Topics

1

24.7 Production Series / Where is the API access?

« on: August 22, 2024, 10:02:46 pm »

Hello.

I'm using version 24.7.2 and I need to access the API.

In previous releases it is in SYSTEM>ACCESS>USERS>[user]>API KEYS

Will we no longer have access to the API or has it been moved?   

2

Virtual private networks / Sent fatal SSL alert: unsupported certificate

« on: April 26, 2024, 04:46:15 pm »

Hi all! Big Friday! lol

So... I installed OPNsense 24.1.6, created the CA, the server certificate and configured OpenVPN, but when I try to connect I am shown the errors below.

Packages:
base 24.1.5
openssh-portable 9.7.p1,1
openssl 3.0.13_3,1
easy-rsa 3.1.7
openvpn 2.6.10

Code: [Select]

MANAGEMENT: Client connected from /var/etc/openvpn/instance-f66d5a6f-08c6-49c3-bfb4-6497f183d284.sock
201.43.198.169:49300 SIGUSR1[soft,tls-error] received, client-instance restarting
201.43.198.169:49300 TLS Error: TLS handshake failed
201.43.198.169:49300 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
MANAGEMENT: Client disconnected
MANAGEMENT: CMD 'quit'
MANAGEMENT: CMD 'status 2'
MANAGEMENT: Client connected from /var/etc/openvpn/instance-f66d5a6f-08c6-49c3-bfb4-6497f183d284.sock
201.43.198.169:49300 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
201.43.198.169:49300 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
201.43.198.169:49300 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Re-using SSL/TLS context
MULTI: multi_create_instance called
201.43.198.169:49300 SIGUSR1[soft,tls-error] received, client-instance restarting
201.43.198.169:49300 TLS Error: TLS handshake failed
201.43.198.169:49300 TLS Error: TLS object -> incoming plaintext read error
201.43.198.169:49300 TLS_ERROR: BIO read tls_read_plaintext error
201.43.198.169:49300 OpenSSL: error:0A000086:SSL routines::certificate verify failed:
201.43.198.169:49300 Sent fatal SSL alert: unsupported certificate
201.43.198.169:49300 VERIFY ERROR: depth=0, error=unsuitable certificate purpose: C=XX, ST=XX, L=XXX, O=XXX, emailAddress=XXX, CN=sslvpn-certificate, serial=1
201.43.198.169:49300 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
201.43.198.169:49300 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
201.43.198.169:49300 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Re-using SSL/TLS context
Connection Attempt MULTI: multi_create_instance called
PS1: I have another server with the same version and this problem does not occur.
PS2: For privacy reasons, I changed the certificate information in the post code.
PS3: I tested with several versions of OpenVPN Client.
PS4: If I don't require the certificate, it works.


Anyone with this same problem?
Cheers!

3

23.7 Legacy Series / NGINX - How to work Load Balance

« on: December 20, 2023, 04:05:09 pm »

I'm trying to configure a load balance of the upstream servers, but apparently it's not working...

In Edit Upstream in Upstream:

• Description: upstream_test_44310
• Server Entries: Upstream_Server_01,Upstream_Server_02
• Load Balancing Algorithm: Weighted Round Robin

In Edit Location in Location:

• Description: location_upstream_test_44310
• Upstream Servers: upstream_test_44310

The issue is that the load balance is not working, the connections are only going to Upstream_Server_01.
I already changed the Server Priority priority in Upstream Server, but it didn't work.


Any tips?

4

22.7 Legacy Series / OFF TOPIC - Nginx restrict domains

« on: January 05, 2023, 02:05:00 pm »

Hi guys.

So... this is not directly about OPNsense, but about NGINX.

I set up a reverse proxy for my website (www.domain.com), but strangely enough, it is accepting any sub-domain (dev.domain.com, xxx.domain.com).

How do I strictly restrict it to only accepting www.domain.com?

Happy new year for all of us!

5

21.1 Legacy Series / PHP Fatal error

« on: June 24, 2021, 09:54:26 pm »

Hi all!

Is there any option to configure PHP parameters through the WEB interface or is there another way to make this adjustment?

I have the following error:
PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 119541760 bytes)

But if I change the /usr/local/etc/php.ini file in the cli, it doesn't work because it is generated by configd.

Thank you all!!

6

20.7 Legacy Series / Virtualization in oVirt 4.4.4

« on: December 12, 2020, 02:58:33 am »

Hi all!!

