Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - WMINTIENS

Pages1
#1
General Discussion / Strange issue with CLient Auth certs
March 06, 2024, 08:43:32 AM
Hi out there,

while debugging another issue  (Stuck on OPNWAF) I got a strange issue with a Client SSL cert that I created in the Opnsense FW

under System -> trust -> certificates I created a client auth cert, that I signed with a Root & ICA that I created on the FW also.

I exported the pub + priv key (P12)

I was debugging the auth using OpenSSL and go the error:

Could not find client certificate private key from .\CLIENT_SSL_WIM.p12
14530000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:355:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

so I was interested in the P12 itself:

'C:\Program Files\OpenSSL-Win64\bin\openssl' pkcs12 -in .\CLIENT_SSL_WIM1.p12 -info
Enter Import Password:

MAC: sha1, Iteration 1
MAC length: 20, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Error outputting keys and certificates
8C6E0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:355:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()


Is this me, or do we have an issue ?

Wim
#2
General Discussion / Stuck on OPNWAF
February 29, 2024, 04:47:19 PM
Hi out there

I want to protect a Internal server using OPNWAF

so I created a DNS record ie. out.mydomain.net

On the firewall under Web Application I created
- Gateways
>> Virtual server out.mydomain.net port 443
>> defined a certificate (internal) for this
-Locations
>>Path = /
>>Remote dest = https://internal-server:8443
>>virtual = out (above)

- testing .. did not work, I saw request coming in being blocked by the "default deny state violation rule"
so I thought we need a additional rule ... but got lost what to next.
-  a friend told to just add a port forwarding rule .. but don't get how

Thanks for looking into this
Wim
#3
General Discussion / [SOLVED]Update 2 OPNsense 16.1.15-amd64 - base-16.1.14-amd64.obsolete: failed
June 01, 2016, 08:35:49 AM
All,

I just updated my firewall .. at the end of the upgade I got the following message:

Fetching kernel-16.1.14-amd64.txz: ........ done
Fetching base-16.1.14-amd64.txz: .......... done
Fetching base-16.1.14-amd64.obsolete: ... failed

Before starting the update .. it notified that is was going to reboot ...; that did not happen

please advise

regards

Wim
#4
16.1 Legacy Series / [SOLVED] Upgrade from 16.1.8 to 16.1.13 hangs
May 08, 2016, 09:48:15 PM
Hi out there,

this evening I tried to upgrade my Firewall to 16.1.13 .. it stopped and di not continue ( ie reboot) ..

please find below the output from the upgrade & error messages from the log file.

please advise.

thkx
Wim

***GOT REQUEST TO UPGRADE: all***
Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.
All repositories are up-to-date.
Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.
All repositories are up-to-date.
Checking for upgrades (49 candidates): .......... done
Processing candidates (49 candidates): ........ done
The following 38 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
   opnsense-lang: 16.1.13
   p7zip: 15.14

Installed packages to be UPGRADED:
   suricata: 3.0_1 -> 3.0.1
   strongswan: 5.3.5_4 -> 5.4.0
   squid: 3.5.15_1 -> 3.5.17
   sqlite3: 3.11.1 -> 3.12.1
   smartmontools: 6.4_1 -> 6.4_2
   python27: 2.7.11_1 -> 2.7.11_2
   py27-Babel: 2.2.0_1 -> 2.3.3
   php56-zlib: 5.6.19 -> 5.6.21
   php56-xml: 5.6.19 -> 5.6.21
   php56-sqlite3: 5.6.19 -> 5.6.21
   php56-sockets: 5.6.19 -> 5.6.21
   php56-simplexml: 5.6.19 -> 5.6.21
   php56-session: 5.6.19 -> 5.6.21
   php56-pdo: 5.6.19 -> 5.6.21
   php56-openssl: 5.6.19 -> 5.6.21
   php56-mcrypt: 5.6.19 -> 5.6.21
   php56-ldap: 5.6.19 -> 5.6.21
   php56-json: 5.6.19 -> 5.6.21
   php56-hash: 5.6.19 -> 5.6.21
   php56-gettext: 5.6.19 -> 5.6.21
   php56-filter: 5.6.19 -> 5.6.21
   php56-dom: 5.6.19 -> 5.6.21
   php56-curl: 5.6.19 -> 5.6.21
   php56-ctype: 5.6.19 -> 5.6.21
   php56: 5.6.19 -> 5.6.21
   perl5: 5.20.3_8 -> 5.20.3_12
   pcre: 8.38 -> 8.38_1
   opnsense-update: 16.1.8 -> 16.1.9_1
   opnsense: 16.1.8 -> 16.1.13
   openvpn: 2.3.10 -> 2.3.10_2
   openssl: 1.0.2_11 -> 1.0.2_12
   ntp: 4.2.8p6 -> 4.2.8p7
   libedit: 3.1.20150325_1 -> 3.1.20150325_2
   curl: 7.47.1 -> 7.48.0_2
   bind910: 9.10.3P4 -> 9.10.4
   apinger: 0.6.1_4 -> 0.6.1_9

