Messages

1

19.1 Production Series / BUG: Ubound DNS crashes when assign DHCP client to static IP

« on: March 21, 2019, 02:12:28 pm »

OPNsense 19.1.4-amd64
FreeBSD 11.2-RELEASE-p9-HBSD
OpenSSL 1.0.2r 26 Feb 2019

it seems when you assign a DHCP client to a static IP and save,  Unbound DNS crashes and have to be started.
See attachments.

By the way, in general I rather often have to reload Unbound DNS because new DHCP assigned IP's are not always registered in Unbound from DHCP. I do admit I add/remove clients often and change hostnames etc (KVM test setup). In it might have been better in the few last updates.
I don't have any specific details yet, but just for common info that the sync between DHCP and Unbound doesn't seem to be rock solid.

2

General Discussion / Create cron job "run custom script"

« on: February 25, 2019, 10:37:13 pm »

Been looking at this guide to make a cron job:
https://docs.opnsense.org/development/backend/configd.html

I would like to make a job that run the script specified in the parameter field in the gui.
I've tried to create this configd file:

Code: [Select]

[start]
command:/bin/csh
parameters:-c '%s'
type:script
description:run custom script
message:run script

Restarted configd:

Code: [Select]

service configd restart
Created the job in the gui:


But it seems not to run :-( ?

3

19.1 Production Series / Re: There seems to be a bug in the Client export

« on: February 04, 2019, 08:57:28 pm »

Thanks :-)

Another thing that didn't work in the new "new" config file:

Code: [Select]

verify-x509-name "/C=DK/ST=CPH/L=CPH/O=MyDomain/emailAddress=xxx@domain.com/CN=FW1_SRV_CERT" subject
I had to change it back to the old format:

Code: [Select]

verify-x509-name "FW1_SRV_CERT" nameThis one is more complex. It has more dependencies so hard to say if it is bug or just a misconfiguration on my setup (although it was pretty much created by the wizard).

Now that we have the box open:
The OpenVPN Windows client gives an ugly red warning about password is cached in memory and that you should use "auth-nocache". It's my advice it is added by the exporter by default ;-)

4

19.1 Production Series / There seems to be a bug in the Client export

« on: February 03, 2019, 07:04:46 pm »

Error from the OpenVPN client log:
"Options error: remote: bad protocol associated with host vpn.wit.dk: 'UDP'"

In 19.1 the Client export write in the ovpn file: "remote xxx.domain.com 1194 UDP"
This must be specified in small cap letters "udp"

5

Web Proxy Filtering and Caching / Proxy user autentifikation doesnøt seem to apply for FTP proxy

« on: November 22, 2018, 01:36:32 pm »

I've setup Web Proxy with user autentifikation enabled and it work great.
But the FTP proxy  seem to be open and doesn't require the user to authenticate to the proxy which i expect it to do.

Is this by design or a bug?

6

Web Proxy Filtering and Caching / Which group-privileges are needed for Web Proxy access when using auth.?

« on: November 16, 2018, 03:15:01 pm »

Using OPNsense 18.7.7

I've enable user authentication in Web Proxy (local db) and assign my test-user to a group with privileges to:
Proxy: Login
Services: Proxy

But that doesn't seem to be enough.

I can only get it to work if I assign all the privileges :-(
Which ones do you need for Web proxy access?

Another question:
-How can I "clear"  the authentication timeout (TTL)...the minimum is 1 hour?
Trie to restart the proxy service, but it didn't "clear" it.

-In the Proxy authentication form there is something called "Authentication processes" (The total number of authenticator processes to spawn.).....can someone explain this parameter?

7

18.1 Legacy Series / Unique user-certificate is not unique on my box

« on: June 14, 2018, 01:30:52 am »

My OpenVPN server config is set to "Server Mode = Remote Access (SSL/TLS + User Auth )".
I've created user-certificate for every user and made a Client Export for every user (Archive file with 3 files .key,.p12 & config file).
Each user also have a unique password. I'm not using TOTP.
But I can switch the .p12 file between the users on the clients and they can still establish a VPN connection to the server using another users .p12 file.
I thought the file was "paired" to the specific user?

8

18.1 Legacy Series / Re: How to start the installer script from the DVD iso image?

« on: June 14, 2018, 01:14:18 am »

I admit it's described on the page several places, sorry for that.
But I just didn't understand the meaning of if. Even though the formulation and grammatical is absolutely 100% correct, it just didn't make sense to me at that time. Partly because of the duplicated naming "installer" and partly because I would never expect it would be executed depending on a user-login.

But there will always be people who don't understand a guide, no matter how good it is, I guess this time I was one of them, damn! :-P

9

Hardware and Performance / Re: Hardware requirements / support

« on: June 13, 2018, 10:33:55 am »

I'm running it as VM on KVM, that's why ressources matter more than on physical hardware.

10

Hardware and Performance / Re: Hardware requirements / support

« on: June 13, 2018, 09:21:43 am »

I really don't get the "official" hardware requirement (https://wiki.opnsense.org/manual/hardware.html)

I just made a harddisk installation of 18.1:
Mem usage: 147MB
HDD usage: 1,3G

40G of HDD??? I assume that is only if you need to save A LOT of log data, right?

11

18.1 Legacy Series / Re: How to start the installer script from the DVD iso image?

« on: June 13, 2018, 08:45:40 am »

What a supprise! Login with "installer" sure does execute the installation program using the live DVD iso image.
franco: It would be nice it that was more clear on the https://docs.opnsense.org/manual/install.html page ;-)

12

18.1 Legacy Series / Re: How to start the installer script from the DVD iso image?

« on: June 12, 2018, 11:19:44 pm »

I still don't get it. Does the install script start if I login as "Installer"?

13

18.1 Legacy Series / Re: How to start the installer script from the DVD iso image?

« on: June 12, 2018, 08:29:31 pm »

The install page ( https://docs.opnsense.org/manual/install.html) says:

14

18.1 Legacy Series / How to start the installer script from the DVD iso image?

« on: June 12, 2018, 08:26:25 pm »

I'm installing OPNsense as virtual on KVM and want to use "OPNsense-18.1.6-OpenSSL-dvd-amd64.iso" as install media, but it boot into live :-(
How can I start the installer script if possible from this ISO?

15

Hardware and Performance / Re: I guess Intel Chipset H110 is still a little to new! Solved in FreeBSD 11

« on: August 26, 2016, 06:38:28 pm »

Just did a quick and simple SSL benchmark test: VMware ESXi 6.0 vs. bare-metal (no VM)
CPU Pentium G4400T 2,9Ghz:

ESXi:
#openssl speed -engine cryptodev -multi 2 aes-128-cbc aes-192-cbc aes-256-cbc
aes-128 cbc     231313.74k   256633.05k   261830.53k   265155.24k   264773.63k
aes-192 cbc     194559.56k   213654.85k   214607.02k   220203.69k   220585.98k
aes-256 cbc     169802.58k   182031.75k   186861.23k   188047.02k   188506.11k

Bare-metal:
#openssl speed -engine cryptodev -multi 2 aes-128-cbc aes-192-cbc aes-256-cbc
aes-128 cbc     232662.34k   257887.64k   264367.02k   265849.76k   267400.53k
aes-192 cbc     197960.09k   215825.92k   219986.86k   221652.99k   222325.42k
aes-256 cbc     171786.18k   185165.18k   187883.29k   189288.79k   189964.29k

I would say the difference will not be noticeable, nice!
Didn't test network transfer...maybe that will show a bigger difference......but that that's must be another day