Topics

1

17.7 Legacy Series / IPsec VPN Status Overview empty

« on: November 30, 2017, 08:56:41 pm »

Hi All,

I'm facing the following error:

The "VPN: IPsec: Status Overview" page is completely empty, I have 7 VPN tunnels whit around 60 phase 2 entries. All VPN tunnels are working correctly.

I did of course already some research trying to solve it and I found this 'old' bug on GitHub:

https://github.com/opnsense/core/issues/634

This bug should be solved in version 16.1.9, I'm running 17.7.8 (latest version and I'm running on officially supported hardware). When I manually try to execute the following script I get this output:

Code: [Select]


root@opnsense:~ # /usr/local/opnsense/scripts/ipsec/list_status.py
Traceback (most recent call last):
  File "/usr/local/opnsense/scripts/ipsec/list_status.py", line 83, in <module>
    for sas in s.list_sas():
  File "/usr/local/opnsense/scripts/ipsec/vici/session.py", line 334, in streamed_request
    self._register_unregister(event_stream_type, False);
  File "/usr/local/opnsense/scripts/ipsec/vici/session.py", line 250, in _register_unregister
    confirm=Packet.EVENT_CONFIRM,
vici.exception.SessionException: Unexpected response type 112, expected '5' (EVENT_CONFIRM)

Restarting the "Strongswan" service doesn't solve the problem, and I can reproduce the problem on multiple devices, so it doesn't seem to be limited to 1 installation.

Is this still a bug in "Strongswan" or "just" a small GUI issue?


Thanks,


Marijn

2

17.1 Legacy Series / Scripting Aliases to OPNsense

« on: July 27, 2017, 10:19:32 am »

Hi All,

I have the feeling this question is already asked 100 times, but I cannot find a final fitting answer to my question.

We have a lot of Aliases, and with our current firewall solutions I use a script to generate them in the firewall, so I was looking for a possibility to create Aliases in the command line, in that way I can automate it (as data sources we are using our DNS servers for example).

I know you guys are working on an awesome API, but for now, I like to make a temporary solution.

So what I basically like to know:

1. Is it possible to create/edit aliases using the Shell (SSH)
2. What are the syntaxes
3. Are there major downside's regarding this idea?

If it's possible I will create a script (most likely PowerShell), and if people are interested I'm happy to share the script on this forum.

If this question is already answered please let me know

Thanks a lot!

3

17.1 Legacy Series / Use minus (-) character in alias name

« on: February 24, 2017, 09:54:19 am »

Hi All,

Maybe question that can simply be answered with "no", but still I like to see if there is a possibility.

So basically I'm testing OpnSense and how it will act in our enterprise environments, I like to make a lot of aliases (basically for every server we have) to create the thousands of access rules we have for every server and or server farms.

In most cases, an alias will include the server name as "name" and 2 IP addresses (1 IPv4 and 1 IPv6).

Now the "issue" all our server names are using a minus in the name, so for example "TST-WEB-101", I see OpnSense isn't supporting minuses in the alias names, but an underscore is working fine.

Is there a technical limitation or is it just a weird question from my side? 

Thanks

4

17.1 Legacy Series / [SOLVED] Problem to setup LDAP server - CSRF check failed

« on: February 03, 2017, 12:20:02 pm »

Hi All,

I started to implement and test OpnSense 17.1, especially because of the brand new release, and; my compliments, it looks really nice!

The problem I'm facing:

I'm unable to setup an LDAP server, everything seems to go will but if I press on save I will get the following error:

CSRF check failed. Your form session may have expired, or you may not have cookies enabled.

A quick google showed my a topic on this forum (https://forum.opnsense.org/index.php?topic=3484.0) but I'm not sure if this is related.

edit: I tried "of course" multiple browsers

can anyone point in the right direction?

Thanks,

Marijn