Messages

1

20.7 Legacy Series / OpenVPN will not start on 20.7.2-amd64

« on: March 16, 2021, 01:27:18 am »

Hello everyone. Can someone give me pointers on figuring out why OpenVPN and OpenSSH will not start?

When I select VPN:OpenVPN:Clients and press the start icon I get a green icon. But when I return to the dashboard The red stop button is there as if it's running.

When I go to Connection Status under OpenVPN it's there also. I have rebooted, shut the system totally down and the same behavior.

I tried to log in through the shell and found OpenSSH was not running. What would cause these services to not start?

What can I do to reinstall these apps, or what ever is preventing them from starting?

Any guidance would be greatly appreciated,

James

2

General Discussion / Re: Cannot upgrade pkg 1.15.6

« on: March 15, 2021, 08:53:40 pm »

vm_fault: pager read error, pid 52506 (pkg-static)
Failed to fully fault ina core file segment at VA 0x10053800000 with size 0xfb1000 to be written at offset 0x9d3000 for precess pkg-static
pid 52506 (pkg-static), jid 0, uid 0: exited on signal 11 (core dumped)

3

General Discussion / Re: Cannot upgrade pkg 1.15.6

« on: December 18, 2020, 05:43:38 pm »

# pkg bootstrap -f
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://mirror.sfo12.us.leaseweb.net/opnsense/FreeBSD:12:amd64/20.7/latest, please wait...
Verifying signature with trusted certificate pkg.opnsense.org.20200313... done
Installing pkg-1.15.10_1...
package pkg is already installed, forced install
Child process pid=36200 terminated abnormally: Segmentation fault

4

General Discussion / Cannot upgrade pkg 1.15.6

« on: December 17, 2020, 11:29:34 pm »

Hello can someone point me to a solution to fix an upgrade issue. I get this error while trying to do a mandatory upgrade.

Installed packages to be UPGRADED:
   pkg: 1.15.6 -> 1.15.10_1

Number of packages to be upgraded: 1
[1/1] Upgrading pkg from 1.15.6 to 1.15.10_1...
Child process pid=17194 terminated abnormally: Segmentation fault
A firmware update is currently in progress.

*** OPNsense.localdomain.local: OPNsense 20.7.2 (amd64/OpenSSL) ***

5

20.7 Legacy Series / Re: Upgrade from 20.1.9_1 to 20.7 failed - no sig file found

« on: August 02, 2020, 04:49:12 pm »

Changing the OPNsense.conf file fixed it. Thank you for the help.

James

6

20.7 Legacy Series / Re: [SOLVED] upgrade from 20.1.9 to 20.7 failed

« on: August 02, 2020, 04:48:07 pm »

Okay, changing that file fixed it. Great job, that's for responding and posting the remedy.

I'm back up again,

James

7

20.7 Legacy Series / Upgrade from 20.1.9_1 to 20.7 failed - no sig file found

« on: August 02, 2020, 07:58:59 am »

Can someone help me with a failed system update. Now it's stuck and won't upgrade. No connectivity for clients but can ping from shell.

When I try and update from the OPNsense web client I get a response of:
Firmware status check was aborted internally. Please try again.

***GOT REQUEST TO UPGRADE***
Fetching packages-20.7-OpenSSL-amd64.tar: .. failed, no signature found
***DONE***

When I use option 12 to update from console it states nothing found. I entered the 20.7 major update response at at prompt but it can not find the sig file?

What can I do to save this system, any help would greatly be appreciated.

James

8

20.7 Legacy Series / Re: [SOLVED] upgrade from 20.1.9 to 20.7 failed

« on: August 02, 2020, 07:37:10 am »

I have a similar problem. I can't update after failed update. Where did you find the OPNsense.conf file to edit?

9

19.7 Legacy Series / Sunnyvalley Sensei Shows in Main Menu - MongoDB not Shown in Services Window

« on: December 12, 2019, 04:46:45 am »

Quick question, title saids it all

Are there plans to move Sensei under Services of the main menu on the left like all other services, i.e. Ntopng, Redis, ClamAV, and others?

