Topics

1

General Discussion / Business

« on: October 19, 2024, 09:03:28 am »

Wouldn't it make sense to have here a business topic somewhere, so the business user can share there thoughts and problems at the right place, too?
Or did I oversee?

2

23.1 Legacy Series / update to 23.1.b_202 failure

« on: January 20, 2023, 03:59:59 pm »

did receive a failure at the webinterface

/usr/local/opnsense/mvc/app/library/OPNsense/Core/Backend.php:69: Class "OPNsense\Phalcon\Logger\Logger"

3

22.7 Legacy Series / Ruby vulnerable - 2.7.6_3,1

« on: December 02, 2022, 09:26:39 am »

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 22.7.9 (amd64/OpenSSL) at Fri Dec  2 09:22:58 CET 2022
vulnxml file up-to-date
ruby-2.7.6_3,1 is vulnerable:
  rubygem-cgi -- HTTP response splitting vulnerability
  CVE: CVE-2021-33621
  WWW: https://vuxml.FreeBSD.org/freebsd/84ab03b6-6c20-11ed-b519-080027f5fec9.html

1 problem(s) in 1 installed package(s) found.
***DONE***

4

22.1 Legacy Series / Unbound - not possible to create an override from a dhcp client?

« on: July 21, 2022, 06:38:52 am »

I've got an entry which works.


If I change that entry to


it doesn't work anymore. This is the ip which the client receives from dhcp.

5

21.7 Legacy Series / Network Time - Outlier - found 1 peer non suitable

« on: April 28, 2022, 06:09:34 am »

I don't found that much about the status Outlier in NTP.
Have that status no since about some weeks periodically. But never seen before.

6

21.7 Legacy Series / Update popup/notifications

« on: November 26, 2021, 07:45:52 am »

Anybody have the same?

I do receive all (not sure, but multiple) popups/notifications in the firmware update region two times.
Try to check further on other systems I have.

- Update details for the next update
- Firmware status

7

21.7 Legacy Series / 21.7.5_2

« on: November 19, 2021, 08:02:56 am »

Where do I find informations about 21.7.5_2?
Did not see any anouncement..

8

19.7 Legacy Series / tried to install & run maltrail

« on: July 17, 2019, 03:37:23 pm »

but actually installation worked, but maltrail did not start.
Am I missing something important?

Enabled General
Enabled Server
Enabled Sensor

9

19.1 Legacy Series / CARP HA on VMware works with 19.1.7 / fails with 19.1.8

« on: June 03, 2019, 06:55:01 am »

Actually today I tried to update from 19.1.7 to 19.1.8 but had to rollback because it looks like HA CARP is broken.
Anyone can test/confirm that:
- Both Firewalls installed with 19.1.7 configured HA and multiple CARP IPs on multiple interfaces
- Update secondary to 19.1.8 check functionality
- then "Enter persistent CARP Maintenance Mode" --> hand over CARP MASTER to SLAVE FW
- "Leave persistent CARP Maintenance Mode" --> to test if CARP still works
- "Enter persistent CARP Maintenance Mode" --> to handover CARP MASTER again in front of the update
- Update primary to 19.1.8 - all good so far inclusive the reboot.
- But now "Leave persistent CARP Maintenance Mode" will not handover back the MASTER CARP Role to the primary.

Actually I couldn't do more intensive testing and had to rollback.

10

19.1 Legacy Series / [SOLVED] OUTBOUND NAT - not working with predefinded "network names"

« on: March 11, 2019, 02:19:41 pm »

Hi there,

We use OPNsense as a virtual HA Appliance and just discovered a Problem:
When we would like to create an outbound NAT with the predefined Network Names it does not rewrite the packets. So

not working
**********
NAT defined like:


tcpdump on destination system - timestamp 13:46:31.840143:


working
**********
NAT changed to


tcpdump on destination system - timestamp 13:51:13:082851:

11

General Discussion / OPNids / OPNsense with suricata

« on: January 29, 2019, 10:43:12 am »

May I ask something about OPNids / OPNsense here?
OPNids sounds interesting but how is it aligned with OPNsense?

