Messages

1

General Discussion / Re: Newb and Loving It

« on: October 15, 2020, 11:55:01 pm »

1. Format a USB drive as fat32 non-bootable and name it conf
2. On the USB drive create a folder named conf
3. Save your OPNsense configuration file as config.xml and place it in the conf folder
4. Done

During bootup, OPNsense looks for a drive containing your saved OPNsene configuration file and automatically imports it. Follow the guidelines above so OPNsense properly finds the config file during bootup.

2

20.7 Production Series / Re: UPnP stops responding when connection cleared

« on: October 15, 2020, 09:52:34 pm »

The location of the miniupnpd conf file is located at:

/var/etc/miniupnpd.conf

The file is autogenerated from the miniupnpd.inc file located at:

/usr/local/etc/inc/plugins.inc.d/miniupnpd.inc

While working with miniupnpd I discovered that after clearing the "all currently connected sessions" the status page would be cleared but miniupnpd was actually still responsive. For instance after restarting my Xbox, 2 entries would show up on the status page. Otherwise nothing would show. What's happening is that a device on a network that uses UPNP needs to make a port request and miniupnpd will add a port mapping for the UPNP device. If my Xbox already made the reqeuest I don't make another one until I've rebooted it. It make make another request if I play a different game. I haven't tested this. I've tested this with pfsense as well. Same results.

3

20.7 Production Series / Re: dpinger not started on boot

« on: October 15, 2020, 08:05:26 pm »

Is there a reason "Disable Gateway Monitoring" is disabled by default? In my particular case I'm refering to a single  WAN network. Also did Maarten find a bug with dpinger not restarting after a reboot?

4

General Discussion / Re: Clearing Automatically Generated Rules

« on: October 13, 2020, 03:56:55 pm »

You can't modify or delete autogenerated rules using the webui. Although, you can modify the following file which creates many, if not all, of the autogenerated rules:

/usr/local/etc/inc/filter.lib.inc

this file also plays a role:

/usr/local/etc/inc/filter.inc

I found that I could change all the autogenerated rules for my OPNsense setup with just modifiying the filter.lib.inc file.

I'm currently using OPNsense 20.7.3 and this screenshot is what my autogenerated floating rules look like after modifying filter.lib.inc.

5

20.7 Production Series / Re: libxml -- multiple vulnerabilities

« on: October 10, 2020, 02:36:59 am »

magnust if you are really concerned about it you can update it yourself using the FreeBSD repository. From the console edit the FreeBSD.conf file at:

/usr/local/etc/pkg/repos/FreeBSD.conf

add the following information:

Code: [Select]

FreeBSD: {
  url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
  mirror_type: "srv",
  signature_type: "fingerprints",
  fingerprints: "/usr/share/keys/pkg",
  enabled: yes
}
From the console run the following commands:

Code: [Select]

pkg update
pkg install libxml2-2.9.10_1
pkg clean
At this point I would remove the information you added to the FreeBSD.conf file otherwise you will have issues with updating OPNsense. This is a temporary fix until until the OPNsense 20.7.4 update.

6

20.7 Production Series / Re: Upgrade to 20.7.3 Not Going Well

« on: October 08, 2020, 06:33:32 pm »

Reboot and hit update again fixes it. Known error

This happens when upgrading to 20.7.3 even for fresh installs. I've done 3 fresh installs of 20.7 and each time I attempt to update it hangs on 43/44. Rebooting and selecting update again fixes the issue.

7

20.7 Production Series / Re: [SOLVED] ntpd: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized

« on: October 08, 2020, 06:22:46 pm »

LouCipher nice find. I was having the same problem and now it's fixed thanks to your solution.

Edit: This actually didn't fix the problem.

8

20.7 Production Series / Re: BUG - DHCP "static" leases - actually reservations

« on: August 09, 2020, 09:38:04 pm »

I doubt they will change this even though your are right. The use of the term "static IP" has been used for years on routers for setting DHCP reservations for clients via DHCP.

See the blog post with a great video that supports your position:

Static IP vs DHCP Reservation

 

9

20.7 Production Series / Re: Webgui not starting after recent update to 20.1.8_1

« on: July 11, 2020, 08:06:19 pm »

Did you fix it? I'm sure a reboot fixed the issue.

