Messages

1

21.1 Production Series / Re: Let's encrypt renewal automation

« on: May 08, 2021, 10:55:45 am »

Just checked and still no events in General that have ACme in them at all.  There are some in Backend but they seem to relate to the Opnsense UI.

I'm going to clear the logs and do it all again and then see what I see.

2

21.1 Production Series / Re: Let's encrypt renewal automation

« on: May 07, 2021, 10:48:17 am »

Ta Maurice,

It has been around a while, probably set it up a couple of years ago and got fed up with manually resetting the certificate so I've been using Self generated instead.   Decided that I should be doing this properly so hence why relooking.

I have tried disabling and reenabling.   It definitely removed the chron job between so hopefully this will fix.

3

21.1 Production Series / Re: Let's encrypt renewal automation

« on: May 05, 2021, 10:17:58 am »

Thanks Maurice,

Auto renewal is definitely on.  I checked Chron and found that I had two jobs in there.  Not sure why and I removed one of them.

Checked the logs and there are no references to AcmeClient.

I will leave it for a couple of days incase removing one of those entries makes it work and then report back in again if it is still not doing anything :-)

4

21.1 Production Series / Let's encrypt renewal automation

« on: May 04, 2021, 12:04:18 pm »

Hi there,

My Let's encrypt certificate never auto renews and I am not sure why.   I have to do this manually every time which is extremely tedious!  I wonder if I have something set wrong in the schedule page or something.  Could someone share the settings they use to make sure this works?

5

20.7 Legacy Series / Re: 20.7.7_1 - Unbound tcp permission denied

« on: January 05, 2021, 05:27:19 pm »

Is Ubound still running.  Mine keeps stopping and there is a thread here.   

https://forum.opnsense.org/index.php?topic=20753.new;topicseen#new

6

20.7 Legacy Series / Re: Unbound keeps stopping

« on: January 05, 2021, 05:25:41 pm »

Thanks for the pointer.   Would still like to know if Monit could kick it back off again when it does this though.

7

20.7 Legacy Series / Unbound keeps stopping

« on: January 05, 2021, 12:30:03 pm »

Been ages since I've had any issue with OpnSense and I am running on 20.7.7 (installed) with Unbound at 1.13.0 (though have noticed that an _1 is now there and updated).

My problem is that unbound keeps stopping, and that breaks everything.  It seems to do this fairly randomly but it is a pain when it does!  Now I know the challenge I can just get on the switch and start it again, however I feel like it may be possible to autostart it with Monit if it fails.  Has anyone done this or got a pointer to some information on how to make that work?

8

20.7 Legacy Series / Re: Wireguard and 20.7

« on: August 31, 2020, 12:39:43 pm »

Scratch that.  Just did a hard reset on the opnsense router (ie turn it off and on again rather than reset through software) and I am running again.

9

20.7 Legacy Series / Wireguard and 20.7

« on: August 31, 2020, 12:15:25 pm »

I've been using Wireguard for quite some time now and its been great.

Saturday I upgraded my router to 20.7 (finally) and now I have discovered that wireguard is no longer functioning.  It makes connections fine and wireguard client is seeing data sent to the wireguard server on my opnsense box but nothing coming back.

On the server I look in the configuration and this sees data being received and sent from the client.  Which suggests that the data being sent is not getting off the router.   When I ping from the client the address of the VPN server I get no response.

Feels like something has changed in the routing or rules.  I've not made any changes so I don't think it is me.  Does anyone have any pointers to where to look to fix this?

10

20.7 Legacy Series / Re: Upgraded to 20.7 now Wife cannot connect to work - I'm in trouble - any ideas

« on: August 30, 2020, 10:42:04 pm »

Thanks both,  I have IPv6 switched off.

I have noticed my wireguard has also gone defunct so it could be that something has changed with regard VPNS.

I will keep poking.

11

20.7 Legacy Series / Upgraded to 20.7 now Wife cannot connect to work - I'm in trouble - any ideas

« on: August 30, 2020, 02:17:02 pm »

Yesterday everything was fine.  Last night I upgraded to 20.7 and today she cannot connect to her work.

Their system uses Blackberry secure and it no longer attaches on either Wifi or LAN.  I did not changes other than to upgrade to this version.

Anyone have any idea what is new about 20.7 that could cause this issue?  Everything looks good, and all seems to be working normally other than this.  I wondered if something has changed about allowing VPNs or something?

12

20.1 Legacy Series / Amazon Echo discovery across interfaces

« on: July 23, 2020, 04:39:19 pm »

I am looking for advice with getting the above working.

I have a wireless network on one interface and a wired network on a second interface.  The Echo I have is on wireless and the server it needs to reach on the wired interface.

There are any any rules between the two interface currently.  If I try to discover then the echo will fail.  However if I plug the wireless router into the wired router rather than the second interface then the echo will correctly find the devices, proving this is about protocol crossing the interfaces.

I have the mDNS relay enabled and on these two interfaces and that does not help.  From investigation I believe this may be something to do with either SSDP or multicast between the interfaces (or both) however I've not been able to figure out what.  Can anyone out there help?

13

20.1 Legacy Series / HAProxy as forward proxy with SSL

« on: June 22, 2020, 10:07:19 pm »

Hi there I am using the HAProxy service for reverse proxy.

I can happily get the system to work if I only use HTTP, however I wanted to use HTTPS.  I have tried this in two ways.  I have an internal certificate which I generally use with the machine based of a CA on OpnSense.  This works fine internally.  I also have a LE wildcard cert, the problem with this one is it times out so quickly and recently LE on OpnSense has been a bit of a pain.

What I see in the HAProxy logs is " SSL handshake failure".   I have tried this with SSL offloading on and off and with both certificates however I still get the same single message.  Obviously something is not right.  My hope was that it would pass through the certificate and even though I would have a certificate error on the client at least  it would work and the traffic would be encrypted.

Something is wrong with my thinking, anyone know what it is...?

14

20.1 Legacy Series / DHCP4 - Status... what is that?

« on: June 11, 2020, 02:26:32 pm »

When you look at the leases in DHCP there is a table one of the columns of which is labelled status.  What does this actually do?  It seems woefully inaccurate at saying whether a device is actually online or not.  It shows my main router as Offline when clearly it can't be and it shows my switched off mobile phone as connected.

Is there a way to get good information at what is actually connected at what time?

15

20.1 Legacy Series / Trust Certificates - Where are they and can they be deleted?

« on: May 21, 2020, 05:26:00 pm »

Having time on my hands I am tidying up my network as I should have done ages ago.

I have added a CA and some self generated certificates which I selected the option to store on the OpnSense box.  In hindsight I realise that storing this on the only outward facing device on my system may not be the best idea and I should probably move them elsewhere ;-)

Challenge is that I then can't figure out where they are and if there is a tidy up option somewhere that would do this for me?