Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - jorgevisentini

Pages: [1] 2 3 ... 5

24.7 Production Series / Re: Where is the API access?

« on: August 22, 2024, 10:28:17 pm »

My bad.

For some reason it wasn't showing up, but I restarted the server and the option reappeared.

Sorry guys.

24.7 Production Series / Where is the API access?

« on: August 22, 2024, 10:02:46 pm »

Hello.

I'm using version 24.7.2 and I need to access the API.

In previous releases it is in SYSTEM>ACCESS>USERS>[user]>API KEYS

Will we no longer have access to the API or has it been moved?

Virtual private networks / Sent fatal SSL alert: unsupported certificate

« on: April 26, 2024, 04:46:15 pm »

Hi all! Big Friday! lol

So... I installed OPNsense 24.1.6, created the CA, the server certificate and configured OpenVPN, but when I try to connect I am shown the errors below.

Packages:
base 24.1.5
openssh-portable 9.7.p1,1
openssl 3.0.13_3,1
easy-rsa 3.1.7
openvpn 2.6.10

Code: [Select]

MANAGEMENT: Client connected from /var/etc/openvpn/instance-f66d5a6f-08c6-49c3-bfb4-6497f183d284.sock
201.43.198.169:49300 SIGUSR1[soft,tls-error] received, client-instance restarting
201.43.198.169:49300 TLS Error: TLS handshake failed
201.43.198.169:49300 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
MANAGEMENT: Client disconnected
MANAGEMENT: CMD 'quit'
MANAGEMENT: CMD 'status 2'
MANAGEMENT: Client connected from /var/etc/openvpn/instance-f66d5a6f-08c6-49c3-bfb4-6497f183d284.sock
201.43.198.169:49300 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
201.43.198.169:49300 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
201.43.198.169:49300 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Re-using SSL/TLS context
MULTI: multi_create_instance called
201.43.198.169:49300 SIGUSR1[soft,tls-error] received, client-instance restarting
201.43.198.169:49300 TLS Error: TLS handshake failed
201.43.198.169:49300 TLS Error: TLS object -> incoming plaintext read error
201.43.198.169:49300 TLS_ERROR: BIO read tls_read_plaintext error
201.43.198.169:49300 OpenSSL: error:0A000086:SSL routines::certificate verify failed:
201.43.198.169:49300 Sent fatal SSL alert: unsupported certificate
201.43.198.169:49300 VERIFY ERROR: depth=0, error=unsuitable certificate purpose: C=XX, ST=XX, L=XXX, O=XXX, emailAddress=XXX, CN=sslvpn-certificate, serial=1
201.43.198.169:49300 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
201.43.198.169:49300 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
201.43.198.169:49300 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Re-using SSL/TLS context
Connection Attempt MULTI: multi_create_instance called

PS1: I have another server with the same version and this problem does not occur.
PS2: For privacy reasons, I changed the certificate information in the post code.
PS3: I tested with several versions of OpenVPN Client.
PS4: If I don't require the certificate, it works.

Anyone with this same problem?
Cheers!

23.7 Legacy Series / Re: NGINX - How to work Load Balance

« on: December 21, 2023, 08:55:25 pm »

No error messages in the logs...

Testing using 2 Apache web servers...

I'll keep investigating...

23.7 Legacy Series / NGINX - How to work Load Balance

« on: December 20, 2023, 04:05:09 pm »

I'm trying to configure a load balance of the upstream servers, but apparently it's not working...

In Edit Upstream in Upstream:

Description: upstream_test_44310
Server Entries: Upstream_Server_01,Upstream_Server_02
Load Balancing Algorithm: Weighted Round Robin

In Edit Location in Location:

Description: location_upstream_test_44310
Upstream Servers: upstream_test_44310

The issue is that the load balance is not working, the connections are only going to Upstream_Server_01.
I already changed the Server Priority priority in Upstream Server, but it didn't work.

Any tips?

