Messages

Hi Folks,
Any tip about this issue?

Regards
Carlos

[*interfaces*]

Hi folks, currently I`m trying restrict an user to change somethings by OPNsense GUI.
I have created a new group and select only the items that I would like to allow, in this case ALL less *interfaces* page.

But it seems this does not working as expected, because I can see and change these items.

Does someone has idea if is there any problem with this !?

Best regards


it is below the acl from config.xml

Code Select Expand

<group>
      <name>manager</name>
      <description>Managers</description>
      <gid>2001</gid>
      <priv>page-dashboard-all</priv>
      <priv>page-system-login-logout</priv>
      <priv>page-getserviceproviders</priv>
      <priv>page-getstats</priv>
      <priv>page-dashboard-widgets</priv>
      <priv>page-diagnostics-arptable</priv>
      <priv>page-diagnostics-authentication</priv>
      <priv>page-diagnostics-backup-restore</priv>
      <priv>page-diagnostics-configurationhistory</priv>
      <priv>page-diagnostics-factorydefaults</priv>
      <priv>page-diagnostics-haltsystem</priv>
      <priv>page-diagnostics-limiter-info</priv>
      <priv>page-diagnostics-logs-dhcp</priv>
      <priv>page-diagnostics-logs-firewall-dynamic</priv>
      <priv>page-diagnostics-logs-firewall-plain</priv>
      <priv>page-diagnostics-logs-firewall-summary</priv>
      <priv>page-diagnostics-logs-gateways</priv>
      <priv>page-diagnostics-logs-settings</priv>
      <priv>page-diagnostics-logs-system</priv>
      <priv>page-diagnostics-ndptable</priv>
      <priv>page-diagnostics-netflow</priv>
      <priv>page-diagnostics-networkinsight</priv>
      <priv>page-diagnostics-packetcapture</priv>
      <priv>page-diagnostics-tables</priv>
      <priv>page-diagnostics-pf-info</priv>
      <priv>page-diagnostics-system-pftop</priv>
      <priv>page-diagnostics-ping</priv>
      <priv>page-diagnostics-rebootsystem</priv>
      <priv>page-diagnostics-resetstate</priv>
      <priv>page-diagnostics-routingtables</priv>
      <priv>page-diagnostics-showstates</priv>
      <priv>page-diagnostics-sockets</priv>
      <priv>page-diagnostics-statessummary</priv>
      <priv>page-diagnostics-system-activity</priv>
      <priv>page-diagnostics-health</priv>
      <priv>page-diagnostics-testport</priv>
      <priv>page-diagnostics-traceroute</priv>
      <priv>page-firewall-alias-edit</priv>
      <priv>page-firewall-aliases</priv>
      <priv>page-firewall-nat-1-1</priv>
      <priv>page-firewall-nat-1-1-edit</priv>
      <priv>page-firewall-nat-npt</priv>
      <priv>page-firewall-nat-npt-edit</priv>
      <priv>page-firewall-nat-outbound</priv>
      <priv>page-firewall-nat-outbound-edit</priv>
      <priv>page-firewall-nat-portforward</priv>
      <priv>page-firewall-nat-portforward-edit</priv>
      <priv>page-firewall-scrub</priv>
      <priv>page-firewall-rules</priv>
      <priv>page-firewall-rules-edit</priv>
      <priv>page-firewall-schedules</priv>
      <priv>page-firewall-schedules-edit</priv>
      <priv>page-firewall-trafficshaper</priv>
      <priv>user-proxy-auth</priv>
      <priv>page-services-captiveportal</priv>
      <priv>page-services-dhcprelay</priv>
      <priv>page-services-dhcpserver</priv>
      <priv>page-services-dhcpserver-editstaticmapping</priv>
      <priv>page-services-dhcpv6relay</priv>
      <priv>page-services-dhcpv6server</priv>
      <priv>page-services-dhcpserverv6-editstaticmapping</priv>
      <priv>page-services-opendns</priv>
      <priv>page-services-dnsforwarder-editdomainoverride</priv>
      <priv>page-services-dnsforwarder-edithost</priv>
      <priv>page-diagnostics-logs-dnsmasq</priv>
      <priv>page-services-dnsforwarder</priv>
      <priv>page-services-dynamicdnsclients</priv>
      <priv>page-services-ids</priv>
      <priv>page-services-ntpd</priv>
      <priv>page-services-proxy</priv>
      <priv>page-services-router-advertisements</priv>
      <priv>page-services-dnsresolver-acls</priv>
      <priv>page-services-dnsresolver-advanced</priv>
      <priv>page-services-dnsresolver-editdomainoverride</priv>
      <priv>page-services-dnsresolver-edithost</priv>
      <priv>page-services-dnsresolver</priv>
      <priv>page-diagnostics-logs-resolver</priv>
      <priv>page-status-carp</priv>
      <priv>page-status-dhcpleases</priv>
      <priv>page-status-dhcpv6leases</priv>
      <priv>page-status-habackup</priv>
      <priv>page-status-ipsec</priv>
      <priv>page-status-ipsec-leases</priv>
      <priv>page-status-ipsec-sad</priv>
      <priv>page-status-ipsec-spd</priv>
      <priv>page-status-ntp</priv>
      <priv>page-services-ntp-gps</priv>
      <priv>page-services-ntp-pps</priv>
      <priv>page-status-openvpn</priv>
      <priv>page-status-services</priv>
      <priv>page-status-systemlogs-portalauth</priv>
      <priv>page-status-systemlogs-ppp</priv>
      <priv>page-status-systemlogs-ipsecvpn</priv>
      <priv>page-status-systemlogs-ntpd</priv>
      <priv>page-status-systemlogs-openvpn</priv>
      <priv>page-status-systemlogs-routing</priv>
      <priv>page-status-systemlogs-wireless</priv>
      <priv>page-status-trafficgraph</priv>
      <priv>page-diagnostics-wirelessstatus</priv>
      <priv>page-wizard-system</priv>
      <priv>page-system-advanced-admin</priv>
      <priv>page-system-advanced-firewall</priv>
      <priv>page-system-advanced-misc</priv>
      <priv>page-system-advanced-network</priv>
      <priv>page-system-advanced-sysctl</priv>
      <priv>page-system-authservers</priv>
      <priv>page-system-camanager</priv>
      <priv>page-system-certmanager</priv>
      <priv>page-diagnostics-crash-reporter</priv>
      <priv>page-system-crlmanager</priv>
      <priv>page-system-firmware-manualupdate</priv>
      <priv>page-system-gatewaygroups</priv>
      <priv>page-system-generalsetup</priv>
      <priv>page-system-groupmanager</priv>
      <priv>page-system-groupmanager-addprivs</priv>
      <priv>page-system-hasync</priv>
      <priv>page-system-license</priv>
      <priv>page-system-cron</priv>
      <priv>page-system-staticroutes</priv>
      <priv>page-system-usermanager</priv>
      <priv>page-system-usermanager-addprivs</priv>
      <priv>page-system-usermanager-passwordmg</priv>
      <priv>page-vpn-ipsec</priv>
      <priv>page-vpn-ipsec-editphase1</priv>
      <priv>page-vpn-ipsec-editphase2</priv>
      <priv>page-vpn-ipsec-editkeys</priv>
      <priv>page-vpn-ipsec-mobile</priv>
      <priv>page-vpn-ipsec-listkeys</priv>
      <priv>page-openvpn-client</priv>
      <priv>page-openvpn-client-export</priv>
      <priv>page-openvpn-csc</priv>
      <priv>page-openvpn-server</priv>
      <priv>page-services-monit</priv>
      <priv>page-xmlrpclibrary</priv>
      <member>2001</member>
    </group>

