Topics

1

24.7 Production Series / netdata broken after 24.7.6 update

« on: October 09, 2024, 06:27:29 pm »

On two OPNsense machines, netdata was broken after installing 24.7.6. Netdata is no longer starting, it looks like netdata is not properly updated and missing "libprotobuf.so.28.1.0".

"ld-elf.so.1: Shared object "libprotobuf.so.28.1.0" not found, required by "netdata""

I solved it by reinstallating the netdata package from firmware/package, that updated netdata to a new minor version, now it works again.

Installed packages to be UPGRADED:
   netdata: 1.43.2_5 -> 1.43.2_6

2

23.7 Legacy Series / netdata update on OPNsense Business Edition

« on: September 26, 2023, 11:49:26 am »

Hello,

we monitor our OPNsense installation with netdata. We found that netdata.cloud complains about security issue with netdata 1.39.1 on our OPNsense Business Edition installations. We have a few with Community Editions and these are fine and have a newer installation.

Is it possible for the OPNsense Team to include netdata in the next Update? or is it possible to use the netdata package from the community edition on the business edition or does this brake the updating process?

Thanks

3

22.1 Legacy Series / Issues with IPv6 traffic on dualstack tunnel after updating to 22.04

« on: May 10, 2022, 04:42:23 pm »

Hello,

i run an dualstack IPsec connection between two sites for quiete some time. Both sides run OPNsense BE. The IKEv2 policy based tunnel is running on IPv4 transport and has two phases, one for IPv4 and another one for an IPv6 Subnet.

After updating both sides to OPNsense Business Edition 22.04, IPv6 between this sites suddently stopped working. I checked every setting, rules, phases and sniffed several interfaces and found something strange in that process. My first tought was Strongswan is not sending anything at all, but then i found that everything i send reaches the remote sites server and the response reaches my local firewall, i can see reponses on enc0: but it never reaches my local LAN. I temporarly set an allow rule for everything that comes in on ipsec but no luck, traffic is stuck in the firewall.

I have a second tunnel based on Zerotier to another site that works fine with IPv4 and IPv6. I have a IKEv2 Mobile IPSEC connection on my local Firewall that works fine, both IPv4 and IPV6.

What can possibly block incoming IPv6 traffic that comes trough that IPSec tunnel? i see reponses on enc0, but never reaches out to my LAN. It all worked well on the previous version.

I am a bit lost here.

4

21.7 Legacy Series / 21.7.6 new port conflict between lighttpd and NGiNX

« on: December 02, 2021, 12:55:05 pm »

Hi,

i updated one of my OPNsense machines to 21.7.6 a few days ago and today i rebooted this machine. I got complains that some services are no longer available, after checking i found that NGiNX no longer startup because of a sudden port conflict between lighttpd and NGiNX. I checked the config history and no changes was made, just updating and rebooting.

I can see that lighttpd listen on a high port (that i configured) with SSL and for some reason on port 80, that is also the port that NGiNX wants to bind to. I have no idea whats broken here, lighttpd or NGiNX or maybe letsencrypt? i see two lighttps processes, one with lighty-webConfigurator.conf and another one with lighttpd-acme-challange.

I did two reboots, no success.

5

20.7 Legacy Series / Renew of ECC Let's Encrypt Certificates fails.

« on: January 25, 2021, 09:37:06 am »

Hi,

i have several OPNsense installations that has issues renewing ECC certificates are failing, RSA certificates working without issues. It looks like the renew script is missing a parameter --ecc before running Let's Encrypt to renew the certificate.

[Mon Jan 25 00:00:01 CET 2021]   'my.domain.com' is not an issued domain, skip.
[Mon Jan 25 00:00:01 CET 2021]   Renew: 'my.domain.com'
[Mon Jan 25 00:00:01 CET 2021]   DOMAIN_PATH='/var/etc/acme-client/home/my.domain.com'
[Mon Jan 25 00:00:01 CET 2021]   The domain 'my.domain.com' seems to have a ECC cert already, please add '--ecc' parameter if you want to use that cert.
[Mon Jan 25 00:00:01 CET 2021]   _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Mon Jan 25 00:00:01 CET 2021]   ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon Jan 25 00:00:01 CET 2021]   default_acme_server

Anyone else getting this? it doesnt matter if i use DNS or port forward authentication.

6

19.1 Legacy Series / Outbound Nat Broken in 19.1R1/2 ?

« on: January 23, 2019, 04:00:03 pm »

Hi,

i am currently trying to do an outbound nat for several internal machines to a zerotier based network on my opnsense machine. I have trouble selecting the subnet size on "source address" or "destination address" when i select "single host or network", the subnet mask dropdown is just empty. On 18.7 i am able to select the subnet size for the network i entered.

I am trying to use an alias as alternative but the result is that the outbound rule is not working. In rules.debug i see "unable to convert address, see to for details" for this rule.