"
How do restart wireguard from the dashboard lobby widget?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
General Discussion / ssh not working
November 22, 2024, 04:10:51 PM
24.7.9_1 I can longer putty in,
If I reset to factory settings and enable ssh, there are no problems.
Diffed current *.ml and factory *.xml and looked at the ssh section. There are no diffrences.
Used the following settings:
System -> Settings -> Administration -> Secure Shell is enabled and LAN is in the "Listen Interfaces".
System: Log Files: Audit
2024-11-22T09:53:37-05:00 Error sshd-session error: kex_exchange_identification: read: Operation timed out
2024-11-22T09:51:43-05:00 Notice audit user root@10.59.11.213 changed configuration to /conf/backup/config-1732287103.1748.xml
in /api/syslog/settings/set /api/syslog/settings/set made changes
2024-11-22T09:51:40-05:00 Error sshd-session error: kex_exchange_identification: read: Operation timed out
Yes, I am running wireguard,surricata,zenarmour, and adguard.
Never had issues ssh into opnsense.
If I reset to factory settings and enable ssh, there are no problems.
Diffed current *.ml and factory *.xml and looked at the ssh section. There are no diffrences.
Used the following settings:
System -> Settings -> Administration -> Secure Shell is enabled and LAN is in the "Listen Interfaces".
System: Log Files: Audit
2024-11-22T09:53:37-05:00 Error sshd-session error: kex_exchange_identification: read: Operation timed out
2024-11-22T09:51:43-05:00 Notice audit user root@10.59.11.213 changed configuration to /conf/backup/config-1732287103.1748.xml
in /api/syslog/settings/set /api/syslog/settings/set made changes
2024-11-22T09:51:40-05:00 Error sshd-session error: kex_exchange_identification: read: Operation timed out
Yes, I am running wireguard,surricata,zenarmour, and adguard.
Never had issues ssh into opnsense.
#3
Virtual private networks / Monit WG does not start
October 13, 2024, 06:17:14 PM
Updated to 24.7
WG goes into loop and need to use monit
Followed the link
https://forum.opnsense.org/index.php?topic=35919.0
I needed to use lower case 's' and not upper case
/usr/local/sbin/pluginctl -S wireguard
Start: /bin/sh -c '/usr/local/sbin/pluginctl -s wireguard start xxxx-xx-tt-yy-uuuuuuu'
Stop: /bin/sh -c '/usr/local/sbin/pluginctl -s wireguard stop xxxx-xx-tt-yy-uuuuuuu'
I get a monit status error
Any suggestion ?
WG goes into loop and need to use monit
Followed the link
https://forum.opnsense.org/index.php?topic=35919.0
I needed to use lower case 's' and not upper case
/usr/local/sbin/pluginctl -S wireguard
Start: /bin/sh -c '/usr/local/sbin/pluginctl -s wireguard start xxxx-xx-tt-yy-uuuuuuu'
Stop: /bin/sh -c '/usr/local/sbin/pluginctl -s wireguard stop xxxx-xx-tt-yy-uuuuuuu'
I get a monit status error
Any suggestion ?
#4
24.1, 24.4 Legacy Series / Audit health log error(?)
May 04, 2024, 05:49:51 PM
I am getting an error in the audit health log. What is it?
Running wireguard, intrusion detection,zenarmour.
It was not there after I started from 24_1-> 24_1_6. Only after I restored my Opnsense-config.xml file
>>> Check for missing or altered base files
Error 2 occurred.
etc/sysctl.conf:
size (299, 364)
sha256digest (0x45f469e7a9b4eef887bab7b55397305043fe101e1d6ce6f7e23d758e72f56dc6, 0x69344d6e7acbd6e60e93c10865e489c54293af7143ef5cc58127aa67175d0dd2)
>>> Check installed repositories
Running wireguard, intrusion detection,zenarmour.
It was not there after I started from 24_1-> 24_1_6. Only after I restored my Opnsense-config.xml file
>>> Check for missing or altered base files
Error 2 occurred.
etc/sysctl.conf:
size (299, 364)
sha256digest (0x45f469e7a9b4eef887bab7b55397305043fe101e1d6ce6f7e23d758e72f56dc6, 0x69344d6e7acbd6e60e93c10865e489c54293af7143ef5cc58127aa67175d0dd2)
>>> Check installed repositories
#5
Hardware and Performance / WiFi 7 PCI-e card
March 12, 2024, 11:56:23 PM
Has anyone tried to integrate this wifi 7 card into their opnsense system?
Just found this amazing item on AliExpress. Check it out! $29.87 | Comfast 8774Mbps WiFi 7 Intel BE200 Pcie Wireless Wifi Adapter Bluetooth 5.4 Tri Band 2.4G/5G/6GHz Wifi7 Card Win10/11 Linux
https://a.aliexpress.com/_mrvOh70
Just found this amazing item on AliExpress. Check it out! $29.87 | Comfast 8774Mbps WiFi 7 Intel BE200 Pcie Wireless Wifi Adapter Bluetooth 5.4 Tri Band 2.4G/5G/6GHz Wifi7 Card Win10/11 Linux
https://a.aliexpress.com/_mrvOh70
#6
24.1, 24.4 Legacy Series / [Solved] DNS over TLS is not working
March 10, 2024, 02:05:59 AM
After the latest upgrade, nslookup google.com uses google dns and not my NextDNS.io dns server.