The process will require 11 MiB more space.
60 MiB to be downloaded.
Fetching suricata-3.0.1.txz: .......... done
Fetching strongswan-5.4.0.txz: .......... done
Fetching squid-3.5.17.txz: .......... done
Fetching sqlite3-3.12.1.txz: .......... done
Fetching smartmontools-6.4_2.txz: .......... done
Fetching python27-2.7.11_2.txz: .......... done
Fetching py27-Babel-2.3.3.txz: .......... done
Fetching php56-zlib-5.6.21.txz: .. done
Fetching php56-xml-5.6.21.txz: .. done
Fetching php56-sqlite3-5.6.21.txz: .. done
Fetching php56-sockets-5.6.21.txz: .... done
Fetching php56-simplexml-5.6.21.txz: ... done
Fetching php56-session-5.6.21.txz: ... done
Fetching php56-pdo-5.6.21.txz: ..... done
Fetching php56-openssl-5.6.21.txz: ..... done
Fetching php56-mcrypt-5.6.21.txz: .. done
Fetching php56-ldap-5.6.21.txz: .. done
Fetching php56-json-5.6.21.txz: .. done
Fetching php56-hash-5.6.21.txz: .......... done
Fetching php56-gettext-5.6.21.txz: . done
Fetching php56-filter-5.6.21.txz: .. done
Fetching php56-dom-5.6.21.txz: ...... done
Fetching php56-curl-5.6.21.txz: ... done
Fetching php56-ctype-5.6.21.txz: . done
Fetching php56-5.6.21.txz: .......... done
Fetching perl5-5.20.3_12.txz: .......... done
Fetching pcre-8.38_1.txz: .......... done
Fetching opnsense-update-16.1.9_1.txz: ... done
Fetching opnsense-16.1.13.txz: .......... done
Fetching openvpn-2.3.10_2.txz: .......... done
Fetching openssl-1.0.2_12.txz: .......... done
Fetching ntp-4.2.8p7.txz: .......... done
Fetching libedit-3.1.20150325_2.txz: .......... done
Fetching curl-7.48.0_2.txz: .......... done
Fetching bind910-9.10.4.txz: .......... done
Fetching apinger-0.6.1_9.txz: .... done
Fetching opnsense-lang-16.1.13.txz: .......... done
Fetching p7zip-15.14.txz: .......... done
Checking integrity... done (1 conflicting)
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 39 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
   opnsense-lang: 16.1.13
   p7zip: 15.14

Installed packages to be UPGRADED:
   openssl: 1.0.2_11 -> 1.0.2_12
   python27: 2.7.11_1 -> 2.7.11_2
   pcre: 8.38 -> 8.38_1
   sqlite3: 3.11.1 -> 3.12.1
   php56: 5.6.19 -> 5.6.21
   perl5: 5.20.3_8 -> 5.20.3_12
   libedit: 3.1.20150325_1 -> 3.1.20150325_2
   curl: 7.47.1 -> 7.48.0_2
   suricata: 3.0_1 -> 3.0.1
   strongswan: 5.3.5_4 -> 5.4.0
   squid: 3.5.15_1 -> 3.5.17
   php56-zlib: 5.6.19 -> 5.6.21
   php56-xml: 5.6.19 -> 5.6.21
   php56-sqlite3: 5.6.19 -> 5.6.21
   php56-sockets: 5.6.19 -> 5.6.21
   php56-simplexml: 5.6.19 -> 5.6.21
   php56-session: 5.6.19 -> 5.6.21
   php56-openssl: 5.6.19 -> 5.6.21
   php56-mcrypt: 5.6.19 -> 5.6.21
   php56-ldap: 5.6.19 -> 5.6.21
   php56-json: 5.6.19 -> 5.6.21
   php56-hash: 5.6.19 -> 5.6.21
   php56-gettext: 5.6.19 -> 5.6.21
   php56-filter: 5.6.19 -> 5.6.21
   php56-dom: 5.6.19 -> 5.6.21
   php56-curl: 5.6.19 -> 5.6.21
   php56-ctype: 5.6.19 -> 5.6.21
   opnsense-update: 16.1.8 -> 16.1.9_1
   openvpn: 2.3.10 -> 2.3.10_2
   ntp: 4.2.8p6 -> 4.2.8p7
   bind910: 9.10.3P4 -> 9.10.4
   apinger: 0.6.1_4 -> 0.6.1_9
   smartmontools: 6.4_1 -> 6.4_2
   py27-Babel: 2.2.0_1 -> 2.3.3
   php56-pdo: 5.6.19 -> 5.6.21

