Messages

1

24.1 Legacy Series / Re: Google Drive backups no longer function

« on: November 18, 2024, 03:37:34 am »

that didn't seem to work. i still get the same error.

https://imgur.com/a/7A1sn5q

once i enabled legacy trust, i rebooted. now i see legacy from openssl

Code: [Select]

# /usr/local/bin/openssl list -providers
Providers:
  default
    name: OpenSSL Default Provider
    version: 3.0.15
    status: active
  legacy
    name: OpenSSL Legacy Provider
    version: 3.0.15
    status: active
but trying to do a backup still get the same error

2

24.1 Legacy Series / Re: Google Drive backups no longer function

« on: November 15, 2024, 06:55:23 pm »

unsure, i am running 24.10_7 and getting the exact same error...

https://imgur.com/a/8wrkApM

i don't see legacy in /usr/local/openssl/openssl.cnf, but i do see it in /usr/local/opnsense/service/templates/OPNsense/Trust/openssl.cnf its like the template isn't being applied? i have rebooted several times now at this point.

i installed 24.10 fresh and upgraded to 24.10_7, then applied my 24.7.7 config, as i was moving over from community to business.

https://github.com/opnsense/core/commit/d8ba131aadcceb2dd9719627a1363b34aad41e70

seems like i should see legacy provider, but i don't, since /usr/local/openssl/openssl.cnf seems wrong

Code: [Select]

# /usr/local/bin/openssl list -providers
Providers:
  default
    name: OpenSSL Default Provider
    version: 3.0.15
    status: active

if i execute /usr/local/etc/rc.syshook.d/early/15-templates manually, it has no output and returns success 0. but /usr/local/openssl/openssl.cnf remains unchanged

3

24.1 Legacy Series / Re: Google Drive backups no longer function

« on: November 14, 2024, 05:54:36 pm »

i am seeing this issue with 24.10_7 business edition. would it be safe to apply the same patch to the business edition?

Code: [Select]

opnsense-patch d8ba131

4

Zenarmor (Sensei) / Re: updating to 1.18 just loops installing pkg-1.19.2_2

« on: October 24, 2024, 06:53:44 pm »

this was from the zenarmor settings update page. i was able to kill it and i just installed from command line, pkg update && pkg install os-sensei, then restarting the engine from the dashboard and things seem to be working on 1.18

5

Zenarmor (Sensei) / updating to 1.18 just loops installing pkg-1.19.2_2

« on: October 24, 2024, 04:53:53 pm »

https://imgur.com/a/5AxiqUY

currently in an infinite loop.

Code: [Select]

New pkg package available, installing...
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 856 packages processed.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
pkg-1.19.2_2 [OPNsense]

Number of packages to be reinstalled: 1

4 MiB to be downloaded.
[1/1] Fetching pkg-1.19.2_2.pkg: .......... done
Checking integrity... done (0 conflicting)
[1/1] Reinstalling pkg-1.19.2_2...
[1/1] Extracting pkg-1.19.2_2: .......... done
New pkg package has been installed. Running sensei updater again from new package...
New pkg package available, installing...
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 856 packages processed.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
pkg-1.19.2_2 [OPNsense]

Number of packages to be reinstalled: 1
[1/1] Reinstalling pkg-1.19.2_2...
[1/1] Extracting pkg-1.19.2_2: .......... done
New pkg package has been installed. Running sensei updater again from new package...
New pkg package available, installing...
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 856 packages processed.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
pkg-1.19.2_2 [OPNsense]

Number of packages to be reinstalled: 1
[1/1] Reinstalling pkg-1.19.2_2...
[1/1] Extracting pkg-1.19.2_2: .......... done
New pkg package has been installed. Running sensei updater again from new package...
New pkg package available, installing...
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 856 packages processed.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
pkg-1.19.2_2 [OPNsense]

Number of packages to be reinstalled: 1
[1/1] Reinstalling pkg-1.19.2_2...
[1/1] Extracting pkg-1.19.2_2: .......... done
New pkg package has been installed. Running sensei updater again from new package...
New pkg package available, installing...
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 856 packages processed.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
pkg-1.19.2_2 [OPNsense]

