Topics

I activated LDAP authentification against our Windows AD following the documentation here https://wiki.opnsense.org/manual/how-tos/user-ldap.html

LDAP is working fine, but unfortunately my (local) admin account doesn't work anymore, even if I recall to have left local database as backup authentification database. And of course I didn't choose a single AD account to have admin rights!  :(

I have no ssh access to this device, but I have console acces. How can I repair the admin logon?

Thanks in advance!

Gerald

Nachdem ich die LDAP Authentifizierung eingeschaltet habe, kann ich zwar jetzt aus unserem AD importierte User anmelden, aber die lokalen Logins funktionieren nicht mehr und damit habe ich mich quasi selber ausgesperrt. :-[ Wie kann ich das zurücksetzen/ändern?

Hallo,

ich setze opnsense inzwischen seit version 15 erfolgreich ein. Allerdings habe ich inzwischen Probleme:
immer wenn ich die Firewall starte oder reboote dauert es ewig, bevor ich Zugriff auf die ssh console oder das WebGUI habe. Ich habe, nachdem nichts anderes geholfen hat die Maschine neu aufgesetzt mit Version 18.7. Aber nach dem Restore der config habe ich wieder das alte Verhalten. Auf der console konnte ich erkennen, dass das System wohl beim laden der Firewall rules hängt. Das dauert ca. 30-40 minuten(!) und dann läuft alles ganz normal. Wie muss ich vorgehen, um den Konfigurationsfehler zu finden?

I have the problem, that squid never runs after a reboot of the machine.
So I'm trying to uninstall it completely and reinstall squid with default settings - but how?

I like to create a second local net (LAN2), which is completely separated from our LAN, but some dedicated hosts in LAN2 should be able to connect to hosts in LAN and DMZ. All of LAN2 should have WAN access.

Our switch is able to do VLAN(tagged). VLAN is totally new to me, so - how do I need to setup opnsense, the switch and the hosts in LAN2?

Ich möchte gerne ein zweites internes Netz (LAN2) aufbauen, was von LAN1 komplett getrennt ist. Trotzdem soll es von LAN2 aus möglich sein einzelne ausgewählte Server/Dienste in LAN1 und der DMZ zu erreichen.

Unser Switch ist VLAN fähig. Ich nehme an, ich könnte das über (tagged) VLANs realisieren?

VLANS sind totales Neuland für mich. Ich habe mir zwar einige

Wie muss ich die Firewall und den Switch und die Hosts in LAN2 konfigurieren?

Hallo,

ich habe an einem Standort eine feste IP und eine opnsense Firewall. Kann ich damit einen DNS Server für eine eigene Domain betreiben, um so externe Standorte mit dynamischer IP zu verwalten?
Ich würde gerne die lästigen sich ständig ändernden DynDNS anbieter überflüssig machen.

Habe sehr häufig das Problem, dass der Proxy nach einem Reboot nicht startet. Anscheinend findet er die cache Verzeichnisse nicht. - siehe Log
Ich muss ihn dann manuell starten und meistens geht es dann wieder.

Habe das SMART plugin installiert, die Festplatte ist anscheinend völlig in Ordnung

Woran kann das liegen? - Habe ich was falsch konfiguriert?