The process will require 12 MiB more space.
[1/39] Upgrading openssl from 1.0.2_11 to 1.0.2_12...
[1/39] Extracting openssl-1.0.2_12: .......... done
[2/39] Upgrading python27 from 2.7.11_1 to 2.7.11_2...
[2/39] Extracting python27-2.7.11_2: .......... done
[3/39] Upgrading pcre from 8.38 to 8.38_1...
[3/39] Extracting pcre-8.38_1: .......... done
[4/39] Upgrading php56 from 5.6.19 to 5.6.21...
[4/39] Extracting php56-5.6.21: .......... done
[5/39] Upgrading sqlite3 from 3.11.1 to 3.12.1...
[5/39] Extracting sqlite3-3.12.1: .......... done
[6/39] Upgrading perl5 from 5.20.3_8 to 5.20.3_12...
[6/39] Extracting perl5-5.20.3_12: .......... done
[7/39] Upgrading libedit from 3.1.20150325_1 to 3.1.20150325_2...
[7/39] Extracting libedit-3.1.20150325_2: .......... done
[8/39] Upgrading php56-session from 5.6.19 to 5.6.21...
[8/39] Extracting php56-session-5.6.21: ......... done
[9/39] Upgrading php56-hash from 5.6.19 to 5.6.21...
[9/39] Extracting php56-hash-5.6.21: .......... done
[10/39] Upgrading php56-pdo from 5.6.19 to 5.6.21...
[10/39] Extracting php56-pdo-5.6.21: ......... done
[11/39] Upgrading curl from 7.47.1 to 7.48.0_2...
[11/39] Extracting curl-7.48.0_2: .......... done
[12/39] Deinstalling opnsense-16.1.8...
Resetting root shell
-----------------------------------
log file
_______________________

May 8 21:32:18    lighttpd[40012]: (connections.c.1550) SSL: 1 -1 error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
May 8 21:32:18    lighttpd[40012]: (connections.c.1550) SSL: 1 -1 error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
May 8 21:32:07    kernel: em1: promiscuous mode enabled
May 8 21:31:19    configd.py: generate template container OPNsense.Syslog
May 8 21:31:19    configd.py: generate template container OPNsense.Sample.sub2
May 8 21:31:19    configd.py: generate template container OPNsense.Sample.sub1
May 8 21:31:19    configd.py: generate template container OPNsense.Sample
May 8 21:31:19    lighttpd[40012]: (connections.c.1550) SSL: 1 -1 error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
May 8 21:31:19    lighttpd[40012]: (connections.c.1550) SSL: 1 -1 error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
May 8 21:31:16    configd.py: generate template container OPNsense.Proxy
May 8 21:31:16    configd.py: generate template container OPNsense.Macros
May 8 21:31:15    configd.py: generate template container OPNsense.IPFW
May 8 21:31:14    configd.py: generate template container OPNsense.IDS
May 8 21:31:14    configd.py: generate template container OPNsense.Cron
May 8 21:31:13    configd.py: generate template container OPNsense.Captiveportal
May 8 21:31:13    configd.py: generate template container OPNsense
May 8 21:31:12    configd.py: [2c49bdad-1593-4ee5-a7a5-0a29a3950bb2] generate template *
May 8 21:31:12    kernel: done.
May 8 21:31:12    configd.py: generate template container OPNsense.Syslog
May 8 21:31:11    configd.py: [45974c25-410e-4f02-bfb4-f3184b5ecbf8] generate template OPNsense.Syslog
May 8 21:31:11    kernel: done.
May 8 21:31:11    opnsense: /usr/local/etc/rc.bootup: miniupnpd: Starting service on interface: lan
May 8 21:31:11    kernel: done.
May 8 21:31:11    opnsense: /usr/local/etc/rc.bootup: Creating rrd update script
Pages1