Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - lox

Pages: [1]

23.1 Legacy Series / [Captive] Whitelist URL

« on: January 25, 2023, 10:05:22 am »

Hello,

I have setup a Guest captive portal protected VLAN. It works.

I need a URL to be whitelisted, it has to be reachable without authenticating on the captive portal (a website that contains instruction to get access)

How can I do it ?

Regards.

General Discussion / 22.7.9 crashing

« on: December 01, 2022, 11:50:14 pm »

Hi,

I run OPNSense in a libvirt VM on Ubuntu host.

About 30 min after autoupdating to 22.7.9, it crashed. I tried rebooting it, it crashed again 2 hours later. Rebooted, crashed again nearly immediately. I rolled back to 22.7.8.

I didn't manage to get any log.

21.1 Legacy Series / Unbound error with domain override and DNSSec

« on: June 23, 2021, 12:03:15 pm »

Hello,

I have secured a domain with DNSSec, its DNS server being on the WAN. It has an office.domain.com subdomain.

I also have a local DNS server where that subdomain is set, so it resolves locally to local IPs. So I am adding a domain override in Unbound as such:

Code: [Select]

Domain                   IP
office.domain.com        10.25.65.16

And I get this error in Unbound:

Code: [Select]

2021-06-23T20:57:39	unbound[60568]	[60568:1] info: NSEC3s for the referral proved no delegation	 
2021-06-23T20:57:39	unbound[60568]	[60568:1] info: resolving office.domain.nc. DS IN	 
2021-06-23T20:57:39	unbound[60568]	[60568:1] info: query response was ANSWER	 
2021-06-23T20:57:39	unbound[60568]	[60568:1] info: reply from <office.domain.nc.> 10.25.65.16#53	 
2021-06-23T20:57:39	unbound[60568]	[60568:1] info: response for office.domain.nc. A IN	 
2021-06-23T20:57:39	unbound[60568]	[60568:1] info: resolving office.domain.nc. A IN

I understand that error. If I disable the DNSSec feature in unbound, it works.

But I am wondering if there is anyway to work around that (without disabling DNSSec checking), and have unbound give back the ANSWER returned by that local DNS server ?

21.1 Legacy Series / What's App video and audio calling blocked (whatsapp)

« on: June 04, 2021, 05:28:12 am »

Hello,

I have a very weird issue on an OPNsense firewall. What's App works for text but when initiating a call, either audio or video, the recipient phone rings, but when picking up the call, it fails to establish the p2p connection and times out. It happens when calling from inside to outside and the other way around.

If the devices are connected on the network, behind the firewall it works. If one is outside the network it fails most of the time BUT not every time ...

Nothing really fancy in the configuration, Web proxy, OpenVPN, IPsec, and some port redirections for a mail server, an HTTP/S server and a STUN (coturn). The bandwidth is 300mbps symmetrical, optical fiber.

I tried pluging in a simple hardware router/DSL modem, and it works as intended this way.

I am stuck.

20.7 Legacy Series / Loosing IPV6 IP intermitently

« on: September 25, 2020, 08:09:25 am »

Hi,

The LAN interface is loosing its IPV6 IP intermittently. If I go on the LAN interface form and just click save and apply, it comes back.

The WAN is configured with PPPoE/DHCPv6 and LAN with "Track interface".

20.7 Legacy Series / Updated Unix Realtek Drivers (1.96.04)

« on: August 10, 2020, 07:31:03 am »

Hello,

I have made a pull request in order to update the Realtek drivers to support Ordoid H2+.

How can I make use of it straight away ? I see in this thread that user @franco advised to update the kernel with a command like:

Quote from: franco link=topic=9644.msg43933#msg43933

Code: [Select]
# opnsense-update -kr 18.7.2-re # opnsense-shell reboot

How can I do so ?

Hardware and Performance / Odroid H2+ - Realtek RTL8125B ethernet

« on: July 29, 2020, 12:10:22 am »

Hello,

I am running OpnSense on an Odroid H2.

I want to upgrade to an Odroid H2+ which has Realtek RTL8125B ethernets. On the Hardkernel wiki they explain how to compile it for Linux, but I have no idea on how to do it for OpnSense (FreeBSD).