• Is it a new prodcut based on opnsense, where opnsense & suricata is streamlined in one product? (With additional MLE).
• If I already use OPNsense now, is there a migration path. - do I need one?
• or will there be a package, if I'd like to use OPNids?
• will it replace the ids package on opnsense?
• is it intended to have a separated ids / suricata instance next to a firewall like opnsense? 

12

19.1 Legacy Series / 19.1b - installed on APU

« on: December 08, 2018, 04:25:55 pm »

https://pkg.opnsense.org/FreeBSD:11:amd64/snapshots/OPNsense-19.1.b-OpenSSL-serial-amd64.img.bz2
https://forum.opnsense.org/index.php?topic=10135.0

Installed on

Code: [Select]

BOOT from USB
**********************************
Versions OPNsense 18.7.6-amd64
FreeBSD 11.2-RELEASE-p4-HBSD
OpenSSL 1.0.2p 14 Aug 2018
Updates Click to check for updates.
CPU Type AMD G-T40E Processor (2 cores)

Code: [Select]

INSTALLED on ada0
***********************************
took little bit long at 40%

Versions OPNsense 18.7.6-amd64
FreeBSD 11.2-RELEASE-p4-HBSD
OpenSSL 1.0.2p 14 Aug 2018
Updates Click to check for updates.
CPU Type AMD G-T40E Processor (2 cores)

Code: [Select]

uname -a
FreeBSD OPNsense.localdomain 11.2-RELEASE-p4-HBSD FreeBSD 11.2-RELEASE-p4-HBSD  4b21e5691ff(master)  amd64

Code: [Select]

PC Engines APU BIOS build date: Sep  8 2014
Total memory 4096 MB
AMD G-T40E Processor
APU1C


13

18.7 Legacy Series / IDS not working - what did I miss?

« on: November 23, 2018, 11:15:55 pm »

I'd loke to enable Intrusion Detection.
So I looked under Administration, Intrusion Detection, Settings
enabled: on
IPS mode: on
Promiscuous mode: tried with on / off
Pattern Matcher: default
Interface WAN

under Download:
I marked all, enabled all
Download & Update Rules (Abuse.ch seem to have some problems, but URLHaus was updated)
at all Abuse.ch I set the filter to "Drop"
and so far I went to the list urlhaus.abuse.ch/ and decided to go for the https://urlhaus.abuse.ch/url/83455/ to test.

But the traffic was not dropped.

Thx in advance

14

18.7 Legacy Series / Aliases - Documentation (URL / URL Table)

« on: September 25, 2018, 11:33:40 am »

Hi there,

I just saw some differences between documentation on opnsense.org / opnsense fw itself and available options when creating aliases.

In "Alias Edit" you got the possibilities Hosts, Networks, Ports, URL (IPs), URL Table (IPs), GeoIP, External.
The description below lists only  Hosts, Networks, Ports, URLs, GeoIP, External - so no URL Table
The documentation at https://wiki.opnsense.org/manual/aliases.html lists only Hosts, Networks, Ports, URL Tables, GeoIP

Whats the difference between URL / URL Table? In the GUI only at URL Table an "Alias Expiration" can be provided (days + hours). This is stated on Documentation at https://docs.opnsense.org/manual/how-tos/edrop.html

And another question: When https://docs.opnsense.org/manual/how-tos/edrop.html mentions that "update frequency 1" means "for each day" with the explanation of  (days + hours) at alias edit view. Do i have to enter "0 1" to update every hour?

15

18.1 Legacy Series / RC Version in Production Channel

« on: July 25, 2018, 07:36:02 am »

Only a short question:
Is it wanted, that r1 / r2 versions are displayed in "Updates" when Release Type "Production" is selected?

Added this second one question 
Is there any chance to select the dedicated version to update. So for instance at the 20th of june the newest update for 18.1 would be the 18.7.r2 in the list right. So if I then use the gui to update, my system will be updated to 18.7.r2. and not the latest 18.1 correct?

Actually I think I'm missing/overseen something..