"
Could someone please share the procedure for configuring NGINX as a reverse proxy for an IIS backend that uses Windows authentication (NTLM/Negotiate)? I've tried, but it keeps asking me for my username and password repeatedly.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
24.7, 24.10 Legacy Series / AcmeClient domain validation failed (dns01)
January 16, 2025, 04:08:16 PM
Good day,
Dear friends, does anyone have a reference to the error when renewing the certificate that can guide me where the problem is? My domain is in Azure and it sends me the following error.
I appreciate your attention and your valuable comments.
Dear friends, does anyone have a reference to the error when renewing the certificate that can guide me where the problem is? My domain is in Azure and it sends me the following error.
Code Select
config AcmeClient: validation for certificate failed: app.divitsa.org
config AcmeClient: domain validation failed (dns01)
config AcmeClient: AcmeClient: The shell command returned exit code '1': '/usr/local/sbin/acme.sh --issue --syslog 9 --debug 3 --server 'letsencrypt' --dns 'dns_azure' --dnssleep '900' --home '/var/etc/acme-client/home' --cert-home '/var/etc/acme-client/cert-home/67853b84971958.81603023' --certpath '/var/etc/acme-client/certs/67853b84971958.81603023/cert.pem' --keypath '/var/etc/acme-client/keys/67853b84971958.81603023/private.key' --capath '/var/etc/acme-client/certs/67853b84971958.81603023/chain.pem' --fullchainpath '/var/etc/acme-client/certs/67853b84971958.81603023/fullchain.pem' --domain 'app.divitsa.org' --days '1' --keylength '4096' --accountconf '/var/etc/acme-client/accounts/6331cb79e2fe77.05571626_prod/account.conf''
2025-01-16T00:00:05-06:00 config AcmeClient: running acme.sh command: /usr/local/sbin/acme.sh --issue --syslog 9 --debug 3 --server 'letsencrypt' --dns 'dns_azure' --dnssleep '900' --home '/var/etc/acme-client/home' --cert-home '/var/etc/acme-client/cert-home/67853b84971958.81603023' --certpath '/var/etc/acme-client/certs/67853b84971958.81603023/cert.pem' --keypath '/var/etc/acme-client/keys/67853b84971958.81603023/private.key' --capath '/var/etc/acme-client/certs/67853b84971958.81603023/chain.pem' --fullchainpath '/var/etc/acme-client/certs/67853b84971958.81603023/fullchain.pem' --domain 'app.divitsa.org' --days '1' --keylength '4096' --accountconf '/var/etc/acme-client/accounts/6331cb79e2fe77.05571626_prod/account.conf'
config AcmeClient: using challenge type: app.divitsa.org
config AcmeClient: account is registered: app.divitsa.org
config AcmeClient: using CA: letsencrypt
config AcmeClient: issue certificate: app.divitsa.org
config AcmeClient: certificate must be issued/renewed: app.divitsa.orgI appreciate your attention and your valuable comments.
#3
23.1 Legacy Series / Squid-Error Not a directory
June 29, 2023, 06:00:31 AM
Hi dears
when updating my version I receive the following message
when updating my version I receive the following message
Code Select
***GOT REQUEST TO UPDATE***
Currently running OPNsense 23.1.9 at Wed Jun 28 22:54:34 CDT 2023
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (10 candidates): .......... done
Processing candidates (10 candidates): .......... done
Checking integrity... done (0 conflicting)
The following 10 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
bind-tools: 9.18.14 -> 9.18.16
ddclient-devel: 3.10.0_1 -> 3.10.0_3
opnsense: 23.1.9 -> 23.1.11
os-crowdsec: 1.0.5 -> 1.0.6
pftop: 0.8_2 -> 0.8_4
php81-gettext: 8.1.19 -> 8.1.20
py39-filelock: 3.10.3_1 -> 3.12.2
squid: 5.8 -> 5.9
strongswan: 5.9.10_1 -> 5.9.10_2
vim: 9.0.1503 -> 9.0.1627
Number of packages to be upgraded: 10
The process will require 3 MiB more space.
[1/10] Upgrading squid from 5.8 to 5.9...
===> Creating groups.
Using existing group 'squid'.
===> Creating users
Using existing user 'squid'.
