Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - myksto

Pages: [1] 2

19.1 Production Series / Strange upgrade behavior from 18.7.10_4 to 19.1_1

« on: February 12, 2019, 11:02:10 am »

In one of my scenario I have two Dell PE 1950, they are identical in hardware: then they have WAN, DMZ and LAN interfaces.
The first firewall is in production and is LAN, DMZ and WAN (to a router with public IP) connected.
The second is a backup, same configuration as the first but connected only to the LAN interface with another private IP (of course). In this backup machine I set the first firewall LAN address as the default gateway. In this way it's connected to the internet anche can check for updates.
This morning I tried to update this backup firewall from 18.7.10_4 to the 19.1_1 through the GUI. I unlocked the upgrade and pressed the UPGRADE button. I waited for half an hour but apart from the dots on the screen no upgrade has been done. I rebooted the firewall and started the upgrade over but the result has been the same. Then I tried to upgrade from console but apart from the dots increasing on the screen nothing happened.
In this forum I found a thread who suggested another way to upgrade and tried it. Through the console I launched these commands:
# opnsense-update -fp -n "19.1\/latest"
Lots of packages were installed and all processes completed (apparently) with succes but at the end the firewall was not pingable and the GUI not accessible. I then tried to check for updates from console, the process installed some packages making the a "kernel update" and the rebooted the firewall. At that point everything were ok, the firewall pingable again and the GUI accessible.

This is not the first time I have problems to update this backup firewall and I really can't understand why.
Could it be the fact it's not WAN connected? Any other idea, suggestions?

Thanks and cheers,
Michele.

18.7 Legacy Series / Can't complete update from 18.7.9 to 18.7.10_3

« on: January 24, 2019, 04:39:09 pm »

I have several machine around the world and one by one I updated them to the latest release 18.7.10_3.
Well, I have a Dell server machine, identical to 3 others that I manage that can't complete the update process.
All packages and plugins have been updated apart from "base" and "kernel" packages.
I tried to reboot the server after an incomplete update process but with no luck. Dashboard says it's version 18.7.10_3 but if I check for updates I found that "base" and "kernel" need to be updated. I click on update button again but it starts to try to updated with no result.
I attached screen of the dashboard, the update process page,and the list of packages to be updated.
How can I overcome this strange situation?

Thanks and cheers,
Michele.

18.7 Legacy Series / Surfing between pages has sped up after upgrade to version 18.7.9

« on: December 18, 2018, 11:47:47 am »

I have to open a thread not to complain about something but to highligth the fact tha surfing between pages has been sped up after update to latest version. In firewall rules I have dozen of rows and before it took 5-6 seconds to surf from a page to another. Now it's almost immediate and it's a very very good thing!
Maybe it's because the cleanup you've made to the code I don't know but a very good job has been made.

Best regards,
Michele.

General Discussion / Hardware RAID (status, rebuilds, ecc.) checks and logs

« on: November 26, 2018, 08:47:19 am »

Hi.
I've OPNSense 18.7.8 installed on an old (but still good) Dell server with 2 sata disk configured in RAID1.
Well, this morning while I was making my usual tour check I saw one of the disks blinking orange meaning it was in an error state. I usually give a second chance to faulty disk extracting it and inserting it again after few seconds forcing RAID controller to rebuild the array. In Windows, Dell gives an utility to monitor the rebuid status and the RAID status as well.
Is there a way to monitor the RAID rebuild process through OPNSense? I tried to search through the logs in System -> Log Files but I saw nothing useful. I also searched Google but with no luck.

Thank you very much.

Cheers,

Michele.

18.7 Legacy Series / "Aliases" item missing in System ->Configuration -> Backup -> Restore Area

« on: November 21, 2018, 10:34:59 am »

I have two OpnSense machines: one is a production one, the second is for backup and test.
I usually make tests and then export configuration and import it to the production machine.
Today I need to import new Aliases and noticed that the item "Aliases" is missing in the "Restore Area".
I searched several times but I really can't find that key.

Has "Aliases" been removed? Can I ask you why and how can I import Aliases then?

Thanks a lot and cheers,

Michele.

General Discussion / Where list are saved in file system?

« on: October 05, 2018, 08:26:01 am »

I mean I would like to check whether lists as firehol, spamhouse drop, ecc. are updated or not and would like to know where they're are saved as files in OpnSense filesystem.
I searched in different directory but with no luck.

