Topics

1

24.7 Production Series / Empty CRL default entry on fresh install

« on: June 26, 2024, 01:22:45 pm »

Testing a new installation on a Proxmox lab I found an empty CRL entry under "System: Trust: Revocation" menu.
I don't think that this is used for anything.
Whatever button I press (info/download/delete...) it shows an error message. Screenshots attached.

2

24.7 Production Series / Installing from DVD

« on: June 13, 2024, 03:07:33 pm »

Hi, as I'm running a Proxmox lab, I'll replace 24.1 with 24.7 beta.
Just now, I'm installing it from the DVD.
I'll be updating the status

3

General Discussion / [SOLVED] ACME Challenge HTTP-01 stopped working

« on: January 31, 2024, 11:03:06 pm »

First of all, I've already solved the problem changing to DNS-01 challenge using cPanel API. But the issue is that I have 6 domains behind Nginx reverse proxy and the last successful renewal was on January, 1st. After that the next renew event on January, 22nd failed and I received an email from Letsencrypt warning me about the failure.
Between the two renew events there was an update from 23.7.10 to 23.7.11 and no other changes.
The renewal was done using HTTP-01 challenge and it worked fine for some years. 

I found this github issue https://github.com/opnsense/plugins/issues/1967#issue-675753796
The error that is reported in this github issue is the same than the reported on my case and there is a change listed in the 23.7.11 log that, in my opinion, could be related:

[system: include IPv6 link-local interface addresses for web GUI and OpenSSH (contributed by Maurice Walker)]

I opened this issue as a placeholder in case someone else has encountered this problem.

4

23.7 Legacy Series / Can new DDNS plugin handle custom URLs ?

« on: July 24, 2023, 12:26:49 am »

Hi, as I read that old DDNS plugin will not exists anymore, I'm preparing to upgrade to the new one beforehand.
I'm using many custom URLs to update cPanel dynamic records.
Does the new plugin support custom URLs ?

5

General Discussion / Problem with Rspamd connecting to Redis

« on: November 14, 2022, 09:18:48 pm »

Hi,
It appears that redis is not listening on ::1 nor 127.0.0.1 when working in protected mode.
I realize that Rspamd couldn't connect to redis in protected mode, so as a workaround I turned off protected mode and selected to listen on LAN.
Then I edited /usr/local/etc/rspamd/local.d/redis.conf and changed the server from [::1] to [192.168.1.1].

After that Rspamd started to connect to redis.

6

22.7 Legacy Series / [SOLVED] Pinger no longer starting on OpenVPN gateway after 22.7.7 update

« on: November 03, 2022, 01:57:01 pm »

Updated to 22.7.7 and pinger is not starting on that gateway.

General log says: Error  opnsense /status_services.php: The DARSA_VPNV4 monitor address is empty, skipping.

The gateway is dynamic and it should be used as monitor address unless other one is explicitly specified.

7

22.7 Legacy Series / [SOLVED] NGINX Cannot load a new site certificate

« on: October 19, 2022, 05:46:51 pm »

Hi, I have a problem trying to create a new site on NGINX.
I read a couple of recent threads on NGINX but I think this is different.
When I create a new site using HTTPS I first create a self signed certificate for the purpose of testing the configuration, and the following error appears on the NGINX general log:

cannot load certificate "/usr/local/etc/nginx/key/www.xxxxxx.com.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/usr/local/etc/nginx/key/www.xxxxxx.com.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

I went to see the given directory and the specified file is not there. It seems that the plugin is not able to copy the certificate inside its directory to use it.

Thank you

EDIT:
after reading further a previous thread I found this:
https://forum.opnsense.org/index.php?topic=30656.msg147980#msg147980
So I tried the fix  and it worked fine, so the issue is solved. And everything in one post 

8

22.7 Legacy Series / Insight Aggregator sudanly stopped

« on: August 27, 2022, 03:25:26 am »

Hi, as the subject says, the service stops with the following error:

flowd aggregate died with message Traceback (most recent call last): File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 160, in run aggregate_flowd(self.config, do_vacuum) File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 86, in aggregate_flowd stream_agg_object.cleanup(do_vacuum) File "/usr/local/opnsense/scripts/netflow/lib/aggregates/__init__.py", line 213, in cleanup self._update_cur.execute('vacuum') sqlite3.OperationalError: database or disk is full

The disk is filled at 61%, so there is a plenty of space left, about 7 GB.

