Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - nikkon

Pages: [1] 2

General Discussion / How to mount nfs share

« on: May 14, 2020, 09:32:29 am »

Hi everyone,

did any of you knows how to mount an nfs share?

i did tried and run into errors:

[tcp] 172.16.10.3:/mnt/Storage/Mihai/monitoring_metrics: RPCPROG_NFS: RPC: Port mapper failure - RPC: Timed out

Thanks

General Discussion / acme on Cloudflare domains

« on: November 13, 2019, 05:24:41 pm »

Hi all,

does anyone has a step-by-step guide to create certificates on domains hosted on Cloudflare?

every time i try to create a certificate i got the :
/var/log/acme.sh.log
[Wed Nov 13 10:46:25 EET 2019]   _on_issue_err
[Wed Nov 13 10:46:25 EET 2019]   Error add txt for domain:_acme-challenge.skynet.balaci.xyz
[Wed Nov 13 10:46:25 EET 2019]   Invalid domain.

the domain cam be resolved pretty easy. However, I miss something on the acme certificate definition or validation.

any input is appreciated.
thank you

General Discussion / [Resolved] DynDNS with He.net

« on: November 10, 2019, 09:06:44 pm »

Hi all,

Does anyone manage to update a record on HE.net?
From the UI i tried, however i always get :
opnsense: /services_dyndns_edit.php: Dynamic DNS: (Error) Authentication failed
Nov 10 22:04:55    opnsense: /services_dyndns_edit.php: Dynamic DNS (skynet.balaci.xyz): Current Service: he-net
Nov 10 22:04:55    opnsense: /services_dyndns_edit.php: Dynamic DNS (skynet.balaci.xyz): _checkStatus() starting.
Nov 10 22:04:54    opnsense: /services_dyndns_edit.php: Dynamic DNS (skynet.balaci.xyz via HE.net): _update() starting.
Nov 10 22:04:54    opnsense: /services_dyndns_edit.php: Dynamic DNS (skynet.balaci.xyz): running dyndns_failover_interface for opt1. found pppoe0
Nov 10 22:04:54    opnsense: /services_dyndns_edit.php: Dynamic DNS (skynet.balaci.xyz): 212.54.118.220 extracted

Any clue?

General Discussion / [SOLVED]opnsense as pptp client to an asus PPTP server

« on: October 02, 2019, 01:15:32 am »

Hi all,

I know it was discussed previously and there is a small topic in the archive. Unfortunately, I couldn't understand the resolution. My context is this:
I need to connect to an Asus router which unfortunately has only PPTP VPN enabled and I have an user/pass i can use.
On my WAN i have a PPPoE connection.
I created a Point-to-Point device assigning wan physical interface (tried with an unused interface too), added the username and password. I have assigned the newly created virtual interface to an interface and hoped it will connect.
unfortunately, nothing happens.
Point to point logs:
Oct 2 02:13:57   ppp: [opt2_link0] Link: reconnection attempt 3
Oct 2 02:13:56   ppp: [opt2_link0] Link: reconnection attempt 3 in 1 seconds
Oct 2 02:13:56   ppp: [opt2_link0] LCP: Down event
Oct 2 02:13:56   ppp: [opt2_link0] Link: DOWN event
Oct 2 02:13:56   ppp: [opt2_link0] PPTP call failed
Oct 2 02:12:41

Is there another way I can make this work?

General Discussion / [SOLVED]IPsec routing

« on: September 29, 2019, 11:36:33 pm »

Hi all,

stupid question: if I have IPsec tunnel between 2 Opnsese devices(A in Romani and B in Amsterdam) how can I force devices in router B LAN to check for port 9981 via IPsec on router A LAN ?

Thanks

Romanian - Română / pppoe slow

« on: January 03, 2019, 02:21:50 pm »

salut,

avem inital impresia ca toata lumea care foloseste pppoe pe bsd are vestita problema cu managementul de cozi si ca atare nu atinge 8-900 mbs. Se pare ca nu si cred ca problema e doar la mine.
Ma ajuta cineva cu cateva valori de speedtest?
rds-ul meu intra intr-un intel pro 1000 pe pci ex 4x

Merci

General Discussion / strange kernel errors in logs

« on: December 28, 2018, 12:24:29 pm »

Hi all,

I just noticed that I have some strange messages in logs:
Dec 28 13:21:04   kernel: 064.618260 [ 760] generic_netmap_dtor Restored native NA 0
Dec 28 13:21:04   kernel: 064.618236 [ 262] generic_find_num_queues called, in txq 0 rxq 0
Dec 28 13:21:04   kernel: 064.618202 [ 254] generic_find_num_desc called, in tx 1024 rx 1024
Dec 28 13:20:51   kernel: 051.459495 [ 760] generic_netmap_dtor Restored native NA 0
Dec 28 13:20:51   kernel: 051.459471 [ 262] generic_find_num_queues called, in txq 0 rxq 0
Dec 28 13:20:51   kernel: 051.459437 [ 254] generic_find_num_desc called, in tx 1024 rx 1024

Does anyone have any clue?