10

20.7 Production Series / Re: DHCP/DHCPv6 automatically configured firewall rules

« on: July 11, 2020, 08:03:40 pm »

I'm sure they will fix this issue. Somthing I noticed for awhile now is that there isn't enough coding logic to remove unneccesary automatically generated ipv4+v6 rules when IPv6 is disabled.

11

20.1 Legacy Series / Re: FreeBSD security advisory CVE-2018-6923

« on: May 24, 2020, 02:26:40 am »

OPNsense is based on HardenedBSD and yes HardenedBSD has patched this.

12

20.1 Legacy Series / Re: Trying to enable UPNP causes reboot

« on: April 06, 2020, 05:15:26 am »

When you enable upnp from the webgui the miniupnpd.conf file is created so I'm not sure what is going on with your system. I would try to export your configuration file and look at it. I've found that my configuration sometimes has things in it that it shouldn't. You might need to manually cleanup your OPNsense configuration fie. If you do find some issues with your configuration file you can import it back into OPNsense after you clean it up.

System --> Configuration --> Backups --> Download configuration

This is what a portion of my configuration file looks like:

Code: [Select]

  <installedpackages>
    <miniupnpd>
      <config>
        <enable>1</enable>
        <enable_upnp>1</enable_upnp>
        <permdefault>1</permdefault>
        <ext_iface>wan</ext_iface>
        <download/>
        <upload/>
        <overridewanip/>
        <permuser1>allow 1024-65535 10.200.200.110/32 1024-65535</permuser1>
        <permuser2>allow 1024-65535 10.200.200.111/32 1024-65535</permuser2>
        <permuser3>allow 1024-65535 10.100.100.100/32 1024-65535</permuser3>
        <permuser4>allow 1024-65535 10.0.0.100/32 1024-65535</permuser4>
        <permuser5/>
        <permuser6/>
        <permuser7/>
        <permuser8/>
        <iface_array>lan,opt2,opt1</iface_array>
      </config>
    </miniupnpd>
  </installedpackages>
If this doesn't help I would suggest posting the crash log. The crash log probably has some valuable information.

13

20.1 Legacy Series / Re: Trying to enable UPNP causes reboot

« on: April 01, 2020, 12:46:57 pm »

Unfortunately I don't have enough time right now to provide more information. Try creating an empty file /var/etc/miniupnpd.conf.

This is what my file permissions looks like:

-rw-r--r--  1 root  wheel   519 Apr  1 03:43 miniupnpd.conf

14

20.1 Legacy Series / Re: Trying to enable UPNP causes reboot

« on: April 01, 2020, 03:28:14 am »

root@OPNsense:~ # /usr/local/sbin/miniupnpd -d -f /var/etc/miniupnpd.conf -P /var/run/miniupnpd.pid
Error reading configuration file /var/etc/miniupnpd.conf

Well the only thing left I can think of is that you either have an issue with your miniupnpd.conf file or it doe not exist. Can you check to make sure the file is present?

my /var/etc/miniupnpd.conf

Code: [Select]

ext_ifname=igb0
port=2189
listening_ip=igb1
listening_ip=igb3
listening_ip=igb2
secure_mode=yes
presentation_url=https://10.200.200.1/
uuid=4bfsvd1c-3391-8sfda6-1c1d-3525sdf50ae0b
serial=4BD1042C
model_number=20.1.3
allow 1024-65535 10.200.200.110/32 1024-65535
allow 1024-65535 10.200.200.111/32 1024-65535
allow 1024-65535 10.100.100.100/32 1024-65535
allow 1024-65535 10.0.0.100/32 1024-65535
deny 0-65535 0.0.0.0/0 0-65535
enable_upnp=yes
enable_natpmp=no
clean_ruleset_interval=600
min_lifetime=120
max_lifetime=86400

15

20.1 Legacy Series / Re: syslog-ng

« on: March 30, 2020, 04:28:36 am »

I'm wondering if the following OPNsense commit fixed the issue you might be having:

https://github.com/opnsense/core/commit/cda4e3561f511fb75a7a7922b329d5581ae2c3b7