Messages

1

19.1 Legacy Series / Re: Curl Vulnerability

« on: September 19, 2019, 01:38:03 pm »

vuxml is downloaded from a FreeBSD location so always at the latest version. The port is just a way to build the file and has no correlation with (our) port updates.

And no, it's not the same vulnerability. The thread in question is three months old and curl has a vulnerability every month or so.


Cheers,
Franco

2

General Discussion / Re: Multi-WAN 2 tier and Unbound DNS has DNS failure mode v.2

« on: September 19, 2019, 01:30:00 pm »

I believe this amendment to the documentation is exactly what you're asking about:

https://github.com/opnsense/docs/commit/9268e6163be9c5


Cheers,
Franco

3

19.7 Production Series / Re: ETPro not working

« on: September 18, 2019, 07:39:37 am »

Typo in et_telemetry.token maybe?


Cheers,
Franco

4

19.7 Production Series / Re: Gateway monitor missing after update

« on: September 17, 2019, 10:20:25 pm »

PS: All done. 19.1.10_1 will go directly to 19.7.4_1 even though it advertises the 19.7 announcement (can't change that).

5

19.7 Production Series / Re: vnstatd database permissions [19.7.4_1]

« on: September 17, 2019, 10:18:13 pm »

It sounds like database files are trashed. What does your health check output from system: firmware?

6

German - Deutsch / Re: Ständig auftretende Segmentation Faults: Hardware oder Software Problem?

« on: September 17, 2019, 09:51:10 pm »

Ich glaube syslog-ng hat hier noch einen Bug mit einer unserer Mitigations. Passiert scheinbar beim Stop/Restart des Services also auch beim Herunterfahren.


Grüsse
Franco

7

19.7 Production Series / Re: Microcode update

« on: September 17, 2019, 09:33:58 pm »

No worries.


Cheers,
Franco

8

19.7 Production Series / Re: OpenVPN Setup on a single NIC?

« on: September 17, 2019, 09:31:52 pm »

Like in any WAN/LAN setup: the configured default route is out.

Inbound is the tunnel connection, outbound is the standard one.

You can think of it like a little stacked WAN/LAN setup a bit like VLAN tagged in and untagged out on a single link.

WAN-only is just LAN-only with the firewall protection since LAN has an allow all and that does nothing. If you think about DMZ deployments it makes more sense to use a WAN-only as it gives you extra protection for the machine if you don't do it explicitly on your LAN-only setup.


Cheers,
Franco

9

19.7 Production Series / Re: Microcode update

« on: September 17, 2019, 09:26:32 pm »

There's a note for your convenience at the top of loader.conf...

Code: [Select]

# head /boot/loader.conf
##############################################################
# This file was auto-generated using the rc.loader facility. #
# In order to deploy a custom change to this installation,   #
# please use /boot/loader.conf.local as it is not rewritten, #
# or better yet use System: Settings: Tunables from the GUI. #
##############################################################

loader_brand="opnsense"
loader_logo="hourglass"
loader_menu_title=""

Cheers,
Franco

10

19.7 Production Series / Re: 19.7.4 - tinc failed with error - Failed to generate meta key error 24064064

« on: September 17, 2019, 09:24:17 pm »

I'm not sure if a new tinc release will be out to resolve this or of we have to adjust the plugin to the new reality. Look out for release notes on the subject.


Cheers,
Franco

11

19.7 Production Series / Re: fix package vulnerability

« on: September 17, 2019, 09:20:16 pm »

Hi,

1. Don't panic.
2. Read the links if you care.
3. Wait for next stable update.

No particular order implied, but all of these are important points to remember.


Cheers,
Franco

12

19.7 Production Series / Re: OpenVPN Setup on a single NIC?

« on: September 16, 2019, 04:35:20 pm »

You may want to simplify your setup by making it "WAN only". What you need in the WAN case is a firewall allow rule and clients should be able to connect. From there you can push them out the WAN to achieve what you want, no need for a LAN if you don't have it.

For more OpenVPN related info please look at https://docs.opnsense.org/manual/how-tos/sslvpn_client.html


Cheers,
Franco

13

19.7 Production Series / Re: Gateway monitor missing after update

« on: September 16, 2019, 04:16:24 pm »

Not yet, I hope to be able to do it this week.


Cheers,
Franco

14

19.7 Production Series / Re: GEOIP not updating

« on: September 16, 2019, 04:15:40 pm »

No worries. The real question: is it fixed on 19.7.4?


Cheers,
Franco

15

19.7 Production Series / Re: Unbound DNS not starting when DHCP Registration option is enabled

« on: September 16, 2019, 04:13:25 pm »

I would suspect there is a lease that is unfriendly to Unbound, e.g. with a space in the host name.

As I have no way of reproducing that part or seeing Unbound complain about it in the log file I'll have to keep asking for more info in where the error is.


Cheers,
Franco