This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
"
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt5</interface>
<descr>carp_lan_wlan</descr>
<subnet>192.168.50.2</subnet>
<vhid>50</vhid>
<advskew>100</advskew>
<advbase>30</advbase>
<password>!c4rp!</password>
</vip>
<virtualip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt2</interface>
<descr>carp_cable</descr>
<subnet>192.168.40.2</subnet>
<vhid>40</vhid>
<advskew>100</advskew>
<advbase>30</advbase>
<password>!c4rp!</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt5</interface>
<descr>carp_lan_wlan</descr>
<subnet>192.168.50.2</subnet>
<vhid>50</vhid>
<advskew>100</advskew>
<advbase>30</advbase>
<password>!c4rp!</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt3</interface>
<descr>carp_vdsl</descr>
<subnet>192.168.140.2</subnet>
<vhid>140</vhid>
<advskew>100</advskew>
<advbase>30</advbase>
<password>!c4rp!</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt1</interface>
<descr>carp_lan_media</descr>
<subnet>192.168.150.2</subnet>
<vhid>150</vhid>
<advskew>100</advskew>
<advbase>30</advbase>
<password>!c4rp!</password>
</vip>
</virtualip>
<virtualip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>wan</interface>
<descr>carp_cable</descr>
<subnet>192.168.40.2</subnet>
<vhid>40</vhid>
<advskew>200</advskew>
<advbase>40</advbase>
<password>!c4rp!</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>lan</interface>
<descr>carp_lan_wlan</descr>
<subnet>192.168.50.2</subnet>
<vhid>50</vhid>
<advskew>200</advskew>
<advbase>40</advbase>
<password>!c4rp!</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt1</interface>
<descr>carp_vdsl</descr>
<subnet>192.168.140.2</subnet>
<vhid>140</vhid>
<advskew>200</advskew>
<advbase>40</advbase>
<password>!c4rp!</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt2</interface>
<descr>carp_lan_media</descr>
<subnet>192.168.150.2</subnet>
<vhid>150</vhid>
<advskew>200</advskew>
<advbase>40</advbase>
<password>!c4rp!</password>
</vip>
</virtualip>
conn con4
aggressive = no
fragmentation = yes
keyexchange = ikev2
mobike = yes
reauth = yes
rekey = yes
forceencaps = no
installpolicy = yes
type = tunnel
dpdaction = clear
dpddelay = 10s
dpdtimeout = 60s
left = 192.168.40.3
right = %any
leftid = dync.chao5.net
ikelifetime = 28800s
lifetime = 3600s
rightsourceip = 192.168.250.0/24
ike = aes256-sha256-modp2048s256!
leftauth = pubkey
rightauth = pubkey
leftcert = /usr/local/etc/ipsec.d/certs/cert-4.crt
leftsendcert = always
rightca = "/O=CHAO5.INT/CN=Certificate Authority/"
rightsubnet = 192.168.250.0/24
leftsubnet = 192.168.50.0/24
esp = aes256-sha1-modp2048,aes256-sha256-modp2048,aes256-sha384-modp2048,aes256-sha512-modp2048,aes192-sha1-modp2048,aes192-sha256-modp2048,aes192-sha384-m
odp2048,aes192-sha512-modp2048,aes128-sha1-modp2048,aes128-sha256-modp2048,aes128-sha384-modp2048,aes128-sha512-modp2048!
auto = add
Feb 4 23:09:33 cerber charon: 09[NET] received packet: from 31.17.57.154[61045] to 192.168.40.3[500] (660 bytes)
Feb 4 23:09:33 cerber charon: 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Feb 4 23:09:33 cerber charon: 09[IKE] 31.17.57.154 is initiating an IKE_SA
Feb 4 23:09:33 cerber charon: 09[IKE] 31.17.57.154 is initiating an IKE_SA
Feb 4 23:09:33 cerber charon: 09[IKE] local host is behind NAT, sending keep alives
Feb 4 23:09:33 cerber charon: 09[IKE] remote host is behind NAT
Feb 4 23:09:33 cerber charon: 09[IKE] sending cert request for "O=CHAO5.INT, CN=Certificate Authority"
Feb 4 23:09:33 cerber charon: 09[IKE] sending cert request for "CN=Fake LE Intermediate X1"
Feb 4 23:09:33 cerber charon: 09[IKE] sending cert request for "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
