1
General Discussion / Re: saved configuration work on new hardware?
« on: September 09, 2023, 01:21:46 pm »
Thanks Maurice
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
General Discussion / Re: saved configuration work on new hardware?
« on: September 09, 2023, 04:16:28 am »
Thanks for the reply. I cant find the exact same box as before, I think it may have been discontinued. I found a new version of the older hardware with diffrent nics, but I think I may try a newer cpu as well.
The nic in the one im looking at is Intel i225 2.5G with a n5105 processor which seems kinda popular. I believe my J1900 cpu/board used 4* Intel WG82583 lan controllers.
Im wondering if the naming would be diffrent and I would have to edit the onfig xml on that one? I imagine this is changing name from eth0 to some other name.
The nic in the one im looking at is Intel i225 2.5G with a n5105 processor which seems kinda popular. I believe my J1900 cpu/board used 4* Intel WG82583 lan controllers.
Im wondering if the naming would be diffrent and I would have to edit the onfig xml on that one? I imagine this is changing name from eth0 to some other name.
3
General Discussion / saved configuration work on new hardware?
« on: September 08, 2023, 01:58:58 am »
I have a chinese board with 4 ethernet ports and a intel j1900. If i buy another mini pc with 4 ports can I load the config file from the old one? How similar does the hardware need to be?
Thanks
Thanks
4
23.7 Legacy Series / Re: Single User Mode
« on: September 07, 2023, 02:09:37 am »
No luck with nano image. Here is screen shot.
root mount waiting for cam
I see that message allot.
I think i am going to find a older image and have them try that.
edit: I wonder if this is a freebsd issue or hardware with my china box Q190G4U
root mount waiting for cam
I see that message allot.
I think i am going to find a older image and have them try that.
edit: I wonder if this is a freebsd issue or hardware with my china box Q190G4U
5
23.7 Legacy Series / Re: Single User Mode
« on: September 06, 2023, 04:03:59 am »
no luck so far. We have removed the msata drive and placed in a sata drive. The bios can see it.The opnsense install does not. Im using the vga image. Im going to have family member download a diffrent image and try that. Maybe the nano?
Pressing #2 causes the sysyem to hang for a long time, we are or I am expecting a prompt.
will the dvd iso write to a thumb drive?
Pressing #2 causes the sysyem to hang for a long time, we are or I am expecting a prompt.
will the dvd iso write to a thumb drive?
6
23.7 Legacy Series / Single User Mode
« on: August 31, 2023, 03:39:27 am »
I'm trying to talk a family member through reinstalling opnsense remotely. Its not going well.
How do you get into single user mode? I'm not getting a command prompt. Nothing that says login. Ctrl + Alt + F1 or F2 does nothing too (sometimes that works in Linux), just messages printed to screen (screeshot) This is 23.1 version.
Spacebar works to pause.
Also tried to install with fresh 23.7 vga img file, copied to thumb drive with dd, installer does not see the ssd drive when logging in via ssh installer@192.168.1.1. , it just shows the usb thumb drive. This is second day of messing around for a couple hours. My device is a qotom j1900 box.
Maybe the ssd is broken?
How do you get into single user mode? I'm not getting a command prompt. Nothing that says login. Ctrl + Alt + F1 or F2 does nothing too (sometimes that works in Linux), just messages printed to screen (screeshot) This is 23.1 version.
Spacebar works to pause.
Also tried to install with fresh 23.7 vga img file, copied to thumb drive with dd, installer does not see the ssd drive when logging in via ssh installer@192.168.1.1. , it just shows the usb thumb drive. This is second day of messing around for a couple hours. My device is a qotom j1900 box.
Maybe the ssd is broken?
7
23.1 Legacy Series / Re: Need help with update (log posted)
« on: June 27, 2023, 06:31:15 pm »
Thanks for the help, Im going to let it ride since wont be home for several more months.
fingers crossed :-D
fingers crossed :-D
8
23.1 Legacy Series / Re: Need help with update (log posted)
« on: June 27, 2023, 12:50:43 am »
I tried, no luck, file shows when I "ls" but not "ls -lah". I tested on another file in directory and it listed the file. Some of the files have something like a hash at the end of the file name.
