Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Rolly82

#1
German - Deutsch / Bandbreite Garantieren
January 23, 2023, 04:54:06 PM
Hallo zusammen,
gibt es eine einfache Möglichkeit für ein Bestimmtes LAN-Netz eine Mindestbandbreite festzulegen?
Im Speziellen geht es mir ums VoIP Netz und hier möchte ich, dass immer min. 120kBit/s je Session für dieses Netz zur Verfügung stehen. Das mit den Pipes habe ich mir mal durchgelesen, da müsste ich ja dann (wenn ich es richtig gelesen habe) wissen, welche Bandbreite meine (schwankende) DSL-Leitung gerade hat und dies immer anpassen, wenn ich die volle Geschwindigkeit ausfahren will und mindestens 2 Regeln erstellen (VoIP & Rest) oder kann ich den ,,Rest" einfach weglassen und die opnSense bedient sich einfach aus der noch zur Verfügung stehenden Bandbreite? Dies wird in der Anleitung https://docs.opnsense.org/manual/how-tos/shaper_prioritize_using_queues.html, welche ja ehr eine Bandbreitenbegrenzung beschreibt nicht ersichtlich.
Schon mal danke für eure Hilfe

MfG
Roland
#2
German - Deutsch / Re: Zotac CI331 passend?
August 24, 2022, 12:07:07 AM
Ich hatte die SSD und den RAM noch rumliegen. Und die Zotac war um 300€.
Zum Kaufzeitpunkt waren die APU Boards nicht verfügbar, somit hat es für mich gepasst.
#3
Alles klar, hatte nämlich das Problem mit dem WAN-Interface schon als ich testweise das IPv4 Upstream Gateway von "FritzBox..." auf "Auto-detect" umgestellt hatte.
#4
German - Deutsch / Re: Zotac CI331 passend?
August 23, 2022, 09:39:36 PM
Ich habe OPNsense auf einer Zotac ZBOX CA621 nano (AMD Ryzen 3 3200U) fast ohne Probleme laufen (MagentaTV / IGMPv3 klappt einfach nicht)
Sollte also nicht an den Realtek-NICs scheitern.
Habe OpenVPN, Zenarmor, AdguardHome und den UniFi-Controller drauf laufen, die RAM-Auslastung ist so bei 3000 MB und die CPU "dümpelt meist so bei max 5% rum.

MfG
Roland
#5
Hab es von SLAAC auf DHCPv6 umgestellt, nun funktioniert es  :D
Vielen Dank!!!

P.S.: wie kann man Änderungen am ,,WAN" Interface übernehmen, ohne dass man die OPNsense neu booten muss?
Wenn ich dies nämlich nicht mache, habe ich nach Änderungen am ,,WAN" Interface kein Verbindung mehr ins INet. Ein de- un reaktivieren hat (bei mir) zumindest nicht geholfen.
#6
Quote from: ziegler on August 23, 2022, 06:51:12 PM
Ich habe jetzt einen Alias erstellt als TYP URL Table (IP) und dann https://raw.githubusercontent.com/ktsaou/blocklist-ipsets/master/firehol_level1.netset als CONTENT eingetragen.

Eine Block-Regel auf WLAN  und LAN erstellt wo ich diesen Alias dann verwende.


Soweit ich weiß sind in der Level_1 Liste alle Privaten IP-Netze (192.168.0.0/16 -> also auch dein AP mit der 192.168.2.2) somit musst du entweder deine Allow DNS Regel vor die FireHol Regel stellen oder eben die Level_2 Liste nehmen
#7
Dann skizziere ich mal meinen Netz Aufbau, evtl. hilft das ja:

WAN / Internet
            :
            : PPPoE-Provider (Telekom)
            :
      .-----+-----.
      |  Gateway  |  (Fritz!Box 192.168.178.1/24)
      '-----+-----'
            |
            | IPoE (192.168.178.0/24)
            |
      .-----+------.
      |  OPNsense  | (WAN 192.168.178.254/24 outbound NAT is disabled)
      '-----+------' AdGuard auf Port 53 / Unbound auf Port 5335
            |
        LAN | 192.168.10.254/24
            |
      .-----+------.
      | LAN-Switch |
      '-----+------'
            |
    ...-----+------... (Clients/Servers)


