Messages

121

24.1 Legacy Series / Re: Static IPv6 gateway not adding route

« on: June 23, 2024, 08:01:12 am »

Routing in IPv6 is dynamic via multicast.

Services: Router Advertisements:

Pick LAN and set your daemon to be unmanaged with high priority. Tick advertise default gateway and your LAN clients will find it.

Bart...

122

High availability / Re: Only one device fail to connect to internet

« on: June 21, 2024, 08:31:00 am »

There must be something on the PC that is causing this, ranging from a misconfiguration to malware.

Back up your data and rebuild it to be safe

123

24.1 Legacy Series / Re: updates never finish

« on: June 19, 2024, 06:47:58 pm »

Take your time - I won't touch it until July 5th 

124

24.1 Legacy Series / Re: updates never finish

« on: June 19, 2024, 03:32:49 pm »

Thanks Franco, is your original recommendation still applicable (killall fetch)?

125

General Discussion / Re: Is this a bug? var/log filling up 4gb of logs in days.

« on: June 17, 2024, 07:52:40 am »

why is there reserved 4gb for logs?

4 GB is used for logs. How do you conclude that it is reserved? Would you rather it used 1 GB and leave the other 3 GB unused?

It is good security practice to log to a separate collector. This allows correlation with other parts of the network and stops an attacker hiding their tracks.

126

General Discussion / Re: Double NAT, gateways and internet access

« on: June 15, 2024, 07:52:30 am »

What about a bridge firewall? https://docs.opnsense.org/manual/how-tos/transparent_bridge.html

127

24.1 Legacy Series / Re: updates never finish

« on: June 14, 2024, 03:40:00 pm »

Hi Franco, this is the ouput of the two commands:

ps:
root    28929   0.0  0.1   12724   1524  -  Ss    4Jun24      0:00.79 daemon: fetch[28959] (daemon)
root    28959   0.0  0.3   19472   6540  -  S     4Jun24      6:21.84 fetch -a -w 1 -T 30 -q -o /var/cache/opnsense-update/24582/base-24.1.8-amd64.txz.sig https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/sets/base-24.1.8-amd64.txz.sig
root    27858   0.0  0.1   13488   1992 v0  S+    4Jun24      1:14.25 /bin/sh /usr/local/sbin/opnsense-fetch -a -w 1 -T 30 -q -o /var/cache/opnsense-update/24582/base-24.1.8-amd64.txz.sig https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/sets/base-24.1.8-amd64.txz.sig

ls:
-rw-------  1 root  wheel   3.3M Jun 14 14:37 /tmp/opnsense-fetch.out.rfgLhj
-rw-------  1 root  wheel     5B Jun  4 23:22 /tmp/opnsense-fetch.pid.DS1jXX

128

24.1 Legacy Series / Re: No stable releases

« on: June 14, 2024, 07:15:02 am »

Have you looked at the business edition? https://www.deciso.com/software/

129

24.1 Legacy Series / Re: updates never finish

« on: June 13, 2024, 08:35:48 am »

If you have one running I'm wondering if you could help debug it?

# ps auxwww | grep fetch
# ls -lah /tmp/opnsense-fetch.*

Absolutely! It will be tomorrow before I can work on it.

130

24.1 Legacy Series / Re: updates never finish

« on: June 12, 2024, 02:48:54 pm »

Thanks Franco, that's cool 

That reduces my fear that the process will run out of resouces and crash the system. I'll leave it for a couple weeks.

Bart...

131

24.1 Legacy Series / Re: updates never finish

« on: June 12, 2024, 01:44:23 pm »

Same as https://github.com/opnsense/update/issues/90 but still don't know what's going on. Usually the following works:

# killall fetch

And retry from the GUI.


Cheers,
Franco

Hi  Franco, sorry to put you on the spot, but do you reckon it is likely to keep running for three weeks without intervention please?

Remote firewall troubleshooting is rather tricky 

Bart...

132

24.1 Legacy Series / Re: updates never finish

« on: June 11, 2024, 09:31:37 pm »

bump this - a friend has a OPNsense in the same situation. Proxmox QEMU VM without client tools. Updating from 24.1.5_3 there were 97 updates which took hours instead of the usual ten minutes.

Salient points in the output so far:

Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 113 package(s) will be affected (of 0 checked)

Fetching base-24.1.8-amd64.txz:.........................................

A week later, the dots are still writing to the screen both in the GUI and the console. I have a XML backup and the firewall is still working normally. Happy to take advice on reboot/rebuild or wait.

Bart...

133

Virtual private networks / Re: Can't join domain over OpenVPN connection

« on: June 11, 2024, 02:51:39 pm »

Subnets in AD...relevance?

For AD to keep track of DC's. https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/creating-a-site-design

Allowing LDAP/Kerberos? ... and needed for a simple join DC request???

Yes, the sequence is DNS _ldap records which point to closest DC (based on subnet), then Kerberos grants the user a ticket that allows them to join (create the computer object).

Do a Wireshark of a local join and compare it to one from the remote attempt.

Bart...

134

Virtual private networks / Re: Can't join domain over OpenVPN connection

« on: June 11, 2024, 08:23:07 am »

Are all subnets in AD? Are you allowing LDAP/Kerberos/etc.? Are the clocks in synch?

Set your DNS manually in the OS with optimally two DC's first and then a public resolver.

Windows does not use different DNS for different connections. You need to set at least one DC as the first DNS server. It is best to set this on the NIC and live with lower performance during boot until the VPN is up.

This is why the  official Microsoft recommendation is a minimum of two DC's per site.

Bart...

135

24.1 Legacy Series / Re: HowTo/ Hint: Spamassassin getting blocked due too many queries

« on: June 11, 2024, 08:16:27 am »

Spammers are moving in on blacklists https://www.theregister.com/2024/06/07/sorbs_closed/

Caveat nuntius

Bart...