Messages

1

24.7 Production Series / Re: 24.7.10_1 NGINX can't find cert.pem

« on: Today at 08:40:21 pm »

Yep https://github.com/opnsense/plugins/commit/99ad9d9d

2

24.7 Production Series / Re: 24.7.10_1 NGINX can't find cert.pem

« on: Today at 08:34:21 pm »

Thanks for the report. Will hotfix.

https://github.com/opnsense/plugins/commit/ae922ba2


Cheers,
Franco

3

German - Deutsch / Re: PPPOE durch Update auf 27.7.10 gebrickt?

« on: Today at 06:15:33 pm »

Weiss nicht, von 24.7.9 auf 24.7.10 sehe ich nichts was PPPOE operational tangiert.


Grüsse
Franco

4

24.7 Production Series / Re: DHCP no longer registering with unbound

« on: Today at 05:23:35 pm »

Well, check if unbound watcher is running on your end... if it is, not same issue. If it is not running you can run it manually and let us know the error

5

24.7 Production Series / Re: DHCP no longer registering with unbound

« on: Today at 05:03:47 pm »

Hi,

See https://github.com/opnsense/core/issues/8075 for troubleshooting and how to help catch the error.


Cheers,
Franco

6

24.7 Production Series / Re: 24.7.10 Unbound DNS: DNS over TLS NOK? -> OK with 24.7.10_1

« on: Today at 04:46:37 pm »

> Do I need to leave the "tls-win-cert: yes" in place?

No, apparently it is only an alias for tls-system-cert after all but there is a bug somewhere because it ignores the system directory location, which I haven't seen before. Things like this were tested to death in the last month in fetch, pkg and syslog-ng and they all worked as documented in OpenSSL.


Cheers,
Franco

7

24.7 Production Series / Re: 24.7.10 Unbound DNS: DNS over TLS NOK?

« on: Today at 04:08:02 pm »

> Thanks, mine is currently un-patched, I show " tls-system-cert: yes".

Can you add "tls-win-cert: yes" in the line below (with the same indent) and apply from GUI?

If that doesn't work "tls-cert-bundle: /usr/local/etc/ssl/cert.pem" and removing "tls-system-cert: yes" will do the trick.


Cheers,
Franco

8

Announcements / Re: OPNsense 24.7.10 released

« on: Today at 04:06:18 pm »

A hotfix release was issued as 24.7.10_1:

o unbound: use tls-cert-bundle to point to remaining valid bundle

9

24.7 Production Series / Re: 24.7.10 Unbound DNS: DNS over TLS NOK?

« on: Today at 04:03:27 pm »

24.7.10_1 is now live...

10

24.7 Production Series / Re: 24.7.10 Unbound DNS: DNS over TLS NOK?

« on: Today at 04:00:52 pm »

No, /usr/local/opnsense/service/templates/OPNsense/Unbound/core/dot.conf otherwise it will be overwritten on apply.

11

24.7 Production Series / Re: easy way to revert to former revision of OPNsense?

« on: Today at 03:57:30 pm »

The answer is: it depends. It may work, but in general it only offers forward compatibility, backwards compatibility is more or less accidental.


Cheers,
Franco

12

24.7 Production Series / Re: 24.7.10 Unbound DNS: DNS over TLS NOK?

« on: Today at 03:55:33 pm »

How can I apply the patch and restart the service without overwriting the configuration? pluginctl overwrited dot.conf. *BSD is not my strong suit.

Just run the "opnsense-patch URL" command in the shell. It will do everything except hit apply for you.

13

24.7 Production Series / Re: DNS Over TLS Broken

« on: Today at 03:47:52 pm »

Let's stay on topic in https://forum.opnsense.org/index.php?topic=44414.0 for the 24.7.10 behaviour.

14

24.7 Production Series / Re: 24.7.10 Unbound DNS: DNS over TLS NOK?

« on: Today at 03:47:04 pm »

Apparently it's a feature they coined to be for "Windows" and default to off?

tls-win-cert: yes

instead of tls-cert-bundle... can anyone confirm?


Thanks,
Franco

https://nlnetlabs.nl/documentation/unbound/unbound.conf/

15

24.7 Production Series / Re: 24.7.10 Unbound DNS: DNS over TLS NOK?

« on: Today at 03:41:20 pm »

Looks like an Unbound bug to me:

# opnsense-patch https://github.com/opnsense/core/commit/cdb8da72661

Patch, apply Unbound settings, test again. I can hotfix and see what fix upstream needs here.


Cheers,
Franco