Number of packages to be reinstalled: 1
[1/1] Reinstalling pkg-1.19.2_2...
[1/1] Extracting pkg-1.19.2_2: .......... done
New pkg package has been installed. Running sensei updater again from new package...
New pkg package available, installing...
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 856 packages processed.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
pkg-1.19.2_2 [OPNsense]

Number of packages to be reinstalled: 1
[1/1] Reinstalling pkg-1.19.2_2...
[1/1] Extracting pkg-1.19.2_2: .......... done
New pkg package has been installed. Running sensei updater again from new package...
New pkg package available, installing...
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 856 packages processed.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
pkg-1.19.2_2 [OPNsense]

Number of packages to be reinstalled: 1
[1/1] Reinstalling pkg-1.19.2_2...
[1/1] Extracting pkg-1.19.2_2: .......... done
New pkg package has been installed. Running sensei updater again from new package...
New pkg package available, installing...
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 856 packages processed.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
pkg-1.19.2_2 [OPNsense]

Number of packages to be reinstalled: 1
[1/1] Reinstalling pkg-1.19.2_2...
[1/1] Extracting pkg-1.19.2_2: .......... done
New pkg package has been installed. Running sensei updater again from new package...
New pkg package available, installing...
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 856 packages processed.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
pkg-1.19.2_2 [OPNsense]

Number of packages to be reinstalled: 1
[1/1] Reinstalling pkg-1.19.2_2...
[1/1] Extracting pkg-1.19.2_2: .......... done
New pkg package has been installed. Running sensei updater again from new package...
New pkg package available, installing...
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 856 packages processed.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
pkg-1.19.2_2 [OPNsense]

Number of packages to be reinstalled: 1
[1/1] Reinstalling pkg-1.19.2_2...
[1/1] Extracting pkg-1.19.2_2: .......... done
New pkg package has been installed. Running sensei updater again from new package...
New pkg package available, installing...
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 856 packages processed.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
pkg-1.19.2_2 [OPNsense]

Number of packages to be reinstalled: 1
[1/1] Reinstalling pkg-1.19.2_2...
[1/1] Extracting pkg-1.19.2_2: .......... done
New pkg package has been installed. Running sensei updater again from new package...
New pkg package available, installing...
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 856 packages processed.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
pkg-1.19.2_2 [OPNsense]

6

Zenarmor (Sensei) / Re: Deep Disappointment with Zenarmor's Commitment

« on: October 23, 2024, 04:28:20 pm »

> Franco I agree with you, but a constructive critic doesn't hurt.

I don't disagree. I want to mostly point out opening with "deep disappointment" in the subject is a lost cause. Eventually you want to have a stance that can be amended by others.

point taken. yea the OP wording clearly shows their frustration, but might be a bit dramatic. ultimately though, its up to you and opnsense, as it is your product and such and we have to respect that as well. thanks for taking the time give your point of view.

7

Zenarmor (Sensei) / Re: Deep Disappointment with Zenarmor's Commitment

« on: October 23, 2024, 12:53:07 am »

as a person who just bought a 3 year license to opnsense has been a paying customer of zenarmor for > 1 year now, i get what you are saying franco, but if this is only for technical issues, where else does a paying customer address this? reddit only i guess? there isn't some review section on the opnsense store or zenarmor website for paying customers.

i think staying positive is best, but at the end of the day, the business cannot be shielded from feedback or reviews or experiences.

i really love opnsense and i want to love zenarmor, but sensei/sunnyvalley doesn't do themselves any favors IMHO

8

Zenarmor (Sensei) / 24.10 business edition

« on: October 19, 2024, 04:53:16 am »

assuming zenarmor has to switch something over? seems like moving from 24.7.6 community to 24.10 business edition, none of the widgets are available and it looks like an older version is available only.

also now getting the pkg misconfigured issue.

9

Zenarmor (Sensei) / Re: Zenarmor Home Users: Your Feedback Shapes Our Focus!

