Topics

1

24.7 Production Series / CARP Status Widget fail to load after upgrade to 24.7

« on: September 09, 2024, 09:31:44 am »

Hi People,
after upgrade to 24.7 the CARP Status Widget fails to load.
thanks a lot

2

24.7 Production Series / update 23.7 -> 24.1 problem with haproxy / ssl / tls

« on: June 17, 2024, 11:32:58 am »

Hello Community,
As the title suggests, after an upgrade, the IMAP(993) reverse proxy (with haproxy) no longer works for me.
I remember reading that old ciphers were deactivated, tls1.X, etc.
Unfortunately, I can't find a proper way to temporarily get IMAP working again until I have updated the IMAP server.
Any suggestions? Keywords?
Thanks in advance,

3

German - Deutsch / update 23.7 -> 24.1 problem mit haproxy / ssl / tls

« on: June 16, 2024, 06:19:07 pm »

Servus Community,
Wie der Titel andeutet, nach ein upgrade, funktionert bei mir das IMAP(993) reverse Proxy (mit haproxy) nicht mehr.
Ich erinnere mich gelesen zu haben das alten ciphers deaktiviert wurden, tls1.X, etc.
Ich finde leider keine richtige Einsatz um tempörär IMAP wieder zum laufen zu bringen bis ich den IMAP server auf neuen Stand gebracht habe.
Irgendein Vorschlag ? Stichworte ?
Vielen Dank im Voraus,

4

24.1 Legacy Series / dhcrelay and kea in parallel for different interfaces

« on: April 28, 2024, 07:02:31 pm »

Hello everyone,
My goal is to migrate step by step or interface by interface from a dhcp server to opnsense kea.

Can anyone confirm that dhcrelay and kea can run in parallel?
So far I have worked with dhcrelay (HA Mode) and forwarded all DHCP requests from the various interfaces (VLANs) to an external DHCP server (Linux).

Now I want to move one subnet at a time to “opnsense kea”, i.e. turn on kea in opnsense and configure the corresponding subnet etc. for one interface, while the others continue to be passed on via dhcrelay...
Should I pay attention to anything special?

Thanks in advance,

5

Virtual private networks / Zertifikate widerrufen / löschen

« on: May 20, 2022, 11:55:35 am »

Servus,
kann ich ein Zertifikat nach den widerrufen löschen ?
Unter openvpn, ein nicht widergerufen aber gelöschte Zertifikat weiter akzeptiert wird deshalb die Frage.
Vielen Dank !

6

22.1 Legacy Series / Intel X520-DA2 Series Connectivity Issues / Input-error after upgrade to 22.1

« on: February 23, 2022, 10:07:18 am »

I upgraded to 22.1 last week and everything went off without a hitch.
A quick hardware overview.
I run Opnsense as pure Firewall (High Avail. Scenario, 2 Hosts, 2 Switch, LACP)
Hosts with  32G, Xeon E2620,  Intel x520-DA2.
1 host with Fiber/ 1 Host with DAC.

lacp over both ports on X520.
more vlans on top of lagg.

Interface Statistics for lagg0

In/out packets   716441825 / 712558018 (358.71 GB / 284.60 GB)
In/out packets (pass)   716347241 / 712557150 (358.70 GB / 284.60 GB)
In/out packets (block)   4574009 / 868 (92 KB / 44 KB)
In/out errors   6801598 / 1657


Interface Statistics for ix0
In/out errors   6738215 / 0

Interface Statistics for ix1
In/out errors   63383 / 0

Same behavior with DAC or Fiber Gbic's
Same behavior for both Hosts

Any Hints ?

7

German - Deutsch / HAProxy warnung nach update auf 22.1 - L6 sample fetches ignored on HTTP proxies

« on: February 19, 2022, 01:09:55 pm »

Hallo miteinander,
die HAProxy Configuration meldet eine Warnung nach den update auf 22.1.

