Topics

1

22.7 Legacy Series / os-ddclient: Invalid value for keyword 'ip'

« on: August 14, 2022, 07:38:59 pm »

Trying to make the transition to the new os-ddclient in OPNSense 22.7.1 (OpenSSL) using CloudFlare with freedns and keep getting errors... The logs show:

Code: [Select]

46056 - [meta sequenceId="5"] WARNING: file /var/tmp/ddclient.cache, line 7: Invalid Value for keyword 'ip' = ''
Running the checkip command copied from the ddclient.conf works as expected returning my public ip address:

Code: [Select]

/usr/local/opnsense/scripts/ddclient/checkip -i fxp0 -t 1 -s freedns
but looking at the log file mentioned 'ip' is empty:

Code: [Select]

atime=1660498099,backupmx=0,host=<tld>,ip=,mtime=0,mx=,static=0,status=noconnect,warned-min-error-interval=0,warned-min-interval=0,wildcard=0,wtime=0 <tld>
UPDATE: I tried to force ddclient and get this:

Code: [Select]

WARNING:  file /var/tmp/ddclient.cache, line 3: Invalid Value for keyword 'ip' = ''
WARNING:  file /var/tmp/ddclient.cache, line 4: Invalid Value for keyword 'ip' = ''
WARNING:  file /var/tmp/ddclient.cache, line 5: Invalid Value for keyword 'ip' = ''
WARNING:  file /var/tmp/ddclient.cache, line 6: Invalid Value for keyword 'ip' = ''
WARNING:  file /var/tmp/ddclient.cache, line 7: Invalid Value for keyword 'ip' = ''

How do I go about fixing this?

2

21.7 Legacy Series / OPNSense 21.7 -> Create USB Stick with Rufus / belenaEtcher

« on: July 30, 2021, 11:46:18 pm »

I have downloaded the OPNsense-21.7-OpenSSL-dvd-amd64.iso.bz2 from all 3 US Mirrors and when I try to "burn" the image to my flash drive I get the following errors:

Rufus:
This image is either non-bootable, or it uses a boot or compression method that is not supported by Rufus...

belenaEtcher:
Missing partition table
It looks like this is not a bootable image.  The image does not appear to contain a partition table, and might not be recognized or bootable by your device.

I downloaded OPNsense-21.7-OpenSSL-vga-amd64.img and successfully burned it, but then the UFS installer shows the cursor block and stalls or infinitely waits (unless you connect / disconnect a device or connection like the ethernet or USB installer disk)

3

20.7 Legacy Series / 20.7.7_1: VM not responding to ACPI calls

« on: January 02, 2021, 05:09:48 pm »

OPNSense Version:OPNsense 20.7.7_1-amd64 (and previous)
[freeBSD Version:[/b] FreeBSD 12.1-RELEASE-p11-HBSD
Hypervisor: Proxmox (6.3-3) - and previous

I have been having issues for a while with OPNSense not responding to reboot / shutdown requests from the hypervisor via ACPI calls, I have been working around it by logging into OPNSense via the WebGUI, but yesterday (after I upgraded to 20.7.7) the web GUI stopped responding, the vm shell console, and internet access went down repeatedly forcing me to down the entire server to force OPNSense to reload.

While trouble shooting I followed a guide from Proxmox for Linux VM's that basically said to make sure acpi was installed & running.  Since ACPI is included in FreeBSD core I thought it would be quickly resolved.  I followed this page: https://www.freebsd.org/doc/handbook/acpi-overview.html to verify that terminal acpiconf calls responded in a useful way (they did), however, OPNSense is not reacting to calls from the Hypervisor.

Other VM's (Debian) on the same server respond without issue, how can I troubleshoot the communications for this VM? 

4

19.1 Legacy Series / [Resolved] SSL + Routing Issues - Apache Config Problem

« on: February 10, 2019, 04:08:49 am »

To start: Thanks everyone for your hard work on OPNSense, I moved from a XenServer host running distinct servers for DHCP, DNS, Firewall, and NextCloud to a ProxMox Host with just OPNSense (19.1.1) and NextCloud.

So much simpler to update and maintain, much easier to secure, looks so much nicer!

Network Details:
    VM Host: 2 NICs - 1 WAN, 1 LAN
        OPNSense (19.1.1) has 2 Virtual NICs - 1 WAN & 1 LAN running DHCP, DNS, NTP, and Firewall
        Webserver is Debian 9 running Apache 2.4.25 - 1 NIC, Internal Only 10.x.x.x IP

    Existing (internal) network was established with <mydomainname>.local when it was created 2 years ago, purchased <mydomainname>.space in the last 2 weeks.
    DNS is working and all servers are accessible internally from either their IP or DNS.

To the Issue at hand:

• I am trying to connect several (internal) web pages to the internet around / through OPNSense.
  
• I would like internal requests to route internally, external to route as needed
  
• I have created and configured the web server with Let's Encrypt certificates for all web pages.
• I have verified that my ISP blocks incoming port 80 traffic (made getting the certificates a pain!)
• I have attempted the steps listed here: https://forum.opnsense.org/index.php?topic=8783.0 and here: https://forum.opnsense.org/index.php?topic=6155.0 to resolve this myself
• At one point (before I setup the certificates) I was able to connect to my NextCloud via the WAN using my cellular data, but the LAN had no access to the internet so I reverted it.
• Now, when I load an https url it is giving me either:

(mycloud.<mydomain>.space or www.<mydomain>.space)

Error details:

Code: [Select]

This site can’t provide a secure connection mycloud.<mydomain>.space didn’t accept your login certificate, or one may not have been provided.
Try contacting the system admin.
ERR_BAD_SSL_CLIENT_AUTH_CERT
Advanced details:
This error refers to the OPNSense self signed certificate, though now I can't figure out where I saw that reflected.

~OR~

(<mydomain>.space)
Error details:
   

Code: [Select]

Your connection is not private
Attackers might be trying to steal your information from <mydomain>.space (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
   
Advanced details:
   

Code: [Select]

This server could not prove that it is <mydomain>.space; its security certificate is from mycloud.<mydomain>.space. This may be caused by a misconfiguration or an attacker intercepting your connection.
   
Any help the community can offer would be great, hoping to take this and make a how-to for the docs.