Messages

361

17.1 Legacy Series / Re: Problems/comments with "Let's Encrypt" module

« on: March 27, 2017, 10:11:36 am »

Don't suppose you know what command I could put into the "Custom command" field of a restart action that would reload the firewall rules? This might help me out and perhaps this should be one of the pre-defined system commands.

362

17.1 Legacy Series / Re: Problems/comments with "Let's Encrypt" module

« on: March 22, 2017, 07:28:24 pm »

Does manually reloading the firewall rules fix your issue? (after you've lost the internet connection)
Firewall -> Diagnostics -> Filter Reload -> Reload Filter

Good news, this fixes the issue but I'm pretty sure it didn't before with 17.1.2 so maybe something in 17.1.3 fixed that as well.

363

17.1 Legacy Series / Re: Problems/comments with "Let's Encrypt" module

« on: March 21, 2017, 04:13:56 pm »

I'm pretty sure I tried that when I first encountered the issue, but I can't be certain. I can try it again when I next get a chance.

364

17.1 Legacy Series / Re: Problems/comments with "Let's Encrypt" module

« on: March 21, 2017, 02:40:12 pm »

Actually I did at the time, and neither worked - sorry, I forgot to grab the info.

365

17.1 Legacy Series / Re: Problems/comments with "Let's Encrypt" module

« on: March 20, 2017, 07:04:52 pm »

Sent results by PM

366

17.1 Legacy Series / Re: Problems/comments with "Let's Encrypt" module

« on: March 20, 2017, 01:10:03 pm »

Done, so you can disable it again if you wish, though I have yet to receive any spam to my Inbox

367

17.1 Legacy Series / Re: Problems/comments with "Let's Encrypt" module

« on: March 20, 2017, 12:32:24 pm »

Or I would:

User 'fraenki' has blocked your personal message.

368

17.1 Legacy Series / Re: Problems/comments with "Let's Encrypt" module

« on: March 20, 2017, 12:28:30 pm »

I'll PM you the content of the file shortly

369

17.1 Legacy Series / Traffic Graph In and Out identical graph line

« on: March 18, 2017, 11:51:20 am »

Is it me or does the Reporting: Traffic graph show the same graph, except for the Y-scale, for both In and Out? The same happens for the dashboard widget.

OPNsense 17.1.3-amd64

370

17.1 Legacy Series / Re: Problems with PPPoE and Dual Stack (missing ipv6 in lan)

« on: March 17, 2017, 03:45:30 pm »

Hi,


Did you ever get anywhere with this?

I think I have the same issue but with v17, PPPoE from ISP and apparently they do support IPv6 but it's like getting blood out of a stone trying to get any technical information, other than "Just enable it on your Fritzbox".


I've tried the various setting mentioned above, but none of them have been successful either.

371

17.1 Legacy Series / Re: Problems/comments with "Let's Encrypt" module

« on: March 17, 2017, 02:48:17 pm »

No, those lines were all that was logged, then I rebooted the firewall to get my connection back - is there any way to get more info into the logs?


I still have a few more certificates I need to issue and I was saving them for further testing of this problem.

372

17.1 Legacy Series / How do you redirect HTTP to HTTPS with HAProxy?

« on: March 17, 2017, 02:41:11 pm »

I'd like to set HAProxy to redirect web requests for HTTP to HTTPS, but I can't figure out how to do it? I can't get the web server to perform this itself because I require it to accept port 80 requests from HAProxy when it gets HTTPS connections.

I have to do it this way now because of my other issue where HAProxy is not working with SNI on my IIS server, otherwise I would leave HTTPS to connect via HTTPS and then get IIS to redirect HTTP to HTTPS itself (which is how I had it working until I needed to switch to Let's Encrypt certificates).

373

17.1 Legacy Series / Re: HAProxy and SNI on backend IIS server

« on: March 17, 2017, 11:36:30 am »

Yes, but that assumes the internal service allows for HTTP, and this one redirects all HTTP to HTTPS so HAProxy has no choice but to connect via SSL.


I'll see if I can change this particular site, but there's another where HTTPS is the only option.

374

17.1 Legacy Series / Re: DNS, Forwarder, Unbound, wtf?

« on: March 17, 2017, 10:58:24 am »

I think I had something similar a while back, I use the DNS Resolver, and if I enabled DNSSEC Support I too would see all DNS requests simply stop at random times. I thought I reported it, but perhaps I forgot.

375

17.1 Legacy Series / HAProxy and SNI on backend IIS server

« on: March 17, 2017, 10:55:00 am »

Hi,

I'm slowly transitioning to Let's Encrypt (LE) SSL certificates and I've hit a snag. I have a single frontend for SSL web traffic, and before I had a single wildcard certificate which worked for all the different sites on the backend IIS server. Now with LE I'm having to add the individual site certificates (I've started with just one site) and also needed to enable SNI on the IIS server. The frontend in HAProxy has the two certificates assigned, the wildcard and the new LE one. Internally this is working as expected, but externally HAProxy is not able to connect to IIS correctly.

When I connect externally I can see in my browser that HAProxy is returning the correct certificate depending on which URL I use (so that part works), but the connection to the backend IIS server never makes it - Chrome responds with "503 Service Unavailable". There is deliberately no "default" site on IIS so I am thinking that for some reason SNI is not working. Like I said, connecting from Chrome internally to the IIS server is working and the correct certificate returned, so SNI is working on IIS.

Any advice on where to look in HAProxy to find the cause?