I don't know about the other *sense. You trade a bug for another either way I think, but whatever works works.


Cheers,
Franco

I'm running 24.7.4_1 when this happened yesterday. Is the "manual gateway switch" created mainly as a workaround for this issue?

2

24.7 Production Series / Re: WAN gateway not going back up after Internet outage

« on: October 29, 2024, 02:54:38 am »

I had this happen again today. Internet connection went down overnight because of maintenance. I woke up to no Internet. I had to go gateways, edit the gateway and save.

Is there any update to this? Is this happening to pfsense too?

3

24.7 Production Series / Re: FreeRadius Error - require_message_authenticator

« on: October 18, 2024, 10:08:27 am »

Thanks for the help!

Sent from my SM-S916B using Tapatalk

4

24.7 Production Series / Re: FreeRadius Error - require_message_authenticator

« on: October 18, 2024, 09:51:15 am »

Looks good. Although, I noticed that the opnsense firewall itself is not "upgraded" as a radius client:

2024-10-18T15:31:25           Error: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!   
2024-10-18T15:31:25           Error: Once the client is upgraded, set "require_message_authenticator = true" for client OPNsense   
2024-10-18T15:31:25           Error: UPGRADE THE CLIENT AS YOUR NETWORK MAY BE VULNERABLE TO THE BLASTRADIUS ATTACK.   
2024-10-18T15:31:25           Error: The packet does not contain Message-Authenticator, which is a security issue.   
2024-10-18T15:31:25           Error: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!   
2024-10-18T15:31:25           Error: Setting "limit_proxy_state = true" for client OPNsense   
2024-10-18T15:31:25           Error: BlastRADIUS check: Received packet without Proxy-State.   
2024-10-18T15:31:25           Error: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!   
2024-10-18T15:31:25           Error: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!   
2024-10-18T15:31:25           Error: Once the client is upgraded, set "require_message_authenticator = true" for client OPNsense   
2024-10-18T15:31:25           Error: UPGRADE THE CLIENT AS YOUR NETWORK IS VULNERABLE TO THE BLASTRADIUS ATTACK.   
2024-10-18T15:31:25           Error: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!   
2024-10-18T15:31:25           Error: Setting "require_message_authenticator = false" for client OPNsense   
2024-10-18T15:31:25           Error: BlastRADIUS check: Received packet without Message-Authenticator.

5

24.7 Production Series / Re: FreeRadius Error - require_message_authenticator

« on: October 17, 2024, 09:22:20 am »

Ok, I just applied the patch manually and ticked the require message authenticator box for my AP clients. Let me monitor the freeradius logs and get back to you.

6

24.7 Production Series / Re: FreeRadius Error - require_message_authenticator

« on: October 17, 2024, 08:14:34 am »

Is this the correct command?

opnsense-patch -a punktDeForks -c plugins a1f6543

EDIT: Looks like it's downloading from the incorrect URL:

root@OPNsense:~ # opnsense-patch -a punktDeForks -c plugins a1f6543
fetch: https://github.com/punktDeForks/plugins/commit/a1f6543.patch: Not Found

How do I change the path to "opnsense-plugins" instead?

7

24.1 Legacy Series / Re: Difference between default gateway order and gateway groups?

« on: October 17, 2024, 07:56:50 am »

So just to be sure, when the primary WAN comes back, all new connections will go through that link and all established/old connections stay in the backup link, correct?

8

24.7 Production Series / Re: FreeRadius Error - require_message_authenticator

« on: October 17, 2024, 07:45:33 am »

I don't. Is there an official guide for manually applying patches that I can follow?

9

24.7 Production Series / Re: FreeRadius Error - require_message_authenticator

« on: October 16, 2024, 12:40:13 pm »

Sure, let me know how I can help. FWIW, this option is a dropdown box (not a free form text field) in the pfsense freeradius package.

10

24.7 Production Series / Re: FreeRadius Error - require_message_authenticator

« on: October 16, 2024, 12:25:13 pm »

I'm receiving the same error in freeradius. How can we set this option? Why are there are no advanced options in the opnsense freeradius package?

11

24.7 Production Series / Re: [SOLVED] Adguard Home broken in 24.7

« on: October 15, 2024, 02:18:42 pm »

Fair enough. However, I'm not insinuating anything. Again, this simply piqued my curiosity as, like you, I don't experience the issue.

12

24.7 Production Series / Re: [SOLVED] Adguard Home broken in 24.7

« on: October 15, 2024, 02:04:09 pm »

Yes, AGH upstream. I don't have this problem too so I'm just curious what is causing it for others.

13

24.7 Production Series / Re: [SOLVED] Adguard Home broken in 24.7

« on: October 15, 2024, 01:57:19 pm »

Is this fixed upstream yet?

14

24.7 Production Series / Re: have you updated your os-cpu-microcode for your select processor?

« on: October 15, 2024, 01:08:18 pm »

Got it. Thanks.

15

24.7 Production Series / Re: have you updated your os-cpu-microcode for your select processor?

« on: October 15, 2024, 01:01:57 pm »

No, I mean from the plugins page in opnsense that's on a proxmox vm. So that's a no then. I have the microcode updated on the host already.