Messages

No idea, anyone?

Hi,
I would like to exclude a device from getting inspected.
I try to achieve this through a user defined setting that lets the device IP pass the CIDR of my LAN and ticked the bypass box.
However when in IPS mode – and only when in IPS mode – the device 'complains' and has network issues (it is actually my son that complains because it is his playstation and it`s lagging like crazy with IPS on).

Any idea how to troubleshoot?

Suricata version: latest built-in OPNsense 25.1.1
Interface: LAN
Pattern Matcher: Hyperscan
Hardware: Intel n100, 8GB RAM

Wayne:

Ein Wechsel des Mirrors hat das Problem gelöst. dns-root.de > leaseweb fra. Jetzt laufen Installationen und Updates wieder. Und beim Wechsel zurück auf dns-root.de tritt der Fehler wieder auf. Liegt als am Mirror und nicht am Wechsel. Case closed.

Hallo,
nachdem ich von bare metal auf eine VM umgestiegen bin, kann ich dort keinerlei neue Plugins mehr installieren und ein einzelnes Plugin, das als missing angezeigt wird, weder installieren, noch entfernen. Die auf der alten hardware laufenden plugins konnte ich allerdings alle wieder installieren. Es scheint nur neue Plugins zu betreffen, die vorher noch nicht da waren. Der Umzug in die VM lief ansonsten reibungslos. Ich habe die alte config importiert und musste lediglich vorher zwei interface Namen anpassen in der xml.

Was könnte da los sein?

Hier ein paar Beobachtungen:

os-freeradius ist das eine plugin, das als missing angezeigt wird und das ich weder installieren, noch entfernen kann über die GUI:

Code Select Expand

***GOT REQUEST TO INSTALL***
Currently running OPNsense 25.1.1 (amd64) at Fri Feb 21 14:13:05 CET 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
The following 11 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
freeradius3: 3.2.6_2
gdbm: 1.24
groff: 1.23.0_4
hidapi: 0.14.0
libpaper: 1.1.28_1
libunwind: 20240221_1
mysql80-client: 8.0.39
os-freeradius: 1.9.27
psutils: 1.17_6
talloc: 2.4.1
uchardet: 0.0.8_1

Number of packages to be installed: 11

The process will require 146 MiB more space.
6 MiB to be downloaded.
[1/6] Fetching talloc-2.4.1.pkg: ...... done
pkg: cached package talloc-2.4.1: missing or size mismatch, fetching from remote
[2/6] Fetching talloc-2.4.1.pkg: ...... done
pkg: cached package talloc-2.4.1: missing or size mismatch, cannot continue
Consider running 'pkg update -f'
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***
pkg update -f mit root sagt übrigens:

Code Select Expand

root@OPNsense:~ # pkg update -f
Updating OPNsense repository catalogue...
Fetching meta.conf: 100%    163 B   0.2kB/s    00:01
Fetching packagesite.pkg: 100%  248 KiB 254.1kB/s    00:01
Processing entries: 100%
OPNsense repository update completed. 868 packages processed.
All repositories are up to date.
Bei allen anderen neuen plugins sieht es ähnlich aus. Es kommen die gleichen 'missing or size mismatch' error. z.B. bei Qemu:

Code Select Expand

***GOT REQUEST TO INSTALL***
Currently running OPNsense 25.1.1 (amd64) at Fri Feb 21 14:16:20 CET 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
os-qemu-guest-agent: 1.3
qemu-guest-agent: 9.2.0_1

Number of packages to be installed: 2

The process will require 2 MiB more space.
230 KiB to be downloaded.
[1/2] Fetching os-qemu-guest-agent-1.3.pkg: . done
pkg: cached package os-qemu-guest-agent-1.3: missing or size mismatch, fetching from remote
[2/2] Fetching os-qemu-guest-agent-1.3.pkg: . done
pkg: cached package os-qemu-guest-agent-1.3: missing or size mismatch, cannot continue
Consider running 'pkg update -f'
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***
Die Plugin logs geben nichts her. In anderen Syslogs kann ich auch nichts finden. Habt ihr Ideen?

You mean explain like here? 😉

https://docs.opnsense.org/manual/how-tos/two_factor.html#step-5-test-the-token

yes, but in UI :)

Update: I think I 'solved' it now. Deleted the old users and created a new one, which seems to work now both in tester and real login.

Btw.. if some dev is reading this: please improve the UX of the OTP login flow. I would have never tried to fill-in OTP and PW in the same form field. At least explain it somewhere clearly, please.

Thanks you two.

@monviech

now I am even more confused :D it worked when testing with appending the OTP to the PW.
However I cannot login now regulary anymore with the same user, no matter if I try PW only or OTP+PW in the same field, or PW first (no error message) then OTP second (error: wrong password).

@meyergru how can I identify if the system time is on or off? I checked the timezone (correct) and there is a OPNsense time server selected under Network time. Do you mean time on BIOS level?
edit: I just ran an update and in the console view there it read the correct time.

@peterkwc not sure if I understand. You deleted the user and created a new one with a simple password? What do you mean by simple? I don`t have a problem with regular passwords, its OTP that cause this. :)

Hi all. Testing 2fa returns this error message without further context or error code:

You cannot view this attachment.

I can`t find anything related in the logs. Has anyone any idea how to troubleshoot and fix this?

24.7.11_2 directly installed on a dedicated box.

Thanks! :)

Thanks for clarifying:)

HI all, and apologies if this has been already asked and answered:

What is the difference of adguard installed through this repo on the OPNsense machine, compared to anywhere else in the same network? E.g. docker or linux container on another server.

Is this version of adguard pre-configured to work nicely with OPNsense build-in DNS?