General Discussion / prometheus grafana dashboard

« on: November 30, 2018, 07:29:32 pm »

Hi guys,

I just uploaded a grafana dashboard for OPNsense
https://grafana.com/dashboards/9291

Hope it helps you all. we still miss DHCP and VPN stats - hope to have those exported too.

18.7 Legacy Series / 18.7.4 PPPoE issues

« on: September 29, 2018, 03:46:15 pm »

Hi,

I have several issues after the update.
1. the PPPoE interface automatically renames as "No-Ip ddns" $:-\$ Same behavior if I change the description on the Point to Point Definition
2. It seems that Unbound DNS refuses to resolve secure requests. to make it work I'm forced to use the forwarding mode.

Any clue if those 2 were touched by the code change in the last patch?

General Discussion / Issues getting cert with acme

« on: June 16, 2018, 06:28:17 pm »

Hi all,

I'm trying to get a new cert for web-https and i'm pretty sure i miss somethig. if you guys see what i miss please let me know.
acme log looks like this:

root@OptimusPrime:~ # tail -f /var/log/acme.sh.log
[Sat Jun 16 19:22:52 EEST 2018] _ret='0'
[Sat Jun 16 19:22:52 EEST 2018] code='400'
[Sat Jun 16 19:22:52 EEST 2018] The new-authz request is ok.
[Sat Jun 16 19:22:52 EEST 2018] new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: DNS name does not have enough labels","status": 400}
[Sat Jun 16 19:22:52 EEST 2018] pid
[Sat Jun 16 19:22:52 EEST 2018] No need to restore nginx, skip.
[Sat Jun 16 19:22:52 EEST 2018] _clearupdns
[Sat Jun 16 19:22:52 EEST 2018] skip dns.
[Sat Jun 16 19:22:52 EEST 2018] _on_issue_err
[Sat Jun 16 19:22:52 EEST 2018] Please check log file for more details: /var/log/acme.sh.log
[Sat Jun 16 19:27:05 EEST 2018] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Sat Jun 16 19:27:05 EEST 2018] DOMAIN_PATH='/var/etc/acme-client/home/FirewallCertACME_ecc'
[Sat Jun 16 19:27:05 EEST 2018] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Sat Jun 16 19:27:05 EEST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Sat Jun 16 19:27:05 EEST 2018] GET
[Sat Jun 16 19:27:05 EEST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Sat Jun 16 19:27:05 EEST 2018] timeout=
[Sat Jun 16 19:27:05 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g '
[Sat Jun 16 19:27:06 EEST 2018] ret='0'
[Sat Jun 16 19:27:06 EEST 2018] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Sat Jun 16 19:27:06 EEST 2018] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Sat Jun 16 19:27:06 EEST 2018] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Sat Jun 16 19:27:06 EEST 2018] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Sat Jun 16 19:27:06 EEST 2018] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Sat Jun 16 19:27:06 EEST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sat Jun 16 19:27:06 EEST 2018] ACME_NEW_NONCE
[Sat Jun 16 19:27:06 EEST 2018] ACME_VERSION
[Sat Jun 16 19:27:06 EEST 2018] Le_NextRenewTime
[Sat Jun 16 19:27:06 EEST 2018] _on_before_issue
[Sat Jun 16 19:27:06 EEST 2018] _chk_main_domain='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] _chk_alt_domains='nikkon.go.ro'
[Sat Jun 16 19:27:06 EEST 2018] Le_LocalAddress
[Sat Jun 16 19:27:06 EEST 2018] d='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] Check for domain='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] _currentRoot='/var/etc/acme-client/challenges'
[Sat Jun 16 19:27:06 EEST 2018] d='nikkon.go.ro'
[Sat Jun 16 19:27:06 EEST 2018] Check for domain='nikkon.go.ro'
[Sat Jun 16 19:27:06 EEST 2018] _currentRoot='/var/etc/acme-client/challenges'
[Sat Jun 16 19:27:06 EEST 2018] d
[Sat Jun 16 19:27:06 EEST 2018] _saved_account_key_hash is not changed, skip register account.
[Sat Jun 16 19:27:06 EEST 2018] Read key length:ec-256
[Sat Jun 16 19:27:06 EEST 2018] _createcsr
[Sat Jun 16 19:27:06 EEST 2018] Multi domain='DNS:FirewallCertACME,DNS:nikkon.go.ro'
[Sat Jun 16 19:27:06 EEST 2018] Getting domain auth token for each domain
[Sat Jun 16 19:27:06 EEST 2018] d='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] Getting webroot for domain='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] _w='/var/etc/acme-client/challenges'
[Sat Jun 16 19:27:06 EEST 2018] _currentRoot='/var/etc/acme-client/challenges'
[Sat Jun 16 19:27:06 EEST 2018] Getting new-authz for domain='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Sat Jun 16 19:27:06 EEST 2018] Try new-authz for the 0 time.
[Sat Jun 16 19:27:06 EEST 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Sat Jun 16 19:27:06 EEST 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "FirewallCertACME"}}'
[Sat Jun 16 19:27:06 EEST 2018] RSA key
[Sat Jun 16 19:27:08 EEST 2018] GET
[Sat Jun 16 19:27:08 EEST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Sat Jun 16 19:27:08 EEST 2018] timeout=
[Sat Jun 16 19:27:08 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g '
[Sat Jun 16 19:27:08 EEST 2018] ret='0'
[Sat Jun 16 19:27:08 EEST 2018] POST
[Sat Jun 16 19:27:08 EEST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Sat Jun 16 19:27:08 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g '
[Sat Jun 16 19:27:10 EEST 2018] _ret='0'
[Sat Jun 16 19:27:10 EEST 2018] code='400'
[Sat Jun 16 19:27:10 EEST 2018] The new-authz request is ok.
[Sat Jun 16 19:27:10 EEST 2018] new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: DNS name does not have enough labels","status": 400}
[Sat Jun 16 19:27:10 EEST 2018] pid
[Sat Jun 16 19:27:10 EEST 2018] No need to restore nginx, skip.
[Sat Jun 16 19:27:10 EEST 2018] _clearupdns
[Sat Jun 16 19:27:10 EEST 2018] skip dns.
[Sat Jun 16 19:27:10 EEST 2018] _on_issue_err
[Sat Jun 16 19:27:10 EEST 2018] Please check log file for more details: /var/log/acme.sh.log

