Messages

1

19.1 Production Series / Re: Kernel panic after upgrade

« on: March 08, 2019, 01:24:22 am »

I'm a peaceful person however as an enterprise user it amazes me the quantity of bashers and shills in this forum. (Almost same rethoric as pfsense decadent times)

First of all everyone is free to choose what is necessary to deliver the job.

Coming from Cisco and Dell background, spending 15000€ per device in useless hardware for many years because of the BIG brand and BIG things and the BIG names, still useless for the price TAG.

Second this is an open source, community fuelled project, actually one of the best projects in terms of performance and features globally available.

If one is hurt about these bugs, please open your wallet and buy the iPhone of firewalls, CISCO, PALO ALTO, Fortigate and so on and be happy.

No one can demand or snow flake around because there is a bug, I've been running enterprise hardware from Deciso moving away from Cisco and never once been disappointed. Franco helped many times fixed bugs, and as an active user contributed many times monetarily to the project and will continue to do so, because it pays the bills around here.

Also running dozens of virtual workloads, from time to time there is a bug here and there, however one is responsible for the R&D and as AD mentioned, also planning proper upgrade procedures and regressions is the user responsibility.

No serious enterprise company sysadmin cries around because there is a bug in this or that open source project, maybe is fine crying around when Cisco fails, or palo alto but not open source.

To conclude, this projects saved thousands of pounds to many organizations across the scene and this types of toxic comments undermine the project vision, so no point escalating it going further.

2

19.1 Production Series / Re: Kernel panic after upgrade

« on: March 02, 2019, 02:59:37 pm »

I don't think is necessary, a simple laptop with windows 10 would do the job, however for a more professional environment I can provide a remote LAB with Hyper-V and ESXi where you can spin as many VMs as you wish to help test.

this UEFI bug plagues some baremetal, Hyper-V Gen 2 UEFI and ESXi UEFI VMs and me as well other dozens of users have interest to help get this fixed as we use OPNsense in productions environments.

Cheers

3

19.1 Production Series / Re: Kernel panic after upgrade

« on: March 01, 2019, 06:13:20 pm »

We hold off upgrade on production Instances for now.

is definitely an issue with HardenedBSD / OPN 19.1 UEFI only, BIOS works well


hopefully there will be a solution soon

at the moment several hardware, VMware and Hyper-V UEFI instances get the failed trap error

4

Tutorials and FAQs / Re: Add basic auth to HAProxy

« on: January 06, 2019, 10:42:59 pm »

+1 for put the auth in the gui!

but i have the same problem as akron.
After i fill the auth forms correct i just get an

Code: [Select]

{"message":"Basic auth failed"}
Did you find a solution akron?

Cheers Chris

Hello, yes I've got a solution,

the way this works is you configure the basic auth on backend if you dont have basic auth at the webserver level.

if you want HAPROXY to pass the basic auth to the webserver, disable it on the backend object and your webserver will serve the basic auth.

didnt work for me first time because haproxy process for some reason was messed up, restarted and is working as expected.

5

Tutorials and FAQs / Re: Add basic auth to HAProxy

« on: December 27, 2018, 12:22:06 am »

For future reference: os-haproxy 2.10 (available in the upcoming OPNsense 18.7.8 ) finally adds support for HTTP Basic Auth.
See https://github.com/opnsense/plugins/pull/970#issuecomment-437688137

This is great, thank you, however after updating, the basic auth is not passing through to backend servers as before the update, pretty sure is related?

for example, before there was no basic auth option on backend or frontend and haproxy passed the header to backend, meaning the backend webserver would serve the basic auth normally, now is not doing it with same backend server, any way to tell haproxy not to use frontend basic auth and use backend webserver instead ?

Thank you

6

18.1 Legacy Series / Re: [solved] Nexcloud: communication failure

« on: June 27, 2018, 02:52:54 pm »

Hey akron, what @fabian says, and a question: did you check the certificate with another connection, did that work?
My guess, there's something wrong with the crt.
Btw. I simply pushed the crt. to the store and that was it, no CA (need to set that up in spare time, heck, I may use Opnsense for that  )

Greetings mark

I am confuse, I am getting another error now ssl_verify_result":20

what I did was to put the SSL crt /usr/local/share/certs the crt contains the certificate data followed by private key, is this correct? also I tried to put in pem format no change

7

18.1 Legacy Series / Re: [solved] Nexcloud: communication failure

« on: June 27, 2018, 12:05:27 pm »

Very likely another certificate validation error. I would check host name and time range of the certificate but I don't know this code.

I have put the CA certificate on the path mentioned and now I get another error:

config[29464]: {"url":"https:\/\/cloud.domain.com\/remote.php\/dav\/files\/opnsense\/","content_type":null,"http_code":0,"header_size":0,"request_size":0,"filetime":-1,"ssl_verify_result":1,"redirect_count":0,"total_time":0.25138,"namelookup_time":0.078396,"connect_time":0.086301,"pretransfer_time":0,"size_upload":0,"size_download":0,"speed_download":0,"speed_upload":0,"download_content_length":-1,"upload_content_length":-1,"starttransfer_time":0,"redirect_time":0,"redirect_url":"","primary_ip":"192.168.1.5","certinfo":[],"primary_port":443,"local_ip":"192.168.1.1","local_port":42651}

would be easier to implement on the webui ignore SSL certificate validation ? that would be perfect as we could use any self signed SSL

thank you

8

18.1 Legacy Series / Re: Nexcloud: communication failure

« on: June 26, 2018, 07:44:34 pm »

Hey fabian, thanks for the clear answer.

