Topics

1

22.7 Legacy Series / configd.py Error sqlite error while executing DROP TABLE

« on: January 19, 2023, 01:55:25 pm »

Hello,

upgraded today to V22-7-11 and recognized the following Syslog errors in backend:

Code: [Select]

2023-01-19T12:30:30 Error configd.py [dc4fc17f-1320-4ae5-86d3-969fb0e120ec] Script action stderr returned "b'pkg: sqlite error while executing DROP TABLE repo_update; in file pkgdb.c:2320: attempt to write a readonly database'"


Code: [Select]

2023-01-19T12:30:29 Error configd.py [82367a10-f22f-47e9-97b3-b8bf83c2579f] Script action stderr returned "b'pkg: sqlite error while executing CREATE TABLE packages (id INTEGER PRIMARY KEY,origin TEXT,name TEXT NOT NULL,version TEXT NOT NULL,comment TEXT NOT NULL,desc TEXT NOT NULL,osversion TEXT,arch TEXT NOT NULL,maintainer TEXT NOT NULL,www TEXT,prefix TEXT N'"


Code: [Select]

2023-01-19T12:29:43 Error configd.py Timeout (120) executing : interface newip 'lagg0'


Code: [Select]

2023-01-19T12:23:49 Error configd.py Timeout (120) executing : interface newip 'lagg0_vlan

How to solve them?

thx

2

Virtual private networks / openvpn server setup rules question

« on: November 30, 2022, 03:30:18 pm »

Hello,

i have a question regarding the openvpn ssl server setup. I have followed the documentation here https://docs.opnsense.org/manual/how-tos/sslvpn_client.html and i can successfully connect with my mobile phone.
I tried now, to set under Firewall – Rules – Register - OpenVPN (auto generated when SSL Server is started) like Allow Access to internal DNS Server, but I’m missing there under Destination to set OpenVPN address ..

When I assign an Interface for example OPEN_VPN_SRV there I have then the possibility to set the address (s. screenshot), and i can also name the Entry to have a better overview.



My questions are:
a.)   Is this the right way to go to set the assign an Interface when I want to build specific Rules for the VPN Clients?
b.)   If yes, is there a way to Hide the auto generated Menu Entry OpenVPN somehow, or did I oversee something in the Setup to do this?

Thx
BR
Crissi

3

22.7 Legacy Series / configd.py error Timeout 120

« on: November 14, 2022, 05:07:16 pm »

Hello,

updated to 22.7.7_1 and get configd.py error Timeout 120 in backend log

4

Virtual private networks / 22.7.2 VPN Client Connections stopped - Cron Job?

« on: August 21, 2022, 03:13:50 pm »

I have the Problem that the VPN Client Connections just stopped the next day. I can start them in the Gui without any problem, but the following day they are just stopped again. Checking the Log Files give no indications, why the Services are stopped. When doing the Openvpn Client connections from a DD WRT Router they are stable, running for month without any problem an no disconnects..

I found here an older post about to add a cron job:

Code: [Select]

https://forum.opnsense.org/index.php?topic=9051.0

I was wondering if this is still the way to go with 22.7.2 as the post is from 2018.

Also as in the post written, this adaptation will not be in the backup. Is there a other solution, what will also survive future firmware updates?

Thx!

5

22.7 Legacy Series / Errorlighttpd unknown config-key: server.dir-listing 22.7.2

« on: August 18, 2022, 02:19:26 pm »

Hello,

have updated to 22.7.2 and get the follwoing error in the gui log:

Code: [Select]

2022-08-18T13:11:09 Error lighttpd (configfile.c.1287) WARNING: unknown config-key: server.dir-listing (ignored)

Login via Gui works fine, just wondering how to solve.

Thx!