edit: I have a ton of these msgs in dmesg.yesterday "/mnt: inode 758: check-hash failed
/mnt: inode 757: check-hash failed
/mnt: inode 754: check-hash failed
/mnt: inode 756: check-hash failed
/mnt: inode 752: check-hash failed
/mnt: inode 753: check-hash failed
/mnt: inode 755: check-hash failed
/mnt: inode 764: check-hash failed
/mnt: inode 766: check-hash failed
/mnt: inode 767: check-hash failed
/mnt: inode 760: check-hash failed
/mnt: inode 765: check-hash failed
..........." after a reboot. I wonder if I have a corrupt filesystem. I have a lot of lightning at my house and freq power outages that exceed the UPS. Just a thought.
edit#2
I ran fsck and it says a bunch of stuff like "INODE CHECK-HASH FAILED I=753 OWNER=4294967295 MODE=177777
SIZE=18446744073709551615 MTIME=Jan 1 06:59 1970
FIX? no
.........."
That means trouble right? lol
Code: [Select]
root@J1900:/usr/local/lib/python3.9/test/test_tools/__pycache__ # ls -lah test_lll.cpython-39.opt-1.pyc
ls: test_lll.cpython-39.opt-1.pyc: Invalid argument
root@J1900:/usr/local/lib/python3.9/test/test_tools/__pycache__ # ls -lah test_sundry.cpython-39.opt-2.pyc
-rw-r--r-- 1 root wheel 1.6K Mar 28 05:14 test_sundry.cpython-39.opt-2.pyc
root@J1900:/usr/local/lib/python3.9/test/test_tools/__pycache__ # ls -lah
ls: test_lll.cpython-39.opt-1.pyc: Invalid argument
ls: test_lll.cpython-39.opt-2.pyc: Invalid argument
ls: test_lll.cpython-39.pyc: Invalid argument
ls: test_md5sum.cpython-39.opt-1.pyc: Invalid argument
ls: test_md5sum.cpython-39.opt-2.pyc: Invalid argument
ls: test_md5sum.cpython-39.pyc: Invalid argument
ls: test_pathfix.cpython-39.opt-1.pyc: Invalid argument
ls: test_pathfix.cpython-39.opt-2.pyc: Invalid argument
ls: test_pathfix.cpython-39.pyc: Invalid argument
ls: test_pdeps.cpython-39.opt-1.pyc: Invalid argument
ls: test_pdeps.cpython-39.opt-2.pyc: Invalid argument
ls: test_pdeps.cpython-39.pyc: Invalid argument
ls: test_pindent.cpython-39.opt-1.pyc: Invalid argument
ls: test_pindent.cpython-39.opt-2.pyc: Invalid argument
ls: test_pindent.cpython-39.pyc: Invalid argument
ls: test_reindent.cpython-39.opt-1.pyc: Invalid argument
total 660
drwxr-xr-x 2 root wheel 9.0K Jun 25 22:51 .
drwxr-xr-x 3 root wheel 3.0K Jun 25 22:51 ..
-rw-r--r-- 1 root wheel 1.4K Jun 21 05:17 .pkgtemp.test_lll.cpython-39.opt-1.pyc.F21qEh0gnaWr
-rw-r--r-- 1 root wheel 1.4K Jun 21 05:17 .pkgtemp.test_lll.cpython-39.opt-1.pyc.SLAtPp6mSC72
-rw-r--r-- 1 root wheel 1.4K Jun 21 05:17 .pkgtemp.test_lll.cpython-39.opt-1.pyc.dRm2Lr8DrAGh
.................................
................................
edit: I have a ton of these msgs in dmesg.yesterday "/mnt: inode 758: check-hash failed
/mnt: inode 757: check-hash failed
/mnt: inode 754: check-hash failed
/mnt: inode 756: check-hash failed
/mnt: inode 752: check-hash failed
/mnt: inode 753: check-hash failed
/mnt: inode 755: check-hash failed
/mnt: inode 764: check-hash failed
/mnt: inode 766: check-hash failed
/mnt: inode 767: check-hash failed
/mnt: inode 760: check-hash failed
/mnt: inode 765: check-hash failed
..........." after a reboot. I wonder if I have a corrupt filesystem. I have a lot of lightning at my house and freq power outages that exceed the UPS. Just a thought.
edit#2
I ran fsck and it says a bunch of stuff like "INODE CHECK-HASH FAILED I=753 OWNER=4294967295 MODE=177777
SIZE=18446744073709551615 MTIME=Jan 1 06:59 1970
FIX? no
.........."