Can anyone help me find them?

Tnahks,
Michele.

Intrusion Detection and Prevention / How to manage a local ip list

« on: September 27, 2018, 10:42:56 am »

Hello everybody.
I would like to create and mantain a local (or more than one) list of ip addresses to use within alias and then in traffic rules.
I created a txt file and put it in a local folder in Opnsense (/mkst/lists/ip.txt).
I would like to load it and use an alias to do that.
So I created an alias using the URL IP type but I receive error and ip's don't load.
I tried in different ways and these are some errors:
update_tables.py: error fetching alias url \\127.0.0.1\mkst\lists\ips.txt
update_tables.py: error fetching alias url https://127.0.0.1/mkst/lists/ips.txt
update_tables.py: error fetching alias url https:\\127.0.0.1\mkst\lists\ips.txt

What is the right way to load a local list?

Thank you.

Cheers,
Michele.

General Discussion / No reporting data available for OpenVPN traffic

« on: June 28, 2018, 09:11:13 am »

Hi guys.
I setup the Insigt reporting feature so that I can monitor traffic from inside my networks.
In Netflow configuration I added my LAN, DMZ and OpenVPN interfaces.
When I go to the Insight function I can see all traffic and graphs for all interfaces except OpenVPN.
I attached screenshot of Netflow configuration and Insigth for OpenVPN interfaces where, you can see, no data is available and I have several OpenVPN connections active (mine too now).

Am I doing anything wrong or missing something?

Thanks and cheers,

Michele.

General Discussion / Reporting -> Insight not working properly

« on: May 08, 2018, 11:38:59 am »

Hello.
I've been using OPNSense for some months.
I'm on version 18.1.7, just updated.
I noticed a strange behaviour on the fantastic reporting section named "Insight".
I go on "Totals" tab then I go down to "Top usage ports/sources.
By default WAN is selected.
On the right of the graph I see several ip addresses (public ones) and if I go on the pie chart and select one of them, system takes me to the "Details" tab and put the ip address I select inside the "(src) Address" field as expected.
If I go back to the "Totals" tab, select "LAN" as the interface, choose and click on a IP adrress (private one this time) on the pie chart, system takes me to the "Details" tab but on the "src Address" put another IP address (public one) and NOT the one I chose before.

Beside if "WAN" is selected a small pop-up showing the ip address comes up when I go over the pie chart with the mouse but if I select LAN or another interface more often than not no IP is being shown.

I tried with Google Chrome and Mozilla Firefox and the behaviour is the same.

Is there a way to fix this "issue"?

Thanks a lot and cheers.

Michele.

General Discussion / Default Gateway for WAN and Automatic Outbound NAT

« on: March 22, 2018, 09:11:35 am »

Hi.
Here's my OPNSense 18.1.5 configuration (ip are not real of course):

WAN: public ip 88.40.191.10/29
LAN: 192.168.59.0/24
DMZ: 192.168.10.0/24

GW is a Huawei router whose address is the first available public address of my public pool: 88.40.191.9/29.
I inserted the GW ip address as the default GW in OPNSense gateways.
WAN cable of OPNSense is plugged in a port ot the Huawei router.
OPNSense WAN ip and Huawei router ip are in the same public subnet (/29) of course.

Well I found these strange behaviours (or better I think there're strange but maybe they're not):
if I ADD the "upstream gateway" (Huwaei router IP) in WAN interface OPNSense can't reach that gateway so no internet connection can be established, nothing at all.
if I DON'T ADD add the "upstream gateway" in WAN interface OPNSense can reach the gateway but noone in private networks can surf because the automatic OUTBOUND NAT rules are empty. If I manually add my private networks in OUTBOUND NAT everything is fine.

My questions are:

why my GW is unreachable if I add it in upstream gateway of the WAN interface? I mean, is it not correct to insert it there?
Why no outbound nat rule are automatically created if no upstream gw is set on WAN?
What is the default/correct practise in these cases?

Thanks a lot, Michele.

General Discussion / Strange characters in Firewall Log (Line View)

« on: March 15, 2018, 04:06:13 pm »

This morning I turn up my pc and open my dashbord with Google Chrome and find a strange slowness in moving betweene menus. Besides I found strange characters in firewall logs (screenshot attached).
No problem with Firefox and IE.
Chrome has been updated last week, disabled all extensions, no luck.

Suggestions?