Feb 4 23:09:33 cerber charon: 09[IKE] sending cert request for "C=DE, ST=Berlin, L=Berlin, O=chao5, E=perun@chao5.net, CN=internal-ca"
Feb 4 23:09:33 cerber charon: 09[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
Feb 4 23:09:33 cerber charon: 09[NET] sending packet: from 192.168.40.3[500] to 31.17.57.154[61045] (551 bytes)
Feb 4 23:09:34 cerber charon: 09[NET] received packet: from 31.17.57.154[61046] to 192.168.40.3[4500] (532 bytes)
Feb 4 23:09:34 cerber charon: 09[ENC] parsed IKE_AUTH request 1 [ EF(1/4) ]
Feb 4 23:09:34 cerber charon: 09[ENC] received fragment #1 of 4, waiting for complete IKE message
Feb 4 23:09:34 cerber charon: 09[NET] received packet: from 31.17.57.154[61046] to 192.168.40.3[4500] (532 bytes)
Feb 4 23:09:34 cerber charon: 09[ENC] parsed IKE_AUTH request 1 [ EF(2/4) ]
Feb 4 23:09:34 cerber charon: 09[ENC] received fragment #2 of 4, waiting for complete IKE message
Feb 4 23:09:34 cerber charon: 08[NET] received packet: from 31.17.57.154[61046] to 192.168.40.3[4500] (484 bytes)
Feb 4 23:09:34 cerber charon: 08[ENC] parsed IKE_AUTH request 1 [ EF(4/4) ]
Feb 4 23:09:34 cerber charon: 08[ENC] received fragment #4 of 4, waiting for complete IKE message
Feb 4 23:09:34 cerber charon: 06[NET] received packet: from 31.17.57.154[61046] to 192.168.40.3[4500] (532 bytes)
Feb 4 23:09:34 cerber charon: 06[ENC] parsed IKE_AUTH request 1 [ EF(3/4) ]
Feb 4 23:09:34 cerber charon: 06[ENC] received fragment #3 of 4, reassembling fragmented IKE message
Feb 4 23:09:34 cerber charon: 06[ENC] parsed IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) AUTH CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
Feb 4 23:09:34 cerber charon: 06[IKE] received end entity cert "O=CHAO5.INT, CN=handy-marlena.vpn"
Feb 4 23:09:34 cerber charon: 06[CFG] looking for peer configs matching 192.168.40.3[%any]...31.17.57.154[O=CHAO5.INT, CN=handy-marlena.vpn]
Feb 4 23:09:34 cerber charon: 06[CFG] selected peer config 'con4'
Feb 4 23:09:34 cerber charon: 06[CFG] using certificate "O=CHAO5.INT, CN=handy-marlena.vpn"
Feb 4 23:09:34 cerber charon: 06[CFG] using trusted ca certificate "O=CHAO5.INT, CN=Certificate Authority"
Feb 4 23:09:34 cerber charon: 06[CFG] checking certificate status of "O=CHAO5.INT, CN=handy-marlena.vpn"
Feb 4 23:09:34 cerber charon: 06[CFG] requesting ocsp status from 'http://ipa-ca.chao5.int/ca/ocsp' ...
Feb 4 23:09:34 cerber charon: 06[LIB] unable to fetch from http://ipa-ca.chao5.int/ca/ocsp, no capable fetcher found
Feb 4 23:09:34 cerber charon: 06[CFG] ocsp request to http://ipa-ca.chao5.int/ca/ocsp failed
Feb 4 23:09:34 cerber charon: 06[CFG] ocsp check failed, fallback to crl
Feb 4 23:09:34 cerber charon: 06[CFG] fetching crl from 'http://ipa-ca.chao5.int/ipa/crl/MasterCRL.bin' ...
Feb 4 23:09:34 cerber charon: 06[LIB] unable to fetch from http://ipa-ca.chao5.int/ipa/crl/MasterCRL.bin, no capable fetcher found
Feb 4 23:09:34 cerber charon: 06[CFG] crl fetching failed
Feb 4 23:09:34 cerber charon: 06[CFG] certificate status is not available
Feb 4 23:09:34 cerber charon: 06[CFG] reached self-signed root ca with a path length of 0
Feb 4 23:09:34 cerber charon: 06[IKE] authentication of 'O=CHAO5.INT, CN=handy-marlena.vpn' with RSA_EMSA_PKCS1_SHA2_256 successful
Feb 4 23:09:34 cerber charon: 06[IKE] peer supports MOBIKE
Feb 4 23:09:34 cerber charon: 06[IKE] authentication of 'dync.chao5.net' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
Feb 4 23:09:34 cerber charon: 06[IKE] IKE_SA con4[48] established between 192.168.40.3[dync.chao5.net]...31.17.57.154[O=CHAO5.INT, CN=handy-marlena.vpn]
Feb 4 23:09:34 cerber charon: 06[IKE] IKE_SA con4[48] established between 192.168.40.3[dync.chao5.net]...31.17.57.154[O=CHAO5.INT, CN=handy-marlena.vpn]
