Topics

1

22.1 Production Series / Dashboard Failure

« on: March 01, 2022, 09:38:39 pm »

I'm getting a dashboard problem after upgrading to the latest opnsense, which prevents the entire dashboard from loading.

Code: [Select]

[01-Mar-2022 12:40:07 America/New_York] PHP Fatal error:  require_once(): Failed opening required 'diag_logs_common.inc' (include_path='/usr/local/etc/inc:/usr/local/www:/usr/local/opnsense/mvc:/usr/local/opnsense/contrib:/usr/local/share/pear:/usr/local/share') in /usr/local/www/widgets/widgets/ids_log.widget.php on line 47
[01-Mar-2022 12:41:37 America/New_York] PHP Warning:  require_once(diag_logs_common.inc): failed to open stream: No such file or directory in /usr/local/www/widgets/widgets/ids_log.widget.php on line 47

I can't find "diag_logs_common.inc" on the host.  I tried changing it to "diag_logs_settings.inc" which does exit, but that didn't work.  Also tried to comment line 47, but that didn't resolve the loading issue.

2

Virtual private networks / Wireguard - Local & Destination Network Same IP Range

« on: February 24, 2022, 09:04:23 pm »

Setting up Wireguard and having a routing issue I suspect.  We unfortunately used a common 192.168.1.0 address scheme in our office, but most home networks use a similar IP subnet.  I have the WG network on 10.10.10.0, but can't seem to route out of the VPN to the local or external network on the destination.  Is there any way to make this work with some type of 10.10.10.0 NAT?   I rather not have to readdress the entire office to allow a few people to VPN in.

3

Web Proxy Filtering and Caching / web filtering https without mitm

« on: April 27, 2021, 02:06:05 am »

I want to use the web proxy filtering for ssl without doing the entire ca ssl mitm.  I don't need to inspect, cache or authenticate anything.  I just want to block people from going to youtube and social media sites.  That shouldn't require me doing anything within SSL.  However, I can't get it to work.  When I do the transparent proxy forward on the ssl port, it just breaks the internet.

help please
thanks

4

General Discussion / DHCP Registration (DNS) vs Dynamic DNS (DHCP)

« on: March 16, 2021, 01:31:37 am »

I want the client names to be automatically registered in DNS.  It seems both of these seem to do that, but what is the difference?  Are both needed?

Under DHCP, we have Dynamic DNS.
"Enter the dynamic DNS domain which will be used to register client names in the DNS server. Note: Leave blank to disable dynamic DNS"

Under DNS, we have DHCP Registration
"If this option is set, then machines that specify their hostname when requesting a DHCP lease will be registered in Unbound, so that their name can be resolved."

5

General Discussion / Unbound DNS - Register DHCP leases

« on: January 26, 2021, 06:56:18 am »

Is there any place to see the dynamic DNS added via DHCP leases in Unbound DNS?  I created a static reservation and now Unbound has both the old and new IP.  I can't see what all the dynamic entries are or how to delete one.

6

19.1 Legacy Series / WAN admin - Firewall Allow but Blocked

« on: April 17, 2019, 05:25:34 am »

I have a situation where I need to enable web administration on the WAN.  I've done this before without issues.  Go to console, shut down packet filter, set WAN firewall to allow my source IP to destination WAN address port 443.  Restart pf.

I just installed a new install of opnsense yesterday, but I can't get this to work.  I'm able to stop pf from a remote console and then access the WAN web admin, but after adding the WAN firewall rule (even to the point of ANY ANY), when pf restarts, I'm blocked by the default fw block rule.  Any thoughts why this would happen?

I know best practice is to vpn or something and access via the lan (and I'll get to that), but I need this to work on the wan first to set everything up properly.  Also, web admin is enabled for all interfaces.

7

General Discussion / Web Server Instructions / Let's Encrypt / Nginx

« on: February 13, 2019, 05:26:27 pm »

I'm needing some guidance on setting up a web server behind OPNSense.  Initially I just did a port forward, but I want TLS.  So I installed the Let's Encrypt Plugin on OPNSense, but I'm not sure how this works with port forwarding as the server itself needs the cert as it does the encryption exchange.  I don't want to open the web server to the world (I have a Alias defined IP ACL).  So just installing Certbot on the webserver is not an option unless it somehow interacts with OPNSense to allow the temporary proxy.  I also don't want to set up some method that copies the cert from OPNSense to the webserver as that would involve too many potential problems and security issues.

I'm also interested in putting a WAF in front of the web server, though this is not required.  So maybe some nginx method is possible, where the Let's Encrypt on OPNSense is served to the Nginx plugin which acts as a front end to my webserver?  Then the Let's Encrypt plugin has something called a HAProxy, so maybe that's the solution?  I'm finding documentation on these aspects of configuration very limited for my situation and I could really use the help trying to get this set up correctly.  Thank you for any help you can provide. 

As an additional note, I need to be able to access it both internally and externally.  DNS will resolve to the external IP, but I don't know if I need to do some reflection or anything since it would need to go out and then back in.

8

General Discussion / Squid memory only cache

« on: April 17, 2017, 03:47:06 pm »

Does anyone know how to configure a memory only cache?  I don't want any disk caching.

I've set the "Memory Cache size in Megabytes" to 4000.  "Enable local cache" is off.  I don't see any hits or big use of memory in the logs / dashboard.