Topics

1

18.7 Legacy Series / [SOLVED] Suricata Snort Integration option is not available after clean install

« on: January 31, 2019, 02:35:10 am »

Seems i no longer have the option to integrate snort into suricata. This after doing a clean install and upgrading to 18.7.10_3 on my new i3 box




My J1900 box that's been up and running for months still has the option and is also on the current release

2

18.1 Legacy Series / IDS Cron Job will not delete after being disabled

« on: February 22, 2018, 03:51:06 am »

Im currently trying to delete the IDS Rule Updates CRON JOB but it will not delete. IDS is currently not enabled and the job in question is able disable. I get the prompt to "Remove Selected Item", i select yes, i do not get an error but the job will not delete. No errors in the log on issue

3

18.1 Legacy Series / PFBlocker/GeoIP Blocking alias updates

« on: February 07, 2018, 10:16:31 pm »

I read through a past post stating PFBLocker is not available but the same functionality can accomplished using the firewall alias

I created a couple alias to test



Added my firewall floating rules



Checked my firewall logs and everything except for my firehol which i will get to later. My question is how often does the GEOIP list get updated ? I do not see a interval setting stating how often the GEOIP list gets updated

And finally my firehol doesn't seem to be working. I've set the expiration to 1 day for this alias. Does this mean after a day it grabs the new list ? Additionally how do i force an update ?

4

18.1 Legacy Series / Feature Request -- Pushover Notifications

« on: January 02, 2018, 11:05:49 pm »

Is is possible to include pushover notifications with the release of 18.1 ?

5

17.7 Legacy Series / UEFI Installation on ASROCK J3455M

« on: December 04, 2017, 11:22:35 pm »

I currently cannot get OPNSENSE installed in UEFI mode on my ASROCK J3455M motherboard. Installation is extremely slow (4HRS so far)  then gets stuck at 67%.

I see HPET bug when installing pfsense which i didn't experience  https://www.reddit.com/r/PFSENSE/comments/7eeh70/asrock_j3455m_problems/#bottom-comments

Installing via MBR works just fine (may be 5mins if not less) but this is just work around for now until i can finish configuring the firewall.

Any suggestions on resolving my UEFI installation issue ?

6

17.7 Legacy Series / ClamAV on HTTPS Traffic using Web Proxy - Connection timing out

« on: December 02, 2017, 07:54:31 pm »

I'm currently running into issues configuring CLAMAV + Web Proxy to inspect HTTPS traffic. Each time i enable the functionality all websites except for google fail to load as the connection to each site times out.

Firewall Rule for HTTPS set

Code: [Select]

LAN TCP LAN net * * 80 (HTTP) 127.0.0.1 3128 redirect traffic to proxy    
LAN TCP LAN net * * 443 (HTTPS) 127.0.0.1 3129 redirect traffic to proxy
I do not see any errors in the access logs nor cache

Code: [Select]

192.168.5.127 - 54:60:********** - [02/Dec/2017:13:27:22 -0500] "HEAD http://clients1.google.com/generate_204 HTTP/1.1" 204 228 "-" "-" TCP_MISS:ORIGINAL_DST
192.168.5.121 - 1c:1b********** - [02/Dec/2017:13:26:40 -0500] "GET http://twitch.tv/ HTTP/1.1" 302 474 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36" TCP_MISS:ORIGINAL_DST
192.168.5.121 - 1c:1b********** - [02/Dec/2017:13:25:39 -0500] "GET http://cdn.content.prod.cms.msn.com/singletile/summary/alias/experiencebyname/today? HTTP/1.1" 200 1724 "-" "Microsoft-WNS/10.0" TCP_REFRESH_MODIFIED:ORIGINAL_DST
192.168.5.127 - 54:60:********** - [02/Dec/2017:13:24:08 -0500] "HEAD http://clients1.google.com/generate_204 HTTP/1.1" 204 228 "-" "-" TCP_MISS:ORIGINAL_DST
192.168.5.127 - 54:60:********** - [02/Dec/2017:13:23:31 -0500] "HEAD http://clients1.google.com/generate_204 HTTP/1.1" 204 228 "-" "-" TCP_MISS:ORIGINAL_DST

The system log is complaining there isnt a valid cert for  traffic on port 3128. Even though SSL traffic is on port 3129 (im using a valid letsencrypt cert for SSL)

Code: [Select]

Dec 2 13:22:57 squid: No valid signing SSL certificate configured for HTTP_port 127.0.0.1:3128
Dec 2 13:21:16 squid: No valid signing SSL certificate configured for HTTP_port 127.0.0.1:3128
What am i missing ?

7

17.7 Legacy Series / OpenVPN Client Export - Windows Installer

« on: December 01, 2017, 06:26:12 am »

Hey Guys,

Is there a reason the OpenVPN Client Export is missing the Windows Installer ? I see in 16.7.2 the oudated binaries were removed but the current version was never re-added

8

17.7 Legacy Series / Bring focus to error message when required field contain invalid data

« on: October 30, 2017, 07:14:51 pm »

I tried configuring my OPENVPN server  to use google as a time server.



I then saved my settings and briefly an error message flashed on screen (too fast for me to read) and returned me to above screen. I then i had to scroll to top of the page to see the error message.



So i decided not to use a time server as i was just testing a few things. I unchecked the option and again an error message flashed on screen. It was the same error message " NTP Server must contain a valid IP"

So it seems once i've enabled an option i have to fill it with the required/valid data before i'm able to disable it even though the settings did not save (i made other changes at the time so i didn't want to cancel my other changes). Additionally,  field contains invalid data the error message that is displayed when attempting to save the current settings flashes too quickly. Can the error message be displayed for longer or until the user tries to edit a field on the page ?

9

17.7 Legacy Series / System Wizard Password Error

« on: October 30, 2017, 06:56:01 pm »

Hey Guys,

Earlier i tried completing the System Wizard and got an error when i choose to use my current password for the Admin WebUI

At System: Wizard: Set Admin Web GUI Password screen i decided to use my current not knowing i needed to type my current password again. I thought "(leave empty to keep current one)" applied to then "admin password again" field



Anyway i hit next  and was presented with the below error page.



I refreshed the screen several times and that did nothing. After hitting the BACK button a couple times i was able to get to a previous point in the wizard. Can a validation be added that both fields be filled out before going forward ? Because i was the dumbass that went forward without filling out the required fields.

10

17.7 Legacy Series / LetsEncrypt WIKI/Documentation

« on: October 30, 2017, 06:39:56 pm »

Hey Guys,

I'm currently trying to locate documentation on the LetsEncrypt plugin. I'm running into validation errors when trying validate my domain using the duckdns API. Thus, i want to verify if my configuration is correct using the documentation.

11

16.1 Legacy Series / OpenVPN Server broken after update

« on: February 26, 2016, 07:29:18 am »

I just updated OPNSENSE and my only OpenVPN Server instance is failing to start with the below error

Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:18:46   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:17:35   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:17:35   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init
Feb 26 01:15:22   lighttpd[50816]: (connections.c.1550) SSL: 1 -1 error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init

12

16.1 Legacy Series / Pushover Notifications

« on: February 25, 2016, 09:19:55 pm »

Hey guys is it possible to add pushover to the notifications list ?

13

16.1 Legacy Series / [SOLVED] OpenVPN Windows Client Export

« on: February 25, 2016, 08:59:43 pm »

Hey guys, been testing opnsense for a couple days and im having an issues unpacking the Windows installer after successfully exporting the windows installer for an OpenVPN client.

No matter the exported windows installer, it always gets stuck at 0% when installing