6

Web Proxy Filtering and Caching / C-ICAP / ERROR: Unable to find specified template

« on: July 12, 2022, 01:16:59 pm »

Hello,

OPNsense 22.1.10 with Transparent Squid + ICAP + ClamAV

Issue, when the firewall is rebooted, and I test if the AV Filter is working, I get the following Error regarding the Templates in ICAP Log File:

Code: [Select]

Tue Jul 12 10:19:57 2022, 10462/12678144, ERROR: Unable to find specified template: /tmp/c-icap/templates//virus_scan/en/VIRUS_FOUND


To get the correct OPNsense Template shown, I have to go to Services - C-ICAP - Configuration and press Save Button again.

How to solve?
Thx

7

22.1 Legacy Series / DNS Crypt Proxy 1.12 Relay List not displayed after Restart / Reboot

« on: May 28, 2022, 01:50:42 pm »

Hello,

updated my OPNsense to V 22.1.8_1 . As since os-dnscrypt-proxy 1.12 anon relay option is available in Gui i tried to configure the option, as i already have DNS Crypt with Unbound working well.


Under DNS Crypt - Configuration - Servers i added the 2 Relays with Name and SDNS Stamp (from the official List without the prefix).

Then i went back to General Settings and under Relay List i added the 2 defined relays and saved.

In the Log File i see, that the Anonymizing queries are loaded fine for the defined relays..

But when i check back to the Configuration Page - General and scroll down, the Relay List Field, and Disabled Server List are empty...

Interrestingly if i check the dnscrypt-proxy.toml under /usr/local/etc/dnscrypt-proxy i see that the defined relays and disabled server names are still defined and loaded, even after reboot.

Is this a know issue?

Thx
Crissi

8

22.1 Legacy Series / Update to 22.1.6 DNS Crypt Proxy with Unbound no DNS Resolution Clients

« on: April 19, 2022, 07:12:18 pm »

Hello,

I use this configuration for DNS Crypt Proxy with Unbound:
https://forum.opnsense.org/index.php?topic=10670.msg48630#msg48630


Updated now from 22.1.3 all working fine, to 22.1.6. After Update Name Resolution for Clients is not working anymore.


I went then to Unbound – Query Forwarding – Custom Forwarding and added:

Code: [Select]

Enabled
Domain empty
Server IP 127.0.0.1
Port 5353


Restarted Unbound Service and checked again, but Name Resolution for Clients still not working.

After that, I disabled the Custom Forwarding Rule, and added under System – Settings – General a Public DNS Server and set under Query Forwarding Use System Nameservers, and with the Public added DNS Server the Clients can browse and DNS Resolution is possible.

How can I fix this to leave DNS Servers blank and just get custom DNS with 127.0.0.1 port 5353 with DNS Crypt working again, as it worked perfect with previous version 22.1.3?

Thx

9

22.1 Legacy Series / debugnet_any_ifnet_update: Bad dn_init result on all Interfaces after update

« on: February 04, 2022, 05:46:53 pm »

Hello,

Updated to 22.1. ZFS Install with LAGG. Checking dmesg:

Code: [Select]

debugnet_any_ifnet_update: Bad dn_init result from igb1 (ifp 0xfffff800031f3000), ignoring.
igb1: link state changed to DOWN
lagg0: link state changed to DOWN
debugnet_any_ifnet_update: Bad dn_init result from igb2 (ifp 0xfffff8000505d800), ignoring.
igb2: link state changed to DOWN
debugnet_any_ifnet_update: Bad dn_init result from igb3 (ifp 0xfffff80003f25000), ignoring.
igb3: link state changed to DOWN

igb1: link state changed to UP
igb3: link state changed to UP
igb2: link state changed to UP
lagg0: link state changed to UP

Get the Bad dn_init on all Interfaces (Intel Interfaces), after the Update to OPNsense 22.1.

How to fix?
Thx!