Thanks in advance

18.1 Legacy Series / web interface issues after upgrade to 18.1.5

« on: March 23, 2018, 05:59:20 pm »

Hi,
I have issues accessing the update & plugins section. look like is looping for 10 sec then it goes back to dashboard.
any clue?

Web Proxy Filtering and Caching / [SOLVED] transparent ssl proxy issue

« on: January 12, 2018, 02:04:52 pm »

Hi guys,

my system version is OPNsense 17.7.11-amd64

I have a small issue. by following the step by step guide :
https://wiki.opnsense.org/manual/how-tos/proxytransparent.html
on the SSL nat rule I see some mismatching:
NAT reflection Enable (NAT + Proxy) doesn't exist as an option.
both http/https nat rule are created. proxy is transparent. the certificate has been set to trust locally.

if there is something I missed I would be grateful if you can guide me.

Thank you

Web Proxy Filtering and Caching / force http traffic thought proxy

« on: December 13, 2017, 11:11:51 pm »

Hi all,

I need an andvice.
I have web proxy + remote dns blacklist loaded.
proxy binds to LAN interfaces & it's set as transparent HTTP.
How can i make sure that nobody will bypass it without defining the proxy on each network client and uncheck the transparent mode.
Can I somehow redirect all 80/443 trafin internally from some firewall rules?

Thx in advance

General Discussion / LAGG connection to FreeNAS

« on: December 04, 2017, 10:38:50 am »

Hi all,

I have a pretty weird question.
I intend to bypass a switch and aggregate 2 gigabit(lacp) from my opnsense firewall directly to a LAGG (LACP) on FreeNAS.
Is there a way I can simulate this connection via some software switch emulation on the opnsense box?
The problem is ubnt switch (edge switch) is not able to match the lacp on FreeNAS and I can't aggregate the 2 connections.

Thanks in advance.
M

General Discussion / Use OpnSense as Load Balancer

« on: December 08, 2016, 08:35:33 am »

Hi all,

Quick design question:
I have 2k+ websites/forums and I use Netscaler as load balancer in front for apache/Nginx/u name it

We reduce costs and we may thing to switch to pf sense/opnsense for this. My question is how many machines I can use (is there any limitation in this possible setup in terms of virtual servers definitions)
How many machines I can use in a CARP setup for this?

Thank you
M

Pages: [1] 2