Topics

Hi folks,

Im facing this behavior with 21.1, 21. 7  and now with 22.1 Series.
I have two OPNSense routers with the same version - 22.1-amd64

1-  Branch office
     vmx0 - Lan interface - 172.20.0.0/24
     vmx1 - Wan Interface - 1.1.1.1

2 - Head office
     vmx0 - Lan interface - 172.50.0.0/24
     vmx1 - Wan Interface - 2.2.2.2


Each one has the same config and are running over Esxi.
When I do transfer files (SCP, CIFS, HTTP) over Ipsec Tunnel - Between networks - 172.50.0.0/24 and 172.20.0.0/24 the network throughput does not pass over 30Mbps.

When I try transfer files From Head office LAN 172.50.0.0/24 to Brach office  1.1.1.1  over WAN interface (Port forward) I got 90Mbps of throughput. The same happen fram Lan Branch office to Head office over WAN.


Could someone has idea about solve it ?

These options already disabled in both devices.
Hardware CRC
Hardware TSO
Hardware LRO
VLAN Hardware Filtering



Best regards

Hi Folks,

Could someone has ideia how to solve this ?
https://github.com/opnsense/plugins/issues/1422

regards
Carlos

Hi folks,

Could someone explain how the autoblock process (from nginx package) works? It seems that we having some problem with it I tried disable it by cron (console) and this is not persistent, after reboot the autoblock crontab entry it is created again.

My system in some hours add 4233 entries.

Regards

Carlos

Hi folks,
Could someone explain how is done the Nginx log rotate?
It seems  that tls_handshake.log does not rotating, i my system I need delete it manually, it was 5Gb.

Best regards
Carlos

[*interfaces*]

Hi folks, currently I`m trying restrict an user to change somethings by OPNsense GUI.
I have created a new group and select only the items that I would like to allow, in this case ALL less *interfaces* page.

But it seems this does not working as expected, because I can see and change these items.

Does someone has idea if is there any problem with this !?