Einstellungen des "Interfaces: [WAN]"
Block private networks deaktiviert
Block bogon networks deaktiviert
IPv4 Configuration Type Static IPv4
IPv6 Configuration Type SLAAC
IPV4 address 192.168.178.254/24
IPv4 Upstream Gateway FritzBox_IPv4 - 192.168.178.1


Einstellung des "System: Gateways: Single"
Name Interface Protocol Priority Gateway Monitor IP RTT RTTd Loss Status Description
FritzBox_IPv4 (active) WAN IPv4 255 (upstream) 192.168.178.1 ~ ~ ~ Online
LAN_TRACK6 (active) LAN IPv6 254 fe80::201:2eff:fea4:30fe ~ ~ ~ Online Interface LAN_TRACK6 Gateway
WAN_DHCP6 WAN IPv6 254 fe80::9a9b:cbff:fe4d:6ea5 ~ ~ ~ Online Interface WAN_DHCP6 Gateway





Ausgabe unter "System:Firmware"
Type opnsense
Version 22.7.2
Architecture amd64
Flavour OpenSSL
Commit 412c0b79c
Mirror https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Repositories OPNsense, SunnyValley, mimugmail
Updated on Sun Aug 21 10:54:45 CEST 2022
Checked on Tue Aug 23 18:23:46 CEST 2022


Ausgabe des "AUDIT CONNECTIVITY"
***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 22.7.2 (amd64/OpenSSL) at Tue Aug 23 18:36:21 CEST 2022
Checking connectivity for host: pkg.opnsense.org -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes
1508 bytes from 89.149.211.205: icmp_seq=0 ttl=57 time=17.031 ms
1508 bytes from 89.149.211.205: icmp_seq=1 ttl=57 time=16.830 ms
1508 bytes from 89.149.211.205: icmp_seq=2 ttl=57 time=17.265 ms
1508 bytes from 89.149.211.205: icmp_seq=3 ttl=57 time=16.841 ms

--- 89.149.211.205 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 16.830/16.992/17.265/0.177 ms
Checking connectivity for repository (IPv4): https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 798 packages processed.
Updating SunnyValley repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .. done
Processing entries: .... done
SunnyValley repository update completed. 31 packages processed.
Updating mimugmail repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: ....... done
Processing entries: .......... done
mimugmail repository update completed. 175 packages processed.
All repositories are up to date.
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:4f00:a005:5::
PING6(1548=40+8+1500 bytes) 2003:d1:f3a:e600:201:2eff:fea4:30fe --> 2001:1af8:4f00:a005:5::
1508 bytes from 2003:d1:f3a:e600:201:2eff:fea4:30fe, icmp_seq=1 hlim=64 time=0.132 ms
1508 bytes from 2003:d1:f3a:e600:201:2eff:fea4:30fe, icmp_seq=2 hlim=64 time=0.125 ms
1508 bytes from 2003:d1:f3a:e600:201:2eff:fea4:30fe, icmp_seq=3 hlim=64 time=0.068 ms

--- 2001:1af8:4f00:a005:5:: ping6 statistics ---
4 packets transmitted, 3 packets received, 25.0% packet loss
round-trip min/avg/max/std-dev = 0.068/0.108/0.132/0.029 ms
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: Authentication error
repository OPNsense has no meta file, using default settings
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: Authentication error
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: Authentication error
Unable to update repository OPNsense
Updating SunnyValley repository catalogue...
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.7/OpenSSL/latest/meta.txz: Authentication error
repository SunnyValley has no meta file, using default settings
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.7/OpenSSL/latest/packagesite.pkg: Authentication error
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.7/OpenSSL/latest/packagesite.txz: Authentication error
Unable to update repository SunnyValley
Updating mimugmail repository catalogue...
pkg: https://opn-repo.routerperformance.net/repo/FreeBSD:13:amd64/meta.txz: No address record
repository mimugmail has no meta file, using default settings
pkg: https://opn-repo.routerperformance.net/repo/FreeBSD:13:amd64/packagesite.pkg: No address record
pkg: https://opn-repo.routerperformance.net/repo/FreeBSD:13:amd64/packagesite.txz: No address record
Unable to update repository mimugmail
Error updating repositories!
***DONE***


