Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - jorgevisentini

Pages1 2
#1
24.7, 24.10 Legacy Series / How to remove multiple SSL certificates?
January 13, 2025, 07:17:51 PM
Hello all!

Is there a way to remove multiple SSL certificates at once?

Problem: We have over 400 revoked certificates and I suspect that they are affecting the loading time of the Trust page and OpenVPN server settings...

Many thanks.
#2
24.7, 24.10 Legacy Series / Where is the API access?
August 22, 2024, 10:02:46 PM
Hello.

I'm using version 24.7.2 and I need to access the API.

In previous releases it is in SYSTEM>ACCESS>USERS>[user]>API KEYS

Will we no longer have access to the API or has it been moved?  :o  :D
#3
Virtual private networks / Sent fatal SSL alert: unsupported certificate
April 26, 2024, 04:46:15 PM
Hi all! Big Friday! lol

So... I installed OPNsense 24.1.6, created the CA, the server certificate and configured OpenVPN, but when I try to connect I am shown the errors below.

Packages:
base 24.1.5
openssh-portable 9.7.p1,1
openssl 3.0.13_3,1
easy-rsa 3.1.7
openvpn 2.6.10

Code Select
MANAGEMENT: Client connected from /var/etc/openvpn/instance-f66d5a6f-08c6-49c3-bfb4-6497f183d284.sock
201.43.198.169:49300 SIGUSR1[soft,tls-error] received, client-instance restarting
201.43.198.169:49300 TLS Error: TLS handshake failed
201.43.198.169:49300 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
MANAGEMENT: Client disconnected
MANAGEMENT: CMD 'quit'
MANAGEMENT: CMD 'status 2'
MANAGEMENT: Client connected from /var/etc/openvpn/instance-f66d5a6f-08c6-49c3-bfb4-6497f183d284.sock
201.43.198.169:49300 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
201.43.198.169:49300 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
201.43.198.169:49300 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Re-using SSL/TLS context
MULTI: multi_create_instance called
201.43.198.169:49300 SIGUSR1[soft,tls-error] received, client-instance restarting
201.43.198.169:49300 TLS Error: TLS handshake failed
201.43.198.169:49300 TLS Error: TLS object -> incoming plaintext read error
201.43.198.169:49300 TLS_ERROR: BIO read tls_read_plaintext error
201.43.198.169:49300 OpenSSL: error:0A000086:SSL routines::certificate verify failed:
201.43.198.169:49300 Sent fatal SSL alert: unsupported certificate
201.43.198.169:49300 VERIFY ERROR: depth=0, error=unsuitable certificate purpose: C=XX, ST=XX, L=XXX, O=XXX, emailAddress=XXX, CN=sslvpn-certificate, serial=1
201.43.198.169:49300 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
201.43.198.169:49300 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
201.43.198.169:49300 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
201.43.198.169:49300 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
201.43.198.169:49300 Re-using SSL/TLS context
Connection Attempt MULTI: multi_create_instance called

PS1: I have another server with the same version and this problem does not occur.
PS2: For privacy reasons, I changed the certificate information in the post code.
PS3: I tested with several versions of OpenVPN Client.
PS4: If I don't require the certificate, it works.


Anyone with this same problem?
Cheers!
#4
23.7 Legacy Series / NGINX - How to work Load Balance
December 20, 2023, 04:05:09 PM
I'm trying to configure a load balance of the upstream servers, but apparently it's not working...

In Edit Upstream in Upstream:

  • Description: upstream_test_44310
  • Server Entries: Upstream_Server_01,Upstream_Server_02
  • Load Balancing Algorithm: Weighted Round Robin

In Edit Location in Location:

  • Description: location_upstream_test_44310
  • Upstream Servers: upstream_test_44310

The issue is that the load balance is not working, the connections are only going to Upstream_Server_01.
I already changed the Server Priority priority in Upstream Server, but it didn't work.


Any tips?
#5
22.7 Legacy Series / OFF TOPIC - Nginx restrict domains
January 05, 2023, 02:05:00 PM
Hi guys.

So... this is not directly about OPNsense, but about NGINX.

I set up a reverse proxy for my website (www.domain.com), but strangely enough, it is accepting any sub-domain (dev.domain.com, xxx.domain.com).

How do I strictly restrict it to only accepting www.domain.com?

Happy new year for all of us!
#6
21.1 Legacy Series / PHP Fatal error
June 24, 2021, 09:54:26 PM
Hi all!

Is there any option to configure PHP parameters through the WEB interface or is there another way to make this adjustment?

I have the following error:
PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 119541760 bytes)

But if I change the /usr/local/etc/php.ini file in the cli, it doesn't work because it is generated by configd.

Thank you all!!

#7
20.7 Legacy Series / Virtualization in oVirt 4.4.4
December 12, 2020, 02:58:33 AM
Hi all!!

Did any of you have a problem running OPN on oVirt 4.4.4?
I tried to run a VM with both a virtio and e1000 driver and it didn't work.
With the virtio driver the OPN does not recognize the interfaces and with the e1000 driver falls on a "db>" screen with kernel panic

There is no error in the virtualization log messages.
This I found strange.

I posted this on the oVirt forum too, because I don't know if the error is at the hypervisor layer or the VM layer.

Any tips?

Thank you all.
#8
20.1 Legacy Series / Reverse Proxy - Nginx - Zabbix
August 24, 2020, 11:34:24 PM
Hello, could you help me?

How do I enable the basic_status page through OPNsense to monitor with the Zabbix agent? I saw that the ngx_http_stub_status_module module is enabled.

https://nginx.org/en/docs/http/ngx_http_stub_status_module.html

Or, how and where do I collect the data from the address /ui/nginx/index/vts?

