"
Danke, danke danke! Ich habe mir hier die eh schon spärlich vorhandenen Haare gerauft, bei der Umstellung von Legacy auf Instaces. Lief vorher ja auch... Haha, denkste :D
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
German - Deutsch / Re: LDAP Benutzer Import fehlt
March 02, 2025, 08:05:24 PM
Dafür gibt es nun den Autoimport der LDAP-USer. Aktiviere den Autoimport mal in den LDAP-Server EInstellungen und nach der erfolgreichen Anmeldung über den Tester, sollte der User auf der OPNsense auftauchen. Muss man sich erst mal drann gewöhnen. Ich weiss auch noch nicht, was nun der Vorteil davon sein soll...
#3
24.7, 24.10 Legacy Series / Problem with Remote-Syslogserver over TLS
December 12, 2024, 10:46:38 AM
Hello everyone,
I have a small but annoying problem. We have a external SOC-provider and he should receive Syslogs from our OPNsense via a TLS connection on their Server. We have received a certificate from him, I have played it on our OPNsense and also specified it in the remote configuration of the logging. Port and hostname to the target server are set and correct.
If I now activate the remote connection, the following error message appears:
When importing my service provider's certificate, I left the field for the private key blank, as logically I don't have it and shouldn't actually need it for the connection to their server. I entered some random key there as a test and then the OPNsense tried to establish at least the TLS connection, which of course didn't work, but the error message that there was an "error in the configuration" disappeared. It seems as if the private key of my provider's target server is actually required...
That would go against all logic and represent an incalculable risk... Or two of the SOC employees and I have not understood the principle or the way OPNsense and Certificates works :D
So, if there is anyone here who sends their Syslogs to an external target server via TLS, I would be very happy to receive the all-important tip!
I have a small but annoying problem. We have a external SOC-provider and he should receive Syslogs from our OPNsense via a TLS connection on their Server. We have received a certificate from him, I have played it on our OPNsense and also specified it in the remote configuration of the logging. Port and hostname to the target server are set and correct.
If I now activate the remote connection, the following error message appears:
Quote2024-12-12T10:22:01 Notice configctl event @ 1733995320.59 exec: system event config_changed response: OK
2024-12-12T10:22:01 Error opnsense /usr/local/sbin/pluginctl: The command '/usr/local/sbin/syslog-ng-ctl reload' returned exit code '1', the output was 'Syntax error parsing configuration file, previous config remained intact'
When importing my service provider's certificate, I left the field for the private key blank, as logically I don't have it and shouldn't actually need it for the connection to their server. I entered some random key there as a test and then the OPNsense tried to establish at least the TLS connection, which of course didn't work, but the error message that there was an "error in the configuration" disappeared. It seems as if the private key of my provider's target server is actually required...
That would go against all logic and represent an incalculable risk... Or two of the SOC employees and I have not understood the principle or the way OPNsense and Certificates works :D
So, if there is anyone here who sends their Syslogs to an external target server via TLS, I would be very happy to receive the all-important tip!
#4
Virtual private networks / OpenVPN sudden LDAP Bind Error
October 11, 2024, 09:46:42 AM
Hello,
We have been using a virtualized OPNsense + OpenVPN with a connection to our local AD in conjunction with TOTP for our users for about half a year. This has worked wonderfully so far. Recently, we have had the problem that some users are unable to establish a VPN connection.
The OpenVPN log for the user shows: LDAP bind error [80090308: LdapErr: DSID-0C09050F, comment: AcceptSecurityContext error, data 52e, v4563; Invalid credentials]
However, the credentials are 100% correct. Even the LDAP test with user XY then fails. If we now delete the imported user from the OPNsense and import it again from our AD (previous OTP seed re-inserted), both the LDAP test and the login via OpenVPN+TOTP work perfectly for the user. Is this a known problem? Does anyone have a (permanent) solution? I don't feel like re-importing all ~70 accounts every few months ;)
Edit:
Still exists on 24.7.11_2
The current version is 24.7.6, but the problem has existed since at least 24.7.3
We have been using a virtualized OPNsense + OpenVPN with a connection to our local AD in conjunction with TOTP for our users for about half a year. This has worked wonderfully so far. Recently, we have had the problem that some users are unable to establish a VPN connection.
The OpenVPN log for the user shows: LDAP bind error [80090308: LdapErr: DSID-0C09050F, comment: AcceptSecurityContext error, data 52e, v4563; Invalid credentials]
However, the credentials are 100% correct. Even the LDAP test with user XY then fails. If we now delete the imported user from the OPNsense and import it again from our AD (previous OTP seed re-inserted), both the LDAP test and the login via OpenVPN+TOTP work perfectly for the user. Is this a known problem? Does anyone have a (permanent) solution? I don't feel like re-importing all ~70 accounts every few months ;)
Edit:
Still exists on 24.7.11_2
The current version is 24.7.6, but the problem has existed since at least 24.7.3
Pages1