Schon mal danke für die Hilfe.
#8
root@OPNsense:~ # cat /etc/resolv.conf
domain localdomain
nameserver 127.0.0.1
search localdomain


root@OPNsense:~ # host pkg.opnsense.org
pkg.opnsense.org has address 89.149.211.205
pkg.opnsense.org has IPv6 address 2001:1af8:4f00:a005:5::


root@OPNsense:~ # echo | openssl s_client -connect pkg.opnsense.org:443
CONNECTED(00000003)
depth=0 CN = OPNsense.localdomain, C = NL, ST = Zuid-Holland, L = Middelharnis, O = OPNsense self-signed web certificate
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = OPNsense.localdomain, C = NL, ST = Zuid-Holland, L = Middelharnis, O = OPNsense self-signed web certificate
verify return:1
---
Certificate chain
0 s:CN = OPNsense.localdomain, C = NL, ST = Zuid-Holland, L = Middelharnis, O = OPNsense self-signed web certificate
   i:CN = OPNsense.localdomain, C = NL, ST = Zuid-Holland, L = Middelharnis, O = OPNsense self-signed web certificate
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHNDCCBRygAwIBAgIUBSKn180gjPS66mep22Mo1IGawHEwDQYJKoZIhvcNAQEL
BQAwgYkxHTAbBgNVBAMMFE9QTnNlbnNlLmxvY2FsZG9tYWluMQswCQYDVQQGEwJO
TDEVMBMGA1UECAwMWnVpZC1Ib2xsYW5kMRUwEwYDVQQHDAxNaWRkZWxoYXJuaXMx
LTArBgNVBAoMJE9QTnNlbnNlIHNlbGYtc2lnbmVkIHdlYiBjZXJ0aWZpY2F0ZTAe
Fw0yMjA4MjEwNzUwMzdaFw0yMzA5MjIwNzUwMzdaMIGJMR0wGwYDVQQDDBRPUE5z
ZW5zZS5sb2NhbGRvbWFpbjELMAkGA1UEBhMCTkwxFTATBgNVBAgMDFp1aWQtSG9s
bGFuZDEVMBMGA1UEBwwMTWlkZGVsaGFybmlzMS0wKwYDVQQKDCRPUE5zZW5zZSBz
ZWxmLXNpZ25lZCB3ZWIgY2VydGlmaWNhdGUwggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQCp4BjjUJ6RH04RIdeUyfZi8FJ2u//ycqDwky5t29y90hcqrvB8
ldb7+xG29zS4cF12YcNbMdH0+QOgJ/2xwdzExnv2x54pWfQkhetdljKlXMqvsYYh
jOr4mlL2YpeIbqGZprvbvSomahQ++fPtLKg/p8jAqskbQKFjl9krj0EooaVmS9nE
0kp9CSkrojnIe4te7LvzzUQcKuostuox0oNPlovlQI85OM88UsMATDPEzncYGkd6
yd6TSpLJGUuP7ghXLgl+hVP3zD4OekLPy2GVpfwkOrN+zerVziMGSp6sewGQI5mL
Zva1fcZj04Y4lAER9uX5J7ZiJ+i36XFnQ9IhaYb6VX4VGqx6HLw9nqV0DKfp/B2Z