Thank you all!
#9
19.7 Legacy Series / Brazil save time daylight
November 05, 2019, 03:02:28 PM
Hi all.

Can I configure save time daylight on OPNsense?
We had a little problem with the save time daylight this one year soo, the timezone "America/Sao_Paulo" is wrong.
Can I tune this configuration on OPNsense?
On Linux, I donwload the update rpm timezone, but on OPN I dont know to do.

For example:
Current date/time   Tue Nov 5 12:00:57 -02 2019
My PC: 11:01 -03

Thank you all.
#10
19.1 Legacy Series / Reverse Proxy on OPNsense
April 11, 2019, 03:40:56 PM
Hi all.

Sorry my english.

I am try up configure the nginx reverse proxy, but i am failed...
I am following the documentation (https://docs.opnsense.org/manual/reverse_proxy.html)

I have 1 server (site.domain.local) with 2 vhosts on port 80, (site.domain.local/site1 and site.domain.local/site2).
I would like that access throught on OPNsense, for exemple... site1.domain.local redirect for site.domain.local/site1 and site2.domain.local redirect for site.domain.local/site2

With Apache I know configure, with Nginx don't.

Someone would like try help me?
Thank you.
#11
18.7 Legacy Series / How to works the update Firewall Alias
March 07, 2019, 04:26:42 AM
Hi all!

Sorry my english.

I would like to know how to works the Firewall Alias...
How often the firewall rules are update...
How often the firewall alias are update...

How to works the update Alias in pfTables?

Why do I ask?
I have to allow a rule that accept POP, POP/S port to URL outlook.office365.com.
That URL change the IP address frenquence every minute, so I need understand how works for me create the necessary alterations.

Thank you very, very much for the help!
#12
18.7 Legacy Series / How to pfTables works?
December 26, 2018, 03:07:14 PM
Hi everyone!

Sorry my english.

How to pfTables works?

I know that it update the Aliases, but I dont know how often is updated.
The that I need is create a script that update the Aliases with another DNS.

I dont know if is possible...

Thank all.
#13
18.7 Legacy Series / Update and reload firewall aliases
December 10, 2018, 02:26:53 PM
Hello everyone.

If I understand, when I create an Alias indicating a FQDN domain name, that domain name is updated every 300 seconds.

Do I need to add the "Update and reload firewall aliases" task in CRON?

Thank you.
#14
18.7 Legacy Series / Update IP Alias/Firewall
December 03, 2018, 03:07:25 PM
Hello.

Sorry for the question, I do not know if they asked ...

Is it possible to allow in firewall a URL domain, such as www.sap.com, instead of the IP address on the firewall?

If this not possible, is it possible to update an Alias by changing its IP and then update the firewall rules? Do I need of a script?

All this is for me to be able to release the Windows update, some antivirus clients and so on, which are changing the URL IP

Thank you.
#15
18.7 Legacy Series / [SOLVED] Upgrade to specific version
September 07, 2018, 04:11:32 PM
Hello all.

Sorry my english.

Can I upgrade to a particular version of OPN?

I want to go from version 18.7 to version 18.7.1 (including updating the kernel and updating the packages), but through the web interface I can only go straight to version 18.7.2.

Thank you.
#16
18.1 Legacy Series / Proxmox virtualization
February 07, 2018, 08:56:24 PM
Hello, I'm trying to install OPNsense on Proxmox, I've tried version 18.1 and 17.7.5 and both are locked in "booting ..."

I have already changed the disk to SATA, according to Wiki documentation ...

Got any more details?
#17
17.7 Legacy Series / Route DMZ with internal router
January 17, 2018, 07:03:20 PM
Hi all!

Sorry my english.

I do not know if they have already been through this situation ...
I am trying to create a routing as follows, I have a router connected on the internal interface of the OPNsense, and I need to communicate with the servers of the internal network, and the DMZ.
What happens is that with the internal network servers I communicate good, but the DMZ does not, although the routing is working ...
One thing I had to do was disable the "Static route filtering" option in OPNsense, otherwise it would not work.

I do not know if it's because I'm putting the router on the internal interface rather than putting it on a separate interface like a wan gateway, but the fact is it does not work ... and it's not routing the problem, because I can ping all the devices, including the DMZ.

Thanks!
#18
17.7 Legacy Series / Raspberry Pi OPNsense
October 05, 2017, 05:57:27 PM
Hi all

Is possible install OPNsense in Raspberry?

I would make a firewall gateway for VPN IPsec in my work.

Thanks.
#19
17.7 Legacy Series / OpenVPN Multi-WAN
September 21, 2017, 10:11:48 PM
Hello

I set up OpenVPN to listen on all interfaces, so I can use both WAN interfaces.

When I export the settings, I do not have the option to export with all interface settings.

Example:
Code Select

remote 1.1.1.1 2300 tcp-client
remote 1.1.1.2 2300 tcp-client


The first remote is added, but the second one I need to add manually.

Is there a way to be automatically added when it's Multi-WAN?

Thank you all.
#20
17.7 Legacy Series / [SOLVED] Upgrade 16.7x and 17.1.x to 17.7.x
September 05, 2017, 08:35:43 PM
Hello all!

I have versions 16.7.14 and 17.1.7 of OPNSense.

I want to upgrade to 17.7.x

Can I upgrade from version 16.7 to 17.7.x?
Can I upgrade from version 17.1.x to 17.7.x?

Do I first upgrade to the latest version of each release and then run the command below?

opnsense-update -ur 17.7

Thanks!
Pages1 2