Topics

1

18.1 Legacy Series / [SOLVED] GUI Connection reset

« on: May 13, 2018, 11:22:58 pm »

Release 18.1.6 and 18.1.7

When trying to Apply firewall updates , the gui times out and fails with the following message

Secure Connection Failed

The connection to the server was reset while the page was loading.

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

That's using Firefox on Win7, but also receive a similar message from Chrome on Linux.,
If I reload the dashboard, then check the firewall rules, the update had actually been applied correctly.

Any ideas how to resolve?

EDIT: Solved....see last post.

2

Intrusion Detection and Prevention / Suricata IPS mode kills IPv6

« on: April 26, 2018, 09:14:52 am »

I had been running Suricata in IDS mode on the wan interface for several days without problems and things looked reasonable for the rules I had selected, so today I tried to enable IPS mode.   This killed my IPv6 connectivity.    It looks like IPS mode causes a restart of the wan interface.  From the syslog,

Apr 25 19:45:31   kernel: igb0: link state changed to DOWN
Apr 25 19:45:31   opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet detached event for wan
Apr 25 19:45:32   opnsense: /usr/local/etc/rc.newwanipv6: IP renewal is starting on 'igb0'
Apr 25 19:45:32   opnsense: /usr/local/etc/rc.newwanipv6: On (IP address: ) (interface: WAN[wan]) (real interface: igb0).
Apr 25 19:45:32   opnsense: /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]
Apr 25 19:45:32   opnsense: /usr/local/etc/rc.linkup: Clearing states to old gateway 68.xxx.xxx.xxx.
Apr 25 19:45:35   kernel: igb0: link state changed to UP

Not a lot of chance of a renew when the link is down.   In rc.newwanipv6 it defers the renew if booting.  Should similar logic be applied if the interface is down?

3

18.1 Legacy Series / Alias not populating IPv6 addresses

« on: February 15, 2018, 11:02:09 am »

I have a need to make some rules based on the IPv6 addresses of local clients.   Made the alias with the local hostnames which gets filled with the IPv4 addresses, but not the corresponding IPv6 addresses.   Is this a limitation or a bug?  Seems the alias should get both.

4

17.7 Legacy Series / Sequential DHCP addresses

« on: February 15, 2018, 12:43:16 am »

All the current documentation says that the DHCP server assigns addresses based on a hash of the MAC address, yet OPNsense assigns them sequentially.   Is there a setting to force the hashed address assignments?