Also, shouldn't there be a listing for MongoDB in the Services window on the right of the Dashboard?
Currently the only way to determine whether the database is running, or need to be restarted is to go inside the Sensei web app. Suricata, Monit, and others are listed giving a quick view they are running.

10

19.7 Legacy Series / Re: Cannot assign an IP configuration type to a tunnel interface

« on: August 03, 2019, 04:35:27 am »

I managed to get the VPN working without the VPN interface.

Seems to be working but I notice this forum can see my real IPaddress. lol Where I think other sites can't even browserleak.com.

11

19.7 Legacy Series / Cannot assign an IP configuration type to a tunnel interface

« on: August 03, 2019, 02:54:23 am »

Hi,

I have a question on setting the tunnel interface opt1

When trying to select DCHP I get:

The following input errors were detected:
      Cannot assign an IP configuration type to a tunnel interface.

Was there a change from 19.1 to 19.7?

It will not save unless I choose 'None' in the IPv4 Configuration Type field.

Can anyone suggest where I start looking?

All was working until I upgraded, Now I have to disable everything in the VPN and Firewall to get out on the internet

Thanks for any time spent on this issue

12

19.1 Legacy Series / Re: NordVPN updated their OPNsense VPN setup guide to 19.1

« on: June 29, 2019, 10:09:51 pm »

Another note to watch out for when setting up your own client.

The guide state to use:

AES-256-GCM

When using that cipher you may get this error:

openvpn[24738]: WARNING: 'cipher' is used inconsistently, local='cipher AES-256-GCM', remote='cipher AES-256-CBC'

So be sure to check inside the .ovpn file. The server I choose uses:

AES-256-CBC

The guide does not mention some servers may use a different cipher:

13

19.1 Legacy Series / Re: NordVPN updated their OPNsense VPN setup guide to 19.1

« on: June 29, 2019, 07:29:57 pm »

They already corrected one after contacting them

It showed in one of the images: 'Don't Pull Routes' was selected.
They updated that image.

Another issue that is not there, is Outbound DNS does not respect the System:Settings:General DNS entries when using the NordVPN interface. We had to enter them under each interface DHCPv4 DNS settings in order to get a resolve for hostnames.

I'm unsure if this causes each client to bypass Unbound DNS and resolve directly for each site visited.

In the advance options for the NordVPN client setup the guide mention to add:

remote-random;
reneg-sec 0;

When there is a setting for that in the GUI?
Renegotiate time: leave blank;
Select remote server at random

You can select the too settings above right in the in the GUI.

Renegotiate time: 0
Select remote server at random: checked

Inside the .ovpn file 'fast-io' is listed and should be put in the advance options as well. But I would check the server .ovpn file you are going to use. I also added the auth-nocache to prevent OpenVPN client from caching the user name and password in memory.

fast-io;
auth-nocache;

Mine looks like this:

tun-mtu 1500;
tun-mtu-extra 32;
mssfix 1450;
persist-key;
persist-tun;
remote-cert-tls server;
fast-io;
auth-nocache;



 

14

19.1 Legacy Series / Re: NordVPN updated their OPNsense VPN setup guide to 19.1

« on: June 29, 2019, 06:12:17 am »

They corrected the link:

https://support.nordvpn.com/Connectivity/Router/1292598142/OPNsense-19-1-setup-with-NordVPN.htm

15

19.1 Legacy Series / NordVPN updated their OPNsense VPN setup guide to 19.1

« on: June 29, 2019, 06:10:20 am »

After many attempts to setup NordVPN as a client I called tech support and pointed out there are errors in that guide. I received an email stating they had updated the guide.

You can find it here:

https://support.nordvpn.com/Connectivity/Router/1292598142/OPNsense-18-7-setup-with-NordVPN.htm

Notice the link still states 18.7 and I noticed a couple errors still remain. But others were fixed.