Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - teo88

Pages: [1]

Web Proxy Filtering and Caching / SSL Inspection Squid with ICAP not working / Proxy load error

« on: October 10, 2024, 04:56:12 pm »

Hello,

after update to 24.7.6 SSL Inspection with Squid / ICAP Plugin not working. Trying to restart Squid Service get an Proxy load error:

Segmentation fault
Performing sanity check on squid configuration.
2024/10/10 16:53:17| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2024/10/10 16:53:17| Starting Authentication on port 127.0.0.1:3128
2024/10/10 16:53:17| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2024/10/10 16:53:17| Starting Authentication on port [::1]:3128
2024/10/10 16:53:17| Disabling Authentication on port [::1]:3128 (interception enabled)
2024/10/10 16:53:17| Starting Authentication on port 127.0.0.1:3129
2024/10/10 16:53:17| Disabling Authentication on port 127.0.0.1:3129 (interception enabled)
2024/10/10 16:53:17| Starting Authentication on port [::1]:3129
2024/10/10 16:53:17| Disabling Authentication on port [::1]:3129 (interception enabled)
2024/10/10 16:53:17| Processing Configuration File: /usr/local/etc/squid/pre-auth/40-snmp.conf (depth 1)
2024/10/10 16:53:17| Processing Configuration File: /usr/local/etc/squid/pre-auth/dummy.conf (depth 1)
2024/10/10 16:53:17| Processing Configuration File: /usr/local/etc/squid/pre-auth/parentproxy.conf (depth 1)
2024/10/10 16:53:17| Processing Configuration File: /usr/local/etc/squid/auth/dummy.conf (depth 1)
2024/10/10 16:53:17| Processing Configuration File: /usr/local/etc/squid/post-auth/dummy.conf (depth 1)

How to Solve?

24.1 Legacy Series / DNS Crypt Proxy 1.15 restart service via cron within gui

« on: May 08, 2024, 02:28:02 pm »

Hello,

i try to restart DNS Crypt Proxy service via cron job in the GUI.

Settings - Cron - Add - Command

When i check under the Commands, i found "Download DNSCrypt-Proxy DNSBLs and restart".

I tried with this command, but the service is not restarted.

How can i restart the service within the Gui via Cron Job?

Thx

Zenarmor (Sensei) / Upgrade 24_1_1 Sensei Health missing File .placeholder

« on: February 07, 2024, 04:56:10 pm »

Hello,

after upgrade to 24.1.1 health audit show the following issue:

Code: [Select]

>>> Check for missing or altered package files
Checking all packages: .....
os-sensei-1.16.2: missing file /usr/local/zenarmor/output/archive/.placeholder

How to fix?

Thx
br

Virtual private networks / Questions to Migrate OpenVPN Servers legacy to Instances New

« on: February 02, 2024, 09:35:53 am »

Hello,

i have updated now to 24.1_1 without any problems so far. Now i want to migrate my OpenVPN
Server configuration from legacy to the new Instances. But some Settings in the New Configuration are
not clear yet, and i hope someone can point me in the right direction.

Old Configuration:
Interface: WAN

New Configuration:
Bind Address:

As i have a static WAN Address, do i need to add as Bind Address the Static WAN Address (similiar in the Legacy Configuration choosing the WAN Address) ?

Old Configuration:
IPv4 Tunnel Network:

New Configuration:
Local Network:

Is in the New Configuration the Local Network the IPv4 Tunnel Network the similar setting?

Old Configuration:
Redirect Gateway = marked

New Configuration:
local
autolocal
default
bypass dhcp
bypass dns
block local
ipv6 (default)
not ipv4 (default)

What is the correct setting similar to Redirect Gateway marked in the legacy config to route all traffic from the client through the VPN Server?

Old Configuration:
Advanced Configuration:

allow-compression no

New Configuration:
options

Do i understand this correct, that now the allow-compression no is the default parameter, and thats why in the New Configuration under options not included / selectable anymore?

Thanks a Lot!

General Discussion / Floating Rule Exclude Destination IP from Proofpoint List

« on: July 16, 2023, 02:49:29 pm »

Sometimes my OpenVPN External IP get on the ProofPoint Block List, so i cannot connect then to the specific IP via OpenVPN Connection. I want to Whitelist this External IP before my Proofpoint List under the FLoating Rules.

Created an ALias with the External IP as Destination, and moved the Rule above the Proofpoint List.

When i change the Direction to out the connection via Openvpn is not working, when i select Any the Openvpn Connection is working, and the IP is not blocked via the Block Lists.

Why do i have to use Any here? Why is just Direction out not working?

Thx

Web Proxy Filtering and Caching / Squid Transparent Mode No Error] (TLS code: SQUID_TLS_ERR_CONNECT+TLS_IO_ERR=1)

« on: July 09, 2023, 11:28:08 am »

Got frequently now the following error, even if domain is excluded via SSL No Bump List

Code: [Select]

Failed to establish a secure connection to [unknown]

The system returned:
[No Error] (TLS code: SQUID_TLS_ERR_CONNECT+TLS_IO_ERR=1)

Failed to establish a secure connection: [No Error]
This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.

How to fix this?

General Discussion / Exclude VLAN from DNS Crypt Proxy

« on: July 08, 2023, 10:26:39 am »

i have setup dns crypt proxy together with unbound. all vlans are yet using the dnscrypt proxy perfectly.
now im struggeling to do the following. i want to exclude 1 vlan from using dns crypt proxy, and send clear dns port 53 udp to for example cloudflare dns ip 1.1.1.1 .

when i go to the dhcp settings for this vlan, and set there the dns server from opnsense ip to 1.1.1.1 it works, clients get the cloudflare dns and can access internet, fine.

but if i change the dns server back, to the opnsense ip for this vlan (same as gateway ip of opnsense) i cannot access internet, and dns clear requests didnt work.

how can i solve this?

German - Deutsch / OpenVPN Client Verbindungsabrüche service neustart?

« on: December 29, 2022, 01:36:48 pm »

Hallo,

Ich beschäftige mich erst seit kurzem mit der Opnsense. Ich habe ein Problem, bei dem ich einfach nicht weiterkomme. Ich habe eine OpenVPN Client Verbindung mit NordVPN eingerichtet laut dieser Anleitung https://support.nordvpn.com/Connectivity/Router/1292598142/OPNsense-19-1-setup-with-NordVPN.htm

Leider bricht die Verbindung mehrmals täglich ab. Im Dashboard unter VPN – OpenVPN – Clients ist die Verbindung immer noch Grün, also als enabled markiert.

Unter Verbindungsstatus Remote Host steht Unable to contact daemon und unter Virtual Adress Service not running? Und unter Status down.

Im Logfile finde ich folgende Fehler:

Code: [Select]

openvpn connection reset, restarting -1
openvpn connection reset, restarting 0

Wenn ich händisch in der Gui unter VPN – OpenVPN – Clients die Verbindung disable und wieder enable dann wird die Verbindung sofort wieder aufgebaut und funktioniert für ein paar Stunden.

Wenn ich die Firewall neu starte, wird die Verbindung ebenfalls wieder aufgebaut.

Hat jemand ein ähnliches Problem, und eventuell eine Lösung? Gibt es ein Script oder einen Parameter unter Advanced, den ich setzen kann, damit die Verbindung wieder automatisch aufgebaut wird, bzw. der Service im Falle eines Abbruchs neu gestartet wird?

OPNsense 22.7.10_2-amd64
FreeBSD 13.1-RELEASE-p5
OpenSSL 1.1.1s 1 Nov 2022

Vielen Dank.

Pages: [1]