Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - myksto

Pages: [1] 2

22.1 Production Series / Warning on Intrusion Detection logs

« on: June 06, 2022, 12:03:30 pm »

Hi.
I noticed several warnings on Intrusion Detection logs after update to version 22.1.8_1.
Warnings are like these (some examples):

[ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol http2 enable status not set, so enabling by default.
[ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol rdp enable status not set, so enabling by default.
[ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol mqtt enable status not set, so enabling by default.
[...]

I know those are "just" warnings but do I have to worry about?

Thanks a lot,
Michele

Virtual private networks / How to force OpenVPN clients to disconnect after a certain amount of time

« on: October 27, 2021, 05:02:35 pm »

Hi guys.
I have lots of Openvpn clients who leave connections open even if they don't use for hours and some of them also go home leaving VPN connections open!
Is there a way in server or client side or both to setup a timeout so that after e.g. 60 minutes without utilization clients automatically disconnects from server?

Thanks a lot.

Michele.

21.1 Legacy Series / Problems after 21.7.1_1 update

« on: June 22, 2021, 10:07:34 am »

I read some other threads and saw that this update caused some problems.
I did the update, something has gone wrong or better, update log in the gui stopped but the firewall did the reboot.
When the firewall rebooted the update check stucks (see image attached).
I tried re-installing the 21.1.7_1 packed with no luck and it seems to not work properly.
I also launched "/usr/local/opnsense/scripts/firmware/health.sh" but everything is ok. I tried to launch it from the gui but it doesn't work.

What else can I do to restore normal behaviour?

Thanks a lot,
Michele.

20.7 Legacy Series / Upgrade no more available

« on: September 07, 2020, 09:20:22 am »

Hi to everybody.
I'm on 20.1.9_1 version and want to upgrade to 20.7.x.
I tried to upgrade but received the error "no signature found".
I follow the advice of this post https://forum.opnsense.org/index.php?topic=11199.0 where Franco says to delete two files: /usr/local/opnsense/firmware-upgrade and /usr/local/opnsense/firmware-message.
I did that but now when I check for new version, 20.7 is no more proposed, the message simply says that there's no update available on selected mirror.

How can I solve this and upgrade to version 20.7.x?

Thanks a lot,

Michele.

19.7 Legacy Series / GUI on Google Chrome: tools to move, delete, edit, clone rules not visible

« on: September 23, 2019, 04:23:09 pm »

Hi.
As I just wrote in the object: I noted that on the right side of the GUI tools to manage rules are not visible in Google Chrome while they're in Mozilla Firefox and in IE.
I attached two shots of both browsers just to see the differences (see the red circles).

Is there anyone who knows the reason ot this strange behaviour in Google Chrome and eventually how to solve this little problem?

Thanks and cheers,
Michele.

19.7 Legacy Series / Error on Suricata 4.1.4_4 Logs

« on: September 12, 2019, 04:37:13 pm »

I recently noted this error on Suricata logs:
"suricata: [100148] <Warning> -- [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE(317)] - in 5.0 the default for decoder event stats will go from 'decoder.<proto>.<event>' to 'decoder.event.<proto>.<event>'. See ticket #2225. To suppress this message, set stats.decoder-events-prefix in the yaml."

I also can't see any packet blocked by suricata so I guess it's not working.

I tried to restart the service but error comes again.

I searched for 2225 ticket and found this for version 4.1.3: "Bug #2225: when stats info dumping in redis,the decoder.ipv4.trunc_pkt can’t output.In the same time, in the stats.log this can output" but to tell the truth I did not understand whether I can solve the issue or not.

Is there a way to solve it?

Thanks and cheers.

Michele.

19.1 Legacy Series / Open VPN daemon doesn't start after firewall reboot

« on: May 08, 2019, 04:00:44 pm »

I have two Openvpn servers in the same firewall: OPN1 and OPN2.
Sometimes after a firewall reboot both deamons don't come up and in dashboard they're red. If I try to restart them they don't and logs says that:
"openvpn[76450]: Exiting due to fatal error;
openvpn[76450]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
openvpn[76450]: TUN/TAP device ovpns1 exists previously, keep at program end"

I found an old post https://forum.opnsense.org/index.php?topic=6376.0 and there I found the solution to find and kill processes. In that post a bug was opend at Github but I was not able to understand whether the bug had been correct or not.

Is it known why this happens?
Is there a more simply way to make Open VPN deamons come up after a simple firewall reboot (for example for a system update)?

Thanks a lot.

Best regards,
Michele

19.1 Legacy Series / Request filter log output in Backend Log File

« on: March 25, 2019, 12:34:23 pm »

I have a Dell server with 19.1.4 x64 release.
I saw lots of messages in "System -> Log Files -> Backend" showing "Request filter log output".
Times ago it happened the same, I shutdown and restart server and logs went away (so it's not versione related).
Today I have the same "problem".
It seems like a sort of container gets full and needs to be emptied.
Can someone tell me why this is happening and eventually how to stop it?

Thanks a lot.

Cheers,
Michele.