19.1.5_1 should be available via GUI now. Careful with your manual OpenVPN + Unbound patch, that needs a reapply or you leave it be until 19.1.6. :)


Cheers,
Franco

Hi Franco, thank you.

I will schedule a window to upgrade and post the results!

Cheers,
Carlos

# opnsense-revert -r 19.1.4 opnsense

I'm not sure how to reproduce.

After this, the save button it works!!!!

Try a different browser?

Yes, and different hosts

Hi Franco, I have only root user in this aplliance, no ACl and no USERS created, It was working as expected before upgrade :)

Regards
Carlos

Hi folks, after upgrade to 19.1.5, the Nginx, Monit (I will test others) plugins does not "save" the new configs or current config, It seems the save button does not has action.

I already reboot the appliance, clean cache, tested on several devices.


Is there any special procedure after upgrade to 19.1.5 ?

regards

Carlos

Im getting the same problem 19.1.3 and 19.1.4 versions... I needed go back to 19.1.2 ... because my env it was in production mode and I did not have time to investigate.

Regards
Carlos

Hi Julio, thanks by your howto.

I got success, but my problem it was that nginx it was running too in port 80, so the Letsencrypt Challenge service it was geting error due usage this port.
After change the nginx port  to 8081, the letsEncrypt it works.

Thank you

Carlos

When I enable LetsEncrypt Plugin, I lost access from my OPNSense box by WEBGUI.

Is it possible you reproduce the steps to create the certificate ?

Regards
Carlos

Hey Julio,

Thanks by your info.....
But im facing problems to generate certificate by LetsEncrypt plugin... DO you have any doc about create it!?

Best regards

Carlos

Hi folks, is it possible usage letsencrypt plugin with nginx ?
If yes, Is there any documentation !?

Regards
Carlos

Hi Fabian, I understand you.
I have tested it with "static" log file (the same that I sent you) . And its ok.
But the problem is when using the current file (in production) with many updates in the current log.

There are something that is broken it.
I do not know how is the implementation, but why not usage the same method that firewall/rules log viewer?

Regards
Carlos

No Fabian, I have tested with several machines.... And one of then hás 32gb mem.
Regards
Carlos

Hi @Fabian,
Patch applyed, but the browser still crashed, but after some tries, the file is loaded, but no refresh/update data and when I try navigate  using pagination the browser crashe.

Regards
Carlos