Anyone having a similar experience? It was working on previous opnsense releases.
ISC & KEA has a dns server and they point to the same ip address.
Where is /etc/kea/ there is a config file I need to take a look at?
My configuration is wireguard, kea dhcp, zenarmor and Suricata . It is not NextDNS since my pfsense network nslookup works fine.
Anyone having a similar experience? It was working on previous opnsense releases.
ISC & KEA has a dns server and they point to the same ip address.
Where is /etc/kea/ there is a config file I need to take a look at?
My configuration is wireguard, kea dhcp, zenarmor and Suricata . It is not NextDNS since my pfsense network nslookup works fine.
#7
Intrusion Detection and Prevention / Suricata, Zenarmor , interfaces and vpn
February 17, 2024, 02:26:12 AM
I am currently using a vpn via Wireguard. It works great.
Zenarmor is assigned to the lan. What should Suricata (IDS) be assigned to : the wan or the wireguard_interface?
Under the IDS advanced mode, do I need to modify home networks? The helps says "Networks to interpret as local", what does that mean?
Zenarmor is assigned to the lan. What should Suricata (IDS) be assigned to : the wan or the wireguard_interface?
Under the IDS advanced mode, do I need to modify home networks? The helps says "Networks to interpret as local", what does that mean?
#8
24.1, 24.4 Legacy Series / Migrating from isc to kea
February 17, 2024, 02:04:59 AM
Does the isc dhcp static lease assignments get copied over to the kea static leases as reservations when you enable kea dhcp?
#9
24.1, 24.4 Legacy Series / Python script that converts pfsense isc config to opnsense kea config
February 11, 2024, 05:03:28 PM
This use case converts pfsense isc-dhcp static leases xml to an opnsense kea-dhcpstatic lease xml. The pfsense isc and opnsense kea xml config are different. It is a limited conversion focused on DHCP static leases and saves the manual entry time into the kea gui.
Is there interest to post the two python scripts and the outputs?
Is there interest to post the two python scripts and the outputs?
#10
24.1, 24.4 Legacy Series / [Solved]Python script converts Opnsense configuration file into kea reservations
February 05, 2024, 04:47:17 PM
I can manually create a DHCP static lease or a KEA reservation per device. But how do I avoid entering each device's MAC address etc via the GUI? I already have that info in a pfsense config .xml file. Yes pfsense. In addition, opnsense's .xml KEA DHCP section also needs a reservation and subnet uuid per device. Is there a tool to generate these values?
#11
24.1, 24.4 Legacy Series / KEA DHCP
February 05, 2024, 12:02:13 AM
I read the kea documents and I set my kea pool range to 10.59.11.215 to .220
But it still pickup the isc-dhcp static lease lan at 10.59.11.200. Both isc and kea are using the same lan interface.
Are there any good procedures?
But it still pickup the isc-dhcp static lease lan at 10.59.11.200. Both isc and kea are using the same lan interface.
Are there any good procedures?
#12
Intrusion Detection and Prevention / Wireguard_Interface Surriccata error
September 17, 2023, 07:06:09 PM
I got Suriccata to work by fixing my IDS home network to 10.59.XX.0/24. I got logs now.
How do I get rid of the warnings?
A post says to /usr/local/opnsense/service/templates/OPNsense/IDS/suricata.yaml ?
2023-09-17T08:59:48-04:00 Warning suricata [100618] <Warning> -- [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol http2 enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.
How do I get rid of the warnings?
A post says to /usr/local/opnsense/service/templates/OPNsense/IDS/suricata.yaml ?
2023-09-17T08:59:48-04:00 Warning suricata [100618] <Warning> -- [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol http2 enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.
#13
Intrusion Detection and Prevention / Zenarmor
August 12, 2023, 04:21:57 PM
Using Surricata on lan and zenarmor on wan, tired both L3 native and emulated netmap and the dashboard displays the wan with zero throughput when doing the Ookola up/down speed test? Why? Any suggestions?
I and running wireguard to the vpn.
I think I have the answer.
Currently zenarmor does not support wireguard or openvpn.
Maybe I could put Surricata on the wan and zenarmor on lan
will it work?
https://www.zenarmor.com/docs/troubleshooting/configuration
I and running wireguard to the vpn.
I think I have the answer.
Currently zenarmor does not support wireguard or openvpn.
Maybe I could put Surricata on the wan and zenarmor on lan
will it work?
https://www.zenarmor.com/docs/troubleshooting/configuration
#14
23.1 Legacy Series / Intrusion Dectction Schedule
July 15, 2023, 07:36:48 PM
Cannot edit or delete schedule. Services-> Intrusion Detection -> admin-> schedule. When I select cancel it does open schedule tab for review.
#15
23.1 Legacy Series / Unable to configure wireless interface in access point mode via Web GUI
July 01, 2023, 04:08:11 PM
Read the archives. Hasn't this been fixed? Cannot get the wifi card to access point and unable to detect the SSID?
https://forum.opnsense.org/index.php?topic=20956.msg97723#msg97723
https://forum.opnsense.org/index.php?topic=20956.msg97723#msg97723
Pages1
