Topics

1

General Discussion / Use letsencrypt got this error.

« on: December 10, 2020, 02:30:29 am »

Hello,
I want use letsencrypt to generate my web ssl key.I make sure dns setup done and can resolve domain.But when I click generate key will got error message.

[Thu Dec 10 08:55:30 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/9193634542/k7kq1Q'
[Thu Dec 10 08:55:30 CST 2020] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Dec 10 08:55:31 CST 2020] _ret='0'
[Thu Dec 10 08:55:31 CST 2020] code='200'
[Thu Dec 10 08:55:31 CST 2020] domain:Verify error:DNS problem: SERVFAIL looking up A for domain - the domain's nameservers may be malfunctioning
[Thu Dec 10 08:55:31 CST 2020] pid
[Thu Dec 10 08:55:31 CST 2020] No need to restore nginx, skip.
[Thu Dec 10 08:55:31 CST 2020] _clearupdns
[Thu Dec 10 08:55:31 CST 2020] dns_entries
[Thu Dec 10 08:55:31 CST 2020] skip dns.
[Thu Dec 10 08:55:31 CST 2020] _on_issue_err
[Thu Dec 10 08:55:31 CST 2020] Please check log file for more details: /var/log/acme.sh.log
[Thu Dec 10 08:55:31 CST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/9193634542/k7kq1Q'
[Thu Dec 10 08:55:31 CST 2020] payload='{}'
[Thu Dec 10 08:55:31 CST 2020] POST
[Thu Dec 10 08:55:31 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/9193634542/k7kq1Q'
[Thu Dec 10 08:55:31 CST 2020] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Dec 10 08:55:32 CST 2020] _ret='0'
[Thu Dec 10 08:55:32 CST 2020] code='400'

What's this problem?

2

Web Proxy Filtering and Caching / Have any tutoral nginx for https?

« on: December 04, 2020, 06:50:01 am »

Hello,
I know how to set web proxy filter for http. If I want for https and 80 port forward 443 port. How to do it?

3

Virtual private networks / Could support wireguard export user config file and gererate user key?

« on: November 20, 2020, 02:26:31 am »

Hello,
I hope it's generate key on web and export user config file.It's will easy to use it.Thanks a lot.

4

Virtual private networks / Could route add vpn to do?

« on: November 19, 2020, 03:11:14 am »

My network like follow
                                                                   These server and client are the same server
|Windows Wireguard VPN client|--->|A:Wireguard VPN Server|+|C:Wireguard VPN Client|--->|B:Wireguard Server|
            Wireguard IP:10.8.0.2                           IP:10.8.0.1                   IP:10.7.0.2                        IP:10.7.0.1
I can connect from Windows Wireguard VPN client to A wireguard vpn server and C wireguard client also can connect to B server.I hope windows client through A server and forward to B server then go to internet.But Windows only ping 10.8.0.0 network.I try setup C client allow ips add 10.8.0.0/24.But it's can't up this interface when I add allow ips 10.8.0.0/24.Could any friend teach me how to do it?

5

Web Proxy Filtering and Caching / Could naxsi support block empty user-agent?

« on: November 05, 2020, 02:42:39 am »

Hello,
I know nginx can use hook to add block empty user-agent.I want know naxsi could support it?

6

20.7 Legacy Series / Could add custom config to nginx.conf?

« on: November 04, 2020, 08:43:17 am »

I want add some config to nginx plugins.But I can't found where to do it.Could opnsense support it?

7

Web Proxy Filtering and Caching / Nginx reverse proxy will get "broken header"

« on: November 04, 2020, 02:54:44 am »

Hello,
I has setup nginx reverse proxy all done.It's can success to browsers it.
But if I enable OPNSense -- Service -- nginx -- HTTP Server Proxy Protocol and Real IP.It's can't see web page.The Opnsense nginx log will show

2020/11/04 09:38:24 [error] 36521#100138: *10 broken header: "GET / HTTP/1.1
Host: ab.aspa.idv.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-TW,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: tk_or=%22%22; tk_lr=%22%22; _ga=GA1.3.660938322.1583392563; __gads=ID=9f57df3da7e19b8a-22892d044cc40098:T=1603244370:RT=1603244370:S=ALNI_MZFwjrtEaJJTdt4YXsnxyXVPR0Jcw
Upgrade-Insecure-Requests: 1

" while reading PROXY protocol, client: 203.74.122.103, server: 0.0.0.0:80

Could I miss some setup?

8

20.7 Legacy Series / How to add naxsi rules by api?

« on: November 03, 2020, 03:38:40 am »

Hello,
I use follow command to create naxsi rules

curl -XPOST -d '{"naxsi_rule":{"description":"test_rules","ruletype":{"main":{"5000":"Main Rule","selected":1}}"message":"test_123","matchType: application/json" -k -u "key":"secret" https://IP:8082/api/nginx/addnaxsirule

But it's will get error message.

{"message":"controller OPNsense\\Nginx\\Api\\AddnaxsiruleController not found","status":400}

Is it my path is wrong?

9

Web Proxy Filtering and Caching / Could I edit naxsi rules by cli?

« on: October 31, 2020, 04:57:10 pm »

I know naxsi rules at /usr/local/etc/nginx/naxsi_core.rule.I hope edit this rules and apply it.Could I do it?Or any another solution?

10

Web Proxy Filtering and Caching / How to sync custom naxsi rules to another opnsense firewall?

« on: October 30, 2020, 03:34:12 am »

Hello,
I have a question.If I manager multi opnsense firewall.And I manual create naxsi rules.How to one times add this rules to multi opnsense firewall?

11

General Discussion / How to set mail server ip when I set OPOSense as mail gateway?

« on: July 10, 2018, 06:23:59 am »

Hello,
I have see follow tutorial.
https://wiki.opnsense.org/manual/how-tos/mailgateway.html
But I don't see where to set mail server ip address.