Messages

1

Web Proxy Filtering and Caching / Re: SSL Inspection Squid with ICAP not working / Proxy load error

« on: October 24, 2024, 12:24:45 pm »

Updated today to Opnsense Version 24.7.7

AV Filtering is now working again, Squid Proxy Load Error still persist...

Another new Issue now is a Warning in ClamAV Log:

2024-10-24T10:58:47   Warning   freshclam   Can't download blurl.ndb from http://ftp.swin.edu.au/sanesecurity/blurl.ndb   
2024-10-24T10:58:47   Warning   freshclam   Message: Could not resolve hostname   
2024-10-24T10:58:47   Warning   freshclam   Download failed (6)   
2024-10-24T10:58:42   Warning   freshclam   Can't download blurl.ndb from http://ftp.swin.edu.au/sanesecurity/blurl.ndb   
2024-10-24T10:58:42   Warning   freshclam   Message: Could not resolve hostname   
2024-10-24T10:58:42   Warning   freshclam   Download failed (6)

2

Web Proxy Filtering and Caching / Re: SSL Inspection Squid with ICAP not working / Proxy load error

« on: October 22, 2024, 09:23:28 am »

Still have the Squid Proxy Error and no SSL Inspection, AV Filter not working. ClamAV Log just show a warning
Warning   freshclam   Invalid DNS reply. Falling back to HTTP mode.

Any suggestions how can i solve this?
Thx

3

Web Proxy Filtering and Caching / SSL Inspection Squid with ICAP not working / Proxy load error

« on: October 10, 2024, 04:56:12 pm »

Hello,

after update to 24.7.6 SSL Inspection with Squid / ICAP Plugin not working. Trying to restart Squid Service get an Proxy load error:

Segmentation fault
Performing sanity check on squid configuration.
2024/10/10 16:53:17| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2024/10/10 16:53:17| Starting Authentication on port 127.0.0.1:3128
2024/10/10 16:53:17| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2024/10/10 16:53:17| Starting Authentication on port [::1]:3128
2024/10/10 16:53:17| Disabling Authentication on port [::1]:3128 (interception enabled)
2024/10/10 16:53:17| Starting Authentication on port 127.0.0.1:3129
2024/10/10 16:53:17| Disabling Authentication on port 127.0.0.1:3129 (interception enabled)
2024/10/10 16:53:17| Starting Authentication on port [::1]:3129
2024/10/10 16:53:17| Disabling Authentication on port [::1]:3129 (interception enabled)
2024/10/10 16:53:17| Processing Configuration File: /usr/local/etc/squid/pre-auth/40-snmp.conf (depth 1)
2024/10/10 16:53:17| Processing Configuration File: /usr/local/etc/squid/pre-auth/dummy.conf (depth 1)
2024/10/10 16:53:17| Processing Configuration File: /usr/local/etc/squid/pre-auth/parentproxy.conf (depth 1)
2024/10/10 16:53:17| Processing Configuration File: /usr/local/etc/squid/auth/dummy.conf (depth 1)
2024/10/10 16:53:17| Processing Configuration File: /usr/local/etc/squid/post-auth/dummy.conf (depth 1)


How to Solve?

4

24.1 Legacy Series / Re: DNS Crypt Proxy 1.15 restart service via cron within gui

« on: May 09, 2024, 08:36:44 am »

Description when creating the cron job is set.

dnscrypt seems to just pick the fastest servers when the service is restarted

5

24.1 Legacy Series / DNS Crypt Proxy 1.15 restart service via cron within gui

« on: May 08, 2024, 02:28:02 pm »

Hello,

i try to restart DNS Crypt Proxy service via cron job in the GUI.

Settings - Cron - Add - Command

When i check under the Commands, i found "Download DNSCrypt-Proxy DNSBLs and restart".


I tried with this command, but the service is not restarted.

How can i restart the service within the Gui via Cron Job?

Thx

6

Virtual private networks / Re: Questions to Migrate OpenVPN Servers legacy to Instances New

« on: February 09, 2024, 09:38:47 am »

Yes, that seems to be the case. You can't select an interface but only add an IP. As a workaround you can leave this empty and have it bind to all interfaces and set up firewall rules that only allow access via WAN. I'm not sure what the design decision is behind not being able to select an interface but I suspect it has something to do with dynamic IPs on interfaces (e. g. if there's no fixed WAN IP).