GokMBpFJ4bJRwAuB0t4D5ieEOw9ofRNlAwCX+/BeOhuYH7Gp3L/AuTzeQdGLvXP+
IMm98QLrBxOPJpXWMixYwwoFQSdqRm0gE2SvYoZHBUsphR9vc2NjuLTvqQXvyzQx
r3JlCCXWAxe+VuW2Qsl0Vt/+nEY/aqYCxtOtwraE8Uq3L9GoKYFOEc8BPaxSeeBj
EYwgqSKba+TS08TqHoaf6vRGCG8ZfJ0LzzU1NVlTAkQbJe4PwWwSaNwaL0DOc+pb
AJSxckXh/NNAZ9EicKgYpZtJwx4yzC9aMOyVwC3BMvwkTlsXc6k+0yIcHQIDAQAB
o4IBkDCCAYwwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4
QgENBCcWJU9QTnNlbnNlIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYD
VR0OBBYEFI4n7lEpoD9T/sP5gITQfKaWr/AEMIHJBgNVHSMEgcEwgb6AFI4n7lEp
oD9T/sP5gITQfKaWr/AEoYGPpIGMMIGJMR0wGwYDVQQDDBRPUE5zZW5zZS5sb2Nh
bGRvbWFpbjELMAkGA1UEBhMCTkwxFTATBgNVBAgMDFp1aWQtSG9sbGFuZDEVMBMG
A1UEBwwMTWlkZGVsaGFybmlzMS0wKwYDVQQKDCRPUE5zZW5zZSBzZWxmLXNpZ25l
ZCB3ZWIgY2VydGlmaWNhdGWCFAUip9fNIIz0uupnqdtjKNSBmsBxMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQgCAjALBgNVHQ8EBAMCBaAwHwYDVR0RBBgwFoIU
T1BOc2Vuc2UubG9jYWxkb21haW4wDQYJKoZIhvcNAQELBQADggIBAFn4gE7+c5RA
6hqmE+PLc2KlmvVJrceE3Q8H6jpdiPDW33bivBj3qtuMbhrCk9Cl27lOAJ51CE3t
YEJeuBPDse8CfFe18SFLVilK7wOtxAJIiWQfUGl+tBmdBQHdfWAQ1SYGAkI6lmd/
RWFXeQG5g9aheAUaz9bju4jBxi3kaoK74/obcZAIzg/lzLZK5pjifP3dZM4M9wVQ
R58O10ecjR+5zKRsLG3idMPBrByRHiypetSzMY0BSUjIMu3cyEfAnDLqOV9wbsUC
JSCCg3vYj2J+KLjO21QYLx7JmixZOeWYVnnDelGcnXHEvamfzDItA7YY28aiYumW
aWlcolcKlebtKEGbOhbk+XhySNeKSMVx7jY7aRfcZvrV2OpS+25L0577gg35i16w
xESg8437PajUOVtJyJRyEwBq8fi+tLpcmBdLbSKql/3uSFN5kweBGoCddwO/g8vC
zcxbhyQVDph6YxzTUd0X1iHadReasoePjI0r6WbZHdrBBSNyV5k5Y2hYPH0H7xyt
GCK1D1/nZRcUm7QCB8VsnXXQobjFAq6oEsI8bxdRQJRS61nP32/Hq9Iy7fxHNAIH
CK6RPZRy5opj2PPA+u7i43UAYB9n3QACpAR/ApIVl9F3Srfu7+lzruDa2mZd0yHw
xwsYbJZMgEzncdogRoLH2ugekLHmijr0
-----END CERTIFICATE-----
subject=CN = OPNsense.localdomain, C = NL, ST = Zuid-Holland, L = Middelharnis, O = OPNsense self-signed web certificate

issuer=CN = OPNsense.localdomain, C = NL, ST = Zuid-Holland, L = Middelharnis, O = OPNsense self-signed web certificate