That means trouble right? lol
9
23.1 Legacy Series / Re: Need help with update (log posted)
« on: June 26, 2023, 05:49:01 pm »
I don't know enough kung foo to know why either, but here is a screen shot.
10
23.1 Legacy Series / Re: Need help with update (log posted)
« on: June 26, 2023, 04:27:18 pm »Try this command and then re-run the upgrade:Code: [Select]mv /usr/local/lib/python3.9/test/test_tools/__pycache__/test_lll.cpython-39.opt-1.pyc /usr/local/lib/python3.9/test/test_tools/__pycache__/test_lll.cpython-39.opt-1.pyc-old
It is a bug in PKG that's reported and now Franco has two different reports to add to the bug, and if I understood correctly a fix it will land in OPNsense soon regardless of how fast it is addressed upstream. Unsure if this will be a hotfix or 23.1.11/23.7.
We'll find out either here from Franco or in the release notes
I get
Code: [Select]
mv: rename test_lll.cpython-39.opt-1.pyc to test_lll.cpython-39.opt-1.pyc-old: Invalid argument when in that directory. Thanks for the tip, I'm not sure why I get invalid argument. I can see the filelisted when I type lsI guess I will wait a while, opnsense still works for me.
11
23.1 Legacy Series / Need help with update (log posted)
« on: June 25, 2023, 05:57:55 pm »
I keep getting this in the log when updating. I updating over wiregaurd remotely and don't want to brick it.
Anyone know what I should do? I am trying to fix another problem I am having but first thought I would update first.
Anyone know what I should do? I am trying to fix another problem I am having but first thought I would update first.
Code: [Select]
***GOT REQUEST TO UPDATE***
Currently running OPNsense 23.1.5_4 at Sun Jun 25 22:36:17 +07 2023
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (56 candidates): .......... done
Processing candidates (56 candidates): .......... done
Checking integrity... done (0 conflicting)
The following 59 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
easy-rsa: 3.1.5
pkcs11-helper: 1.29.0
py39-tzdata: 2023.3_1
Installed packages to be UPGRADED:
ca_root_nss: 3.89 -> 3.89.1
curl: 7.88.1 -> 8.1.2
dhcp6c: 20200512_1 -> 20230530
glib: 2.76.1,2 -> 2.76.3,2
ifinfo: 13.0 -> 13.0_1
krb5: 1.20.1 -> 1.21
libnghttp2: 1.52.0 -> 1.53.0
libpsl: 0.21.2_2 -> 0.21.2_3
libxml2: 2.10.3_1 -> 2.10.4
lighttpd: 1.4.69 -> 1.4.71
mpd5: 5.9_13 -> 5.9_16
nettle: 3.8.1 -> 3.9.1
nss: 3.89 -> 3.90
ntp: 4.2.8p15_5 -> 4.2.8p17
openssh-portable: 9.2.p1,1 -> 9.3.p1,1
openvpn: 2.5.8 -> 2.6.5
opnsense: 23.1.5_4 -> 23.1.10_1
opnsense-update: 23.1.5 -> 23.1.8_2
os-dnscrypt-proxy: 1.12_1 -> 1.13_1
pftop: 0.8_2 -> 0.8_4
php81: 8.1.17 -> 8.1.20
php81-ctype: 8.1.17 -> 8.1.20
php81-curl: 8.1.17 -> 8.1.20
php81-dom: 8.1.17 -> 8.1.20
php81-filter: 8.1.17 -> 8.1.20
php81-gettext: 8.1.17 -> 8.1.20
php81-ldap: 8.1.17 -> 8.1.20
php81-mbstring: 8.1.17 -> 8.1.20
php81-pdo: 8.1.17 -> 8.1.20
php81-phalcon: 5.2.1 -> 5.2.2
php81-session: 8.1.17 -> 8.1.20
php81-simplexml: 8.1.17 -> 8.1.20
php81-sockets: 8.1.17 -> 8.1.20
php81-sqlite3: 8.1.17 -> 8.1.20
php81-xml: 8.1.17 -> 8.1.20
php81-zlib: 8.1.17 -> 8.1.20
py39-bottleneck: 1.3.6 -> 1.3.7_1
py39-certifi: 2022.12.7 -> 2023.5.7
py39-charset-normalizer: 3.0.1 -> 3.1.0
py39-cython: 0.29.33 -> 0.29.35
py39-dnspython: 2.2.1_1,1 -> 2.3.0,1
py39-idna: 3.4 -> 3.4_1
py39-markupsafe: 2.1.2 -> 2.1.3
py39-numexpr: 2.8.4 -> 2.8.4_1
py39-numpy: 1.24.1,1 -> 1.24.1_4,1
py39-pandas: 1.5.3,1 -> 2.0.2,1
py39-requests: 2.28.2 -> 2.31.0
py39-sqlite3: 3.9.16_7 -> 3.9.17_7
py39-ujson: 5.7.0 -> 5.8.0
py39-urllib3: 1.26.14,1 -> 1.26.16,1
python39: 3.9.16_2 -> 3.9.17
sqlite3: 3.41.0_1,1 -> 3.42.0,1
squid: 5.8 -> 5.9
strongswan: 5.9.10_1 -> 5.9.10_2
suricata: 6.0.9_1 -> 6.0.13
syslog-ng: 3.38.1 -> 4.2.0
Number of packages to be installed: 3
Number of packages to be upgraded: 56
The process will require 6 MiB more space.
