Topics

1

21.7 Production Series / WebGUI Bug - Selecting Cert

« on: July 30, 2021, 08:08:53 am »

I did a fresh install of 21.7 and opted to restore my config by hand instead of xml.
I installed and enabled the acme plugin, registered an account, setup a basic http-01 challenge type, and requested my cert.

When I went to apply it to the webgui, i got an error saying the cert is not intended for server use. when I look at the cert, it shows server: No. How do I get this to issue a cert I can use for the web gui? PS - I'm on the staging environment as I think I've hit my quota against prod.

Thanks.

2

Hardware and Performance / TPM Support?

« on: June 30, 2021, 02:24:58 pm »

Does opnsense/freebsd support TPM? Just curious as I'm using an Intel PC to run opnsense currently which has both Intel PTT and a TPM 2.0 Header. Wondering if there is any benefit of enabling. Thanks!

3

Sensei / Duplicate Dependency listing

« on: April 23, 2021, 08:49:11 pm »

I'm a bit of a noob so I dont know if this is expected behavior or an indication of a problem but going back a few point releases now I see this in the output anytime I check for or install updates

pkg: openjdk8: duplicate dependency listing: fontconfig
pkg: openjdk8: duplicate dependency listing: javavmwrapper
pkg: openjdk8: duplicate dependency listing: java-zoneinfo
pkg: openjdk8: duplicate dependency listing: fontconfig
pkg: openjdk8: duplicate dependency listing: javavmwrapper
pkg: openjdk8: duplicate dependency listing: java-zoneinfo
pkg: openjdk8: duplicate dependency listing: fontconfig
pkg: openjdk8: duplicate dependency listing: javavmwrapper
pkg: openjdk8: duplicate dependency listing: java-zoneinfo
pkg: openjdk8: duplicate dependency listing: fontconfig
pkg: openjdk8: duplicate dependency listing: javavmwrapper
pkg: openjdk8: duplicate dependency listing: java-zoneinfo
Checking for upgrades (55 candidates)......
pkg: jna: duplicate dependency listing: libXt
pkg: jna: duplicate dependency listing: openjdk8
pkg: jna: duplicate dependency listing: libXt
pkg: jna: duplicate dependency listing: openjdk8
pkg: jna: duplicate dependency listing: libXt
pkg: jna: duplicate dependency listing: openjdk8
pkg: jna: duplicate dependency listing: libXt
pkg: jna: duplicate dependency listing: openjdk8
Checking for upgrades (55 candidates)...... done

4

Sensei / OPNSense 21.1.4 and wg0 interface

« on: March 31, 2021, 12:14:28 am »

I've already contacted Sunny Valley about this, but thought I'd post here also. After updating to 21.1.4, it appears that Sensei can't read the ip of my wg0 (Wireguard) interface. The packet engine wont start. At Sunny Valley's direction, I removed wg0 from protected interface, and the packet engine starts and runs fine. Looking through the archive logs, I can see where it reads the tunnel interface ip just in 21.1.3, but in 21.1.4, it fails and wont start the service.

5

General Discussion / WAN interface pulled private IP

« on: February 16, 2021, 12:57:31 am »

I had a power outage today so my att modem and opnsense firewall both came back on at the same time. My modem is in bridge mode. The firewall likely came back much quicker and ended up pulling a private ip from the modem when it finally came back up instead of the public ip it should have pulled. after doing a release/renew, i got the public ip back, but my quesiton is how can I prevent opnsense from pulling a private ip for that interface? I tried the reject leases from option and specified the lan gateway interface of my modem, but that prevented opnsense from even pulling an address.

Thanks!

6

Hardware and Performance / $300 Ryzen Build?

« on: February 03, 2021, 05:01:10 pm »

I'm wanting to spend around $300 for dedicated hardware. I've looked at Protectli and Qotom and for that price both seem like they have components that are either discontinued or several years old. I found this article for a $300 gaming build using a Ryzen 3200G and was wondering if it would be suitable for OPNSense + Sensei and maybe suricata on WAN? This is for home use, ~30 devices. 100Mbps vdsl, but would like it to be capable of gigabit if I upgrade. I've already got a i350-t2 for lan/wan.

https://techguided.com/best-gaming-pc-under-300-dollars/#11

Thanks!

7

Virtual private networks / New Wireguard Setup

« on: January 29, 2021, 05:43:01 am »

I've currently wireguard setup on a raspberry pi (pivpn) and port forwarding is set up. From a wireguard peer, I can browse internet over tunnel and access lan resources.

I've recently set up OPNSense and started playing with the wireguard plugin but I cant seem to get the config right. I've followed this guide through step 2b. https://docs.opnsense.org/manual/how-tos/wireguard-client.html

I am able to connect my ios peer to my OPNSense wireguard instance, but dont have any lan or wan access past that. Am I missing a translation or route between my tunnel vlan 10.98.7.0/24 and lan vlan 192.168.2.0/24? I feel like im missing something easy, but I'm just too new to OPNSense to know how to fix it.

Thanks!