22.1: wird mit HAProxy 2.4 mitgeliefert
21.7: ist mit HAProxy 2.2 dabei


[WARNING] (92134) : Proxy '110_HTTP_MAIN': L6 sample fetches ignored on HTTP proxies (declared at /usr/local/etc/haproxy.conf.staging:118).
[WARNING] (92134) : Proxy '110__HTTP_ALIAS': L6 sample fetches ignored on HTTP proxies (declared at /usr/local/etc/haproxy.conf.staging:240).
Warnings were found.
Configuration file is valid

aus /usr/local/etc/haproxy.conf.staging

118: http-request redirect scheme https code 301 if !acl_5f60ada90e0303.52206732 !acl_5f60ac7b7738e3.07651849
240: http-request redirect scheme https code 301 if !acl_5f60ada90e0303.52206732 !acl_5f60ac7b7738e3.07651849


acl acl_5f60ada90e0303.52206732 path_beg -i /.well-known/acme-challenge/

# ACL: SSLEstablished
acl acl_5f60ac7b7738e3.07651849 req.ssl_ver gt 0

# ACL: no_acme_challenge
acl acl_5f60ada90e0303.52206732 path_beg -i /.well-known/acme-challenge/

Irgendeine Idee ?
Vielen Dank im Voraus,

8

21.7 Legacy Series / haproxy: maybe a problem that cuts off long inquiries ?

« on: December 02, 2021, 11:28:17 am »

Hi community,

i may have a problem cutting off long queries from haproxy.
Is there a config parameter to extend the length of the url / queries?
How do I get a rollback to haproxy 2.2.17?

9

21.7 Legacy Series / Letsencrypt synchronize with other Opnsense (dmz), i.e. cascaded

« on: August 11, 2021, 09:05:15 pm »

Hello!
I have a case here with 2 opnsense (cascaded connected).
One of them has a public IP and the second is cascaded (DMZ).
Letsencrypt runs on the first Opensense.
I would like to synchronize the certificates for extensions to the second Opensense and restart the GUI there (so the letsencrypt certificates are used for the GUI in the second router) .... is that possible?  how to? ideas ?
Thanks in advance

10

21.1 Legacy Series / haproxy increasing logging

« on: July 15, 2021, 01:05:50 pm »

Hello!
How can I increase the logging of the haproxy?
So far, no matter what I have changed .. under services-> haproxy-> log ...
I see only
....
2021-07-15T12:55:39   haproxy[14562]   Proxy SMTP_backend_25 started.   
2021-07-15T12:55:39   haproxy[14562]   Proxy SMTPS_backend_465 started.   
2021-07-15T12:55:39   haproxy[14562]   Proxy SUBMISSION_backend_587 started.   
2021-07-15T12:55:39   haproxy[14562]   Proxy IMAPS_backend_10993 started.   
2021-07-15T12:55:39   haproxy[14562]   Proxy proxy started.   
....

thanks a lot

11

21.1 Legacy Series / possible problem with bind (web/api config) and waste config

« on: May 03, 2021, 11:09:47 am »

Hello!
if you create a zone in bind (regardless of whether webui / api), then the hosts, and then delete the zone again, the hosts remain in the configuration file. The problem is if you have created the zone several times (for testing or automation via API), deleted it and then created it again, the size of config.xml becomes huge. side effect is that the webgui is sluggish when the config.xml is so big.
In my case:
config.xml with bind block was about 9 MB in size,
after deleting the bind block using ...
sed -i '' -e '/ <bind> /, / <\ / bind> / d' config.xml
my config.xml is now about 300k.
Cheers

12

German - Deutsch / Multiple DHCP Subnetzte für die gleiche Vlan

« on: April 02, 2021, 10:55:01 am »

Hi!
Ich versuche den DHCP im Sense als Ersatz von meinen Stand-Alone DHCP.
Wie kann ich mehrere Subnetzte definieren für die gleiche VLAN bzw. Interface ?