[1/59] Upgrading python39 from 3.9.16_2 to 3.9.17...
[1/59] Extracting python39-3.9.17: .......... done
python39-3.9.16_2: missing file /usr/local/lib/python3.9/ensurepip/_bundled/pip-22.0.4-py3-none-any.whl
python39-3.9.16_2: missing file /usr/local/lib/python3.9/lib2to3/Grammar3.9.16.final.0.pickle
python39-3.9.16_2: missing file /usr/local/lib/python3.9/lib2to3/PatternGrammar3.9.16.final.0.pickle
python39-3.9.16_2: missing file /usr/local/share/licenses/python39-3.9.16_2/LICENSE
python39-3.9.16_2: missing file /usr/local/share/licenses/python39-3.9.16_2/PSFL
python39-3.9.16_2: missing file /usr/local/share/licenses/python39-3.9.16_2/catalog.mk
pkg-static: Fail to rename /usr/local/lib/python3.9/test/test_tools/__pycache__/.pkgtemp.test_lll.cpython-39.opt-1.pyc.dRm2Lr8DrAGh -> /usr/local/lib/python3.9/test/test_tools/__pycache__/test_lll.cpython-39.opt-1.pyc:Invalid argument
Starting web GUI...done.
Generating RRD graphs...done.
***DONE***
12
Tutorials and FAQs / Re: Blocking DNS, Private DNS, DNS over HTTPS and others
« on: January 16, 2023, 09:27:33 am »
Wow thanks for the list tiermutter. I did a nslookup on the manually entered ones.
mozilla.cloudflare-dns.com
doh.opendns.com
doh.dns.sb
Those are listed in this one-> https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv4.txt
Incidentally I had to disable the Aliases check box hit save and then click box to re-enable in order for the new list to be populated. (hope that helps someone) 2,400+ DNS over https servers (DoH) all together.
I got my system to work. I can't ping 8.8.8.8 anymore and a device that has 8.8.8.8 for dns manually set goes through dnscrypt according to https://ipleak.net/
The only thing that bothers me is all the queries in the dnscrypt logging tab now say 127.0.0.2 or 192.168.0.4 (where dnscrypt is listening), so I have to look at unbound to see what device is making any questionable queries.
If anyone is going to work on their system I suggest disabling dns cache everywhere you can before you start. Your machine, your browser, unbound.... lol I see there is some tutorials but most are a bit stale. I could make one and post it here if there is interest.
cheers everyone
mozilla.cloudflare-dns.com
doh.opendns.com
doh.dns.sb
Those are listed in this one-> https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv4.txt
Incidentally I had to disable the Aliases check box hit save and then click box to re-enable in order for the new list to be populated. (hope that helps someone) 2,400+ DNS over https servers (DoH) all together.
I got my system to work. I can't ping 8.8.8.8 anymore and a device that has 8.8.8.8 for dns manually set goes through dnscrypt according to https://ipleak.net/
The only thing that bothers me is all the queries in the dnscrypt logging tab now say 127.0.0.2 or 192.168.0.4 (where dnscrypt is listening), so I have to look at unbound to see what device is making any questionable queries.
