Topics

1

23.7 Legacy Series / No cpu temp health report after 23.7.7 update

« on: October 26, 2023, 08:21:51 am »

Hello,

After upgrading to 23.7.7, i do not have health report for cpu temp working anymore.

I’ve the « Please wait for logging data » spinning forever.

Errors in log :

2023-10-26T08:23:18   Error   configd.py   [6238b2a5-b0aa-461f-8e1c-c08b5e7a1502] Script action failed with Command '/usr/local/opnsense/scripts/health/fetchData.py 'system-cputemp'' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 44, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/health/fetchData.py 'system-cputemp'' returned non-zero exit status 1.

The widget on the dashboard show the actual temperature.

Thanks for your help.

2

Zenarmor (Sensei) / 1.15 new version

« on: September 19, 2023, 12:20:19 am »

Hello,

I've installed the new version 1.15 (Home licence) and for those features/improvements, I can not find them (I've refresh the OPNsense UI)

1) Improvement: Several new web categories are introduced in Zenarmor, including "Low-THC Cannabis Products," "DNS over HTTPS," "Compromised Websites," "Keyloggers and Monitoring," "Spyware and Adware," and "Generative AI," enhancing your web content filtering capabilities for a more comprehensive and secure browsing experience.

"DNS over HTTPS", "Compromised Websites", "Keyloggers and Monitoring," "Spyware and Adware," are not in the Web Categories list


Thanks for the help.

3

General Discussion / VLAN and DHCP

« on: September 02, 2023, 07:53:45 pm »

Hello,

I've an opnsense box with 4 ports. I've connected one port for my WAN and the second for the LAN to a managed switch (TPLINK TL-SG108E latest firmware).

I've created a VLAN on opnsense (latest version and patches), VLAN 10, attached to the LAN interface as parent and set the DCHP service (static IP 192.168.1.1/24 and a range of 192.168.3.3 to 192.168.3.254).
Everyhting is started and enabled in opnsense.

Opnsense is connected to the switch at port 1. I've connected a laptop on the switch at port 8.

On the switch, I've set the port 1 and 8 for VLAN 10. And on the port 8 the PVID 10. (no tagged port)

But, the laptop receive only IPs from the LAN CIDR (192.168.1.X), as it looks like the VLAN does not exist or it is not recognized at all ....

My future setup will be more complex with  2 managed switches in cascade, but this simple setup seems to not work well ...

Do you have some ideas to help me please ?

The future setup will have 2 managed switches in cascade. On the second switch, only one port will be used with a Wifi AP for Kids in this VLAN 10. I've try to setup things like that, but it doesn't work too (ip of the LAN too).

On Switch 1 connected to the router : Port 1 and 2 in the VLAN 10. Port 2 tagged. All ports with PVID 1 (VLAN 1 configuration by default, 1-9 ports, no tag)
On Switch 2 : Port 3 and 2 in the VLAN 10. Port 3 tagged (the one connected to the other switch) and PVID set to 10 for the port 2 with the AP router connected on it.

Maybe I'm doing something wrong ...

The idea is to have the AP o na separate VLAN to enforce DNS servers and other stuff at the firewall level. But the device can still have access to the LAN (NAS etc ...). So if you have idea or tutorials for that it will be great !

Thanks a lot for the help.
 

4

23.7 Legacy Series / Error during backup file on google drive

« on: August 25, 2023, 09:39:54 am »

Hello,

In the logs i can see those kind of errors every day at 1:00am (i've scheduled backup at this time) :

2023-08-25T01:00:03   Error   php   remove config-1692313200.xml from Google Drive   
2023-08-25T01:00:01   Error   php   backup configuration as config-1692918001.xml

But the files are removed and backup in google drive (i've to check the content).

I've just tried to test the setup and same thing in the logs :

2023-08-25T09:41:12   Error   php-cgi   remove config-1692399600.xml from Google Drive   
2023-08-25T09:41:10   Error   php-cgi   backup configuration as config-1692949269.xml

But the test is OK and a new backup file is in google drive. I'm keeping 7 backups.

It sems that sometimes it has some trouble to remove file and i've 8 files instead of 7. After a new backup, i've 7 files.

Is it a false error or something might be buggy ?

5

Zenarmor (Sensei) / Zenarmor and VPN detection

« on: August 11, 2023, 12:38:23 pm »

Hello,

I'm trying using zenarmor to detect VPN connection from a kids network but it seems that zenarmor has a difficult time to achieve it.

I've blocked all the Proxy gategory (Security and App Controls) but with my results :

Hide.me application bypass zenarmor (hide.me is in the list of the proxy)
1.1.1.1 application with WARP from cloudflare bypass zenarmor

I've a wireguard server and tested it :

   192.168.2.14   -   50307   1X.X.2XX.X   60beb40d093e   109.0.230.182   -   55820   Generic TCPIP   Generic TCPIP   Generic TCPIP

It is seen as Generic TCPIP traffic and not wireguard or VPN traffic and it bypass zenarmor too.

Does someone achieve to block VPN with zenarmor ?

6

Web Proxy Filtering and Caching / Setup for children protection

« on: June 04, 2023, 10:50:33 am »

Hello all,

I'm new to opnsense and I will receive my hardware (N5105/8Gb RAM, 256GB SSD with 4 I226v) in a few days an I've got some questions about my future setup.

I've an internet fiber connection at home with a ONT. OPNSens will replace my actual modem and will act as router.
I've got a Asus XT8 Wifi router that will act as Access Point only. I've many Ethernet device connected on multiple switch too.

The idea of what I want to achieve :

- 1 WAN for internet
- 1 LAN for the rest (of course 

I would like to cut the subnet of the LAN in 3 parts let say :

- 192.168.1.2 -> 192.168.1.30 -> Fixed IPs for NAS and fixed stuff (computer etc ...)
- 192.168.1.31 -> 192.168.1.220 -> DHCP IPv4 classical
- 192.168.1.221 -> 192.168.1.254 -> Only use for the kids wifi device

Basically what I would like to achieve is to use standard DNS like CloudFlare (1.1.1.1/1.0.0.1) for the 2 first subnet, and a special one (let say ad-guard public DNS or a AdGuard Home) for the subnet for the kids and apply filtering, parental controls etc only on this part of the subnet.

How can I achieve that ? With MAC filtering (if exist in OpenSense) ? To ensure that kids device goes to the dedicated subnet ? If they change on their device to use a private/random MAC, how can i ensure that it will stay in the kids subnet ?

How to ensure that kids can not override DNS servers directly in the device ? And how to bypass the hard-coded dns servers in some apps (route/firesall rule maybe) ?

Sorry if some of my questions are dumb, but I would like to set up something at least robust 

Maybe I can do it with VLAN, but can I make the difference between my kids phone and my phone at the Wifi AP+OPNSense to put them in the right VLAN ?

Thanks for the help and patience !