Messages

1

18.1 Legacy Series / Schedule activation of inactive firewall rule.

« on: April 27, 2018, 04:01:52 pm »

Hello

Long time no words from me... But now I've facing a problem - how big, this is the question

Little background:
My company is serving an internet access to some clients. Clients are changing, so the agreements are starting and ending.

Problem:
Sometimes, the end date is in some weird date, which colides with my holidays plan in example

Question is:
- is there any way to schedule the activation of an inactive rule in firewall? This would allow me to create in advance for example a rule to drop packets from that client  and start my holidays without disturbing

Thanks for any hint or clue in this matter

Cheers,

Martin.

2

17.1 Legacy Series / Re: Using acme.sh

« on: February 14, 2017, 11:29:53 am »

Working like a charm Thanks a lot!

3

17.1 Legacy Series / flowd.log location.

« on: February 09, 2017, 11:53:29 am »

Hello

Is it possible to parametrize  flowd.log location in the upcoming versions of OpnSense?

This will allow user to move it to own location (ie. to bigger disk), as it is growing constantly and can fulfill whose available space on disk...

Thanks in advance

Best regards,

Martin.

4

17.1 Legacy Series / Re: Using acme.sh

« on: February 09, 2017, 10:52:46 am »

I'm using Firefox 51.0

Here You have a statement from Mozilla Authority:
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/

Here is info from Apple Authority:
https://support.apple.com/en-us/HT204132

Google also supports this decision in Chrome browser:
http://www.csoonline.com/article/3137181/security/google-to-untrust-wosign-and-startcom-certificates.html

Regards

5

17.1 Legacy Series / Re: Using acme.sh

« on: February 07, 2017, 09:07:08 pm »

No, they don't

Google and Mozilla Authorities revoked their CA certificate due to conflict with one of the investors owned StartSSL. StartSSL is trying to solve this asap, but it takes them at least half year in my opinion to create new CA.

So I'll wait for fix in acme implementation better

Best regards,

Martin.

6

17.1 Legacy Series / Re: Using acme.sh

« on: February 06, 2017, 02:06:22 pm »

Ok, so I found a "bug" too... Name of the certificate cannot contain "-" sign (ie. something-strange.domain.com).
Saddly, I do have - in the name. Can You please make something with this?

Thanks in advance.

Bests...

Martin.

7

17.1 Legacy Series / Using acme.sh

« on: February 03, 2017, 01:00:36 am »

Dears,

I've just moved my installation to 17.1 (went smooth and easy, thx) to have this acme.sh script and to request Let's Encrypt cert for ssl.

But how to configure this script and how to use it? I've created some config, but I don't know if it is valid. Logs are saying, that issuing new cert was successful, but I do not see this cert nowhere...

Little help? Thx in advance.

Best regards,

Martin.

8

16.7 Legacy Series / Certbot - new feature request.

« on: January 30, 2017, 01:38:20 pm »

Hello

I would like to ask You, Team, if You be so kind to port a python library called py27-certbot into OpnSense.

This library and tool comes from EFF organisation, and is used for managing certificates from Let's Encrypt organisation, which can be used for HTTPS communication.

EFF's Certbot is available in ports for FreeBSD: https://certbot.eff.org/#freebsd-other
but is not available within OpnSense (or I cannot install them with simple pkg install py27-certbot).

Thank You in advance for any help with this subject

Best regards,

Martin.

9

16.7 Legacy Series / Automation using API.

« on: October 31, 2016, 01:47:15 pm »

Dears,

is there any comprehensive documentation of the API of OpnSense?

I would like to make some automation integrated with our billing system and in case of no payment (for example) I want to limit speed of the client's interface.
In online documentation is only an example how to upgrade firmware, but this is to small information of available commands/methods, and so on...

Thanks in advance for Your help

(2Mod: if this question should be placed on other forums, please feel free to move it appropriately).

10

16.1 Legacy Series / Re: Traffic Shaper, Rules: How to have more than one IP in destination?

« on: June 20, 2016, 10:56:24 am »

Have You tried with defined alias for hosts list?

11

16.1 Legacy Series / Re: Dashboard empty - opnsense 16.1.16

« on: June 16, 2016, 01:51:36 pm »

Thx

Problem solved by clearing all site settings, cookies and offline files from web browser...

12

16.1 Legacy Series / [SOLVED] Dashboard empty - opnsense 16.1.16

« on: June 16, 2016, 10:07:12 am »

Hi.

After upgrade from earlier version (if I remember correctly it was 16.1.5) to recent 16.1.16 my dashboard gets empty. When I click on "Add widget" I see all items, but when I click on choosen widget to be added, it dissapears, orange button "save" highlights, but nothing shows up on the dashboard.

What can be done to fix it? Cookies?

Thx in advance for any hint...

13

16.1 Legacy Series / Re: Autobackup configuration to SCP/SFTP server.

« on: May 17, 2016, 02:40:26 pm »

Indeed I've ommited trailing slash. Now I can see my script in cron and have tested it working from cron Thanks a lot!

BTW: why it is not supported settings cron action every n amount of time? In linux we can write like this:

Code: [Select]

*/5 * * * * somefancyscript.sh
and it will run every 5 min...
Ok, You're working on refactoring cron implementation, but will this be supported in new implementation?

14

16.1 Legacy Series / Re: Autobackup configuration to SCP/SFTP server.

« on: May 17, 2016, 01:03:31 pm »

Ok, my script itself works perfectly, but I can't do the cron magic. I don't have such url: 192.168.x.x/ui/cron available - when I enter this manualy, I land on system status page.
I've used a standard shell to access crontab and will see if it works.

Thx for Your help Case is solved.

15

16.1 Legacy Series / Re: Autobackup configuration to SCP/SFTP server.

« on: May 17, 2016, 11:14:00 am »

Wow, thx for this

I will test it and leave a note if it works for me

Best regards.