Messages

1

General Discussion / [FIXED]Re: os-nut plugin permissions issue

« on: November 25, 2020, 04:31:21 pm »

I fixed

/etc/devfs.conf

Code: [Select]

perm    ugen0.3 0770
own     ugen0.3 uucp:wheel
/etc/devfs.rules

Code: [Select]

[nut_usb=10]
add path 'ugen0.3' group wheel user uucp mode 0770
/etc/rc.conf

Code: [Select]

devfs_system_ruleset="nut_usb"
Restart service to read new config

Code: [Select]

/etc/rc.d/devfs restart
Check permissions

Code: [Select]

ls -l /dev/ug*Output:

Code: [Select]

lrwxr-xr-x  1 root  wheel  9 Nov 18 11:53 /dev/ugen0.1 -> usb/0.1.0
lrwxr-xr-x  1 root  wheel  9 Nov 18 11:53 /dev/ugen0.2 -> usb/0.2.0
lrwxrwx---  1 uucp  wheel  9 Nov 18 11:53 /dev/ugen0.3 -> usb/0.3.0
lrwxr-xr-x  1 root  wheel  9 Nov 18 11:53 /dev/ugen0.4 -> usb/0.4.0
Now it should work!

2

General Discussion / [FIXED] os-nut plugin permissions issue

« on: November 25, 2020, 03:36:26 pm »

I have NUT usb permissions issue
It doesn't work, always UPS APC is unavailable end errors like
Command:

Code: [Select]

/usr/local/etc/rc.d/nut restartOutput:

Code: [Select]

nut not running? (check /var/db/nut/upsd.pid).
Network UPS Tools - UPS driver controller 2.7.4
Network UPS Tools - Generic HID driver 0.41 (2.7.4)
USB communication driver 0.33
No matching HID UPS found
Driver failed to start (exit status=1)
/usr/local/etc/rc.d/nut: WARNING: failed precmd routine for nut

In logs I see errors like
restarting nut
returned exit status 1

Command:

Code: [Select]

usbconfigOutput:

Code: [Select]

ugen0.1: <Intel EHCI root HUB> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)
ugen0.2: <vendor 0x8087 product 0x07db> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)
ugen0.3: <American Power Conversion Back-UPS XS 700U   FW:924.Z3 .I USB FW:Z3> at usbus0, cfg=0 md=HOST spd=LOW (1.5Mbps) pwr=ON (24mA)
ugen0.4: <Generic Ultra Fast Media> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (96mA)
Config file

Code: [Select]

/usr/local/etc/nut/ups.conf

Code: [Select]

[APC]
driver=usbhid-ups
port=ugen0.3

I've set /etc/devfs.conf to

Code: [Select]

perm usb0 0770
own usb0 root:uucp

perm uhid0 0770
own uhid0 root:uucp

[nut_usb=10]
add path 'ugen0.3' group wheel user uucp mode 0770
add path 'usb/0.3.0' group wheel user uucp mode 0770

Reloaded rules with

Code: [Select]

/etc/rc.d/devfs restart
If I run from console

Code: [Select]

/usr/local/libexec/nut/usbhid-ups -u root -D -a APC it works

Code: [Select]

Network UPS Tools - Generic HID driver 0.41 (2.7.4)
USB communication driver 0.33
   0.000000     debug level is '1'
   0.000802     upsdrv_initups...
   0.066616     Using subdriver: APC HID 0.96
   0.066641     104 HID objects found
   0.068696     Path: UPS.PowerSummary.iProduct, Type: Feature, ReportID: 0x01, Offset: 0, Size: 8, Value: 1
....

If I run without root parameter

Code: [Select]

/usr/local/libexec/nut/usbhid-ups -D -a APC I get

Code: [Select]

Network UPS Tools - Generic HID driver 0.41 (2.7.4)
USB communication driver 0.33
   0.000000     debug level is '1'
   0.000828     upsdrv_initups...
   0.001004     No matching HID UPS found
So it seams to NUT USB permissions issue, I can't reboot right now after I edited /etc/devfs.conf but I reloaded devfs service

Please help!

3

Development and Code Review / Re: a Terraform module for OPNsense on Digital Ocean

« on: August 07, 2019, 10:15:17 am »

Nice, I will try
Thank you for work!

4

16.7 Legacy Series / OPNSense CLI interface on Roadmap?

« on: January 28, 2016, 09:50:54 am »

Hi!

Then MS closed TMG Server development I started searching alternatives, more then 2 years ago
I choesed Vyatta, after some time I falining love into CLI, but after a few months Vyatta was sold to Brocard and Open Source project was closed. I switched to pfSense.

Configuration with CLI is very fast and very easy to edit template config.
After open source project Vyatta was closed, community forked project, now it is VyOS, it based on PERL

If OPNsens has API will it be easy to add CLI?
Or CLI is somewere in roadmap?

5

General Discussion / Re: IPv6 Subnetting and routing from a /48 tunnelbroker network

« on: January 27, 2016, 10:48:43 pm »

Forget to add screenshot with RA config...

6

General Discussion / Re: Switch apinger to dpinger possible?

« on: January 27, 2016, 07:08:00 pm »

Hi!

Problem with apinger only on VMs!
To eliminate this issue only one time provider must be enabled!
On Hyper-V VM


Or ntpd inside VM Guest

If Hyper-V host time wrong even few seconds, guest VM updating time from NTP server, after that VM Integration service adjusting guest VM clock immediately to Hyper-V time value.


