Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - skywalker007

#1
Can I run my own automation script in the acme plugin? It seems to only have a list of commands to choose from.
thanks! Till
#2
Hi,
according to the docs:
https://docs.opnsense.org/development/api/core/trust.html
There is a raw_dump function. I assume it can be used to export a full certificate incl private key?
When I try to use it, it returns 404.
Does it exist?
I have a dedicated "api" user with the privileges: "System: Certificate Manager"
I have successfully tested it and parsed out the UUID by using:
CERT_UUID=$(curl -s -u "$API_KEY:$API_SECRET" "$HOST/api/trust/cert/search" | jq -r '.rows[] | select(.commonname == "<my common name>") | .uuid')Now when I run:
curl  -v -u "$API_KEY:$API_SECRET" "$HOST/api/trust/cert/raw_dump?uuid=$CERT_UUID"it returns 404.
Any hint?
I am running on 25.1.10.

thank you!
#3
I had a couple of situations recently where my firewall got very unresponsive on some services incl the Web UI. Logging into the Web UI then takes up to a minute.
The only thing that helped getting back to normal was a reboot then. How can I diagnose what'S going on?
Some logs on the CLI which I could monitor when it happens?
The system is a an Atom CPU C3558 @ 2.20GHz (4 cores, 4 threads) with 64Gb RAM and ZFS mirrored boot device, latest version installed, all updates.
It does run Zenarmor an I have seen mongod consuming quite some CPU cycles but normally that isn't an issue.
Any hint on how to track this down next time it happens is appreciated.
TIA!
#4
Anyone got a hint for me?
I use the ACME client to manage a number of certificates.
I would like to have an automation that sends me an email when a particular certificate has been renewed.
Any idea how to do that?
I thought about using monit in any way for that but have no clue how.
Thanks for any hint.
-Till
#5
24.1, 24.4 Legacy Series / DynDNS - native client
February 12, 2024, 12:13:39 PM
When I change from ddclient to native client, do I need to recreate all host records? Because the logs still show "ddclient" as process being used.
Thanks!
#6
I think I have been spoiled by all the smooth upgrades I had in the past. This time it was all but smooth.
The server went unresponsive multiple times (had to hard-reboot), web gui not responding, LAN interface got unresponsive after a few minutes being up. I finally have it running now, but still occasionally can't connect to the web UI.
I have submitted a crash report. What else can I do to help?

I also now have this error message popping up in backend log every hour:
[07bbd436-4c8f-446a-9205-24455d9ba5f5] Script action stderr returned "b'Traceback (most recent call last):\n File "/usr/local/opnsense/scripts/OPNsense/Zenarmor/sensei-db-version.py", line 11, in <module>\n from packaging import version\nImportError: cannot import name \'version\' from \'packaging\' (unknown location)'"
Is Zenarmor fully supported with this release?
Thank you for your great work!
#7
23.7 Legacy Series / API access to certificate store
February 01, 2024, 10:36:23 AM
I think this has been asked before (can't find the thread anymore) but maybe something has changed:
Is there any plan to support API access to the certificate store? I would love to utilise the acme plugin to manage all my certificates, not only those used on the firewall. But then I need some automated way to retrieve them after renewal.
Is there any workaround? Maybe someone has a shell script that exports the certificate locally and then I can scp it from the machine?
Thanks! Till
#8
General Discussion / phpIPAM API integration
November 17, 2023, 12:49:02 PM
Has anyone already done some phpIPAM integration into OPNSense? Both tools have open API's.
I wonder if I could build something like:
- creating a new device with a static IP in phpIPAM will aotmatically create an DHCP entry in OPNSense for the static v4 IP.
Anyone?
Thanks!
#9
General Discussion / DNS0.EU - anyone?
March 02, 2023, 10:48:50 AM
Did anyone already look into the newly lounged DNS0.EU initiative? Sounds like a good European alternative to NextDNS or the like. -Till
#10
Does anyone have experience in updating spdns combined hosts (IPv4 & IPv6 with a single update token) with ddclient?
The update URL looks like this:
https://update.spdyn.de/nic/update?hostname=Domain&myip=IPv4Address,IPv6Address&user=hostname&pass=update-token
Do I need to go for custom with this?

Thanks!
#11
I was on 23.1 for a few days and today I was offered an updated ddclient package, so I installed.
Since then web UI doesn't start anymore.
When restarting all services via SSH, I get the following output which indicated problems with ddclient.
Can someone help me to recover from that? I am not really deep into freebsd CLI. thank you!