If anyone is going to work on their system I suggest disabling dns cache everywhere you can before you start. Your machine, your browser, unbound.... lol I see there is some tutorials but most are a bit stale. I could make one and post it here if there is interest.
cheers everyone
13
Tutorials and FAQs / Re: Blocking DNS, Private DNS, DNS over HTTPS and others
« on: January 16, 2023, 06:44:37 am »
Looked like I did not search hard enough, scored a nice one already.
Going to add it to the other lists (ads, tracking/phishing, microsoft, social media lists .....)
Here if anyone else is interested.
https://github.com/oneoffdallas/dohservers
Hopefully this stops devices in my network from circumventing my dnscrypt settings.
Going to add it to the other lists (ads, tracking/phishing, microsoft, social media lists .....)
Here if anyone else is interested.
https://github.com/oneoffdallas/dohservers
Hopefully this stops devices in my network from circumventing my dnscrypt settings.
14
Tutorials and FAQs / Blocking DNS, Private DNS, DNS over HTTPS and others
« on: January 16, 2023, 04:35:46 am »
Been pulling my hair trying to figure out why my test phone is getting dns after I blocked port 53 completely.
Turns out it has a setting "Private DNS" that activates itself once in a while.
Does anyone know if there is a github list that publishes a list of know ip address that run dns over https?
I want my dnscrypt to handle all dns queries, port forward anything on 53 to 5353. Unbound is doing this and port forwarding is also sending port 53 traffic to dnscrypt. My problem is that google and other data mining companies are running https dns resolvers. Firefox and other browsers are defaulting to using this and sending the dns to their buddies resolvers. I want to block these devices on my network that are bypassing my dns settings.
Sorry if this is hard to follow. I keep getting browser updates on computers and the updates change settings that I previous set. They are bypassing my dns even though I block outbound port 53 and port forward 53 to 5353 where dnscrypt is listening. Lets just say I don't think mozzarella, khrome, or edge is on my side and I don't want them getting list of dns lookups from my network. Someone must have a list like the no ads ones on github.
Turns out it has a setting "Private DNS" that activates itself once in a while.
Does anyone know if there is a github list that publishes a list of know ip address that run dns over https?
I want my dnscrypt to handle all dns queries, port forward anything on 53 to 5353. Unbound is doing this and port forwarding is also sending port 53 traffic to dnscrypt. My problem is that google and other data mining companies are running https dns resolvers. Firefox and other browsers are defaulting to using this and sending the dns to their buddies resolvers. I want to block these devices on my network that are bypassing my dns settings.
Sorry if this is hard to follow. I keep getting browser updates on computers and the updates change settings that I previous set. They are bypassing my dns even though I block outbound port 53 and port forward 53 to 5353 where dnscrypt is listening. Lets just say I don't think mozzarella, khrome, or edge is on my side and I don't want them getting list of dns lookups from my network. Someone must have a list like the no ads ones on github.
15
22.1 Legacy Series / Re: Wireguard peer [subnet<->subnet]
« on: June 03, 2022, 04:42:43 pm »
Well after I am far away from home I noticed my setup is not quite working the way I want.
The settings on the vps have AllowedIPs = 10.8.0.7/32, 192.168.44.0/24 for my opnsense peer.
The 192.168.44.0 subnet (opnsense) is what I want to access from the remote peers. It does work, well sort of. It seems like the router (opnsense) is answering all the connections. So if I connect with wireguard remotely and ssh a computer lets say at 192.168.44.5 the router (192.168.44.1) answers the connection and not the computer (192.168.44.5) I can log into opnsense and use shell/terminal to open another connection to 192.168.44.5 but its a bit annoying.
Does anybody know what setting I need to change to get this to work. I don't want to lock myself out. I wont be home for a few months.
The settings on the vps have AllowedIPs = 10.8.0.7/32, 192.168.44.0/24 for my opnsense peer.
The 192.168.44.0 subnet (opnsense) is what I want to access from the remote peers. It does work, well sort of. It seems like the router (opnsense) is answering all the connections. So if I connect with wireguard remotely and ssh a computer lets say at 192.168.44.5 the router (192.168.44.1) answers the connection and not the computer (192.168.44.5) I can log into opnsense and use shell/terminal to open another connection to 192.168.44.5 but its a bit annoying.
Does anybody know what setting I need to change to get this to work. I don't want to lock myself out. I wont be home for a few months.