Topics

1

21.7 Legacy Series / Input Error Detected: Certificate webConfigurator default...

« on: October 07, 2021, 05:45:40 pm »

I'm getting an error in System -> Settings -> Administration.

Even though I have only http selected, I'm getting an error when I save: "Certificate webConfigurator default is not intended for server use."

This cert does exist in the https dropdown, but I'm not using https.

I installed a fresh copy on a test machine and there appears to be a different default TLS cert on a clean install which is NOT in my production install.  I have upgraded many, many times so perhaps that is part of it.

Obviously, with this error, I cannot Save any changes in that section.

2

20.1 Legacy Series / Split DNS & Rebind Attacks

« on: July 23, 2020, 12:20:51 am »

All, I have an internal DNS server that I want to retire in favor of using the built in UnboundDNS.  Everything works except my web server behind NAT.

Externally www.mysecretdomain.com resolves and works perfectly.

Internally www.mysecretdomain.com throws a rebind error because it tries to go to the admin page of OpnSense instead of www which is on a different system.

Indeed, internally pinging www.mysecretdomain.com resolves to my PUBLIC IP when it should resolve to my INTERNAL IP.

Even going to the Overrides section of Unbound and making sure www.mysecretdomain.com resolves to 10.0.1.201 does nothing.  It insists on resolving to my Public/Opnsense WAN IP.

What the heck am I doing wrong?

3

Hardware and Performance / What's the word with NVMe?

« on: March 19, 2020, 06:46:31 pm »

A long time ago when I started running OpnSense it was advised not to use SSDs.

Has this changed?  I have a mini PC with an EVO Plus NVMe drive I can upgrade with.

4

19.7 Legacy Series / Hanging at /boot/defaults/loader.conf

« on: December 07, 2019, 06:34:35 pm »

This is a culmination of my two other posts. My simple morning project has turned into a nightmare. That's how it goes for me.

I decided to switch out my OpnSense hardware. I have a decent i5 Mac mini not doing much, so I download the image, got it installed and my configuration imported. The initial boot after the installer was successful and everything came up and I'm ready to swap. Awesome!

I shut down to move it into it's new home and it's hanging at /boot/defaults/loader.conf

I reloaded, was successful again, ...and again... shutdown and first cold boot, it hangs.

I don't get it and I don't know enough about FreeBSD to even begin to figure out why this seems to work fine then fails.

Um, help?

5

19.7 Legacy Series / Reinstall "Import Configuration" Drive Format

« on: December 07, 2019, 04:07:51 pm »

I've had OpnSense for years, but might move to new hardware.  Over those years I've tried and failed many, many, times to get my configuration imported at install time.

Daily, I don't live in the *nix world. My desktops are Windows or Mac.

What format of, say, a USB flash drive is OpnSense expecting to find that contains my config? Is there a formatter for Mac/Windows that I can use as well as a tool to copy the config onto it?

Thanks for any advice!

6

19.7 Legacy Series / OpnSense WAN Speed Issues

« on: December 07, 2019, 12:56:39 am »

I had 100Mbps service and I would typically get from speedtest-cli that speed.

Today my provider doubled our speed to 200Mbps.  Still, the most I can get with my OpnSense box is 104Mbps.

If I connect my laptop directly to my ISP's box, I'll get 220Mbps which is what I expect.

What should I look for on OpnSense to get the speed I expect?  I'm running it on HP hardware that has GIG Ethernet to the ISP.

7

19.1 Legacy Series / VPN Setup

« on: March 09, 2019, 03:12:44 am »

Hi All,

I've followed the instructions here, as they seem to offer compatibility with macOS, iOS, Windows, and Android.

https://docs.opnsense.org/manual/how-tos/ipsec-rw-srv-rsamschapv2.html

I've done everything per those instructions and the test user.  ...and... now what?  How do I configure the clients?  That seems to be missing.

I initially followed this guide, which at least had instructions for the clients, which seems to have additional steps for the firewall (which makes sense and the first link doesn't have) but it didn't work:

https://docs.opnsense.org/manual/how-tos/ipsec-road.html

I'm not a VPN/IPsec expert at all, but there seems to be a lot of work done in this area with a lot of changes, and as someone who doesn't work at lot with VPN and isn't familiar with setting it up, I'm finding the documentation either a bit out of date and/or confusing.

Does anyone have a guide, external blog, anything with clear and simple to follow directions to get this working?

Thanks!

8

17.1 Legacy Series / Install Freezes at Guided Installation

« on: February 25, 2017, 06:13:15 pm »

I'm trying to do a fresh install on a 2nd machine to use as a backup incase the main router goes down.  I never had problems installing v15 or v16, but man, the FreeBSD underpinnings of v17 seem to be making what was once simple, frustrating.