And this breaking apinger

7

General Discussion / Re: IPv6 Subnetting and routing from a /48 tunnelbroker network

« on: January 27, 2016, 04:04:25 pm »

So you have the tunnel with the routed /48 at your opnsense and just assign on the different interfaces the appropriate /64 subnets, right? No other routingsetting on opnsense at this point to set? That was the thing I wasn't sure about. Thank you very much.

Hi!
If you not sure, just try


You do all things like in pfSense or other network appliance!
You can do it even with Windows Server!!!

The other thing I won't really understand at the moment is the Prefix delegation range on the DHCPv6 server how this will be used, but that is another question...

You can set RA Subnet on Router Adverstiment tab and turn off DHCPv6, then you must set DNSv6 servers manualy on clients. Or if youre DNSv4 server reply to DNSv6 query - youre done.

Not necessary to set DNSv6 server manualy.

If you want to use IPv6 on Android phone, RA must be turned ON, Android does not recieve IP with DHCPv6 use Router Adverstiment!!!

Or you can set IPv6 manually on all of youre clients like with IPv4

To understand prefix delegation DHCPv6 and RA you must learn IPv6
I have done that long time ago here

8

General Discussion / Re: Switch apinger to dpinger possible?

« on: January 27, 2016, 10:44:20 am »

This is cron job

If at least one gw has ping > 500 service restarted

After yestarday I think that all the problems linked to time issues

Hyper-V is quite fragile when it comes to clocks and NTP, the suggestion from the pfSense forum sounds interesting... have you ever tried to "disarm" NTP by providing an invalid server?

System: Settings: General: NTP server: "no"

I will try this.

Rising Probe Interval to 10 sec of GW also helped

on pfSense same Probe Interval but I have many issues with apinger on different Hyper-V hosts

I will try to rise Probe Interval there...

sorry for my English

9

General Discussion / [SOLVED] Switch apinger to dpinger possible?

« on: January 26, 2016, 06:32:15 pm »

I have same issue in OPNSense like in pfSense
Issue and potiential fix for apinger monitoring of IPv6 GIF interfaces



After apinger restart all ok



Currently I have other issues in pfSense with apinger, I fixed it like this
pfsense 2.1-release - Gateway aPinger broken?

Code: [Select]

<?php
require_once("/etc/inc/service-utils.inc");
require_once("/etc/inc/globals.inc");
require_once("/etc/inc/gwlb.inc");
$log_file = "/var/log/apinger.log";

$log_date = date('d/m/Y H:i:s', time());


$counter = 0;
$a_gateways = return_gateways_array();
$gateways_status = array();
$gateways_status = return_gateways_status(true);

foreach ($a_gateways as $gname => $gateway) {
if ($gateways_status[$gname]) {
$str_data = $gateways_status[$gname]['delay'];
$pos = substr($str_data,0,strpos($str_data, "ms"));
if (floatval($pos) > 500 ) {
$counter++;

}
}
}
if ($counter > 0) {

service_control_restart(apinger,restartservice);
$log_data = 'Counter = '.$counter. ' date: '.$log_date. ' | service restarted!'. PHP_EOL;
file_put_contents($log_file, $log_data, FILE_APPEND);
} 
?>


OPNSense running as guest on Hyper-V host

10

General Discussion / Re: IPv6 Subnetting and routing from a /48 tunnelbroker network

« on: January 26, 2016, 06:09:08 pm »

Hi!

I am not using he.net tunnelbroker any more. My ISP delegated to me native IPv6 /60 subnet

This is my HE Account:


You do it like in pfSense

Building a Tunnel

Enable ICMP
Don't forget to enable ICMP on the WAN interface, if ICMP is blocked the tunnelbroker will not allow a tunnel to be configured. The source IP address on this rule should be the remote endpoint IP of the gif tunnel, or any.


Create GIF Interface
Now navigate to the assign gif interfaces screen on OPNSense where the address information from Hurricane Electric or Sixxs may be entered. Navigate to Interfaces: Other Types: GIF.
The HE or Sixxs Server IPv4 address goes into the gif remote address
The HE or Sixxs Client IPv6 address goes into the gif tunnel local address
The HE or Sixxs Server IPv6 address goes into the gif tunnel remote address

Enter a Description and click Save.


Assign GIF Interface
Go to Interfaces: Assignments and choose the GIF interface to be used for an OPT interface. In this example, the OPT interface is named HE_IPv6. Click Save and Apply Changes if they appear.


Configure OPT Interface

With the OPT interface assigned, the OPT interface may be enabled from the Interfaces menu. Keep IPv6 Configuration Type set to None.


Go to System: Gateways: All
And configure gateway:


If all of the settings were entered correctly and the tunnel broker is working, the gateway will now be listed as online


Set Up LAN for IPv6

Before configuring LAN interfaces split youre /48 subnet to /64 subnets use IPv6 Calculator or etc.
Choose prefered /64 subnet for each LAN interface


Configure interfaces
First LAN




And how much you need
------------


------------



Set Up DHCPv6 and RA

Go to Services: DHCPv6: Server and configure all IPv6 Interfaces
DHCP


RA


Try it out

Check IPv6 addresses



Don't forget to add firewall rules to allow IPv6 on all configured interfaces.