« on: October 19, 2024, 04:51:17 am »

interesting results.

i guess if you are not doing VPN on your router, which most enterprises would not be doing, then its less of an issue. 1 Gbps wireguard with zenarmor is not really possible with say any of the OPNsense hardware or even an Intel N-305. I run a Xeon E-2414 which is 3x idle power and 5-6x routing/vpn power of the n305 to be able to do zenarmor + wireguard @ 1 gbps.

firewalla gold pro on the N97 (linux) has no problem with 1 Gbps wireguard and all the packet inspection, rules, etc, similar to what OPNsense + zenarmor offer.

glad to see policies and device limits are being considered for changes or maybe updated options available. have like 20 human devices in the house between computers, ipads, phones, etc, but so many IoT devices. i am always over the 100 in the settings -> subscription page, usually between 105 - 120, it says, but i have no clue what the implications of that is...

10

24.7 Production Series / Re: switching from community to business edition

« on: October 19, 2024, 04:34:25 am »

yep. worked great! zenarmor seems a bit broken, assuming its because its still serving the old freebsd 13.2 repo? the widgets are the old widgets, etc. zenarmor is both a blessing and curse.

11

24.7 Production Series / switching from community to business edition

« on: October 18, 2024, 08:55:37 pm »

hi.

i wanted to switch from community to business edition for 2 reasons. 1, to pay for this amazing software. 2, want to be on a more stable, less updated release train.

i am currently on 24.7.6. seems like 24.10 was just released and based off 24.7.6. seems like it would be a good time to switch. if i just save my config, reinstall with 24.10 and restore my config, would that be the best way to move over? running unbound, caddy, zenarmor, and chrony. pretty simple setup.

12

24.7 Production Series / multi-wan / default gateway switching

« on: October 15, 2024, 04:13:10 pm »

a question or check of my setup. i recently added a backup internet connection.

WAN1: 1 gbps quantum fiber
WAN2: 150 mbps / 20 mbps xfinity/comcast cable

i started out by looking at the opnsense docs and the multi-wan section with gateway groups. but it seems like for my simple setup, "Default gateway switching" and setting the gateway priorities seems to just work without any gateway groups, etc.

is that correct? if so, that is much simpler and awesome!

the only other adjustments i had to make were:

• any port forwards, i had to add both WAN interfaces to the forward definitions.
• forwarding 80/443 to public for caddy reverse proxy, so had to duplicate that rule on each WAN interface

i disabled sticky connections in settings > firewall > advanced, as this is a pure failover situation and not load balancing.

really only a few minutes to make these config changes and everything seems great. OPNsense is such a gem

13

Zenarmor (Sensei) / Re: ZenArmor and Pihole

« on: September 26, 2024, 01:39:45 am »

i use them both together. only desktop and mobile clients get pihole DNS, as i have the blocking more aggressive. the reasoning, if something isn't working, ZA is more of a pain to disable / whitelist.

pihole has a great API, chrome, firefox extensions, making it easier to allow/deny urls with a few clicks from the browser, enable/disable blocking with a single click. same goes for iOS and Android, the pihole apps make it easy to temporarily disable blocking, reload the page/app and see if that is the issue.

ZA and unbound DNS blocklist system is primitive in comparison, IMO

14

Zenarmor (Sensei) / Re: policies, vlans, wireguard

« on: September 18, 2024, 04:24:22 pm »

so i would just not select any interfaces and only specify the networks?

192.168.170.0/24 # vlan 170 network
192.168.212.0/24 # wg1 network

15

Zenarmor (Sensei) / Re: policies, vlans, wireguard

« on: September 18, 2024, 04:15:22 pm »

this is just i guess another example of how the "3" policy limit on home networks is insane.

i am trying to have 3 policies

1. kid (vlan 170 / wg1)
2. iot / guest (vlan 180 / vlan 190)
3. default (igb1, wg0)

kids devices are on their own vlan and on a wireguard interface when remote. because of the AND matching, this is a constant struggle with 2 policies limit. 3 policy wording is such a joke. its 2 policies with the home subscription.

argh. so i guess i have to reconfiguring interfaces and devices if i somehow want to make this work given the 2 policy limits.