First it wouldn't boot until I did the steps here:
https://forum.opnsense.org/index.php?topic=4389.msg17200#msg17200

Now, I make it all the way to "Guided Installation" but on that screen I can't select anything. It's just frozen. No keyboard input. Nothin'. I have to force reset the PC.

9

General Discussion / USB Flash Drive Format to store backup Configuration

« on: February 20, 2017, 06:54:08 pm »

I've been banging my head against the wall for the past hour on, what I thought based on my Ubuntu experiences, would be a fairly simple thing to do.

I'm trying to get my OPNsense configuration onto an old USB Flash drive of low capacity (hey, not much good for anything else nowadays!) so that when/if I have a melt down or replace hardware, I can insert the USB stick during install and choose "Restore Configuration" and be on my way.

In doing a dry run with this, the OPNsense installer (or rather FreeBSD) refuses to see the format on the flash drive complaining that it isn't formatted or an unknown partition type.

I figured that most distros on the planet would understand at least FAT16 or 32 by now, I guess not. I tried formatting in UFS2, but I either failed horribly or it doesn't like that either.

Could anyone tell me exactly what it might be looking for in terms of formatting and exactly how to do this so it works?

Personally frustrated, but appreciative of any help or suggestion!

Thanks all!

10

16.1 Legacy Series / IDS Rule Descriptions

« on: March 10, 2016, 02:44:08 am »

Hi all,

Is there a better description of the IDS rules? All the info buttons go to here: http://doc.emergingthreats.net/bin/view/Main/EmergingFAQ

...and that's fine, great descriptions of the obvious ones, but there are many more rules available than the generic descriptions listed there.

Some are self-explanatory or subsets of the lists on that page, which is again, easy.  Others I just don't have a clue about.

11

16.1 Legacy Series / fsck and OpnSense

« on: March 01, 2016, 12:47:11 am »

I recently discovered that my filesystem didn't come up cleanly after a power outage and may be related to some issues I had.

I did the old school boot into single user mode and ran fsck - actually twice before everything got cleaned up.

Is there a built in with with OpnSense to do this?  I found this with pfSense:

touch /root/force_fsck would force a check/repair on reboot.  Didn't seem to affect OpnSense.  This might be something handy to have as a GUI option down the road?

12

16.1 Legacy Series / Help Configuring Split DNS

« on: February 21, 2016, 12:24:08 am »

I'm looking for some advice on configuring my router's DNS. I run split DNS, I want my internal NAT clients to resolve to an internal NATted DNS server.

My main issue is that I have a web server, among other services, running on NAT and I find that OPNsense cannot resolve to things like URLs on my web-server.  Possibly because of my internal DNS being on a system behind NAT as well.

What would be best practice for this? Under System>Settings>General should I use my internal DNS server or External, or both? Or is there some other setting I need to have a look at?

Thanks all for any tips.

13

16.1 Legacy Series / Intrusion Detection Settings - Left vs. Right Checkboxes?

« on: January 30, 2016, 04:53:44 pm »

Hi all, I'm a bit confused about the checkboxes here...

For example, under rulesets, we have the first item "botcc.portgrouped" with a check box to the immediate left and to the right a checkbox for "enabled".

Obviously, the right checkbox is explanatory.  What's the left checkbox for?

14

15.7 Legacy Series / [SOLVED] DNS MX Record?

« on: December 06, 2015, 06:06:33 pm »

Apologies if this is in the GUI and I'm overlooking it.  I'm interested in having OPNsense take over my DNS duties as it seems to do everything I need for my relatively simple LAN.

I need one host to have an MX record, but I can't seem to find an option to add it. If it does not exist, maybe a simple checkbox "

• Add an MX Record for this host" could be done at some point?

15

15.7 Legacy Series / Random Non-Responsiveness

« on: November 21, 2015, 07:02:48 pm »

Hi all, somewhere around 15.7.19, or my enabling DHCP, OPNsense has started randomly freezing. All interfaces go dead and I'm forced to power off and back on.  I run the CPU headless, so I don't see what might be happening on the screen. I've attached a display for "next time."

The interval can be completely random.  Several days to just hours apart.  Mostly the latter.

I thought maybe the older hardware I was on was having a problem, so I migrated to a newer box.  The exact same issues happen with it.

The web GUI doesn't detect a programming, but I submitted one via that mechanism anyhow in hopes that may show something. Are there any other logs available via the shell I can look at or submit?