Messages

Because underneat is a FreeBSD; it is not Linux.

Oh, I had thought FreeBSD was just a flavor of Linux- no wonder...

And Franco - I understand your point. If it ain't broke, don't fix it. And thanks for the link to the source code, I think I can write a plugin that uses the pid file to help record service status.

Underneath it all, it is simple.

# service openssh onestatus
openssh is running as pid 52248.

When I run this, it tells me

Code Select Expand

Cannot 'status' openssh. Set openssh_enable to YES in /etc/rc.conf or use 'onestatus' instead of 'status' but 1) there is no /etc/rc.conf (there is an /etc/rc.conf.d/ with what appear to be conf files), and 2) openssh must already be enabled on boot b/c it says its running in the GUI (and I'm ssh'ing to the firewall to run this command.

I've heard of NRPE, but I wanted to do agentless monitoring of my devices for the sake of centralization. But this post isn't supposed to be about nagios monitoring, it's supposed to be about why OPNsense services say one thing in CLI and another in GUI. And also why on every other Linux box running an OpenVPN server I can check its status with init.d/systemd but can't seem to do so on OPNsense...

[why not?]

Trying to integrate some simple service status checks for a nagios server. I found a guide for configuring these for pfsense, but it revolves around the commandline utility pfSsh.php, which OPNsense apparently does not have.

I found the request for an alternative tool on GitHub (https://github.com/opnsense/core/issues/412), and i discovered 'configctl', but these don't cut it. When I try to do 'configctl openssh status', it tells me "Action not found", and indeed it is not found under /usr/local/opnsense/service/conf/actions.d.

But why not? What is so hard about having a simple 'service openssh status' command to check its status? How is the GUI checking the status of openssh behind the scenes, and how can I run that behind the scenes myself?

In the example here (https://forum.opnsense.org/index.php?topic=2085.0), apparently you can run 'configctl proxy status' and are supposed to get the status info, but for me it just says "Cannot 'status' squid. Set squid_enable to YES in /etc/rc.conf or use 'onestatus' instead of 'status'". There is no /etc/rd.conf file, but there is a /etc/rc.conf.d/squid/squid file that has squid_enable="NO", however.

So is the only way to do this to create an /etc/rc.conf.d/openssh.conf file with "enabled=YES" in it? This doesn't make sense, since openssh is already running at boot, so why does the commandline say it's not running?

Why is this so complicated??

Thanks for the help, but I just scrapped it and installed a new image on a new VM... I'll keep this in mind in case it happens again though.

Just upgraded to 17.1.8, rebooted, and now I can't connect or login to my OPNsense VM instance. I can only interact with it through Vbox GUI, but it won't accept any of my logins. I suspect it has something to do with this output at the end of the boot sequence (see attached).

What the heck happened?? VirtualBox also said it had a driver issue and recommended I rebuild it with a specific command. I ran that command and it worked, and my other VM's work just fine. Even OPNsense seems to work fine as far as Vbox goes- it boots up and functions properly on the virtualization layer.

When I type any login name, it doesn't even prompt for a password, it just immediately says "Login incorrect".

-William

Wow. I looked everywhere and managed to overlook that... Thanks!

Follow up question: Is there any way to change the time format to 12-hr clock without affecting syslog timestamps?

I configured NTP to use 0.us.pool.ntp.org, 1.us.pool.ntp.org, and 2.us.pool.ntp.org, with 0 being marked preferred. However, my system time is still in UTC, not EDT. I tried manually editing the /conf/config.xml file, but that wont help when we switch back to EST, nor does it resolve the underlying issue.

I can successfully resolve the NTP servers' names. What else could be the issue?

Thanks,
William