Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - Ren

#1
I keep getting the below error when trying to delete static keys for VPN instances that no longer exists

/usr/local/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/InstancesController.php:99: Call to undefined method OPNsense\OpenVPN\Api\InstancesController::delStaticKeyBase(

I rebooted my firewall and tried again but the issue remains. I've remained all OpenVPN instances and i'm still unable to delete the keys.
#2
Seems i no longer have the option to integrate snort into suricata. This after doing a clean install and upgrading to 18.7.10_3 on my new i3 box




My J1900 box that's been up and running for months still has the option and is also on the current release
#3
Im currently trying to delete the IDS Rule Updates CRON JOB but it will not delete. IDS is currently not enabled and the job in question is able disable. I get the prompt to "Remove Selected Item", i select yes, i do not get an error but the job will not delete. No errors in the log on issue
#4
I read through a past post stating PFBLocker is not available but the same functionality can accomplished using the firewall alias

I created a couple alias to test



Added my firewall floating rules



Checked my firewall logs and everything except for my firehol which i will get to later. My question is how often does the GEOIP list get updated ? I do not see a interval setting stating how often the GEOIP list gets updated

And finally my firehol doesn't seem to be working. I've set the expiration to 1 day for this alias. Does this mean after a day it grabs the new list ? Additionally how do i force an update ?



#5
Is is possible to include pushover notifications with the release of 18.1 ?
#6
17.7 Legacy Series / UEFI Installation on ASROCK J3455M
December 04, 2017, 11:22:35 PM
I currently cannot get OPNSENSE installed in UEFI mode on my ASROCK J3455M motherboard. Installation is extremely slow (4HRS so far)  then gets stuck at 67%.

I see HPET bug when installing pfsense which i didn't experience  https://www.reddit.com/r/PFSENSE/comments/7eeh70/asrock_j3455m_problems/#bottom-comments

Installing via MBR works just fine (may be 5mins if not less) but this is just work around for now until i can finish configuring the firewall.

Any suggestions on resolving my UEFI installation issue ?
#7
I'm currently running into issues configuring CLAMAV + Web Proxy to inspect HTTPS traffic. Each time i enable the functionality all websites except for google fail to load as the connection to each site times out.

Firewall Rule for HTTPS set

LAN TCP LAN net * * 80 (HTTP) 127.0.0.1 3128 redirect traffic to proxy    
LAN TCP LAN net * * 443 (HTTPS) 127.0.0.1 3129 redirect traffic to proxy


I do not see any errors in the access logs nor cache
192.168.5.127 - 54:60:********** - [02/Dec/2017:13:27:22 -0500] "HEAD http://clients1.google.com/generate_204 HTTP/1.1" 204 228 "-" "-" TCP_MISS:ORIGINAL_DST
192.168.5.121 - 1c:1b********** - [02/Dec/2017:13:26:40 -0500] "GET http://twitch.tv/ HTTP/1.1" 302 474 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36" TCP_MISS:ORIGINAL_DST
192.168.5.121 - 1c:1b********** - [02/Dec/2017:13:25:39 -0500] "GET http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today? HTTP/1.1" 200 1724 "-" "Microsoft-WNS/10.0" TCP_REFRESH_MODIFIED:ORIGINAL_DST
192.168.5.127 - 54:60:********** - [02/Dec/2017:13:24:08 -0500] "HEAD http://clients1.google.com/generate_204 HTTP/1.1" 204 228 "-" "-" TCP_MISS:ORIGINAL_DST
192.168.5.127 - 54:60:********** - [02/Dec/2017:13:23:31 -0500] "HEAD http://clients1.google.com/generate_204 HTTP/1.1" 204 228 "-" "-" TCP_MISS:ORIGINAL_DST



The system log is complaining there isnt a valid cert for  traffic on port 3128. Even though SSL traffic is on port 3129 (im using a valid letsencrypt cert for SSL)

Dec 2 13:22:57 squid: No valid signing SSL certificate configured for HTTP_port 127.0.0.1:3128
Dec 2 13:21:16 squid: No valid signing SSL certificate configured for HTTP_port 127.0.0.1:3128


What am i missing ?
#8
Hey Guys,

Is there a reason the OpenVPN Client Export is missing the Windows Installer ? I see in 16.7.2 the oudated binaries were removed but the current version was never re-added
#9
I tried configuring my OPENVPN server  to use google as a time server.



I then saved my settings and briefly an error message flashed on screen (too fast for me to read) and returned me to above screen. I then i had to scroll to top of the page to see the error message.



So i decided not to use a time server as i was just testing a few things. I unchecked the option and again an error message flashed on screen. It was the same error message " NTP Server must contain a valid IP"

So it seems once i've enabled an option i have to fill it with the required/valid data before i'm able to disable it even though the settings did not save (i made other changes at the time so i didn't want to cancel my other changes). Additionally,  field contains invalid data the error message that is displayed when attempting to save the current settings flashes too quickly. Can the error message be displayed for longer or until the user tries to edit a field on the page ?
#10
17.7 Legacy Series / System Wizard Password Error
October 30, 2017, 06:56:01 PM
Hey Guys,

Earlier i tried completing the System Wizard and got an error when i choose to use my current password for the Admin WebUI

At System: Wizard: Set Admin Web GUI Password screen i decided to use my current not knowing i needed to type my current password again. I thought "(leave empty to keep current one)" applied to then "admin password again" field



Anyway i hit next  and was presented with the below error page.



I refreshed the screen several times and that did nothing. After hitting the BACK button a couple times i was able to get to a previous point in the wizard. Can a validation be added that both fields be filled out before going forward ? Because i was the dumbass that went forward without filling out the required fields.
#11
17.7 Legacy Series / LetsEncrypt WIKI/Documentation
October 30, 2017, 06:39:56 PM
Hey Guys,

I'm currently trying to locate documentation on the LetsEncrypt plugin. I'm running into validation errors when trying validate my domain using the duckdns API. Thus, i want to verify if my configuration is correct using the documentation.
#12
16.1 Legacy Series / OpenVPN Server broken after update
February 26, 2016, 07:29:18 AM
I just updated OPNSENSE and my only OpenVPN Server instance is failing to start with the below error
QuoteFeb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:17:35   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:17:35   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:15:22   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
#13
16.1 Legacy Series / Pushover Notifications
February 25, 2016, 09:19:55 PM
Hey guys is it possible to add pushover to the notifications list ?
#14
Hey guys, been testing opnsense for a couple days and im having an issues unpacking the Windows installer after successfully exporting the windows installer for an OpenVPN client.

No matter the exported windows installer, it always gets stuck at 0% when installing