Your first Q. :yes using self signed cert. for my server, all is a localdomain.

Next: what say the logs:

Code: [Select]

config[23141]: {"url":"https:\/\/cloud.localdomain\/nextcloud\/remote.php\/dav\/files\/backer\/","content_type":null,"http_code":0,"header_size":0,"request_size":0,"filetime":-1,"ssl_verify_result":18,"redirect_count":0,"total_time":0.164199,"namelookup_time":0.004971,"connect_time":0.005542,"pretransfer_time":0,"size_upload":0,"size_download":0,"speed_download":0,"speed_upload":0,"download_content_length":-1,"upload_content_length":-1,"starttransfer_time":0,"redirect_time":0,"redirect_url":"","primary_ip":"10.10.100.6","certinfo":[],"primary_port":443,"local_ip":"10.10.100.1","local_port":42812}
Than: no hehe I did not forget the 's'    I click on it from another webpage I don't know what I was thinking here, I don't do that, just the address

I allraedy 'knew' app password should be okay with 2fa but still tested I, wanted to be sure that was not an issue when I post here, thanks.

Hello,

I have a similar issue, with number 20

is there any fix ?

config[80861]: {"url":"https:\/\/cloud.domain.com\/\/remote.php\/dav\/files\/opnsense\/","content_type":null,"http_code":0,"header_size":0,"request_size":0,"filetime":-1,"ssl_verify_result":20,"redirect_count":0,"total_time":0.033315,"namelookup_time":4.9e-5,"connect_time":0.007027,"pretransfer_time":0,"size_upload":0,"size_download":0,"speed_download":0,"speed_upload":0,"download_content_length":-1,"upload_content_length":-1,"starttransfer_time":0,"redirect_time":0,"redirect_url":"","primary_ip":"192.168.1.5","certinfo":[],"primary_port":443,"local_ip":"192.168.1.1","local_port":32217}


Thank you

9

18.1 Legacy Series / Re: NAT to Remote Network via OpenVPN Tunnel

« on: June 26, 2018, 12:47:16 am »

Is there a easy/proper way to achieve this ?

The better way of doing this would be IPsec IMHO:
https://wiki.opnsense.org/manual/how-tos/ipsec-s2s.html

I never got OpenVPN NAT to remote site working in a clean way, with dirty configs I can pass some traffic but defeats the pupose of easy and clean way.

Could you explain why we can achieve this with IPsec  and not OpenVPN?

Thank you 

10

Development and Code Review / Re: WebDav backups

« on: May 25, 2018, 05:10:28 pm »

Totally forgot about this. Sometimes it is hard to do something differently than you always did before

Thank you working great

Cheers

11

Development and Code Review / Re: WebDav backups

« on: May 23, 2018, 04:54:31 pm »

I am also interested in backing up to Nextcloud as I don't use public cloud services.

How can I install the plug in for nextcloud ?

This is not a plugin, if it is not available in the backup section, it will be included in a future release without having to install anything except updates

You can test it in the developer preview.

OK Thank you, how do I transform my version into developer preview or upgrade ?

I am running stable 18.1.8

cheers

12

Development and Code Review / Re: WebDav backups

« on: May 23, 2018, 04:19:23 pm »

thanks for the link...i will try to study the code...pcloud is commercial cloud storage provider..its not self hosting like nextcloud or owncloud.

Hi Guys

I am also interested in backing up to Nextcloud as I don't use public cloud services.

How can I install the plug in for nextcloud ?

Thank You

13

18.1 Legacy Series / NAT to Remote Network via OpenVPN Tunnel

« on: January 31, 2018, 02:29:47 pm »

Hi Guys,

I'm hoping the fantastic OPNsense community can shed some light on this.

Been trying many different things for a couple of weeks none of them working.

I have 2 OPNsense firewalls installed, one on Site A and one on Site B

Site A has Public IP and LAN IP - I can control the Public IP and the Natting to Site A LAN fine.

Site B has LAN IP Only - I don't control the Public IP, hence I have a OpenVPN tunnel back to Site A

Site A: LAN 192.168.1.0/24 WAN 271.xxx.xxx.xxx OpenVPN Tunnel Network 10.6.8.0/24

Site B: LAN 192.168.2.0/24 no WAN OpenVPN Tunnel Network 10.6.8.0/24

I can access the site A LAN network from site B fine and vice-versa, no problems on that.

My goal is to be able to NAT something from Site A Public IP to the LAN seating on the other side of the tunnel on site B.

I have tried:

Stretched LAN from site A to site B via Bridging Site A LAN + OpenVPN, didn't work at all, no traffic passing either way Site A or Site B, I also did the bridge on Site B LAN + OpenVPN with no results

Specific traffic Rules on Site A to Site B and Outbound from Site B LAN configured to go via OpenVPN tunnel. Didn't work also.

Is there a easy/proper way to achieve this ?

Thank you
 

14

17.7 Legacy Series / HA Proxy Stuck - Hang on reboot - Delayed HA Failover

« on: September 01, 2017, 06:24:48 pm »

Hello Fellas,

Thanks for the HA Proxy FIX on 17.7.1 update (Hard Mode).

I can confirm the issues reported by a few users, of getting stuck while rebooting and delayed HA Failover are resolved now.

https://forum.opnsense.org/index.php?topic=4899.msg21493#msg21493

https://forum.opnsense.org/index.php?topic=5304.msg22070#msg22070

keep up the good work

Cheers

15

17.1 Legacy Series / Re: HAProxy alternative port on FrontEnd

« on: July 26, 2017, 02:55:15 pm »

sorry to ask again, but anyone facing a similar issue ?

Cheers