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2660 bytes and written 398 bytes
Verification error: self signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self signed certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 0E7369C9DBAD131E346411A93B5F8A74DB164EEEB15B873E96D19B2DD2A60D5A
    Session-ID-ctx:
    Resumption PSK: 849B198D017BC5EB696EFAAA939DDC4BDB21235F13B26C183C443566C9DDB3C9E5650B733A9466E8A961ECD5CBDC59CB
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - fb dc 21 0d 3f 8c 5b b1-d7 ba 38 a4 1e c9 a1 ff   ..!.?.[...8.....
    0010 - 77 dd 4e 2b e4 53 a6 6c-29 bd 8c ea e1 c7 9a 27   w.N+.S.l)......'
    0020 - ef d9 ae d2 17 dc a3 c7-60 70 55 6c 88 56 9d af   ........`pUl.V..
    0030 - 4e 5b 4a 6f fc 1c 24 97-c7 7f a2 3c 63 1b 11 9c   N[Jo..$....<c...
    0040 - 32 1b ac f9 54 e7 30 92-09 3b 10 88 2c 1d 28 f6   2...T.0..;..,.(.
    0050 - 8b 52 4b 4e 13 7d ca fd-00 05 c2 c6 3f eb 2a 6c   .RKN.}......?.*l
    0060 - 51 b4 57 f6 de 91 76 85-3b de 6e b0 f4 09 9c f9   Q.W...v.;.n.....
    0070 - 9b bb c9 6e fc b5 93 38-c7 6e d1 4a 48 77 77 a4   ...n...8.n.JHww.
    0080 - fe aa b4 de c4 22 0e 08-ff d5 94 45 9e 66 2a 9a   .....".....E.f*.
    0090 - fb 77 10 f1 25 64 bb 00-d5 55 f1 4d 54 2b c7 4f   .w..%d...U.MT+.O
    00a0 - 1c d3 97 0d d7 a8 9a 30-13 a2 25 8d 59 70 8a 16   .......0..%.Yp..
    00b0 - 73 7d 8c 5e 88 79 ff 38-7d 4c 77 c8 56 9f dd 9f   s}.^.y.8}Lw.V...
    00c0 - ac d5 50 8a 6a d1 ea a3-83 ab 23 d6 36 5d 4d c9   ..P.j.....#.6]M.

    Start Time: 1661258982
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: F0D46A5A40D3C5AE282EA319F24B381331EE032B8B7A84CC5A0B9E0474CA3BB3
    Session-ID-ctx:
    Resumption PSK: F2103EAFEB65BA3D08001787A3AB72625568BDB00C8625977A3CBDDD13E6A2825C4378497B9639BFECD684308C6F4EC6
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - fb dc 21 0d 3f 8c 5b b1-d7 ba 38 a4 1e c9 a1 ff   ..!.?.[...8.....
    0010 - d0 14 a5 d6 56 a0 f2 d6-62 3d 36 12 bc 8d 1b 1a   ....V...b=6.....
    0020 - bf 85 57 81 68 d3 3d fe-12 2c 36 8e 67 6a 97 92   ..W.h.=..,6.gj..
    0030 - b2 19 b4 fc 66 16 88 56-c2 42 a1 80 31 4f 39 c6   ....f..V.B..1O9.
    0040 - 46 b3 ff 0e 1d 67 97 50-4e 5d c3 0d 37 45 c1 0f   F....g.PN]..7E..
    0050 - a0 4c b9 8f 92 e0 8f c5-d9 9f 33 b7 32 33 d5 f8   .L........3.23..
    0060 - b6 78 8b bf 8b ff a4 5e-48 dd be 60 47 69 f2 70   .x.....^H..`Gi.p
    0070 - ef 29 5e 44 2b 65 51 ad-6e 9e 1d e1 b5 32 f4 1f   .)^D+eQ.n....2..
    0080 - 44 67 4a 10 83 1e 40 00-0f 06 95 1e 0e b5 cf e6   DgJ...@.........
    0090 - f0 f7 b7 47 ec a9 17 20-63 42 84 c0 f4 8c 0f 21   ...G... cB.....!
    00a0 - 86 14 25 1c f6 66 f9 04-76 66 c3 99 e8 56 c0 1e   ..%..f..vf...V..
    00b0 - 8f 4a f8 36 32 c0 2c 57-cf 77 a9 09 88 5e c2 ee   .J.62.,W.w...^..
    00c0 - a4 e4 2f 44 30 04 af 44-ec 7d 6f 7b a2 ac 3b 08   ../D0..D.}o{..;.