General Discussion / Interface LAN problem after reboot

« on: March 14, 2018, 04:13:24 pm »

I have OPNSense version 18.1.4 installed on a Dell PowerEdge 1950.
The server has 4 Broadcom nics:
- 2 are embedded and are named as "bce0" (LAN) and "bce1" (WAN);
- 2 are on bus pci and are named as "bge0" (DMZ) and "bge1" (OPT2).
Everytime the firewall is restarted the LAN nic (bce0) is not reachable. If I unplug its network cable after a while this message appears on console: "/usr/src/sys/dev/if_bce.c(7886): whatchdog timeout resetting"
After that nic begins to work.
I tried to change the LAN interface binding it to "bge0" and after restart this nic does not have any problem.
I guess it's an issue belonging to "bce0" which is another chip. Maybe a driver issue?
How can I troubleshoot this?

Thanks a lot.

Michele.

General Discussion / Captive Portal: how to redirect all connections to the portal page?

« on: February 27, 2018, 05:28:34 pm »

Hi.
I'm trying to use the captive portal function.
I followed the official guide and everything is ok.
When I connect to the network where the captive portal is bind to and try to connect to any HTTP page I'm immediately redirected to the portal page (where I can insert my credential).
So if I try to connect to "http://www.mysite1.com" I'm redirected to the portal page, I can insert my credential and the I can surf the page and the web.
If I try to connect to any HTTPS site (eg. https://www.mysite2.com") well connection times out with an error and I'm not redirected to the portal page. I can't understand this behaviour as any connection intercepted should be redirected to the portal page.
Am I missing some configuration step?
Is there a way to bypass this and force any type of connections (http and https) to redirect to the portal page?

Thanks a lot.

Michele.

General Discussion / Multiple public ip addresses on one WAN nic

« on: February 01, 2018, 04:53:07 pm »

My configuration:
OPNSense on a phisical server (Dell PowerEDGE) with 3 nics: LAN, WAN and DMZ.
LAN and DMZ are configured with private networks (eg. 192.168.10.0/24).
My ISP will give me their router and a range of 8 public (network type 255.255.255.248).
ISP's router will be assigned the first public IP and OPNSense WAN interface the second one.
My aim is to use the remaining public IPs and to bind them to the WAN interface. I did it in IpCop installation and there they're called "Alias IPs".
In OPNSense we have "Virtual IPs" and I wonder whether they can be used to "map" all public IPs I have to the WAN interface.
I will use them to create rules, make Port Forwardings, ecc. just as they were different interfaces (nics).

Is this the right way to configure them? I read several post talking about using the NAT 1:1 feature when having different public IPs and want to bind them to the same interface (WAN) but most of the users were talking about OPNSEnse built as a virtual machine (with all the implications of that case) whereas mine is a physical server.

Thanks a lot.

Michele.

Web Proxy Filtering and Caching / Squid, lightsquid and logrotate

« on: December 20, 2017, 12:05:01 pm »

Hi,
I installed lightsquid via command line and everything's ok.
I even succeded in protecting lighteghtsquid reports with a user and a password.
I'm trying to understand how OPNSense manage log files but it's too hard for me.
I know that squid logrotation is off because in squid.conf I find these rows:

"# Disable squid logfile rotate to use system defaults
logfile_rotate 0"

What are "system defaults" and how can be managed?
Some older posts in other forums people talk about the fact than lightsquid manages logrotation but I found no rotation command in crontab.

"root@OPNsense:/usr/local/www/lightsquid/report # crontab -l
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
#minute hour mday month wday command
1 * * * * (/usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout) > /dev/null
2 * * * * (/usr/local/sbin/expiretable -v -t 3600 sshlockout) > /dev/null
3 * * * * (/usr/local/sbin/expiretable -v -t 3600 virusprot) > /dev/null
5 * * * * (/usr/local/etc/rc.expireaccounts) > /dev/null
1 1 * * * (/usr/local/etc/rc.update_alias_url_data) > /dev/null
6 1 * * * (/usr/local/etc/rc.update_urltables) > /dev/null
*/4 * * * * (/usr/local/sbin/ping_hosts.sh) > /dev/null
1 3 1 * * (/usr/local/etc/rc.update_bogons cron) > /dev/null "

I would like to keep squid logs for future "investigations" but all logs are deleted after 10 days and lightsquid reports too.
Is there a way to tell "system defaults" how to differently manage logs?

Best regards, Michele.

Pages: [1] 2