Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - Monju0525

#1
25.1, 25.4 Production Series / Wireguard widget
April 11, 2025, 05:23:58 PM
How do restart wireguard from the dashboard lobby widget?
#2
General Discussion / ssh not working
November 22, 2024, 04:10:51 PM
24.7.9_1 I can longer putty in,
If I reset to factory settings and enable ssh, there are no problems.
Diffed current *.ml and factory *.xml and looked at the ssh section. There are no diffrences.


Used the following settings:
System -> Settings -> Administration -> Secure Shell is enabled and LAN is in the "Listen Interfaces".


System: Log Files: Audit
2024-11-22T09:53:37-05:00   Error   sshd-session   error: kex_exchange_identification: read: Operation timed out   
2024-11-22T09:51:43-05:00   Notice   audit   user root@10.59.11.213 changed configuration to /conf/backup/config-1732287103.1748.xml

in /api/syslog/settings/set /api/syslog/settings/set made changes   
2024-11-22T09:51:40-05:00   Error   sshd-session   error: kex_exchange_identification: read: Operation timed out



Yes, I am running wireguard,surricata,zenarmour, and adguard.
Never had issues ssh  into opnsense.



#3
Virtual private networks / Monit WG does not start
October 13, 2024, 06:17:14 PM
Updated to 24.7
WG goes into loop and need to use monit

Followed the link
https://forum.opnsense.org/index.php?topic=35919.0

I needed to use lower case 's' and not upper case

/usr/local/sbin/pluginctl -S wireguard

Start: /bin/sh -c '/usr/local/sbin/pluginctl -s wireguard start xxxx-xx-tt-yy-uuuuuuu'
Stop: /bin/sh -c '/usr/local/sbin/pluginctl -s wireguard stop xxxx-xx-tt-yy-uuuuuuu'

I get a monit status error

Any suggestion ?


#4
I am getting an error in the audit health log. What is it?
Running wireguard, intrusion detection,zenarmour.
It was not there after I  started from 24_1-> 24_1_6.  Only after I restored my Opnsense-config.xml file


>>> Check for missing or altered base files
Error 2 occurred.
etc/sysctl.conf:
   size (299, 364)
   sha256digest (0x45f469e7a9b4eef887bab7b55397305043fe101e1d6ce6f7e23d758e72f56dc6, 0x69344d6e7acbd6e60e93c10865e489c54293af7143ef5cc58127aa67175d0dd2)
>>> Check installed repositories
#5
Hardware and Performance / WiFi 7 PCI-e card
March 12, 2024, 11:56:23 PM
Has anyone tried to integrate this wifi 7 card into their opnsense system?

Just found this amazing item on AliExpress. Check it out! $29.87 | Comfast 8774Mbps WiFi 7 Intel BE200 Pcie Wireless Wifi Adapter Bluetooth 5.4 Tri Band 2.4G/5G/6GHz Wifi7 Card Win10/11 Linux
https://a.aliexpress.com/_mrvOh70
#6
After the latest upgrade, nslookup google.com uses google dns and not my NextDNS.io dns server.
Anyone having a similar experience? It was working on previous opnsense releases.
ISC & KEA has a dns server and they point to the same ip address.
Where is /etc/kea/  there is a config file I need to take a look at?

My configuration is wireguard, kea dhcp, zenarmor and Suricata . It is not NextDNS since my pfsense network nslookup works fine.
#7
I am currently using a vpn via Wireguard. It works great.
Zenarmor is assigned to the lan. What should Suricata (IDS)  be assigned to : the wan or the wireguard_interface?
Under the IDS advanced mode, do I need to modify home networks? The helps says  "Networks to interpret as local", what does that mean?
#8
24.1, 24.4 Legacy Series / Migrating from isc to kea
February 17, 2024, 02:04:59 AM
Does the isc dhcp static lease assignments get copied over to the kea static leases as reservations when you enable  kea dhcp?
#9
This use case converts pfsense isc-dhcp static leases xml to an opnsense kea-dhcpstatic lease xml. The pfsense isc and opnsense kea xml config are different. It is a limited conversion focused on DHCP static leases and saves the manual entry time into the kea gui.

Is there interest to post the two python scripts and the outputs?
#10
I can manually create a DHCP static lease or a KEA reservation per device. But how do I avoid entering each device's MAC address etc via the GUI? I already have that info in a pfsense config .xml file. Yes pfsense. In addition, opnsense's  .xml KEA DHCP section also needs a reservation and subnet uuid per device. Is there a tool to generate these values?
#11
24.1, 24.4 Legacy Series / KEA DHCP
February 05, 2024, 12:02:13 AM
I read the kea documents and I set my kea pool range to 10.59.11.215 to .220
But it still pickup the isc-dhcp static lease lan at  10.59.11.200. Both isc and kea are using the same lan interface.
Are there any good procedures?
#12
I got Suriccata to work by fixing my IDS home network to 10.59.XX.0/24. I got logs now.
How do I get rid of the warnings?
A post says to /usr/local/opnsense/service/templates/OPNsense/IDS/suricata.yaml ?

2023-09-17T08:59:48-04:00   Warning   suricata   [100618] <Warning> -- [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol http2 enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.


#13
Intrusion Detection and Prevention / Zenarmor
August 12, 2023, 04:21:57 PM
Using Surricata  on lan and zenarmor on wan, tired both L3 native and emulated netmap and the dashboard displays the wan with zero throughput when doing the Ookola up/down speed test? Why? Any suggestions?
I and running wireguard to the vpn.

I think I have the answer.
Currently zenarmor does not support wireguard or openvpn.
Maybe I could put Surricata on the wan  and zenarmor on lan
will it work?

https://www.zenarmor.com/docs/troubleshooting/configuration
#14
23.1 Legacy Series / Intrusion Dectction Schedule
July 15, 2023, 07:36:48 PM
Cannot edit or delete schedule. Services-> Intrusion Detection -> admin-> schedule. When I select cancel it does open  schedule tab for review.
#15
Read the archives. Hasn't this been fixed? Cannot get the wifi card to access point and unable to detect the SSID?

https://forum.opnsense.org/index.php?topic=20956.msg97723#msg97723