    Start Time: 1661258982
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
DONE


Hier wie gewünscht die Ausgaben. (Sogar jeden Befehl einzeln abgegrenzt  ;) )
#9
Nicht das ich wüsste, zumindest habe ich nichts angelget.
Unter "Firewall: NAT: Port Forward" ist folgendes Eingetragen:
Interface Proto Address Ports Address Ports IP Ports Description
LAN TCP * * LAN address 22, 80, 443 * * Anti-Lockout Rule


#10
Guten Morgen,
nein, das Datum/Die Uhrzeit stimmt.

Hier was unter "System: Trust: Certificates" zu finden ist:

Name Issuer Distinguished Name
Web GUI TLS certificate

CA: No, Server: Yes self-signed  ST=Zuid-Holland, O=OPNsense self-signed web certificate, L=Middelharnis, CN=OPNsense.localdomain, C=NL
  Valid From: Sun, 21 Aug 2022 09:44:47 +0200
  Valid Until: Fri, 22 Sep 2023 09:44:47 +0200

Web GUI TLS certificate

CA: No, Server: Yes self-signed  ST=Zuid-Holland, O=OPNsense self-signed web certificate, L=Middelharnis, CN=OPNsense.localdomain, C=NL
  Valid From: Sun, 21 Aug 2022 09:50:37 +0200
  Valid Until: Fri, 22 Sep 2023 09:50:37 +0200


Edit:
Was mir gerade aufgefallen ist:
Das Verzeichniss /usr/src auf welches in welchem ja die Unterverzeichnisse mit den zu Prüfenden Zert sein sollen (certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921 oder sehe ich das Falsch?) ist Leer:


root@OPNsense:/usr/src # ls -l
total 0
#11
So, hab die Kiste nun mal neu aufgesetzt. Gestern ging dann auch alles. Heute wollte ich nochmal auf Updates Prüfen und bekomme folgende Meldungen:
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 22.7.2 (amd64/OpenSSL) at Mon Aug 22 22:23:45 CEST 2022
Fetching changelog information, please wait... Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34389172224:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
fetch: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/sets/changelog.txz: Authentication error
Updating OPNsense repository catalogue...
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: Authentication error
repository OPNsense has no meta file, using default settings
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: Authentication error
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: Authentication error
Unable to update repository OPNsense
Updating SunnyValley repository catalogue...
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.7/OpenSSL/latest/meta.txz: Authentication error
repository SunnyValley has no meta file, using default settings
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.7/OpenSSL/latest/packagesite.pkg: Authentication error
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
34378686464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.7/OpenSSL/latest/packagesite.txz: Authentication error
Unable to update repository SunnyValley
Updating mimugmail repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: ....... done
Processing entries: .......... done
mimugmail repository update completed. 175 packages processed.
Error updating repositories!
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***

Ich glaub die Kiste will mich ärgern  ???
#12
Quote from: JeGr on August 02, 2022, 04:46:49 PM
Auch wenn du nen Receiver dafür hast - Telekom selbst hat diese Sonderlocke mittelfristig schon abgekündigt und sagt selbst, dass das Übertragen von MagentaTV via VLAN, Anschluß und Gedöns in Zukunft wegfällt und durch App, Browser und IPTV ersetzt wird und dann auch Anschluß-ÜBERGREIFEND genutzt werden kann (also nicht mehr zwangsläufig einen Telekom Anschluß voraussetzt).

