Messages

1

20.7 Legacy Series / how to terminate a dhcp lease

« on: January 03, 2021, 05:28:13 am »

I was looking at the dhcp leases and I didn't recognize a connection.  I wanted to terminate the lease and see what quit working, but I couldn't figure out out to just terminate it. Any know how to do this?

2

20.7 Legacy Series / Re: User created cron job issues

« on: November 03, 2020, 04:55:34 am »

I finally got it to work. I was totally and utterly stupid.  I wanted it to run every two minutes...not two minutes after each hour. I think I did find an odd bug. I need to do more testing first. 

3

20.7 Legacy Series / Re: User created cron job issues

« on: November 03, 2020, 03:15:05 am »

There is nothing in /var/log/configd older than Oct 13.
Here is the script that is being executed:

Code: [Select]

#!/usr/local/bin/bash
baseDir="/home/mts/cron_scripts/"
errFile="/tmp/users.err"
cronFile="/tmp/getWho.cron"
users=$(/usr/bin/who -a)
if [ ${#users} -gt 0 ]; then
  ${baseDir}discordPush.sh "ALARM: ${users} logged on"
  touch ${errFile}
else
  if [ -f ${errFile} ]; then
    ${baseDir}discordPush.sh "OK: Users have logged off"
    rm ${errFile}
  fi
fi
echo "OK" > ${cronFile}
echo 0
Like I said in my previous post. It works when I do a configctl getwho update.  However, it never works after that. It is like the cron system doesn't even see it. However, when I look in /var/cron/tabs/nobody, I see the following:

Code: [Select]

# Origin/Description: cron/Checking for logged in users
2 * * * * /usr/local/sbin/configctl getwho update
Also, if I run the cron command by hand, it works just fine.

4

20.7 Legacy Series / User created cron job issues

« on: November 01, 2020, 09:49:03 pm »

I have a cron job that lets me know when a user has logged in to my firewall. I have been following this:
https://docs.opnsense.org/development/backend/configd.html
Here are the particulars:
in usr/local/opnsense/service/conf/actions.d I have the following

Code: [Select]

cat actions_getwho.conf
[update]
command:/home/mts/cron_scripts/getWho.sh
parameters:
type:script
description: Check for logged in users
message:get who is logged in.I perform the following:

Code: [Select]

service configd restart
configctl getwho update on the command line.  I get a notice about who is logged in. I set the cron job in the interface. Nothing happens.

I am at a loss
Anybody have any idea what is going on?

5

20.1 Legacy Series / gateway problems

« on: July 10, 2020, 09:26:50 pm »

I know I am just missing something but I can't seem to get a gateway set up properly. I have 5 interfaces:
WAN
LAN: 10.20.0.0/24
OPT1
OPT2
OPT3:173.20.2.0/24

I want to be able to get from my LAN to OPT3. I can't seem to figure out the gateway to get this to work.  Any hints would be beneficial.

Thank you in advance for your time.

6

20.1 Legacy Series / Re: user defined cron jobs to survive reboot

« on: March 09, 2020, 08:03:16 pm »

Thanks much. I will look at that. It didn't occur to me to use configd for custom cron scripts.

7

20.1 Legacy Series / user defined cron jobs to survive reboot

« on: March 06, 2020, 09:03:47 pm »

I created some custom scripts to monitor things such as who logs in, load average, temps, etc.  I set these up so they would send a warning to my discord server.  These scripts required root privs, so added them to the root crontab. They didn't survive a reboot.  Is there a way to add custom cron jobs that will survive a reboot or upgrade?  I know that we have nrpe plugin, but I don't want to have another server just to receive nrpe notifications.  This works without the headache or cost of another server running.

8

20.1 Legacy Series / Re: VGA download of 20.1 not iso format

« on: February 13, 2020, 12:22:00 am »

Try downloading the VGA 64 bit version from any of the USA mirrors. It comes down as an IMG format. To complicate matters, I have tried ImgBurn and Windows. Both say that the image is corrupted or not a valid IMG format

9

20.1 Legacy Series / VGA download of 20.1 not iso format

« on: February 12, 2020, 11:52:49 pm »

I am trying to download the VGA version of OPNSense 20.1 and it is NOT in ISO format, it is in IMG format. Where is the ISO format?

10

18.1 Legacy Series / OpenVPN log warning

« on: July 04, 2018, 06:40:13 pm »

I am getting the following warning in my OpenVPN log file:

Code: [Select]

openvpn[48501]: WARNING: POTENTIALLY DANGEROUS OPTION --verify-client-cert none|optional
(or --client-cert-not-required) may accept clients which do not present a certificateI can't find a place in the server setting to require the client certificate.  How do I fix this? 

Thank you in advance for your help

11

18.1 Legacy Series / Re: Prevent external access of webgui

« on: April 01, 2018, 08:22:21 pm »

Thanks. I had to add the rule to allow wan access when I installed OPNSense. I just allowed everything to get it running.  I modified this and all works.

Thanks again

12

18.1 Legacy Series / Prevent external access of webgui

« on: April 01, 2018, 06:48:22 pm »

Currently, my webGUI can be accessed by the internet.  I want to prevent this from happening. I have a VPN set up so if I want to access externally, I can. However, by default, it seems that anybody with a browser can get access. I would like to completely cut that off. Is there a way to do this?

Thank you in advance for your time.

13

18.1 Legacy Series / Re: 2FA troubles

« on: March 26, 2018, 11:20:06 pm »

Ok, I am stupid, and a real noob.  I forgot to set the Authentication Server to my TOTP server.  Sigh. 

14

18.1 Legacy Series / 2FA troubles

« on: March 26, 2018, 11:06:57 pm »

I am having troubles with my 2FA system.  Here are the settings:
Desc: UniverseTOTP
Type: Local + Timebased One Time Password
Token length: 6

Rest is blank.

I am using Google Authenticator in which I used the following to set it up:
https://wiki.opnsense.org/manual/two_factor.html

I tested it in System->Access->Tester which was successful.  However, when I go to the login page on the GUI webpage, I get a failure.  Then tried to log in with just the userid/password and it succeeded. It is like the GUI is ignoring the 2FA setting.  Am I being a noob and forgetting something?

Thank you in advance for your time.