Code Select Expand

2016/06/10 08:28:17 kid1| Process Roles: worker
2016/06/10 08:28:17 kid1| Process ID 86866
2016/06/10 08:28:17 kid1| Service Name: squid
2016/06/10 08:28:17 kid1| Starting Squid Cache version 3.5.19 for amd64-portbld-freebsd10.2...
2016/06/10 08:28:17 kid1| Set Current Directory to /var/squid/cache
2016/06/10 08:28:17| Making directories in /var/squid/cache/0F
2016/06/10 08:28:17| Making directories in /var/squid/cache/0E
2016/06/10 08:28:17| Making directories in /var/squid/cache/0D
2016/06/10 08:28:17| Making directories in /var/squid/cache/0C
2016/06/10 08:28:17| Making directories in /var/squid/cache/0B
2016/06/10 08:28:17| Making directories in /var/squid/cache/0A
2016/06/10 08:28:17| Making directories in /var/squid/cache/09
2016/06/10 08:28:17| Making directories in /var/squid/cache/08
2016/06/10 08:28:17| Making directories in /var/squid/cache/07
2016/06/10 08:28:17| Making directories in /var/squid/cache/06
2016/06/10 08:28:17| Making directories in /var/squid/cache/05
2016/06/10 08:28:17| Making directories in /var/squid/cache/04
2016/06/10 08:28:17| Making directories in /var/squid/cache/03
2016/06/10 08:28:17| Making directories in /var/squid/cache/02
2016/06/10 08:28:17| Making directories in /var/squid/cache/01
2016/06/10 08:28:17| Making directories in /var/squid/cache/00
2016/06/10 08:28:17| /var/squid/cache exists
2016/06/10 08:28:17| Creating missing swap directories
2016/06/10 08:28:17| Set Current Directory to /var/squid/cache
Page faults with physical i/o: 0
Maximum Resident Size: 102416 KB
CPU Usage: 0.163 seconds = 0.116 user + 0.046 sys
Squid Cache (Version 3.5.19): Terminated abnormally.
if needed, or if running Squid for the first time.
for details. Run 'squid -z' to create swap directories
FATAL: Failed to verify one of the swap directories, Check cache.log
2016/06/10 08:21:54 kid1| ERROR: /var/squid/cache/00: (2) No such file or directory
2016/06/10 08:21:54 kid1| Max Swap size: 20480000 KB
2016/06/10 08:21:54 kid1| Max Mem size: 524288 KB
2016/06/10 08:21:54 kid1| Using 131072 Store buckets
2016/06/10 08:21:54 kid1| Target number of buckets: 80785
2016/06/10 08:21:54 kid1| Swap maxSize 20480000 + 524288 KB, estimated 1615714 objects
2016/06/10 08:21:54 kid1| WARNING: log name now starts with a module name. Use 'stdio:/var/log/squid/store.log'
2016/06/10 08:21:54 kid1| Logfile: opening log /var/log/squid/store.log
2016/06/10 08:21:54 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2016/06/10 08:21:54 kid1| Unlinkd pipe opened on FD 25
2016/06/10 08:21:53 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2016/06/10 08:21:53 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2016/06/10 08:21:53 kid1| helperOpenServers: Starting 5/5 'ssl_crtd' processes
2016/06/10 08:21:53 kid1| Adding nameserver 8.8.4.4 from /etc/resolv.conf
2016/06/10 08:21:53 kid1| Adding nameserver 141.1.27.249 from /etc/resolv.conf
2016/06/10 08:21:53 kid1| Adding nameserver 134.60.1.111 from /etc/resolv.conf
2016/06/10 08:21:53 kid1| Adding nameserver 192.168.10.10 from /etc/resolv.conf
2016/06/10 08:21:53 kid1| Adding domain imedos.local from /etc/resolv.conf
2016/06/10 08:21:53 kid1| DNS Socket created at 0.0.0.0, FD 7
2016/06/10 08:21:53 kid1| DNS Socket created at [::], FD 6
2016/06/10 08:21:53 kid1| Initializing IP Cache...
2016/06/10 08:21:53 kid1| With 57744 file descriptors available
2016/06/10 08:21:53 kid1| Process Roles: worker
2016/06/10 08:21:53 kid1| Process ID 15156
2016/06/10 08:21:53 kid1| Service Name: squid
2016/06/10 08:21:53 kid1| Starting Squid Cache version 3.5.19 for amd64-portbld-freebsd10.2...
