OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of emfabox »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - emfabox

Pages: [1]
1
23.7 Legacy Series / Reporting -> Unbound DNS
« on: October 04, 2023, 08:11:21 am »
Hello,

for some reason Reporting stops until I restart unbound service - anyone out there with the same issue?

Running on V23-7.5-amd64

Thank you.

2
22.7 Legacy Series / unbound blocklist download failed
« on: September 12, 2022, 10:08:32 am »
V: OPNsense 22.7.4-amd64

Since the last upgrade I am facing issues with unbound ... is there something I missed since moving to latest version?

[17a89939-128a-4063-818f-d691d6181385] Script action failed with Command ' /usr/local/opnsense/scripts/unbound/blocklists.py && /usr/local/opnsense/scripts/unbound/wrapper.py -b ' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 482, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command ' /usr/local/opnsense/scripts/unbound/blocklists.py && /usr/local/opnsense/scripts/unbound/wrapper.py -b ' returned non-zero exit status 1.

--
2022-09-12T09:49:27   Notice   unbound    blocklist download done in 4.33 seconds (424057 records)
2022-09-12T09:49:27   Notice   unbound    blocklist download http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&mimetype=plaintext (lines: 3674 exclude: 0 block: 3674)
2022-09-12T09:49:27   Notice   unbound    blocklist download https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts (lines: 145840 exclude: 15 block: 138719)
2022-09-12T09:49:26   Notice   unbound    blocklist download https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt (lines: 38 exclude: 0 block: 34)
2022-09-12T09:49:26   Notice   unbound    blocklist download https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt (lines: 2705 exclude: 0 block: 2701)
2022-09-12T09:49:25   Notice   unbound    blocklist download https://blocklistproject.github.io/Lists/alt-version/tracking-nl.txt (lines: 15078 exclude: 0 block: 15051)
2022-09-12T09:49:25   Notice   unbound    blocklist download https://blocklistproject.github.io/Lists/alt-version/scam-nl.txt (lines: 1283 exclude: 0 block: 1265)
2022-09-12T09:49:25   Notice   unbound    blocklist download https://blocklistproject.github.io/Lists/alt-version/redirect-nl.txt (lines: 108693 exclude: 0 block: 108675)
2022-09-12T09:49:24   Notice   unbound    blocklist download https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt (lines: 154726 exclude: 0 block: 154563)
2022-09-12T09:49:23   Notice   unbound    blocklist download https://justdomains.github.io/blocklists/lists/adguarddns-justdomains.txt (lines: 48005 exclude: 3 block: 48002)
2022-09-12T09:49:23   Notice   unbound    blocklist download https://adaway.org/hosts.txt (lines: 11616 exclude: 2 block: 7253)
2022-09-12T09:49:23   Notice   unbound    blocklist download https://threatfox.abuse.ch/downloads/hostfile (lines: 1904 exclude: 0 block: 1895)
2022-09-12T09:49:23   Notice   unbound    blocklist download : exclude domains matching xxxx.xx|^(?![a-zA-Z_\d]).*|libro.local|.*localhost$
2022-09-12T09:48:03   Notice   unbound    blocklist download done in 5.87 seconds (424057 records)

3
19.1 Legacy Series / tinc vpn between debian vps and opnsense mtu erros
« on: June 03, 2019, 09:12:48 pm »
Hello,

since a couple of days I get a lot of mtu size errors in the firewall log:

XXX.XXX.XXX.XXX.655 > xxx.xxx.xxx.xxx.655: UDP, length 1508
00:00:00.001556 rule 91/0(match): pass out on lo0: (tos 0x0, ttl 64, id 51338, offset 0, flags [none], proto ICMP (1), length 56)
127.0.0.1 > XXX.XXX.XXX.XXX: ICMP xxx.xxx.xxx.xxx unreachable - need to frag (mtu 1500), length 36
(tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 1536, bad cksum 4321 (->1f19)!)
XXX.XXX.XXX.XXX.655 > xxx.xxx.xxx.xxx.655: UDP, length 1508
00:00:00.000703 rule 91/0(match): pass out on lo0: (tos 0x0, ttl 64, id 4189, offset 0, flags [none], proto ICMP (1), length 56)
127.0.0.1 > XXX.XXX.XXX.XXX: ICMP xxx.xxx.xxx.xxx unreachable - need to frag (mtu 1500), length 36
(tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 1536, bad cksum ef3e (->1f19)!)



tinc is now running on the same version on both sites - never had this issues before the setup is running over a year since

/sbin/tincd --version
tinc version 1.0.35

any suggestions?

thank you

4
Development and Code Review / Testing open connect server ocserv
« on: February 04, 2018, 08:35:43 pm »
Hi,

the openconnect  client plugin inspired me to play with ocserv - got all necessary packages build and the service up and running but some troubles with the tunnel device name it looks like opnsense does not recognize those interfaces ... sbin/ifconfig tun0 name ocvpnc1 does the trick temporarily so I am asking the real greeks ...

Thank you!

5
Intrusion Detection and Prevention / [SOLVED] IDS Rule Download Error SSL routines
« on: January 31, 2018, 03:49:48 pm »
Hi there,

I am not able to download new rulesets ... tried it over command line and got the error below:

/usr/local/opnsense/scripts/suricata # /usr/local/opnsense/scripts/suricata/rule-updater.py
From cffi callback <function _verify_callback at 0x4b73add1230>:
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/site-packages/OpenSSL/SSL.py", line 313, in wrapper
    _lib.X509_up_ref(x509)
AttributeError: 'module' object has no attribute 'X509_up_ref'
Traceback (most recent call last):
  File "/usr/local/opnsense/scripts/suricata/rule-updater.py", line 90, in <module>
    filename=rule['filename'], input_filter=input_filter, auth=auth)
  File "/usr/local/opnsense/scripts/suricata/lib/downloader.py", line 129, in download
    req = requests.get(**req_opts)
  File "/usr/local/lib/python2.7/site-packages/requests/api.py", line 72, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/requests/api.py", line 58, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 502, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 612, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/requests/adapters.py", line 504, in send
    raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='rules.emergingthreats.net', port=443): Max retries exceeded with url: /open/suricata-1.3-enhanced/emerging.rules.tar.gz (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))

Any Idea ...

Thx

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2