22.7 Legacy Series / Re: OFF TOPIC - Nginx restrict domains

« on: January 10, 2023, 04:03:34 pm »

Oh, I need update my version of the nginx / opnsense to view this option.

Thank you for your help!

22.7 Legacy Series / Re: OFF TOPIC - Nginx restrict domains

« on: January 05, 2023, 03:07:15 pm »

Hi, thx for your reply.

Sorry, I dont see this option "Default Server" in the HTTP Server.

22.7 Legacy Series / OFF TOPIC - Nginx restrict domains

« on: January 05, 2023, 02:05:00 pm »

Hi guys.

So... this is not directly about OPNsense, but about NGINX.

I set up a reverse proxy for my website (www.domain.com), but strangely enough, it is accepting any sub-domain (dev.domain.com, xxx.domain.com).

How do I strictly restrict it to only accepting www.domain.com?

Happy new year for all of us!

21.1 Legacy Series / Re: PHP Fatal error

« on: June 25, 2021, 08:30:54 pm »

Oh thank you man.

It worked for me

21.1 Legacy Series / PHP Fatal error

« on: June 24, 2021, 09:54:26 pm »

Hi all!

Is there any option to configure PHP parameters through the WEB interface or is there another way to make this adjustment?

I have the following error:
PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 119541760 bytes)

But if I change the /usr/local/etc/php.ini file in the cli, it doesn't work because it is generated by configd.

Thank you all!!

20.7 Legacy Series / Re: Virtualization in oVirt 4.4.4

« on: December 12, 2020, 05:22:26 pm »

As information, was configuration on oVirt.

I had change the chipset for I440FX Chipset with BIOS.
Interesting that with pure FreeBSD 12 didn't need to change.

But, it's no problem. Problem resolved.

20.7 Legacy Series / Virtualization in oVirt 4.4.4

« on: December 12, 2020, 02:58:33 am »

Hi all!!

Did any of you have a problem running OPN on oVirt 4.4.4?
I tried to run a VM with both a virtio and e1000 driver and it didn't work.
With the virtio driver the OPN does not recognize the interfaces and with the e1000 driver falls on a "db>" screen with kernel panic

There is no error in the virtualization log messages.
This I found strange.

I posted this on the oVirt forum too, because I don't know if the error is at the hypervisor layer or the VM layer.

Any tips?

Thank you all.

20.1 Legacy Series / Reverse Proxy - Nginx - Zabbix

« on: August 24, 2020, 11:34:24 pm »

Hello, could you help me?

How do I enable the basic_status page through OPNsense to monitor with the Zabbix agent? I saw that the ngx_http_stub_status_module module is enabled.

https://nginx.org/en/docs/http/ngx_http_stub_status_module.html

Or, how and where do I collect the data from the address /ui/nginx/index/vts?

Thank you all!

19.7 Legacy Series / Re: Brazil save time daylight

« on: November 06, 2019, 09:05:24 pm »

Hi Franco, I found the problem.

On OPNsense:

If I set the time zone settings ETC/GMT -3, the OPN advance time to 3 more hours.
If I set the time zone settings ETC/GMT +3, the OPN delay time to 3 more hours.

On FreeBSD it's Ok.

I think these two time zones are inverted.

Anyway, I think it's resolved, I guess lol

19.7 Legacy Series / Re: Brazil save time daylight

« on: November 06, 2019, 08:16:33 pm »

Sorry my english...

I didn't find the change on this github code, but on the file https://data.iana.org/time-zones/releases/tzdb-2019c.tar.lz, yes.

On southamerica file, line 946, show the decree signed at May 04, finishing up with the save time daylight in Brazil.

But, I dont know how I fixe it on OPNsense.

Time zone: America/Sao_Paulo
On OPN interface: Wed Nov 6 17:13:50 -02 2019
On FreeBSD cli: Wed Nov 6 16:14:11 -03 2019

Pages: [1] 2 3 ... 5