Best regards


it is below the acl from config.xml

Code Select Expand

<group>
      <name>manager</name>
      <description>Managers</description>
      <gid>2001</gid>
      <priv>page-dashboard-all</priv>
      <priv>page-system-login-logout</priv>
      <priv>page-getserviceproviders</priv>
      <priv>page-getstats</priv>
      <priv>page-dashboard-widgets</priv>
      <priv>page-diagnostics-arptable</priv>
      <priv>page-diagnostics-authentication</priv>
      <priv>page-diagnostics-backup-restore</priv>
      <priv>page-diagnostics-configurationhistory</priv>
      <priv>page-diagnostics-factorydefaults</priv>
      <priv>page-diagnostics-haltsystem</priv>
      <priv>page-diagnostics-limiter-info</priv>
      <priv>page-diagnostics-logs-dhcp</priv>
      <priv>page-diagnostics-logs-firewall-dynamic</priv>
      <priv>page-diagnostics-logs-firewall-plain</priv>
      <priv>page-diagnostics-logs-firewall-summary</priv>
      <priv>page-diagnostics-logs-gateways</priv>
      <priv>page-diagnostics-logs-settings</priv>
      <priv>page-diagnostics-logs-system</priv>
      <priv>page-diagnostics-ndptable</priv>
      <priv>page-diagnostics-netflow</priv>
      <priv>page-diagnostics-networkinsight</priv>
      <priv>page-diagnostics-packetcapture</priv>
      <priv>page-diagnostics-tables</priv>
      <priv>page-diagnostics-pf-info</priv>
      <priv>page-diagnostics-system-pftop</priv>
      <priv>page-diagnostics-ping</priv>
      <priv>page-diagnostics-rebootsystem</priv>
      <priv>page-diagnostics-resetstate</priv>
      <priv>page-diagnostics-routingtables</priv>
      <priv>page-diagnostics-showstates</priv>
      <priv>page-diagnostics-sockets</priv>
      <priv>page-diagnostics-statessummary</priv>
      <priv>page-diagnostics-system-activity</priv>
      <priv>page-diagnostics-health</priv>
      <priv>page-diagnostics-testport</priv>
      <priv>page-diagnostics-traceroute</priv>
      <priv>page-firewall-alias-edit</priv>
      <priv>page-firewall-aliases</priv>
      <priv>page-firewall-nat-1-1</priv>
      <priv>page-firewall-nat-1-1-edit</priv>
      <priv>page-firewall-nat-npt</priv>
      <priv>page-firewall-nat-npt-edit</priv>
      <priv>page-firewall-nat-outbound</priv>
      <priv>page-firewall-nat-outbound-edit</priv>
      <priv>page-firewall-nat-portforward</priv>
      <priv>page-firewall-nat-portforward-edit</priv>
      <priv>page-firewall-scrub</priv>
      <priv>page-firewall-rules</priv>
      <priv>page-firewall-rules-edit</priv>
      <priv>page-firewall-schedules</priv>
      <priv>page-firewall-schedules-edit</priv>
      <priv>page-firewall-trafficshaper</priv>
      <priv>user-proxy-auth</priv>
      <priv>page-services-captiveportal</priv>
      <priv>page-services-dhcprelay</priv>
      <priv>page-services-dhcpserver</priv>
      <priv>page-services-dhcpserver-editstaticmapping</priv>
      <priv>page-services-dhcpv6relay</priv>
      <priv>page-services-dhcpv6server</priv>
      <priv>page-services-dhcpserverv6-editstaticmapping</priv>
      <priv>page-services-opendns</priv>
      <priv>page-services-dnsforwarder-editdomainoverride</priv>
      <priv>page-services-dnsforwarder-edithost</priv>
      <priv>page-diagnostics-logs-dnsmasq</priv>
      <priv>page-services-dnsforwarder</priv>
      <priv>page-services-dynamicdnsclients</priv>
      <priv>page-services-ids</priv>
      <priv>page-services-ntpd</priv>
      <priv>page-services-proxy</priv>
      <priv>page-services-router-advertisements</priv>
      <priv>page-services-dnsresolver-acls</priv>
      <priv>page-services-dnsresolver-advanced</priv>
      <priv>page-services-dnsresolver-editdomainoverride</priv>
      <priv>page-services-dnsresolver-edithost</priv>
      <priv>page-services-dnsresolver</priv>
      <priv>page-diagnostics-logs-resolver</priv>
      <priv>page-status-carp</priv>
      <priv>page-status-dhcpleases</priv>
      <priv>page-status-dhcpv6leases</priv>
      <priv>page-status-habackup</priv>
      <priv>page-status-ipsec</priv>
      <priv>page-status-ipsec-leases</priv>
      <priv>page-status-ipsec-sad</priv>
      <priv>page-status-ipsec-spd</priv>
      <priv>page-status-ntp</priv>
      <priv>page-services-ntp-gps</priv>
      <priv>page-services-ntp-pps</priv>
      <priv>page-status-openvpn</priv>
      <priv>page-status-services</priv>
      <priv>page-status-systemlogs-portalauth</priv>
      <priv>page-status-systemlogs-ppp</priv>
      <priv>page-status-systemlogs-ipsecvpn</priv>
      <priv>page-status-systemlogs-ntpd</priv>
      <priv>page-status-systemlogs-openvpn</priv>
      <priv>page-status-systemlogs-routing</priv>
      <priv>page-status-systemlogs-wireless</priv>
      <priv>page-status-trafficgraph</priv>
      <priv>page-diagnostics-wirelessstatus</priv>
      <priv>page-wizard-system</priv>
      <priv>page-system-advanced-admin</priv>
      <priv>page-system-advanced-firewall</priv>
      <priv>page-system-advanced-misc</priv>
      <priv>page-system-advanced-network</priv>
      <priv>page-system-advanced-sysctl</priv>
      <priv>page-system-authservers</priv>
      <priv>page-system-camanager</priv>
      <priv>page-system-certmanager</priv>
      <priv>page-diagnostics-crash-reporter</priv>
      <priv>page-system-crlmanager</priv>
      <priv>page-system-firmware-manualupdate</priv>
      <priv>page-system-gatewaygroups</priv>
      <priv>page-system-generalsetup</priv>
      <priv>page-system-groupmanager</priv>
      <priv>page-system-groupmanager-addprivs</priv>
      <priv>page-system-hasync</priv>
      <priv>page-system-license</priv>
      <priv>page-system-cron</priv>
      <priv>page-system-staticroutes</priv>
      <priv>page-system-usermanager</priv>
      <priv>page-system-usermanager-addprivs</priv>
      <priv>page-system-usermanager-passwordmg</priv>
      <priv>page-vpn-ipsec</priv>
      <priv>page-vpn-ipsec-editphase1</priv>
      <priv>page-vpn-ipsec-editphase2</priv>
      <priv>page-vpn-ipsec-editkeys</priv>
      <priv>page-vpn-ipsec-mobile</priv>
      <priv>page-vpn-ipsec-listkeys</priv>
      <priv>page-openvpn-client</priv>
      <priv>page-openvpn-client-export</priv>
      <priv>page-openvpn-csc</priv>
      <priv>page-openvpn-server</priv>
      <priv>page-services-monit</priv>
      <priv>page-xmlrpclibrary</priv>
      <member>2001</member>
    </group>

Hi folks, after upgrade to 19.1.5, the Nginx, Monit (I will test others) plugins does not "save" the new configs or current config, It seems the save button does not has action.

I already reboot the appliance, clean cache, tested on several devices.


Is there any special procedure after upgrade to 19.1.5 ?

regards

Carlos

Hi folks, is it possible usage letsencrypt plugin with nginx ?
If yes, Is there any documentation !?

Regards
Carlos

Hello @fabian,
I upgrade two appliances to 18.7.9 and I could see that nginx has log viewr (Nice, thanks for it!)

But when I try access any logs, my Browser crash (in both appliances). I supose that is bacuse the size log file.
looking the logs I could see the following.