19.1 Legacy Series / Strange upgrade behavior from 18.7.10_4 to 19.1_1

« on: February 12, 2019, 11:02:10 am »

In one of my scenario I have two Dell PE 1950, they are identical in hardware: then they have WAN, DMZ and LAN interfaces.
The first firewall is in production and is LAN, DMZ and WAN (to a router with public IP) connected.
The second is a backup, same configuration as the first but connected only to the LAN interface with another private IP (of course). In this backup machine I set the first firewall LAN address as the default gateway. In this way it's connected to the internet anche can check for updates.
This morning I tried to update this backup firewall from 18.7.10_4 to the 19.1_1 through the GUI. I unlocked the upgrade and pressed the UPGRADE button. I waited for half an hour but apart from the dots on the screen no upgrade has been done. I rebooted the firewall and started the upgrade over but the result has been the same. Then I tried to upgrade from console but apart from the dots increasing on the screen nothing happened.
In this forum I found a thread who suggested another way to upgrade and tried it. Through the console I launched these commands:
# opnsense-update -fp -n "19.1\/latest"
Lots of packages were installed and all processes completed (apparently) with succes but at the end the firewall was not pingable and the GUI not accessible. I then tried to check for updates from console, the process installed some packages making the a "kernel update" and the rebooted the firewall. At that point everything were ok, the firewall pingable again and the GUI accessible.

This is not the first time I have problems to update this backup firewall and I really can't understand why.
Could it be the fact it's not WAN connected? Any other idea, suggestions?

Thanks and cheers,
Michele.

18.7 Legacy Series / Can't complete update from 18.7.9 to 18.7.10_3

« on: January 24, 2019, 04:39:09 pm »

I have several machine around the world and one by one I updated them to the latest release 18.7.10_3.
Well, I have a Dell server machine, identical to 3 others that I manage that can't complete the update process.
All packages and plugins have been updated apart from "base" and "kernel" packages.
I tried to reboot the server after an incomplete update process but with no luck. Dashboard says it's version 18.7.10_3 but if I check for updates I found that "base" and "kernel" need to be updated. I click on update button again but it starts to try to updated with no result.
I attached screen of the dashboard, the update process page,and the list of packages to be updated.
How can I overcome this strange situation?

Thanks and cheers,
Michele.

18.7 Legacy Series / Surfing between pages has sped up after upgrade to version 18.7.9

« on: December 18, 2018, 11:47:47 am »

I have to open a thread not to complain about something but to highligth the fact tha surfing between pages has been sped up after update to latest version. In firewall rules I have dozen of rows and before it took 5-6 seconds to surf from a page to another. Now it's almost immediate and it's a very very good thing!
Maybe it's because the cleanup you've made to the code I don't know but a very good job has been made.

Best regards,
Michele.

General Discussion / Hardware RAID (status, rebuilds, ecc.) checks and logs

« on: November 26, 2018, 08:47:19 am »

Hi.
I've OPNSense 18.7.8 installed on an old (but still good) Dell server with 2 sata disk configured in RAID1.
Well, this morning while I was making my usual tour check I saw one of the disks blinking orange meaning it was in an error state. I usually give a second chance to faulty disk extracting it and inserting it again after few seconds forcing RAID controller to rebuild the array. In Windows, Dell gives an utility to monitor the rebuid status and the RAID status as well.
Is there a way to monitor the RAID rebuild process through OPNSense? I tried to search through the logs in System -> Log Files but I saw nothing useful. I also searched Google but with no luck.

Thank you very much.

Cheers,

Michele.

18.7 Legacy Series / "Aliases" item missing in System ->Configuration -> Backup -> Restore Area

« on: November 21, 2018, 10:34:59 am »

I have two OpnSense machines: one is a production one, the second is for backup and test.
I usually make tests and then export configuration and import it to the production machine.
Today I need to import new Aliases and noticed that the item "Aliases" is missing in the "Restore Area".
I searched several times but I really can't find that key.

Has "Aliases" been removed? Can I ask you why and how can I import Aliases then?

Thanks a lot and cheers,

Michele.

General Discussion / Where list are saved in file system?

« on: October 05, 2018, 08:26:01 am »

I mean I would like to check whether lists as firehol, spamhouse drop, ecc. are updated or not and would like to know where they're are saved as files in OpnSense filesystem.
I searched in different directory but with no luck.

Can anyone help me find them?

Tnahks,
Michele.

Intrusion Detection and Prevention / How to manage a local ip list

« on: September 27, 2018, 10:42:56 am »

Hello everybody.
I would like to create and mantain a local (or more than one) list of ip addresses to use within alias and then in traffic rules.
I created a txt file and put it in a local folder in Opnsense (/mkst/lists/ip.txt).
I would like to load it and use an alias to do that.
So I created an alias using the URL IP type but I receive error and ip's don't load.
I tried in different ways and these are some errors:
update_tables.py: error fetching alias url \\127.0.0.1\mkst\lists\ips.txt
update_tables.py: error fetching alias url https://127.0.0.1/mkst/lists/ips.txt
update_tables.py: error fetching alias url https:\\127.0.0.1\mkst\lists\ips.txt

What is the right way to load a local list?

Thank you.

Cheers,
Michele.

Pages: [1] 2