2016/06/10 08:21:53 kid1| Set Current Directory to /var/squid/cache
Page faults with physical i/o: 0
Maximum Resident Size: 111840 KB
CPU Usage: 0.161 seconds = 0.121 user + 0.040 sys
Squid Cache (Version 3.5.19): Terminated abnormally.
if needed, or if running Squid for the first time.
for details. Run 'squid -z' to create swap directories
FATAL: Failed to verify one of the swap directories, Check cache.log
2016/06/10 08:21:51 kid1| ERROR: /var/squid/cache/00: (2) No such file or directory
2016/06/10 08:21:51 kid1| Max Swap size: 20480000 KB
2016/06/10 08:21:51 kid1| Max Mem size: 524288 KB
2016/06/10 08:21:51 kid1| Using 131072 Store buckets
2016/06/10 08:21:51 kid1| Target number of buckets: 80785
2016/06/10 08:21:51 kid1| Swap maxSize 20480000 + 524288 KB, estimated 1615714 objects
2016/06/10 08:21:51 kid1| WARNING: log name now starts with a module name. Use 'stdio:/var/log/squid/store.log'
2016/06/10 08:21:51 kid1| Logfile: opening log /var/log/squid/store.log
2016/06/10 08:21:51 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2016/06/10 08:21:51 kid1| Unlinkd pipe opened on FD 25
2016/06/10 08:21:51 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2016/06/10 08:21:51 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2016/06/10 08:21:51 kid1| helperOpenServers: Starting 5/5 'ssl_crtd' processes
2016/06/10 08:21:51 kid1| Adding nameserver 8.8.4.4 from /etc/resolv.conf
2016/06/10 08:21:51 kid1| Adding nameserver 141.1.27.249 from /etc/resolv.conf
2016/06/10 08:21:51 kid1| Adding nameserver 134.60.1.111 from /etc/resolv.conf
2016/06/10 08:21:51 kid1| Adding nameserver 192.168.10.10 from /etc/resolv.conf
2016/06/10 08:21:51 kid1| Adding domain imedos.local from /etc/resolv.conf
2016/06/10 08:21:51 kid1| DNS Socket created at 0.0.0.0, FD 7
2016/06/10 08:21:51 kid1| DNS Socket created at [::], FD 6
2016/06/10 08:21:51 kid1| Initializing IP Cache...
2016/06/10 08:21:51 kid1| With 57744 file descriptors available
2016/06/10 08:21:51 kid1| Process Roles: worker
2016/06/10 08:21:51 kid1| Process ID 12167
2016/06/10 08:21:51 kid1| Service Name: squid
2016/06/10 08:21:51 kid1| Starting Squid Cache version 3.5.19 for amd64-portbld-freebsd10.2...
2016/06/10 08:21:51 kid1| Set Current Directory to /var/squid/cache

Ich möchte gerne, dass http oder https Pakete von der WAN Schnittstelle je nach benutzer Adresse (z.Bsp. beispiel-A.com und beispiel-B.com) an unterschiedliche interne Server in der DMZ weitergeleitet werden.
Wie kann ich das am einfachsten erreichen?

I like to achieve, that opnsense routes the http packets from WAN interface to different LAN/DMZ servers, depending on the used domain name, like apache or nginx does with virtual hosts.
How can I get that behavior?

Hi all,

I'm pretty new to OPNsense and I'm impressed by the state of the software and the UI. It's really sophisticated and intuitive, but also nice looking ;-)

But I have a strange behavior here with the authorization against a Windows 2003 AD:

I can connect to LDAP with  correct bind credentials and get the authentication containers and so on, so LDAP connection seems to be OK.
When I test user credentials against this server, he don't accept credentials in the form of username@myDomain.com.
BUT, he accepts EVERY name or password combination, as soon as I write it in the form of DOMAIN\username.
That means, that he will let me in, even if I have totally garbage as my credentials. All I have to know is the name of the AD domain! So everyone can access the firewall???

What am I doing wrong here?