Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - tillsense

#1
Hi,
the label is no longer displayed in the Firewall live view.

cheers
tillsense
#2
Hi all,

the dashboard, firewall live rules and logs all have the correct time as stored in the system as time zone. Only the Unbound reporting shows UTC in live logs and its own dashboard? And why only 24h or 1000 entries? Only one OPNsense update needs about 30 requests (entries) Why that? ( 23.7.6)

cheers
till
#3
hi all,

suricata stops unbound after some seconds. no more dns resolution is possible. in the overview there is a "drop" as action. in the log of unbound error: 

1 error: SSL_handshake syscall: Broken pipe

2 error: outgoing tcp: bind: Can't assign requested address

workaround is to stop suricata

configured DNS over TLS (test with 23.7.r_44-amd64)

do I have to reconfigure anything?

cheers
till
#4
[Manufacturer]
https://shop.eepd.de/en/

[Top FAQ]
Fanless - Yes (R1102G)
TDP - <=6W (R1102G)
Ports - 2x Intel I210 with IEEE1588 (R1102G)


cheers till


[Changelog]
31.07.2023 - Typo TDP / Fanless
06.06.2023 - First Post
#5
23.1 Legacy Series / [SOLVED] 23.1.r2 - Unbound Error
January 24, 2023, 07:53:14 PM
Hi all,

Unbound Log:

SystemError: <built-in function close> returned a result with an error set
os.close(ctx.pipe_fd)
File "dnsbl_module.py", line 265, in deinit
Traceback (most recent call last):
The above exception was the direct cause of the following exception:
AttributeError: 'NoneType' object has no attribute 'security'
ctx.log_entry(*info, ACTION_PASS, SOURCE_LOCALDATA, None, rcode, 0, rep.security, rep.ttl)
File "dnsbl_module.py", line 234, in local_cb
2023-01-24T18:18:43 Error unbound [24474:0] error: pythonmod: python error: Traceback (most recent call last):
2023-01-24T18:18:43 Error unbound [24474:0] error: pythonmod: Exception occurred in function deinit
2023-01-24T18:16:53 Error unbound Unable to open pipe. This is likely because Unbound isn't running.



dnsbl_module.py I assume are the Unbound DNS blacklists but they are not active...also I have thousands of dns requests to "rulesets.opnsense.org". What is this?

The only thing I changed is to enable the dns statistics locally under reporting. (Still the DOT config with 3 times start of Unbound...)

cheers
till
#6
Hi all,

Unbound contacts the root server(s) at startup. With a DoT config and firewall rules that prevent port 53 makes no sense. An option in the gui to prevent this would be suitable at the point or even in this case the default?

cheers
till
#7
22.1 Legacy Series / [SOLVED] Unbound DNS Log is empty
January 27, 2022, 08:10:42 PM
Hi all,
unbound dns log is empty in all levels?

OPNsense 22.1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021

cheers
till
#8
Development and Code Review / e2guardian Plugin
December 19, 2019, 09:57:21 PM
Is started by Michael: :-*

Quote
http://e2guardian.org/cms/index.php Same features as squidquard which is often requested but active developed. I'd build a plugin around it.
https://twitter.com/mimu_muc/status/1186278727262658561

#9
Hardware and Performance / PCENGINES APU New models
September 13, 2019, 08:37:41 PM
#10
Is started by Michael:

Quote
Today I'll start building a plugin for Unbound additional features, bringing DNSBL to @opnsense without the need for BIND or dnscrypt-proxy. Future versions will offer DoT and more (depending on your ideas)
https://twitter.com/mimu_muc/status/1169482538009747461


Ideas:
Please schedule a field for regex entries :)
#11
Hi all,

NetFlow e.g. flowd uses up to 90% of a cpu core all the time and when changing the listening interfaces the system freezes again completely (opnsense-patch 24dc2a82b is installed)...?

cheers
till
#12
Hi all,

does anyone have the smart widget active in the dashboard (Smart Plugin required) and can please give a feedback if he gets a smart status from his devices on 19.7.r1?

cheers
till
#13
PcEngines  -  https://www.pcengines.ch/ - Firmware Support: https://pcengines.github.io/
                                                                - Forum Topic: https://forum.opnsense.org/index.php?topic=4200.0
Protectli     -  https://protectli.com/          - Firmware Support: https://protectli.com/kb/coreboot-on-the-vault/
                                                                - Forum Topic: https://forum.opnsense.org/index.php?topic=11781.0
#14
19.1 Legacy Series / NTP problems only IPv4
February 27, 2019, 08:15:47 PM
Hi,
i noticed that the time after the new connection is no longer synchronous. Since I wanted to do a test with only IPv4 anyway i changed the ntpd.inc a bit and after a restart of the service the protocol log also showed these start parameters and the service ran without ipv6 sockets.

After restarting OPNsense these start parameters are not used according to the protocol log output and the sockets confirm that ipv6 is running. An immediate restart of the service causes again the correct start with the changes and also the missing of the ipv6 sockets confirm this again?

My guess is that something seems to be wrong with the sequences?

cheers
till
#15
Hi all,

Is there anyone here? / Ist jemand hier anzutreffen?

cheers till
#16
Hi all,

Enter an option: 12
...

A major firmware upgrade is available for this installation: 19.1.r1

Make sure you have read the release notes and migration guide before
attempting this upgrade.  Around 400MB will need to be downloaded and
require 800MB of free space.  Continue with this major upgrade by
typing the major upgrade version number displayed above.

Minor updates may be available, answer 'y' to run them instead.

Proceed with this action? [19.1.r1/y/N]: 19.1.r1

Fetching packages-19.1.r1-OpenSSL-amd64.tar: .. failed, no signature found



...the same thing about web interface (Unlocking the base and kernel lock does not work via webinterface either)?

cheers till
#17
Hardware and Performance / Modem Vigor 166
December 27, 2018, 10:02:25 PM
Hi,

from January on, Draytek will supply the supervectoring VDSLx Model Vigor 165. Later in the year, the Vigor 166 will be released with G.Fast.

cheers till
#18
Hardware and Performance / Modem Vigor 165
December 27, 2018, 09:40:38 PM
Hi,

from January on, Draytek will supply the supervectoring VDSLx Model Vigor 165.

cheers till
#19
18.7 Legacy Series / New Plugin Dnscrypt-Proxy
December 12, 2018, 06:38:21 PM
Hi,
nice. Is there already a manual for the plugin?

cheers till
#20
German - Deutsch / Hardware mit Power over Ethernet Ports
November 28, 2018, 08:25:20 PM
Hallo zusammen,

die Idee ist OPNsense als Systemsoftware auf Hardware die min POE+ auf ein paar Ports zur Verfügung stellen kann zu nutzen. Stellen sich mir 2 Fragen:

1. Gibt es Überlegungen dies in OPNsense/HardenedBSD (Plugin?) zu implementieren bzw. was würde dies für ein Aufwand bedeuten? (z.B. per GUI POE ein und ausschalten pro Interface)
2. Welche Hardware (POE+ Unterstützung)?


cheers till