Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - soernt.poppe

Pages: [1]

Development and Code Review / I would like to extend the Captive Portal...

« on: May 31, 2018, 09:39:09 am »

Hi there,

I would like to extend the Captive Portal to support this workflow:

Guest user try to connect to my network an gets displayed a QR-Code and a login button. The QR-Code contains a new random user name and password.

Guest ask an allready authenticated user to create a voucher. Authenticated users scanns the QR-Code and gets displayed a message "Create new voucher for "user name" and an imput field for the expiry time.

After the authenticated user press "Create Voucher", a voucher will be created. The Guest clicks the login button and gets validated.

I am completly new to create these kind of customization. I scanned through the source code and found the "src\opnsense\mvc\app\library\OPNsense\Auth\Voucher.php" file.

What I would like to see here:
a) a function that returns a new random user name and password.
b) a function that creates a voucher for a given user name, password and expiry time.

Basically the functions are allready there, within the generateVouchers function.

I need someone who can guide me and will perform a code review :-)

Kind regards,
Sörnt

17.7 Legacy Series / After update from 17.7.7 to 17.7.8 the Web UI is not accessible

« on: November 23, 2017, 11:06:22 am »

Hi there,

after the update to 17.7.8 I can not access the Web-UI. I get this:

Code: [Select]

Not Found

The requested URL / was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Apache/2.4.27 Server at jupiter.poppe.de Port 443

Also: I can connect to to the box via ssh, but my password is not accepted anymore.

I can connect to the box via a serial cable.

All clients can access the internet.

I never get such a situation during the updates I did before.

What I need to do in order to get the WebUI up and running?

Kind regards,
Sörnt Poppe

17.1 Legacy Series / After updating to 17.1.9 NAT is not working correctly

« on: July 07, 2017, 02:00:12 pm »

Hi there,

I updated to 17.1.9 and now a configured NAT port forwarding is not working anymore.
Strange thing: I use the FTP-Proxy plugin which also uses port forwarding and that is working correctly.

I deleted the port forwarding and recreated it again. Also I did a reboot after that but nothing helped :-(

I attached some screen shots what I have configured:
I would like to forward HTTP and HTTPS to 192.168.90.2

Any ideas what I should do here?

Kind regards,
Sörnt

German - Deutsch / DynDNS - Custom Type

« on: February 11, 2017, 01:42:55 pm »

Hallo zusammen,

Ich verwalte meine Domainen mit der dem Anbieter "Deutsche Domainbank". Die bieten auch einen DynDNS - Dienst an.

Die Dokumentation der Deutschen Domainbank hinsichtlich DynDNS sagt folgendes:

Authentisierung per URL

Für Webbrowser oder andere Programme (fetch, curl, lwp-request) die die Authentisierung per URL Übertragen können.

http://username:password@direkt-domains.de/nic/update?hostname=yourhostname&myip=ipaddress

Raw HTTP GET Anfrage

HTTP requests sollten wie folgt aussehen. Bitte beachten Sie das die hier abgebildeten Headers das minimum darstellen und durchaus ausführlicher sein können. Alle Anfragen sollten von einer leeren Zeile gefolgt sein.
Der Teil base-64-authorization sollte Base 64 encodiert durchgeführt werden "username:password".

Code: [Select]

GET /nic/update?hostname=yourhostname&myip=ipaddress HTTP/1.0 
Host: direkt-domains.de 
Authorization: Basic base-64-authorization 
User-Agent: Company - Device - Version Number

Ich habe jetzt die URL mit Benutzernamen, Passwort Hostnamen und IP wie folgt zusammengesetzt:

Code: [Select]

https://Fred:PasswortVonFred@direkt-domains.de/nic/update?hostname=MeineDomain&myip=%IP%
%IP% wird von opnSense ersetzt.

und in das Feld Update URL eingetragen.

Das scheint zu funktionieren auch wenn Benutzernamen und Passwort nicht BASE64 codiert sind.

ich habe die Abfrage mal per FireFox abgeschickt und ich bekomme folgendes im Browser angezeigt:

Code: [Select]

good 91.96.39.230
Bei wiederholten mal bekomme ich:

Code: [Select]

nochg 91.96.39.230
Das ist laut den Return Codes des DynDNS Protokolls (https://help.dyn.com/remote-access-api/return-codes/) alles gut.

In der Maske von opnSense gibt es noch das Feld "Result Match". Was sollte ich hier eintragen?
Sowas wie:

Code: [Select]

good &IP%
was passiert dann mit:

Code: [Select]

nochg &IP%?

Ich habe die Option "Verbose logging" eingeschaltet. Im Bereich "Services->DNS Tools->Log File" hätte ich jetzt klare Erfolgs- oder Fehlermeldung erwartet. Da stehen zwar Einträge, mir ist aber nicht klar ob die Anfrage nun gut oder nicht gut gegangen sind.

In der Übersicht der DynDNS Einträge steht mein Eintrag mit grüner "Cached IP".