FAILED:   updating <domian_replaced>: unexpected status (14)
Use of uninitialized value $h in hash element at /usr/local/sbin/ddclient line 4105.
Use of uninitialized value $_[0] in sprintf at /usr/local/sbin/ddclient line 2163.
WARNING:  updating : nochg: No update required; unnecessary attempts to change to the current address are considered abusive
Use of uninitialized value $h in hash element at /usr/local/sbin/ddclient line 4114.
Use of uninitialized value $h in hash element at /usr/local/sbin/ddclient line 4115.
Use of uninitialized value $h in hash element at /usr/local/sbin/ddclient line 4116.
Use of uninitialized value $h in hash element at /usr/local/sbin/ddclient line 4105.
Use of uninitialized value $_[0] in sprintf at /usr/local/sbin/ddclient line 2163.
FAILED:   updating : unexpected status (0)
Use of uninitialized value in string ne at /usr/local/sbin/ddclient line 1157.
Use of uninitialized value in string ne at /usr/local/sbin/ddclient line 1157.

FAILED:    was not updated because protocol <undefined> is not supported.
#12
Team,
this is a problem I have for more than a year, so it is not specific to the current version. Nevertheless I wonder how to either fix it or work around it.
My setup is an external VDSL modem with OPNSense initiating a PPPoE session on it.
Unfortunately, the line is suffering from temporary instabilities. So it may break down and OPNsense re-establishes the connection a minute later. The problem I have is that in those cases, IPv6 adress assignment via track interface often fails. I assume this i some kind of timing problem. I can manually fiy this by reloading the PPPoE  via Interfaces->Overview->WAN-> PPPoE reload.
However this is a cumbersome manual procedure.
Any ideas?

thanks, Till
#13
Hi,
just realized - no matter what I put into the alias dialog, nothing shows up under host override -> alias afterwards. The list stays empty.
Is this a bug?

thanks! Till
#14
22.1 Legacy Series / compatible plugins
January 31, 2022, 05:12:56 PM
As always, I struggle to find out if alll the plugins I run will be compatible with 22.1.
Is there any way to figure out without trial/error?

thanks!
#15
Zenarmor (Sensei) / Zenarmor and local proxy
January 20, 2022, 11:45:51 AM
For a specific use case, I run a forward proxy server on OPNsense.
However, those clients using the proxy, seem to bypass Zenarmor.
Any recommendation how to configure it to work with a locally installed proxy?

thanks!
#16
I need a quick inspiration:
On IPv4, i can easily create a rule that allows internet access to a certain VLAN and excluding access to other local networks by inverting the destination.
With IPv6 (track interface), I don't have static networks. How would I craft a rule to achieve the same which would work with any IPv6 network assigned to the other interfaces?

thanks, Till
#17
Hallo,
hat irgendjemand ähnliche Erfahrung gemacht das der Zugriff auf die Mediatheken vom SmartTV plötzlich hakt? Hat sich durch eines der letzten OPNSense updates da irgendwas verändert?
Ich steh da grad ein bisschen auf dem Schlauch.
VG!
#18
21.1 Legacy Series / update oddities
February 10, 2021, 01:05:13 PM
Hi,
for a while already I have the problem that one of my firewalls won't update via UI anymore.
It always resonds with "Timeout while connecting to the selected mirror."
Updating from shell works. Though it throws a warning:
Fetching change log information, please wait... fetch: transfer timed out
fetch: /tmp/changelog/changelog.txz.sig appears to be truncated: 0/1332 bytes


Checking that folder, it is indeed empty:

root@OPNsensemil:~ # ls -la /tmp/changelog/
total 8
drwxr-xr-x  2 root  wheel   512 Feb 10 13:01 .
drwxrwxrwt  6 root  wheel  1024 Feb 10 12:59 ..
root@OPNsensemil:~ #


Any advise how to fix this?
I am on 21.1, but this problem existed before.

Update:
this seems to be similar to this:
https://forum.opnsense.org/index.php?topic=21087.msg98506#msg98506

thanks, Till
#19
20.7 Legacy Series / Can pppoE break a DSL sync?
December 02, 2020, 06:54:07 PM
Not sure if the topic attracts a reader but let me give it a try:

I have, since a few months, the problem that my VDSL connection breaks once or twice a day.
My setup so far was OPNsense with pppoE on WAN -> Draytek Vigor 165 as modem.
It's not only the pppoe that breaks, it is the DSL wich re-syncs and then 2 min later the connection is back.

I replaced the modem - > same issue.
I called the ISP, they came and changed the port in the DSLAM and also the a different pair of cables.
-> same issue.
So I bought an original Telekom Smart 3 router, put it into modem only mode and tried that -> same issue.
So finally, I put the Telekom Smart 3 back into router mode, reconfigured OPNsense to not use pppoe but just send packets to the Telekom router. -> Now the connection is stable.
How can that be? Did OPNsense 20.7 introduce some major changes to the pppoe client that brakes my connection? I can't imagine. I am a bit out of ideas and want my old setup back but I need to get it stabilized (was running well before). I can't really say if this started with the 20.7 upgrade, but it falls into the same timeframe.
Any feedback, suggestions are highly appreciated!
cheers, Till
#20
I am currently testing Sensei on my system and realized that it often switches back to bypass mode automatically.
Why is that?
My VDSL connection is a bit unstable which leads to frequently changing IPv6 addresses on my LAN interfaces. Could that be a reason?
thanks! Till