===> Creating homedir(s)
===> Pre-installation configuration for squid-5.9
[1/10] Extracting squid-5.9: .......... done
squid-5.8: missing file /usr/local/share/licenses/squid-5.8/GPLv2
squid-5.8: missing file /usr/local/share/licenses/squid-5.8/LICENSE
squid-5.8: missing file /usr/local/share/licenses/squid-5.8/catalog.mk
pkg-static: Fail to rename /usr/local/etc/squid/errors/.pkgtemp.es-mx.vOnNWzDx8XyS -> /usr/local/etc/squid/errors/es-mx:Not a directory
Starting web GUI...done.
Generating RRD graphs...done.
***DONE***
#4
20.7 Legacy Series / OpenVPN performance
October 14, 2020, 12:16:34 AM
OpenVPN performance
Dear, can someone guide me in the configuration of my OpenVPN road warrior server to connect 380 users, it is to replicate database transactions every 5 minutes like 300 lines of records for each user, I need your recommendation to configure the openvpn server , it would support with a single tun ovpns1 the traffic of 380 users or divide the load to another tun ovpns2, ovpns3 ...
What would be the best recommendation and what should I consider to configure my openvpn server.
Thank you for your attention
Dear, can someone guide me in the configuration of my OpenVPN road warrior server to connect 380 users, it is to replicate database transactions every 5 minutes like 300 lines of records for each user, I need your recommendation to configure the openvpn server , it would support with a single tun ovpns1 the traffic of 380 users or divide the load to another tun ovpns2, ovpns3 ...
What would be the best recommendation and what should I consider to configure my openvpn server.
Thank you for your attention
#5
20.7 Legacy Series / update my public IP address in the A Record of Azure DNS
May 29, 2020, 08:31:55 PM
MV opnsense in Azure configure dynamic DNS of Azure, it does not update me public IP address it shows me the private IP address.
any suggestion?
any suggestion?
#6
19.1 Legacy Series / cert action validator
April 08, 2019, 04:31:15 PM
Good morning to all
I have this problem with Let's Encrypt, when generating the certificate in status ok I mark the following error, the browser keeps dialing the invalid certificate, someone knows how to solve
Last Acme Status OK
I have this problem with Let's Encrypt, when generating the certificate in status ok I mark the following error, the browser keeps dialing the invalid certificate, someone knows how to solve
Last Acme Status OK
Code Select
[08-Apr-2019 09:17:26 America/Mexico_City] PHP Warning: cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 171
[08-Apr-2019 09:17:26 America/Mexico_City] PHP Warning: cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 243
[08-Apr-2019 09:17:26 America/Mexico_City] PHP Warning: SimpleXMLElement::attributes(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 1186
[08-Apr-2019 09:17:26 America/Mexico_City] PHP Warning: log_cert_acme_status(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 1186
[08-Apr-2019 09:17:26 America/Mexico_City] PHP Warning: log_cert_acme_status(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 1194
[08-Apr-2019 09:17:26 America/Mexico_City] PHP Warning: cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 118
#7
19.1 Legacy Series / Let's Encrypt error
February 14, 2019, 04:54:57 PM
Dear Friends
Anyone know of the error when using Let's Encrypt
Reporter
PHP Errors:
Anyone know of the error when using Let's Encrypt
Reporter
PHP Errors:
Code Select
[14-Feb-2019 09:16:53 America/Mexico_City] PHP Warning: cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 171
[14-Feb-2019 09:16:53 America/Mexico_City] PHP Warning: cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 243
[14-Feb-2019 09:16:53 America/Mexico_City] PHP Warning: SimpleXMLElement::attributes(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 1181
[14-Feb-2019 09:16:53 America/Mexico_City] PHP Warning: log_cert_acme_status(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 1181
[14-Feb-2019 09:16:53 America/Mexico_City] PHP Warning: log_cert_acme_status(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 1189
[14-Feb-2019 09:16:53 America/Mexico_City] PHP Warning: cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 118
#8
18.1 Legacy Series / Compile package
June 18, 2018, 11:52:49 PM
Installing packages from ports, mark this the following error
Code Select
install -m 0644 'make.1' '/usr/obj/usr/ports/devel/gmake/work/stage/usr/local/man/man1/gmake.1'
====> Compressing man pages (compress-man)
===> Installing for gmake-4.2.1_2
===> Checking if gmake already installed
===> Registering installation for gmake-4.2.1_2 as automatic
Installing gmake-4.2.1_2...
