Messages

1

19.7 Legacy Series / Re: GUI on Google Chrome: tools to move, delete, edit, clone rules not visible

« on: September 25, 2019, 10:49:29 am »

I found a way.
Using the button "Inspect" on the right top of the page, everything becomes clearly visible (tools, ecc.). When you deselect that button and make a page refresh problem appears again.
To tell the truth I never used it before and it has come with one of the latest updates.

Thanks,
Michele.

2

19.7 Legacy Series / Re: GUI on Google Chrome: tools to move, delete, edit, clone rules not visible

« on: September 25, 2019, 09:23:48 am »

Hello Franco and thanks for reply.
Well, if a minimize the navigation bar and/or make the whole windows smaller horizzontally or make any other resizing operation the result is the same: I don't see the tools buttons. Besides, when I resize the window horizzontally, text and pictures are somehow split into two parts.
I attached another shot for better comprehending.

Cheers,
Michele.

3

19.7 Legacy Series / GUI on Google Chrome: tools to move, delete, edit, clone rules not visible

« on: September 23, 2019, 04:23:09 pm »

Hi.
As I just wrote in the object: I noted that on the right side of the GUI tools to manage rules are not visible in Google Chrome while they're in Mozilla Firefox and in IE.
I attached two shots of both browsers just to see the differences (see the red circles).

Is there anyone who knows the reason ot this strange behaviour in Google Chrome and eventually how to solve this little problem?

Thanks and cheers,
Michele.

4

19.7 Legacy Series / Re: Error on Suricata 4.1.4_4 Logs

« on: September 23, 2019, 04:08:42 pm »

Noone who faced this problem and tried to solve it?

5

19.7 Legacy Series / Error on Suricata 4.1.4_4 Logs

« on: September 12, 2019, 04:37:13 pm »

I recently noted this error on Suricata logs:
"suricata: [100148] <Warning> -- [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE(317)] - in 5.0 the default for decoder event stats will go from 'decoder.<proto>.<event>' to 'decoder.event.<proto>.<event>'. See ticket #2225. To suppress this message, set stats.decoder-events-prefix in the yaml."

I also can't see any packet blocked by suricata so I guess it's not working.

I tried to restart the service but error comes again.

I searched for 2225 ticket and found this for version 4.1.3: "Bug #2225: when stats info dumping in redis,the decoder.ipv4.trunc_pkt can’t output.In the same time, in the stats.log this can output" but to tell the truth I did not understand whether I can solve the issue or not.

Is there a way to solve it?

Thanks and cheers.

Michele.

6

19.1 Legacy Series / Re: Open VPN daemon doesn't start after firewall reboot

« on: June 13, 2019, 09:11:29 am »

Hi Franco.
Just to let you know that after 19.1.9 update openvpn status is still down on the GUI.

When I first rebooted the firewall it seemed to be ok but after a second reboot the problem is still there. I had to find the process with a "ps auxw | grep openvpn", kill it and then restart openvpn server form the gui.

Thanks a lot.

Cheers,
Michele.

7

19.1 Legacy Series / Re: Open VPN daemon doesn't start after firewall reboot

« on: May 13, 2019, 10:44:35 am »

Ok Franco.
I will wait for the fix in 19.1.9 release.

Thanks a lot.

Cheers,
Michele.

8

19.1 Legacy Series / Re: Open VPN daemon doesn't start after firewall reboot

« on: May 10, 2019, 03:22:28 pm »

Hi Franco,
thanks for reply.

I tried to apply patch with command "opnsense-patch c217bee" but console return me this:  "1 out of 1 hunks failed while patching etc/inc/plugins.inc.d/openvpn.inc".

Am I doing something wrong?

Then sorry but I did't understand what you wrote at the end of your post: you mean patch will be applied with the 19.1.9 opnsense update?

Thanks and cheers,
Michele.
 

9

19.1 Legacy Series / Open VPN daemon doesn't start after firewall reboot

« on: May 08, 2019, 04:00:44 pm »

I have two Openvpn servers in the same firewall: OPN1 and OPN2.
Sometimes after a firewall reboot both deamons don't come up and in dashboard they're red. If I try to restart them they don't and logs says that:
"openvpn[76450]: Exiting due to fatal error;
 openvpn[76450]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
 openvpn[76450]: TUN/TAP device ovpns1 exists previously, keep at program end"

I found an old post https://forum.opnsense.org/index.php?topic=6376.0 and there I found the solution to find and kill processes. In that post a bug was opend at Github but I was not able to understand whether the bug had been correct or not.

Is it known why this happens?
Is there a more simply way to make Open VPN deamons come up after a simple firewall reboot (for example for a system update)?

Thanks a lot.

Best regards,
Michele

10

19.1 Legacy Series / Re: Request filter log output in Backend Log File

« on: April 03, 2019, 08:16:11 am »

Hello!
No one can help me to find out whether those rows that keep on filling my system logs are a problem or not?
Does it happen to anyone?

Thanks,

Michele.

11

19.1 Legacy Series / Request filter log output in Backend Log File

« on: March 25, 2019, 12:34:23 pm »

I have a Dell server with 19.1.4 x64 release.
I saw lots of messages in "System -> Log Files -> Backend" showing "Request filter log output".
Times ago it happened the same, I shutdown and restart server and logs went away (so it's not versione related).
Today I have the same "problem".
It seems like a sort of container gets full and needs to be emptied.
Can someone tell me why this is happening and eventually how to stop it?

Thanks a lot.

Cheers,
Michele.

12

19.1 Legacy Series / Re: OpenVPN server for LAN Access

« on: February 13, 2019, 04:28:14 pm »

If you can't see anything in firewall logs it should be for these reasons:

• packets from VPN client don't reach the firewall
• packets reach the firewall, reach your hosts but are not correctly routed back to the VPN client
• you hosts in LAN somehow block some traffics (firewall?)
• a mix of these reasons

Anyway you have to investigate more.
Sorry I can't you help you any further. 

Cheers,
michele.

13

19.1 Legacy Series / Re: OpenVPN server for LAN Access

« on: February 13, 2019, 03:50:26 pm »

You omitted to attach the VPN rules before... 
Anyway with that rule you permit everything to everywhere from the VPN network (a bit dangerous on my opinion) and you should be able to connect to your hosts on the LAN segment. No need to create any rule on the LAN network.
What kind of services are you trying? Rdp, ftp, icmp, ecc.?
What is showing in your firewall logs? I mean, do your packets reach your LAN hosts or not?

Cheers,
Michele.

14

19.1 Legacy Series / Re: OpenVPN server for LAN Access

« on: February 13, 2019, 03:17:16 pm »

Hi.
I can't see any rule from your VPN network to your LAN network.
Do some test connecting through the VPN, pinging some hosts inside your LAN, looking at the firewall logs: you should see that your ICMP packets are blocked by the firewall.
If that's the case, create the appropriate rules to permit access to the services you need from the VPN to the LAN and you should be ok.

Cheers,
Michele.

15

19.1 Legacy Series / Re: Strange upgrade behavior from 18.7.10_4 to 19.1_1

« on: February 13, 2019, 09:30:23 am »

Hi newsense.
Now I understand our misunderstanding. 
I entitled the thread "Strange upgrade behavior from 18.7_4 to 19.1_1" whereas it shound have been "Strange upgrade behavior from 18.7.10_4 to 19.1_1". Now I can see the meaning of you words.
I corrected the title of the thread.
So, I made the upgrade from the last version on the 18.7 branch to the 19.1, correctly in this sense.
Maybe you can clearly undestand my problem in the right way now.

Sorry for my typing mistakes.

Cheers,
Michele.