Hast du dafür auch ne Quelle?
Kann mir irgendwie nicht vorstellen, dass dies umgestellt wird, dies hätte ja Nachteile (für die T):

  • Es wird mehr Bandbreite im Backbone benötigt, da ja dann jeder Stream einzeln zu jedem Kunden (statt jeder Stream nur einmal im Backbone) gesendet werden muss, grad bei FTTH (bei dem eine Bandbreiten-Rato von bis zu 32/1 User/Backbone-Ltg. kann dann die Bandbreite knapp werden. Oder
  • Es muss ein Multicast <-> Unicast "Umwandler" im MSAN (alt Vermittlungsstelle) integriert werden

IPTV wird ja aktuell "nur" für VoD oder beim "Neustart" der Sendung verwendet. Für TimeShift wird auf die lokale Festplatte "gecached"

Ach ja, mit VLAN wird ja schon lang (Umstellung auf BNG-Plattform) nicht mehr gearbeitet

MfG
#13
Kann ich irgendwo mittracen um zu schauen, wo es klemmt?
#14
Ich wüsste nicht wo, es sei den die FritzBox verhält sich so  :o.
Habe noch AdGuard laufen, aber das habe ich schon immer und habe auch keine Einstellung geändert.
#15
Hallo zusammen, ich habe gerade ein Problem beim Updaten meiner sense.
Ich bekomme immer folgende Fehlermeldung:
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 22.1.10_4 (amd64/OpenSSL) at Mon Aug 15 15:31:40 CEST 2022
Fetching changelog information, please wait... SSL certificate subject doesn't match host pkg.opnsense.org
fetch: https://pkg.opnsense.org/FreeBSD:13:amd64/22.1/sets/changelog.txz: Authentication error
Updating OPNsense repository catalogue...
SSL certificate subject doesn't match host pkg.opnsense.org
SSL certificate subject doesn't match host pkg.opnsense.org
SSL certificate subject doesn't match host pkg.opnsense.org
SSL certificate subject doesn't match host pkg.opnsense.org
SSL certificate subject doesn't match host pkg.opnsense.org
SSL certificate subject doesn't match host pkg.opnsense.org
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.1/latest/meta.txz: Authentication error
repository OPNsense has no meta file, using default settings
SSL certificate subject doesn't match host pkg.opnsense.org
SSL certificate subject doesn't match host pkg.opnsense.org
SSL certificate subject doesn't match host pkg.opnsense.org
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.1/latest/packagesite.pkg: Authentication error
SSL certificate subject doesn't match host pkg.opnsense.org
SSL certificate subject doesn't match host pkg.opnsense.org
SSL certificate subject doesn't match host pkg.opnsense.org
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.1/latest/packagesite.txz: Authentication error
Unable to update repository OPNsense
Updating SunnyValley repository catalogue...
SSL certificate subject doesn't match host updates.sunnyvalley.io
SSL certificate subject doesn't match host updates.sunnyvalley.io
SSL certificate subject doesn't match host updates.sunnyvalley.io
SSL certificate subject doesn't match host updates.sunnyvalley.io
SSL certificate subject doesn't match host updates.sunnyvalley.io
SSL certificate subject doesn't match host updates.sunnyvalley.io
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.1/OpenSSL/latest/meta.txz: Authentication error
repository SunnyValley has no meta file, using default settings
SSL certificate subject doesn't match host updates.sunnyvalley.io
SSL certificate subject doesn't match host updates.sunnyvalley.io
SSL certificate subject doesn't match host updates.sunnyvalley.io
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.1/OpenSSL/latest/packagesite.pkg: Authentication error
SSL certificate subject doesn't match host updates.sunnyvalley.io
SSL certificate subject doesn't match host updates.sunnyvalley.io
SSL certificate subject doesn't match host updates.sunnyvalley.io
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.1/OpenSSL/latest/packagesite.txz: Authentication error
Unable to update repository SunnyValley
Updating mimugmail repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: ....... done
Processing entries: .......... done
mimugmail repository update completed. 175 packages processed.
Error updating repositories!
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***


Ein LE ZErtifikat hae ich nicht im Einsatz.
Auch die im Forum oder per Google gefundenen Lösungen bringen mich nicht weiter.
Gibt es eine "einfache" möglichkeit die SSL Einstellungen der Sense zurück zu setzen?
Oder bleit nur der komplette REset?

Schon mal danke für eure Hilfe.

MfG
Roland