10

Zenarmor (Sensei) / Update to 22.1 ZFS / Sensei Message

« on: February 03, 2022, 05:04:54 pm »

Hello,

updated my ZFS Install today to 22.1. After all Updates are applied and the several reboots are done, when i open the Sensei Dashboard i get a Popup Message "We detected different os architecture. We installing elasticsearch for new os architecture"

Restarted the services, rebooted my fw several times, but no automatically install happens, as the popup suggest..

Has someone else with ZFS Install the same issue? How to fix this?

Thx!

11

Web Proxy Filtering and Caching / Squid Proxy Transparent + OpenVPN + tcp_outgoing_address possible?

« on: January 23, 2022, 04:10:05 pm »

Hi,
I have installed transparent squid proxy with clamav on my opnsense, works perfect. As I use also openvpn with pia on my sense, im trying to force the squid proxy over the VPN Connection, as at the moment when the Proxy is enabled, squid take the WAN Gateway. Searched here in the Forum and tried already with parameter tcp_outgoing_address but without success till know. Seems I have somewhere an error.

Created under /usr/local/etc/squid in the Folders /post-auth and /pre-auth a custom.conf  with the following settings:

Code: [Select]

acl VPNUsers src 192.168.20.0/24 
tcp_outgoing_address (VPN IP) VPNUsers

Restarted the Fw and tested, but get the following error in squid.log

squid   kid1| commBind Cannot bind socket FD 17 to 151.x.x.x: (49) Can't assign requested address

Tried then to add just the following line to the custom.conf

Code: [Select]

tcp_outgoing_address {VPN IP}


Still get the same error.

Does someone get this to work?

Thx!

12

21.7 Legacy Series / DNSCrypt Proxy Service late Start

« on: January 13, 2022, 06:18:00 pm »

Hello,

when i restart my fw the DNSCrypt Proxy Plugin is started as the last service... Is there a way to force the DNSCrypt Proxy Plugin to Start early during Boot of the Firewall?

Thx!

13

Virtual private networks / OpenVPN selective Routing issue

« on: December 30, 2021, 03:32:48 pm »

Hello,

i have an issue with selective routing. I have OpenVPN running and connected. The whole LAN net is going out to Internet via the OpenVPN connection, as set in the Firewall Rule as Gateway. Now i created an Alias with www.whatsmyip.com and added before the VPN Gateway another Rule with Source LAN net and Destination the Alias and Gateway Default (ISP Connection)

When testing www.whatsmyip.com i see the public address over WAN, when testing with a other Tool, i see the IP from the VPN, so all good.

Then i restarted the Firewall, and tested again the same Websites, but this time, the excluded Alias with whatsmyip.com dont show me the WAN IP as expected, the Alias show me the VPN connected IP., whats is wrong, as the Request should be routed over the WAN Connection.

Could it be, that the Firewall States have not been flushed during the reboot ? How can i prevent this?

Thx!

14

General Discussion / Maltrail on Opnsense

« on: December 26, 2021, 02:47:26 pm »

Hello,

i installed Maltrail Server / Sensor on OPNsense 21.7.7 . Under Maltrail - Sensor - Remote Port Help, if i left the setting empty (as Sensor / Server) on the same Device, i get the error when saving "Field remoteport is required"


The Auto Generated Alias BlocklistMaltrail , and added to a Rule from my side. But the Content in the Alias is empty, nothing loaded, even after reapplying the settings.

Also, in the Gui Settings, is there not yet the possibility to change Gui Access Port Protocol to https?

Any Idea how to Fix this?

Is Maltrail in general Production ready?

Thx!

15

General Discussion / Question to Aliases

« on: December 26, 2021, 02:13:31 pm »

Hello,

im trying to create an Alias LOCAL_NET_GROUP with Standard created Networks LAN net and VLAN10 net. Both Networks are available under Firewall Rules Source / Destination.

When I try to save the created Alias Group I get the error: Entry "LAN net" is not a network.,Entry "VLAN10 net" is not a network.

Should it be not possible, to work under the Aliases with the “Internal” created Networks, as I have them available in the Firewall Rules?

Thx!