I found this has happened before on another thread, but with no solution.

Have anyone experienced this problem?

9

22.1 Legacy Series / [SOLVED] NGINX does'n start after update to 22.1.9

« on: June 23, 2022, 06:12:43 pm »

Hi, I have this problem after update. I read that NGINX plugin was updated two.

The error I see in NGINX log is: unknown directive "js_include" in /usr/local/etc/nginx/nginx.conf:41

How can I revert back to the previous NGINX version?

Thank you

EDIT: this was solved on hotfix 22.1.9_1

Thank you again

10

21.1 Legacy Series / [SOLVED] My OPNSense cant route IPv6

« on: March 12, 2021, 11:08:03 pm »

Hi, I have a fibre connection of 50/10 Mbit.
My ISP doesn't allow me to configure the modem so the only thing I can do it configure a DMZ pointing to my OPNSense.
Recently my ISP implemented IPv6 and I discovered it by accident while I was connected directly to the GPON router.
So I configured OPNSense to get an IPv6 address via DHCPv6.
It now have IPs v4 and v6 on WAN.
I can ping to Internet from WAN interface, but when I try to ping from LAN or from a PC on LAN it doesn't work.
I noticed that the default IPv6 gateway it fe80::1 and not the IP of the interface or a link-local IP.
The ISP is ginving me a /64 prefix.
I've been making lots of experiments to try to make it work, but nothing. The best thing I get is pinging from WAN.

May be someone can give a clue to test farther.

Thank you

11

21.1 Legacy Series / Traffic graph widget not working anymore after 21.1.2 update

« on: February 23, 2021, 05:17:23 pm »

Updated from 21.1.1. Traffic graph widget worked fine on that version.
I'm using a virtual OPNSense box on VMWare ESXi 7u1 with virtual E1000 interfaces.

There must be some problem related to the replacement of traffic graphs in widget using chart.js as I read in the changelog

12

General Discussion / Can't make IPv6 work

« on: November 03, 2020, 10:24:27 pm »

Hi,
my ISP recently implemented IPv6. I have an optic fibre GPON terminal and an OPNSense box on a DMZ IP, so my network is nated twice and it works fine.
When I set the WAN interface to get an IPv6 via DHCPv6, I can ping the Internet from the WAN interface of the OPNSense box, but not from the LAN interface. I tested setting LAN as track interface and fixed IPv6, but nothing.
One thing I noted is that the IPv6 gateway is set as fe80::1.
May be someone can give me an idea.
Thanks..

13

19.1 Legacy Series / Local Trusted Certificates

« on: May 02, 2019, 06:22:13 pm »

Hi,
  how can I add my trusted certificates so I can backup directly to my Nextcloud?
Regards

14

General Discussion / TURN Server

« on: February 25, 2019, 01:23:49 pm »

Hi,

  is it possible to install a TURN server, like Coturn, on an OPNSense box?

Thank you and regards

15

18.7 Legacy Series / Nextcloud config backup

« on: August 01, 2018, 06:48:26 pm »

Hi,
   I have a Nextcloud server with a self-signed certificate and I can't connect with OPNSense to backup the configuration.

   This is what the log file shows when I enable Nextcloud in OPNSense:

{
"url":"https:\/\/cloud.xxxxxx.xxx\/remote.php\/dav\/files\/fjm\/",
"content_type":null,
"http_code":0,
"header_size":0,
"request_size":0,
"filetime":-1,
"ssl_verify_result":18,
"redirect_count":0,
"total_time":0.106457,
"namelookup_time":0.006754,
"connect_time":0.018284,
"pretransfer_time":0,
"size_upload":0,
"size_download":0,
"speed_download":0,
"speed_upload":0,
"download_content_length":-1,
"upload_content_length":-1,
"starttransfer_time":0,
"redirect_time":0,
"redirect_url":"",
"primary_ip":"192.168.2.4",
"certinfo":[],
"primary_port":443,
"local_ip":"192.168.2.1",
"local_port":2322
}

   Any help will be appreciated.

Cheers,