Thx cs1 for the update on this

It would be really nice, if @Franco could give us a hint whats behind that change?

7

Virtual private networks / Re: Questions to Migrate OpenVPN Servers legacy to Instances New

« on: February 08, 2024, 03:13:41 pm »

Hello cs1,

thanks for the information. Adapted yet my settings, but the Bind address is still not 100% clear.

Within the OpenVPN Legacy Server and OpenVPN Legacy Client (OpenVPN out) Settings, under Interface i can select a specific Interface, localhost, or any. I had in both Legacy Configs the WAN Interface specified.

In the new Instance Configs like Server or Client, if i want to bind the interface to my WAN Interface (like in Legacy Setups) i can just add my Public IP address to the bind address Field, but not select anymore Interfaces?

Thx
br

8

Zenarmor (Sensei) / Upgrade 24_1_1 Sensei Health missing File .placeholder

« on: February 07, 2024, 04:56:10 pm »

Hello,

after upgrade to 24.1.1 health audit show the following issue:

Code: [Select]

>>> Check for missing or altered package files
Checking all packages: .....
os-sensei-1.16.2: missing file /usr/local/zenarmor/output/archive/.placeholder

How to fix?

Thx
br

9

Virtual private networks / Re: Questions to Migrate OpenVPN Servers legacy to Instances New

« on: February 07, 2024, 04:50:41 pm »

Hello bandit8623,

the "new" setting you find under OpenVPN - Instances - Add new - Role select Server

br

10

Virtual private networks / Re: Questions to Migrate OpenVPN Servers legacy to Instances New

« on: February 04, 2024, 12:09:44 pm »

Really, no one?

11

Virtual private networks / Questions to Migrate OpenVPN Servers legacy to Instances New

« on: February 02, 2024, 09:35:53 am »

Hello,

i have updated now to 24.1_1 without any problems so far. Now i want to migrate my OpenVPN
Server configuration from legacy to the new Instances. But some Settings in the New Configuration are
not clear yet, and i hope someone can point me in the right direction.

Old Configuration:
Interface: WAN

New Configuration:
Bind Address:

As i have a static WAN Address, do i need to add as Bind Address the Static WAN Address (similiar in the Legacy Configuration choosing the WAN Address) ?


Old Configuration:
IPv4 Tunnel Network:

New Configuration:
Local Network:

Is in the New Configuration the Local Network the IPv4 Tunnel Network the similar setting?


Old Configuration:
Redirect Gateway = marked

New Configuration:
local
autolocal
default
bypass dhcp
bypass dns
block local
ipv6 (default)
not ipv4 (default)

What is the correct setting similar to Redirect Gateway marked in the legacy config to route all traffic from the client through the VPN Server?


Old Configuration:
Advanced Configuration:

allow-compression no

New Configuration:
options

Do i understand this correct, that now the allow-compression no is the default parameter, and thats why in the New Configuration under options not included / selectable anymore?


Thanks a Lot!

12

23.7 Legacy Series / Re: OpenVPN CSO what happened to custom_options

« on: August 16, 2023, 08:58:49 am »

Reinstall with config import.


Cheers,
Franco

Is there no possibility to install a patch to get the fields back, without complete reinstall?

13

23.7 Legacy Series / Re: OpenVPN CSO what happened to custom_options

« on: August 15, 2023, 12:39:35 pm »

Thx, i was understanding to revert back, as you mentioned "use old GUI for backwards compatibility"

How do i do that?

14

23.7 Legacy Series / Re: OpenVPN CSO what happened to custom_options

« on: August 14, 2023, 03:34:35 pm »

Thanks, Franco

What is the Command to revert back to 23.1.11 Gui?

Code: [Select]

opnsense-revert -r


15

23.7 Legacy Series / Re: OpenVPN CSO what happened to custom_options

« on: August 14, 2023, 08:28:56 am »

Hello,

had the following directives under OpenVPN - Clients - Advanced:

Code: [Select]

pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"

and under OpenVPN - Servers - Advanced:

Code: [Select]

allow-compression no

How to get now the directives after the Update again as the custom options are missing?