Code: [Select]

Feb 11 13:34:54 	dnsmasq[13538]: read /var/etc/dnsmasq-hosts - 27 addresses
Feb 11 13:34:54 	dnsmasq[13538]: read /etc/hosts - 2 addresses
Feb 11 13:34:54 	dnsmasq[13538]: read /var/etc/dnsmasq-hosts - 24 addresses
Feb 11 13:34:54 	dnsmasq[13538]: read /etc/hosts - 2 addresses
Feb 11 13:34:54 	dnsmasq[13538]: using nameserver 80.190.187.210#53
Feb 11 13:34:54 	dnsmasq[13538]: using nameserver 8.8.8.8#53
Feb 11 13:34:54 	dnsmasq[13538]: using nameserver 2.2.2.2#53
Feb 11 13:34:54 	dnsmasq[13538]: using nameserver 212.6.64.162#53
Feb 11 13:34:54 	dnsmasq[13538]: ignoring nameserver 127.0.0.1 - local interface
Feb 11 13:34:54 	dnsmasq[13538]: reading /etc/resolv.conf
Feb 11 13:34:54 	dnsmasq[13538]: DNS service limited to local subnets
Feb 11 13:34:54 	dnsmasq[13538]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect no-inotify
Feb 11 13:34:54 	dnsmasq[13538]: started, version 2.76 cachesize 10000
Feb 11 13:34:54 	dnsmasq[50997]: exiting on receipt of SIGTERM
Feb 11 13:10:01 	dnsmasq[50997]: read /var/etc/dnsmasq-hosts - 27 addresses
Feb 11 13:10:01 	dnsmasq[50997]: read /etc/hosts - 2 addresses
Feb 11 13:08:36 	dnsmasq[50997]: failed to send packet: Host is down
Feb 11 13:08:36 	dnsmasq[50997]: failed to send packet: Host is down
Feb 11 13:08:36 	dnsmasq[50997]: failed to send packet: Host is down
Feb 11 13:08:27 	dnsmasq[50997]: failed to send packet: Host is down
Feb 11 12:49:11 	dnsmasq[50997]: read /var/etc/dnsmasq-hosts - 28 addresses
Feb 11 12:49:11 	dnsmasq[50997]: read /etc/hosts - 2 addresses
Feb 11 12:49:11 	dnsmasq[50997]: read /var/etc/dnsmasq-hosts - 24 addresses
Feb 11 12:49:11 	dnsmasq[50997]: read /etc/hosts - 2 addresses
Feb 11 12:49:11 	dnsmasq[50997]: using nameserver 80.190.187.210#53
Feb 11 12:49:11 	dnsmasq[50997]: using nameserver 8.8.8.8#53
Feb 11 12:49:11 	dnsmasq[50997]: using nameserver 2.2.2.2#53
Feb 11 12:49:11 	dnsmasq[50997]: using nameserver 212.6.64.162#53
Feb 11 12:49:11 	dnsmasq[50997]: ignoring nameserver 127.0.0.1 - local interface
Feb 11 12:49:11 	dnsmasq[50997]: reading /etc/resolv.conf
Feb 11 12:49:11 	dnsmasq[50997]: DNS service limited to local subnets
Feb 11 12:49:11 	dnsmasq[50997]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect no-inotify
Feb 11 12:49:11 	dnsmasq[50997]: started, version 2.76 cachesize 10000
Feb 11 12:49:10 	dnsmasq[40360]: exiting on receipt of SIGTERM
Feb 11 12:45:25 	dnsmasq[40360]: read /var/etc/dnsmasq-hosts - 28 addresses
Feb 11 12:45:25 	dnsmasq[40360]: read /etc/hosts - 2 addresses
Feb 11 12:45:25 	dnsmasq[40360]: read /var/etc/dnsmasq-hosts - 24 addresses
Feb 11 12:45:25 	dnsmasq[40360]: read /etc/hosts - 2 addresses
Feb 11 12:45:25 	dnsmasq[40360]: using nameserver 80.190.187.210#53
Feb 11 12:45:25 	dnsmasq[40360]: using nameserver 8.8.8.8#53
Feb 11 12:45:25 	dnsmasq[40360]: using nameserver 2.2.2.2#53
Feb 11 12:45:25 	dnsmasq[40360]: using nameserver 212.6.64.162#53
Feb 11 12:45:25 	dnsmasq[40360]: ignoring nameserver 127.0.0.1 - local interface
Feb 11 12:45:25 	dnsmasq[40360]: reading /etc/resolv.conf
Feb 11 12:45:25 	dnsmasq[40360]: DNS service limited to local subnets
Feb 11 12:45:25 	dnsmasq[40360]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect no-inotify
Feb 11 12:45:25 	dnsmasq[40360]: started, version 2.76 cachesize 10000
Feb 11 12:45:25 	dnsmasq[9136]: exiting on receipt of SIGTERM
Feb 11 12:40:23 	dnsmasq[9136]: read /var/etc/dnsmasq-hosts - 28 addresses
Feb 11 12:40:23 	dnsmasq[9136]: read /etc/hosts - 2 addresses

Gut wäre wenn es beim Editieren eines DynDNS Eintrags einen Schalter "Testen" gäbe. Dann wäre es klar ob es nun funktioniert oder eben nicht.

Mir ist nicht klar wann opnSense versucht die DynDNS Einträge zu aktualisieren. Zeitliches Intervall? Oder merkt opnSense wenn sich die WAN-IP ändert?

Grüße
Sörnt

General Discussion / Radius Server

« on: November 01, 2016, 11:00:09 am »

Hi there,

I just installed OPNSense and I really like it so far :-)

The one thing I miss is a Radius Server that is running and integrated within OPNSense.
The background:
I split my network into several VLANs, I would like that the Switch-Port to VLAN-Id assignement is based on the Device (MAC-Address) or user name (+Password). Currently the each Switch-Port has a static assigned VLAN-Id.

I would like to see
a) An option to install FreeRadius Server within the PugIns
b) At the user account management I would like to assign a user a VLAN-Id.
c) Within the Radius configuration page an option to define a list of MAC addresses where I can set the VLAN-Id for each MAC Address.

Any chances to get something like that?

I did see that pfSense is offering something like that.

Pages: [1]