Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - ljm42

Pages1
#1
18.7 Legacy Series / Unable to login after upgrade to 18.7
August 26, 2018, 07:04:22 PM
I just upgraded from 18.1.13 to 18.7 (not sure why it didn't go to 18.7.1)

Now when I try to login as root via the web it says:
  Wrong username or password.
and root via the console:
  Login incorrect

Any thoughts on how I can get back in?

I do have a backup of the xml file

This is similar to this issue:
  https://forum.opnsense.org/index.php?topic=9529.0
except I have a hardware router and not a VM.
#2
General Discussion / new user feedback
October 26, 2017, 03:00:41 AM
I thought I'd give some new user feedback on OPNsense in the hopes that it is helpful. This is based on OPNsense 17.7.6

Overall, I am very impressed. There is a lot going on here, but it mostly feels like cohesive system rather than a collection of parts.  Nicely done :)

In terms of things that could be improved...

* I find myself continually clicking the "full help" button. Can this be persistent? So turn it on, and it stays on as you move throughout the site until you turn it off?

* Once you've chosen to use Unbound, can we remove the option for Dnsmasq? Similarly, is there a way to remove the IPsec VPN option if you only plan to use OpenVPN?

* It is strange to enable "DNS Rebinding Checks" under System -> Settings -> Administration, but then go to Services -> Unbound -> General -> Custom to put in exceptions:
Code Select
  server:
  private-domain: "plex.direct"
  private-domain: "unraid.net"
It would be more natural if you could add a list of exceptions (in the form of "plex.direct,unraid.net") right after enabling the check, and then have the Dnsmasq/Unbound plugins figure out what to do with the exceptions.

* When configuring NetFlow for use with Insight, what is the appropriate value for "Destinations"? The "full help" suggests an IP with port 2550 whereas the manual suggests 127.0.0.1:2056, but there is no indication of what sort of collector is at the destination and whether it is already installed as part of OPNsense.  As a side topic, once you input 127.0.0.1:2056, the interface won't let you remove it.

* I setup FreeRADIUS per these instructions:
https://wiki.opnsense.org/manual/how-tos/freeradius.html
https://wiki.opnsense.org/manual/how-tos/user-radius.html
https://wiki.opnsense.org/manual/how-tos/user-local.html
but two key pieces of information were missing:
1. You need to setup the OPNsense router as a client on FreeRADIUS before you can use it.
2. After creating a user in FreeRADIUS, you need to create the same user in the local database (with a scrambled password) if you want to integrate with the rest of the system.

In terms of making a more cohesive system, I would really like to see the System -> Access -> Users page have an indicator of some sort specifying whether a given user has a FreeRADIUS account or not, and a link to create/edit one.  And similarly, the Services -> FreeRADIUS -> User list should indicate whether the FreeRADIUS user has a corresponding local account and have a link to create/edit it.

Anyway, many thanks to the development team for all the work you've put into this project. I'm excited to see where it goes!
Pages1