Did any of you have a problem running OPN on oVirt 4.4.4?
I tried to run a VM with both a virtio and e1000 driver and it didn't work.
With the virtio driver the OPN does not recognize the interfaces and with the e1000 driver falls on a "db>" screen with kernel panic

There is no error in the virtualization log messages.
This I found strange.

I posted this on the oVirt forum too, because I don't know if the error is at the hypervisor layer or the VM layer.

Any tips?

Thank you all.

7

20.1 Legacy Series / Reverse Proxy - Nginx - Zabbix

« on: August 24, 2020, 11:34:24 pm »

Hello, could you help me?

How do I enable the basic_status page through OPNsense to monitor with the Zabbix agent? I saw that the ngx_http_stub_status_module module is enabled.

https://nginx.org/en/docs/http/ngx_http_stub_status_module.html

Or, how and where do I collect the data from the address /ui/nginx/index/vts?

Thank you all!

8

19.7 Legacy Series / Brazil save time daylight

« on: November 05, 2019, 03:02:28 pm »

Hi all.

Can I configure save time daylight on OPNsense?
We had a little problem with the save time daylight this one year soo, the timezone "America/Sao_Paulo" is wrong.
Can I tune this configuration on OPNsense?
On Linux, I donwload the update rpm timezone, but on OPN I dont know to do.

For example:
Current date/time   Tue Nov 5 12:00:57 -02 2019
My PC: 11:01 -03

Thank you all.

9

19.1 Legacy Series / Reverse Proxy on OPNsense

« on: April 11, 2019, 03:40:56 pm »

Hi all.

Sorry my english.

I am try up configure the nginx reverse proxy, but i am failed...
I am following the documentation (https://docs.opnsense.org/manual/reverse_proxy.html)

I have 1 server (site.domain.local) with 2 vhosts on port 80, (site.domain.local/site1 and site.domain.local/site2).
I would like that access throught on OPNsense, for exemple... site1.domain.local redirect for site.domain.local/site1 and site2.domain.local redirect for site.domain.local/site2

With Apache I know configure, with Nginx don't.

Someone would like try help me?
Thank you.

10

18.7 Legacy Series / How to works the update Firewall Alias

« on: March 07, 2019, 04:26:42 am »

Hi all!

Sorry my english.

I would like to know how to works the Firewall Alias...
How often the firewall rules are update...
How often the firewall alias are update...

How to works the update Alias in pfTables?

Why do I ask?
I have to allow a rule that accept POP, POP/S port to URL outlook.office365.com.
That URL change the IP address frenquence every minute, so I need understand how works for me create the necessary alterations.

Thank you very, very much for the help!

11

18.7 Legacy Series / How to pfTables works?

« on: December 26, 2018, 03:07:14 pm »

Hi everyone!

Sorry my english.

How to pfTables works?

I know that it update the Aliases, but I dont know how often is updated.
The that I need is create a script that update the Aliases with another DNS.

I dont know if is possible...

Thank all.

12

18.7 Legacy Series / Update and reload firewall aliases

« on: December 10, 2018, 02:26:53 pm »

Hello everyone.

If I understand, when I create an Alias indicating a FQDN domain name, that domain name is updated every 300 seconds.

Do I need to add the "Update and reload firewall aliases" task in CRON?

Thank you.

13

18.7 Legacy Series / Update IP Alias/Firewall

« on: December 03, 2018, 03:07:25 pm »

Hello.

Sorry for the question, I do not know if they asked ...

Is it possible to allow in firewall a URL domain, such as www.sap.com, instead of the IP address on the firewall?

If this not possible, is it possible to update an Alias by changing its IP and then update the firewall rules? Do I need of a script?

All this is for me to be able to release the Windows update, some antivirus clients and so on, which are changing the URL IP

Thank you.

14

18.7 Legacy Series / [SOLVED] Upgrade to specific version

« on: September 07, 2018, 04:11:32 pm »

Hello all.

Sorry my english.

Can I upgrade to a particular version of OPN?

I want to go from version 18.7 to version 18.7.1 (including updating the kernel and updating the packages), but through the web interface I can only go straight to version 18.7.2.

Thank you.

15

18.1 Legacy Series / Proxmox virtualization

« on: February 07, 2018, 08:56:24 pm »

Hello, I'm trying to install OPNsense on Proxmox, I've tried version 18.1 and 17.7.5 and both are locked in "booting ..."

I have already changed the disk to SATA, according to Wiki documentation ...

Got any more details?