Wie ich es verstanden habe bisher: Der DHCP-Server in OpnSense kann nur Pools für Subnetze erstellen, mit denen er direkt verbunden ist. Daher kann ich keine zusätzlichen Pools erstellen, um Remote-Subnetze zu bedienen, die DHCP-Anforderungen über z.B. einen  Cisco / HP Helper weiterleiten.

Hintergrund:
Zum Beispiel an mein OPT5 habe ich folgende Netze.
192.168.1.0/22   (    IP: 192.168.1.1 OPT1)
192.168.10.0/24 (Alias: 192.168.10.1 auf OPT1)
192.168.20.0/24 (Alias: 192.168.20.1 auf OPT1)

Wie lege ich für die 92.168.10.0/24 und 192.168.20.0/24 Pool bzw. reserviere ich die IP's dafür ?

13

21.1 Legacy Series / [erledigt] Dashboard problem after update to 21.1.3

« on: March 13, 2021, 10:53:06 pm »

Hi!
After update to 21.1.3, all titles on Dash board are ...
"system_information_title"
"services_status_title"
"openvpn_title"

and on click,


 Page not found

Go back to previous page

Any hints ?
Thanks a lot

14

20.7 Legacy Series / Letsencrypt sync Cert to another Sense as Cascade

« on: December 16, 2020, 10:34:23 pm »

Hi!
I have a case here with 2 opnsense (cascaded connected).
One of them has public IP and the second is supposed to be attached to the DMZ.
Letsencrypt is up and running on the first opensense.
I would like to sync the certs with renewals to the second opensense, and start the GUI again (so the letsencrypt certs are used for the GUI in the second router) .... is that possible?
Thanks a lot

15

20.7 Legacy Series / [done] Error in BaseModel.php after upgrade to 20.7.6

« on: December 15, 2020, 10:40:52 pm »

Hi @all !

Log on update ...

Code: [Select]

...
[48/52] Extracting redis-5.0.9: ......... done
You may need to manually remove /usr/local/etc/redis.conf if it is no longer needed.
[49/52] Upgrading os-frr from 1.17 to 1.19...
[49/52] Extracting os-frr-1.19: .......... done
Stopping configd...done
Starting configd.
Migrated OPNsense\Quagga\General from 1.0.1 to 1.0.2

Notice: Undefined variable: field_rfcls in /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php on line 150

Notice: Trying to get property 'name' of non-object in /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php on line 150

Fatal error: Uncaught OPNsense\Base\ModelException: class  of wrong type in model definition in /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php:150
Stack trace:
#0 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(196): OPNsense\Base\BaseModel->getNewField('OPNsense\\Base\\F...')
#1 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(252): OPNsense\Base\BaseModel->parseXml(Object(SimpleXMLElement), Object(SimpleXMLElement), Object(OPNsense\Base\FieldTypes\ContainerField))
#2 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(272): OPNsense\Base\BaseModel->parseXml(Object(SimpleXMLElement), Object(SimpleXMLElement), Object(OPNsense\Base\FieldTypes\ContainerField))
#3 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(328): OPNsense\Base\BaseModel->parseXml(Object(SimpleXMLElement), Object(SimpleXMLElement), Object(OPNsense\Base\FieldTypes\ContainerField))
#4 [internal function]: OPNsense\Base\BaseModel->__construct()
#5 /usr/local/opnsense/mvc/script/run_migrat in /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php on line 150
Reloading plugin configuration
Configuring system logging...done.
Reloading template OPNsense/Quagga: OK
Reloading template OPNsense/Syslog: OK
[50/52] Upgrading opnsense from 20.7.4 to 20.7.6...
[50/52] Extracting opnsense-20.7.6: .......... done
Stopping configd...done
Resetting root shell
...

Everything seem to be working fine, any thing i should worry about?  beyond submitting a report from the ui, do i need to provide more information?

Thank a lot.