Code Select Expand

[14-Dec-2018 00:01:31 America/Sao_Paulo] PHP Fatal error:  Allowed memory size of 402653184 bytes exhausted (tried to allocate 1522266880 bytes) in /usr/local/opnsense/mvc/app/library/OPNsense/Nginx/AccessLogParser.php on line 42
[14-Dec-2018 00:02:20 America/Sao_Paulo] PHP Fatal error:  Allowed memory size of 402653184 bytes exhausted (tried to allocate 1522290512 bytes) in /usr/local/opnsense/mvc/app/library/OPNsense/Nginx/AccessLogParser.php on line 42
[14-Dec-2018 00:02:24 America/Sao_Paulo] PHP Fatal error:  Allowed memory size of 402653184 bytes exhausted (tried to allocate 1522308872 bytes) in /usr/local/opnsense/mvc/app/library/OPNsense/Nginx/AccessLogParser.php on line 42
[14-Dec-2018 00:02:42 America/Sao_Paulo] PHP Fatal error:  Allowed memory size of 402653184 bytes exhausted (tried to allocate 1522314600 bytes) in /usr/local/opnsense/mvc/app/library/OPNsense/Nginx/AccessLogParser.php on line 42
[14-Dec-2018 00:02:43 America/Sao_Paulo] PHP Fatal error:  Allowed memory size of 402653184 bytes exhausted (tried to allocate 1522314800 bytes) in /usr/local/opnsense/mvc/app/library/OPNsense/Nginx/AccessLogParser.php on line 42
[14-Dec-2018 00:05:48 America/Sao_Paulo] PHP Fatal error:  Allowed memory size of 402653184 bytes exhausted (tried to allocate 1522354280 bytes) in /usr/local/opnsense/mvc/app/library/OPNsense/Nginx/AccessLogParser.php on line 42
[14-Dec-2018 00:15:23 America/Sao_Paulo] PHP Fatal error:  Allowed memory size of 402653184 bytes exhausted (tried to allocate 1522830464 bytes) in /usr/local/opnsense/mvc/app/library/OPNsense/Nginx/AccessLogParser.php on line 42
[14-Dec-2018 08:19:09 America/Sao_Paulo] PHP Fatal error:  Allowed memory size of 402653184 bytes exhausted (tried to allocate 1536664032 bytes) in /usr/local/opnsense/mvc/app/library/OPNsense/Nginx/AccessLogParser.php on line 42

DO you got similar problem ?

Regards

Carlos

Hi @fabian,

It seems the locations config has a BUG, but before open a ticket I would like to check it.

I was running the Nginx with a single Location, and it works as expected, now I needed add more 2 Locations, by GUI I can see the config, but nginx.conf does not have these 2 new locations.

I tried add manually these tw new locations into nginx.conf and restart it manually, and it works. It seems that exists any problem in process to generate the neginx.conf.

It its attached some screens and config to try explain better.

-------
Config generated - > https://pastebin.com/8dJVdfG5
Config working with add location manually - > https://pastebin.com/MDkhRFdf

Hi folks, could someone can please instruct howto create a Whistelist Rule/Policy in NGINX WAF plugin!?

In my tests, it seems that whitelist is not interpreted.

Best regards
Carlos

Hi folks,

   Could someone guide me with Nginx + WAF plugin!!?
   Is it mandatory specify the Custom Security Policy in Location config when using Enable Security Rules option? (WAF).  Im asking because the WAF rules only works when I specified Custom Security Policy, according attached image.

Best regards
Carlos

Hi guys,

It seems that Automatic outbound NAT rule generation does not working as expected.
It works only when I define Manual outbound NAT rule generation and create my rules.

Tested with fresh installation OPNsense 18.7.7 and 18.7.7 versions.

Does someone are facing the same problem ??!

Regards
Carlos

Hi folks, is there anyway to do backup (config.xml) using API functions?!

Best regards
Carlos

Hi folks, could someone inform in wich events the email notification is used?

I have it configured, but I cannot see option to enable/disble notifications.

I my case, Im trying setup configuration in Ipsec tunnels Status, Gateway Status... Is it possible!?

Regards
Carlos

Hi folks,

Im trying replace some pfSense by OPNSense, but we are facing ipsec problem.
Currently we have a pfSense appliance established IPSEC VPN with Sophos/Cyberoam Vendor.
I just replace my pfSense appliance  by OPNSense with the same identical configs. (it is attached the screen and logs), but IPSEC VPN does not establish connection.
It seems that there is any problem in supported ipsec proposals methods.


Does someone has any idea about fix it?

Best regards

Carlos

Hi guys, could someone can inform me if is it possible create webfilter acls based on user groups!?
Like squidGuard method.

Best regards,

- Carlos

Hello,

Could someone please inform me if OPNSense supports URL Filter Content by user group or ip address!?

Best regards,

ccesario

Hello all,

Does someone know inform when we will have the SquidGuard package and GUI available!? And HTTPS support on current Proxy  package!?

Best regards,