Messages

1

German - Deutsch / Re: Upgrade auf Version 22.7

« on: July 30, 2022, 05:42:27 pm »

Had the same, think it was a remainder of the sensei package/repo?

Appears ok after a: 'pkg remove php74-pecl-mongodb'

2

21.7 Legacy Series / Re: Everything Seen to Work

« on: July 29, 2021, 09:14:18 pm »

Upgraded from 21.1.8, 21.1.9  to 21.7 on a DEC630, went quick, no issues spotted!

3

20.7 Legacy Series / 20.7 update experience

« on: July 31, 2020, 06:26:06 pm »

hardware: OPNsense A10 Quad Core SSD Desktop Gen2 SKU: DEC630

-update from 20.1.9 to 20.1.9-1: OK
-update to 20.7: stuck after reboot, USB console showed no output
removed power, put back after 10s, resumed and finished update without issue, router came back after a couple minutes.

4

20.1 Legacy Series / Re: health audit shows wrong version and missing shared library after upgrade

« on: July 05, 2020, 11:46:38 am »

Same for me, did a health check as my opnsense box didn't come up after upgrade.
On console it was showing tar errors, I might have forced a reboot to soon?
After a ctrl+c it continued with boot and functioned normally.

5

19.1 Legacy Series / OPNsense 19.1.7 release thread

« on: May 02, 2019, 06:22:56 pm »

 19.1.6 to 19.1.7 Update went OK for me, reboot was quick.

Edit: it rebooted twice? showed rebooting in UI, then dashboard 19.1.7, then rebooted again, second time took longer.

6

Tutorials and FAQs / Re: HOWTO - DNS Security / Unbound DNS with DNSCrypt, DoH Plugin for IPv4 + IPv6

« on: March 22, 2019, 12:45:35 pm »

Overrides can also be done via dnscrypt-proxy if you need them. Also Adblocking is now available vial the plugin itself.

Thanks.
Had a look at using dnscrypt-proxy alone but the webui of pihole proved to be more featured.

7

Tutorials and FAQs / Re: HOWTO - DNS Security / Unbound DNS with DNSCrypt, DoH Plugin for IPv4 + IPv6

« on: March 21, 2019, 12:40:53 pm »

I'm guessing same Unbound problem as Bind has:

> When you are using Overrides in Unbound you can not use ``do-not-query-localhost``.


Cheers,
Franco

Thanks for the reply, I have a number of Overrides, after removing the do-not-query-localhost line Unbound starts!

8

Tutorials and FAQs / Re: HOWTO - DNS Security / Unbound DNS with DNSCrypt, DoH Plugin for IPv4 + IPv6

« on: March 20, 2019, 08:59:24 pm »

I'm running into the same issue.
I can enable and start Unbound but it will not start after adding Advanced Settings part per: https://wiki.opnsense.org/manual/how-tos/dnscrypt-proxy.html

Code: [Select]

do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@5353
No error messages appear in webui or log.
I can start unbound from shell with -d -v, it shows no errors at that time in shell or in ui log.

Goal is to forward incoming requests to my pihole VM, which should get its DNS replies from dnscrypt on opnsense.

9

19.1 Legacy Series / Re: OPNsense 19.1 released update!

« on: January 31, 2019, 08:50:04 pm »

No issues after installing, only took a couple minutes longer than usual.

10

18.7 Legacy Series / Re: Outbound NAT on LAN interface fails after upgrade to 18.7

« on: November 27, 2018, 03:08:02 pm »

I'm experiencing this in 18.7.8, had to change port alias to port number before Port Forward rule worked again.

11

General Discussion / Re: CVE-2018-17156 Ping vulnerability? Is Opnsense affected?

« on: November 10, 2018, 10:57:37 am »

Thank you, good to hear.

12

General Discussion / CVE-2018-17156 Ping vulnerability? Is Opnsense affected?

« on: November 09, 2018, 04:32:09 pm »

Details in here: https://www.reddit.com/r/BSD/comments/9v6xwg/remotely_triggerable_icmp_buffer_underwrite_in/

13

18.7 Legacy Series / Re: Challenge: Alert on Firewall block - is this possible currently?

« on: October 18, 2018, 10:20:24 pm »

-Backed up config
-Reset to defaults
-Restored config
-no more duplicate pings but still no IDS warnings or blocking

14

18.7 Legacy Series / Re: Challenge: Alert on Firewall block - is this possible currently?

« on: October 13, 2018, 12:17:45 pm »

Changed IDS settings to below, enabled syslog alerts, changed interfaces to LAN only


Dashboard shows Suricata running:




Ping stats look weird:
Rutube.ru

Code: [Select]

64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=1 ttl=57 time=851 ms
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=2 ttl=57 time=9.70 ms
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=1 ttl=57 time=1853 ms (DUP!)
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=3 ttl=57 time=9.53 ms
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=3 ttl=57 time=70.9 ms (DUP!)
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=3 ttl=57 time=941 ms (DUP!)
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=4 ttl=57 time=9.74 ms
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=3 ttl=57 time=1161 ms (DUP!)
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=4 ttl=57 time=953 ms (DUP!)
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=3 ttl=57 time=2319 ms (DUP!)
Google DNS:

Code: [Select]

64 bytes from 8.8.8.8: icmp_seq=13 ttl=122 time=2.76 ms
64 bytes from 8.8.8.8: icmp_seq=12 ttl=122 time=1344 ms (DUP!)
64 bytes from 8.8.8.8: icmp_seq=11 ttl=122 time=2679 ms (DUP!)
64 bytes from 8.8.8.8: icmp_seq=13 ttl=122 time=903 ms (DUP!)
64 bytes from 8.8.8.8: icmp_seq=14 ttl=122 time=2.76 ms
64 bytes from 8.8.8.8: icmp_seq=12 ttl=122 time=2156 ms (DUP!)
64 bytes from 8.8.8.8: icmp_seq=13 ttl=122 time=1160 ms (DUP!)
64 bytes from 8.8.8.8: icmp_seq=12 ttl=122 time=2394 ms (DUP!)
64 bytes from 8.8.8.8: icmp_seq=11 ttl=122 time=3779 ms (DUP!)
64 bytes from 8.8.8.8: icmp_seq=13 ttl=122 time=1802 ms (DUP!)
Edit: 
Ping results returned to normal after disabling IDS:

Code: [Select]

64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=38 ttl=57 time=10.1 ms
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=39 ttl=57 time=9.57 ms
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=40 ttl=57 time=9.62 ms
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=41 ttl=57 time=9.66 ms
64 bytes from 185.165.123.77 (185.165.123.77): icmp_seq=42 ttl=57 time=9.74 ms

15

18.7 Legacy Series / Re: Challenge: Alert on Firewall block - is this possible currently?

« on: October 12, 2018, 03:02:20 pm »

bump