===> help2man-1.47.6 depends on executable: gmake - found
===> Returning to build of help2man-1.47.6
===> help2man-1.47.6 depends on package: perl5>=5.24<5.25 - not found
===> Installing for perl5-5.24.4
===> Checking if perl5 already installed
===> perl5-5.24.4 is already installed
You may wish to ``make deinstall'' and install this port again
by ``make reinstall'' to upgrade it properly.
If you really wish to overwrite the old port of perl5
without deleting it first, set the variable "FORCE_PKG_REGISTER"
in your environment or the "make install" command line.
*** Error code 1
Stop.
make[5]: stopped in /usr/ports/lang/perl5.24
*** Error code 1
Stop.
make[4]: stopped in /usr/ports/misc/help2man
*** Error code 1
Stop.
make[3]: stopped in /usr/ports/print/texinfo
*** Error code 1
Stop.
make[2]: stopped in /usr/ports/devel/m4
*** Error code 1
Stop.
make[1]: stopped in /usr/ports/devel/autoconf
*** Error code 1
Stop.
make: stopped in /usr/ports/net-mgmt/netdata
#9
18.1 Legacy Series / [SOLVED] Client Static IP addresses in OpenVPN
May 18, 2018, 09:15:21 PM
In the configuration of server1.conf, the line client-config-dir /var/etc/openvpn-csc/1, allows me to create each file with user name of openvpn client with the configuration.
ifconfig-push 10.8.4.5 10.8.4.6
This assigns the ip to the openvp client when signing the connection.
my problem is that when there is an update or restart of the computer, it deletes the created configuration file.
Some idea to keep the file created manually or some configuration can be configured.
Thank you for your attention, Regards
ifconfig-push 10.8.4.5 10.8.4.6
This assigns the ip to the openvp client when signing the connection.
my problem is that when there is an update or restart of the computer, it deletes the created configuration file.
Some idea to keep the file created manually or some configuration can be configured.
Thank you for your attention, Regards
#10
18.1 Legacy Series / Question about opnsense-bootstrap
January 29, 2018, 05:29:11 PM
Greetings to all
Now you can get opnsense 8.1 release through opnsense-bootstrap, for my MV Microsoft Azure?
Now you can get opnsense 8.1 release through opnsense-bootstrap, for my MV Microsoft Azure?
#11
Tutorials and FAQs / HOWTO OPNsense in Microsoft Azure
August 28, 2017, 08:37:22 PM
Sorry, I do not speak English, I try to translate the step I took, after reading several documents online
If someone can use the steps to configure your firewall in Microsoft Azure
FreeBSD Azure
1- Create MV FreeBSD 11.0 https://docs.microsoft.com/en-us/azure/virtual-machines/windows/classic/tutorial
2- Create another additional network interface https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
3- Attach the NIC to a VM https://www.petri.com/add-network-interface-azure-vm
4- Connect with ssh MV
Before we have to enable the root user by ssh
$ sudo vi / etc / ssh / sshd_config
Locate the following line that is disabled
#PermitRootLogin on
Uncomment the line and change it in yes
PermitRootLogin yes
$ sudo /etc/rc.d/sshd restart
$ sudo passwd root
Changing local password for root
New Password:
Retype New Password:
5- Follow the next steps on the page https://github.com/opnsense/update#
$ sudo pkg install ca_root_nss
$ sudo fetch https://raw.githubusercontent.com/opnsense/update/master/bootstrap/opnsense-bootstrap.sh
Connect with WinSCP Transfer Attachment file configure.xml
Edit the opnsense-bootstrap.sh file and comment the line
$ sudo vi opnsense-bootstrap.sh
#reboot
$ sudo sh ./opnsense-bootstrap.sh
Before the MV restarts you must do this step, otherwise you will not have access to the MV
Open another end with the root user and copy the file
#cp config.xml /usr/local/etc/config.xml
After a successful restart, OPNsense should be up and running, Can improve the configuration to your liking
Connect via web interface https://<ip>/
6- Portal Azure Configure Route Table https://campus.barracuda.com/product/nextgenfirewallf/article/NGF62/AzureARMUDRWebPortal/
Rute table does operation NAT and redirection traffic the OPNsense
If there is anything else to improve, please suggest
Thanks OPNsense Teams, that's what I can contribute
If someone can use the steps to configure your firewall in Microsoft Azure
FreeBSD Azure
1- Create MV FreeBSD 11.0 https://docs.microsoft.com/en-us/azure/virtual-machines/windows/classic/tutorial
2- Create another additional network interface https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
3- Attach the NIC to a VM https://www.petri.com/add-network-interface-azure-vm
