Topics

1

22.7 Production Series / 22.7.4/Proxy ACL Blacklists (external)

« on: September 16, 2022, 02:30:22 pm »

Hi
I found that it seems a number of external ACL blacklists do not work anymore. So I searched for new ones and I wonder if I can test if they are good and active. Some pages (e.g. www.spiegel.de or www.faz.net) manage to dump a lot of advertisement on the page - that is funny enough not displayed on a reload of the page.

So I wonder if the ACL is working correctly.

Any way to test this?

2

22.7 Production Series / Proxy Errormessage

« on: September 16, 2022, 02:28:53 pm »

Hi
my proxy with 22.7.4 pops up regularly

 FATAL: Bungled (null) line 3: sslproxy_cert_sign signTrusted all

as error message. I do not know where it comes from and it does not seem to have any effect. But I would like to sure it is not a problem and preferably get rid of this error message.
Any idea?

3

22.7 Production Series / 22.7.3/4 Update ACME fails

« on: September 16, 2022, 02:27:37 pm »

Hi
I am using ACME to update some Let's Encrypt certificates. However, despite claiming to have the new signed certificate, the certificate in the certificate store is 2 months old and invalid now.

When I try to use the test signing facility of Let's encrypt it is no problem to get the new one. But with the "real" one he just sends "all right" but neither stores the correct one in the certificate store nor (obivously) copies it to the server in question.
Any idea?

4

22.1 Legacy Series / ACME not Working

« on: May 30, 2022, 09:59:06 am »

Hi
Since version 22 ACME plugin is not working anymore. No certificate can be verified or issued due to timeout finding the token (HTTP/TLS challenge). It seems to be a firewall problem.
Can anybody help?

5

22.1 Legacy Series / ACME CLient HTTP challenge - Token not found

« on: May 07, 2022, 08:36:26 am »

Hi
I configured some time ago the ACME client for an internal rocket.chat server. Which worked well, but it seems to be broken at some time in the last 60 days (update to 22?). That means, that the cerficate is not renewed anymore.
The message is "timeout while retrieving token".
My configuration is that I have 2 DSL lines with 2 routers, and the exposed host ends up on the OPNSense. The routers have both external IP4 addresses.
I use HTTP challenge.
It worked well for quite some time (like 2 years) and not suddenly stopped (which I only noticed when the certificate was outdated).
Is there any change in the configuration? Is there anything broken with the update to 22?
I am using 22.1.6 as version.
Please, any hints?
THank you.

6

22.1 Legacy Series / Update to 22.1.5 removes all Unbound Aliases!

« on: April 08, 2022, 11:55:23 am »

Hi
the update today from 22.1.4 -> 22.1.5 removes all Host-aliases in Unbound!
How can I reinstall them?
How can I unencrypt the cloud saved version?
Thank you.

7

22.1 Legacy Series / Syslog-ng / Journald

« on: February 15, 2022, 12:23:28 pm »

Hi,
I asked this question quite a while ago and would like to reopen it (https://forum.opnsense.org/index.php?topic=16819.msg76586#msg76586).
My current Servers are all running on systemd. So I do not have a syslog facility anymore, meaning I cannot accept the remote logs from my firewall anymore.

I have installed rsyslog, which is able to open a connection at port 514. Hower, there it stops. The "snipped" given in the post above is unclear where to go. If I creeate an "frule" file with that contents, rsyslog just throws an error message.

Can anybody help me how to configure rsyslog to receive the messages from the firewall correctly?
Thank you.

8

21.7 Legacy Series / How to remove unbound plus plugin?

« on: January 01, 2022, 08:32:06 am »

Hi
I had the unbound plus plugin installed some time ago. Now it is unavailable and listed in the packages "red". But I cannot remove it...
How can I remove this annoying red message?
Thank you.

9

21.7 Legacy Series / ACME Client Problems

« on: January 01, 2022, 08:30:41 am »

Hi,
I was trying to change an option with the ACME client and found that under "zertificates" the "save" does not have any funciton anymore.

Additonally, when I try to remove a (misconfigured) certificate in the "zertificate" list with the trashcan button I get this error message:

/usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php:572: [OPNsense\AcmeClient\AcmeClient:validations.validation.3e06161a-7380-40a9-b49b-cfdc8f24e65d.tlsalpn_acme_interface] option not in list

Needless to say, that it is not removed.

What happened here and how can I fix it?

10

21.7 Legacy Series / Unbound plus missing - how to remove?

« on: November 28, 2021, 09:02:29 am »

Hi
I have installed the unbound plus extension quite a while ago but it seems to have vanished. I get a "missing" message in the extension overview, but I am unable to remove it.
Is there any method to remove this irritating message?
Thank you.

11

21.7 Legacy Series / ACME-Automation Copy Certificate to Host via SFTP - Howto?

« on: October 14, 2021, 08:47:19 am »

Hi
I could get the acme plugin up and running (this is BTW exactly what I was trying to acomplish for some time, but misunderstood the intention of the plugin...). HOWEVER, I try to automatize sending the certificate via SFTP to the host.

There is no password or key to be entered in the automation fields, only a user name. When I try it, I get "host does not allow access with this user name" (well, it needs a certificate or a password, DUH!).
I am misunderstanding here how that works? How can I get to transfer the certificate automatically? Do I have to setup the host in a special way?
Thanks.

12

20.7 Legacy Series / Swap used to 70%?

« on: September 10, 2020, 11:36:00 am »

Hi
I use an appliance from Deciso with my OPNSense. I am wondering why I get a swap use of about 70% (5GB).
I am pretty sure that it is not a very good idea to Swap on the SSD all the time, but I do not find a good overview, which program is actually swaping. Maybe I just overlooked it but would apreaciate a hint.
Cheers

13

20.1 Legacy Series / Redisplay Messages on the Dashboard report?

« on: June 23, 2020, 06:44:03 pm »

Hi
From time to time I see in the to right corner of the Dashboard "you have x unread messages". Most of the times the messages are too long to be displayed correctly. However, once I click them, they vanish.
Where can I read them again? This is actually pretty inconvenient.
Cheers

14

20.1 Legacy Series / Strange Version displayed?

« on: May 01, 2020, 07:54:55 am »

Hi
I updated 20.1.3 to 20.1.4 right before the update was displayed in the dashboard as announcement. However, now onSense displayes version 20.1.6???
Typo? Bug? Someone captures the update server?

15

20.1 Legacy Series / syslog and syslog-ng

« on: April 17, 2020, 03:18:25 pm »

HI
I have remote-syslogged OPNSense for a considerable time. Some time ago, that server died. I did not checkup on OPNSense and now ended up with the current 20.1 branch. I found in the protocols, that the old (dead and gone) server could not be reached (suprisingly, yes).
Now I wanted to setup a new recipient server for syslog, but
- I am not sure where to set it up (System-Logging-Target?) [and this section is empty at this time]
- I do not know how to delete the old settings
- I have to remove the package syslogd manually, as I have now installed both, syslogd and syslogd-ng

The manual did not enlighten me, so could any one do here?
Thank you.