Is it possible ? If so how to do it ?

20.1 Legacy Series / (Resolved) PPPoE module isn't logging since 20.1 upgrade

« on: February 12, 2020, 04:34:43 am »

Simple: I don't have any logs anymore for my pppoe connection since the upgrade.

Anyway to have them back ?

See attached screenshot and /var/log/ppps.log stops at the time the router was upgraded.

General Discussion / Unbound fails to start on boot

« on: July 19, 2019, 01:16:01 am »

I have two instances installed and running the latest release.

Whenever it reboots unbound won't start.

"The command '/usr/local/sbin/unbound -c '/var/unbound/unbound.conf'' returned exit code '1', the output was '[1560960202] unbound[50455:0] error: can't bind socket: Can't assign requested address for fe80::5868:342b:b04d:bb1f port 53"

But "Register IPv6 link-local addresses" is disables as IPV6 in interfaces configuration is.

If I start it manually after reboot, it starts up properly.

I want to enable monit to monitor it and start it automatically when it fails, but I cannot find the shell command to start/stop it.

19.1 Legacy Series / Unbound crashes on boot on multiple installs

« on: June 28, 2019, 12:22:42 am »

Hello,

I have unbound setup on two boxes. Whenever OPNsense reboots, Unbound will not start. But I can start it up manually from the dashboard afterwards.

I have IPV6 disabled on all interfaces and VPNs and have not check the "Register IPv6 link-local addresses" option.

Here is the error raised:

Code: [Select]

Jun 28 03:03:22 router opnsense: /usr/local/etc/rc.bootup: The command '/usr/local/sbin/unbound -c '/var/unbound/unbound.conf'' returned exit code '1', the output was '[1561651402] unbound[74787:0] error: can't bind socket: Can't assign requested address for fe80::5868:342b:b04d:bb1f port 53 [1561651402] unbound[74787:0] fatal error: could not open ports'

General Discussion / Ldap not returning all users

« on: May 28, 2019, 12:27:02 pm »

I configured LDAP but I need to get only users of a single group 'VPN'. I need to import them to generate their own certificate for OpenVPN.

I tried it with Apache Ldap Directory without any exotic configuration, and I get my three users. I use this search pattern:

Code: [Select]

&(memberof=CN=VPN,CN=Groups,DC=office,DC=domain,DC=local )
When I try to import the users, only one user shows up. If I remove the search pattern I can see all the LDAP users but some are missing.

I can successfully use the missing users in the "Tester"

General Discussion / Sending emails with large attahcments make internet really slow

« on: April 19, 2019, 03:57:08 am »

On an ADSL how would one prevent a client sending a mail with large attachments to not slowdown the network.
I imagine it is in QOS settings but I have no idea on how to implement it.

General Discussion / [WORKAROUND] OpenVPN Clients cannot access unbound DNS

« on: January 23, 2018, 08:34:30 am »

Hello,

I have added the VPN interface in the Unbound settings, it added my OpnVPN network to the access list (10.11.0.1/32)

From the VPN connected devices I can query any DNS server but the firewall's. I get a "REFUSED" response.

Here are the unbound logs:

Code: [Select]

Jan 23 18:33:28	unbound: [90191:1] debug: refuse[45:0] C8E001000001000000000000086964656E746974790E676574766964656F73747265616D03636F6D0000010001
Jan 23 18:33:28	unbound: [90191:1] debug: refused query from ip4 10.11.0.6 port 43526 (len 16)
Jan 23 18:32:41	unbound: [90191:0] debug: refuse[39:0] 8A4F0100000100000000000005736F6C69640B7072657970726F6A65637403636F6D0000010001
Jan 23 18:32:41	unbound: [90191:0] debug: refused query from ip4 10.11.0.6 port 64442 (len 16)

General Discussion / Lockedup after activating Captive Portal

« on: January 21, 2018, 10:36:44 am »

Hello,

I turned on the captive portal feature and I am now locked up and cannot access the webui anymore (see screenshot)

I have SSH access but have no idea on how to get out of there.

Pages: [1]