4- Connect with ssh MV
Before we have to enable the root user by ssh
$ sudo vi / etc / ssh / sshd_config
Locate the following line that is disabled
#PermitRootLogin on
Uncomment the line and change it in yes
PermitRootLogin yes
$ sudo /etc/rc.d/sshd restart
$ sudo passwd root
Changing local password for root
New Password:
Retype New Password:
5- Follow the next steps on the page https://github.com/opnsense/update#
$ sudo pkg install ca_root_nss
$ sudo fetch https://raw.githubusercontent.com/opnsense/update/master/bootstrap/opnsense-bootstrap.sh
Connect with WinSCP Transfer Attachment file configure.xml
Edit the opnsense-bootstrap.sh file and comment the line
$ sudo vi opnsense-bootstrap.sh
#reboot
$ sudo sh ./opnsense-bootstrap.sh
Before the MV restarts you must do this step, otherwise you will not have access to the MV
Open another end with the root user and copy the file
#cp config.xml /usr/local/etc/config.xml
After a successful restart, OPNsense should be up and running, Can improve the configuration to your liking
Connect via web interface https://<ip>/
6- Portal Azure Configure Route Table https://campus.barracuda.com/product/nextgenfirewallf/article/NGF62/AzureARMUDRWebPortal/
Rute table does operation NAT and redirection traffic the OPNsense
If there is anything else to improve, please suggest
Thanks OPNsense Teams, that's what I can contribute
#12
17.7 Legacy Series / Dynamic DNS (NO-IP)
August 21, 2017, 04:10:32 PM
Hi friends forum
Dynamics dns with no-ip service, does not update ip public.
Installing this manual package updates ip public
pkg.freebsd.org/FreeBSD:11:amd64/latest/All/noip-2.1.9_4.txz
After a reboot of the system how to enable the load at startup?
Some of you have had this problem, that can give me some idea.
Dynamics dns with no-ip service, does not update ip public.
Installing this manual package updates ip public
pkg.freebsd.org/FreeBSD:11:amd64/latest/All/noip-2.1.9_4.txz
After a reboot of the system how to enable the load at startup?
Some of you have had this problem, that can give me some idea.
#13
17.1 Legacy Series / [SOLVED] Error fatal trap
March 08, 2017, 08:26:26 PM
Hello everyone
Can someone have any idea about this error message from the attached image?
It is three times that I get this message, until I must enter the reboot command to start normamal.
Reviewing the message log
NetFlow is not working for me
flowd_aggregate.py: flowd aggregate died with message Traceback (most recent call last): File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 148, in run aggregate_flowd(do_vacuum) File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 85, in aggregate_flowd stream_agg_object.cleanup(do_vacuum) File "/usr/local/opnsense/scripts/netflow/lib/aggregate.py", line 281, in cleanup self._update_cur.execute('vacuum') DatabaseError: database disk image is malformed
Thanks for your attention
Can someone have any idea about this error message from the attached image?
It is three times that I get this message, until I must enter the reboot command to start normamal.
Reviewing the message log
NetFlow is not working for me
flowd_aggregate.py: flowd aggregate died with message Traceback (most recent call last): File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 148, in run aggregate_flowd(do_vacuum) File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 85, in aggregate_flowd stream_agg_object.cleanup(do_vacuum) File "/usr/local/opnsense/scripts/netflow/lib/aggregate.py", line 281, in cleanup self._update_cur.execute('vacuum') DatabaseError: database disk image is malformed
Thanks for your attention
#14
16.7 Legacy Series / Microsoft Azure
September 27, 2016, 09:22:09 PM
someone can guide me as I install opnsense in Microsoft Azure
#15
16.7 Legacy Series / MULTI WAN Failover
August 18, 2016, 09:58:08 PM
Greetings to all
I am configuring WAN1 and WAN2, I can not go on the internet on the LAN, I followed step by step guide
https://docs.opnsense.org/manual/how-tos/multiwan.html
Someone can help me
I appreciate the attention
I am configuring WAN1 and WAN2, I can not go on the internet on the LAN, I followed step by step guide
https://docs.opnsense.org/manual/how-tos/multiwan.html
Someone can help me
I appreciate the attention
#16
16.7 Legacy Series / Squid customized by host or group ACL
July 05, 2016, 08:59:07 PM
OpnSense in the new version you can customize Squid ACL host, by group, etc..
someone has already done?
someone has already done?
Pages1