Feb 4 23:09:34 cerber charon: 06[IKE] scheduling reauthentication in 28135s
Feb 4 23:09:34 cerber charon: 06[IKE] maximum IKE_SA lifetime 28675s
Feb 4 23:09:34 cerber charon: 06[IKE] sending end entity cert "O=CHAO5.INT, CN=dync.chao5.net"
Feb 4 23:09:34 cerber charon: 06[IKE] peer requested virtual IP %any
Feb 4 23:09:34 cerber charon: 06[CFG] reassigning offline lease to 'O=CHAO5.INT, CN=handy-marlena.vpn'
Feb 4 23:09:34 cerber charon: 06[IKE] assigning virtual IP 192.168.250.1 to peer 'O=CHAO5.INT, CN=handy-marlena.vpn'
Feb 4 23:09:34 cerber charon: 06[IKE] CHILD_SA con4{52} established with SPIs c802b32d_i c9ec3747_o and TS 192.168.50.0/24 === 192.168.250.0/24
Feb 4 23:09:34 cerber charon: 06[IKE] CHILD_SA con4{52} established with SPIs c802b32d_i c9ec3747_o and TS 192.168.50.0/24 === 192.168.250.0/24
Feb 4 23:09:34 cerber charon: 06[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR SUBNET DNS DNS U_DEFDOM U_SPLITDNS U_PFS) N(ESP_TFC_PAD_N) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) ]
Feb 4 23:09:34 cerber charon: 06[ENC] splitting IKE message with length of 1824 bytes into 2 fragments
Feb 4 23:09:34 cerber charon: 06[ENC] generating IKE_AUTH response 1 [ EF(1/2) ]
Feb 4 23:09:34 cerber charon: 06[ENC] generating IKE_AUTH response 1 [ EF(2/2) ]
Feb 4 23:09:34 cerber charon: 06[NET] sending packet: from 192.168.40.3[4500] to 31.17.57.154[61046] (1236 bytes)
Feb 4 23:09:34 cerber charon: 06[NET] sending packet: from 192.168.40.3[4500] to 31.17.57.154[61046] (660 bytes)
Feb 4 23:09:34 cerber charon: 06[NET] received packet: from 31.17.57.154[61046] to 192.168.40.3[4500] (80 bytes)
Feb 4 23:09:34 cerber charon: 06[ENC] parsed INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
Feb 4 23:09:34 cerber charon: 06[IKE] received DELETE for IKE_SA con4[48]
Feb 4 23:09:34 cerber charon: 06[IKE] deleting IKE_SA con4[48] between 192.168.40.3[dync.chao5.net]...31.17.57.154[O=CHAO5.INT, CN=handy-marlena.vpn]
Feb 4 23:09:34 cerber charon: 06[IKE] deleting IKE_SA con4[48] between 192.168.40.3[dync.chao5.net]...31.17.57.154[O=CHAO5.INT, CN=handy-marlena.vpn]
Feb 4 23:09:34 cerber charon: 06[IKE] IKE_SA deleted
Feb 4 23:09:34 cerber charon: 06[IKE] IKE_SA deleted
Feb 4 23:09:34 cerber charon: 06[ENC] generating INFORMATIONAL response 2 [ ]
Feb 4 23:09:34 cerber charon: 06[NET] sending packet: from 192.168.40.3[4500] to 31.17.57.154[61046] (80 bytes)
Feb 4 23:09:34 cerber charon: 06[CFG] lease 192.168.250.1 by 'O=CHAO5.INT, CN=handy-marlena.vpn' went offline
#!/bin/sh
TMP=$(mktemp -d)
URL=$1
LOGIN='mybackupuser'
PASS='mybackuppass'
# Submit the login form with the previous values, and save a new CSRF token
/usr/bin/wget -q -O /dev/null --keep-session-cookies --save-cookies $TMP/cookies.txt --no-check-certificate \
--post-data "login=Login&usernamefld=$LOGIN&passwordfld=$PASS" $URL/diag_backup.php
# Save only the config
/usr/bin/wget -q --keep-session-cookies --load-cookies $TMP/cookies.txt --save-cookies $TMP/cookies.txt --no-check-certificate \
--post-data "download=Download%20Configuration&donotbackuprrd=yes" $URL/diag_backup.php -O /srv/backup/config-$1-`date +%Y%m%d%H%M%S`.xml \
rm -f $TMP/*.txt
rmdir $TMP
<!doctype html>
<!--[if IE 8 ]><html lang="en" class="ie ie8 lte9 lte8 no-js"><![endif]-->
<!--[if IE 9 ]><html lang="en" class="ie ie9 lte9 no-js"><![endif]-->
<!--[if (gt IE 9)|!(IE)]><!--><html lang="en" class="no-js"><!--<![endif]-->
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="robots" content="noindex, nofollow, noodp, noydir" />
<meta name="keywords" content="" />
<meta name="description" content="" />
<meta name="copyright" content="" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" />
<title>Login</title>
<link href="/ui/themes/opnsense/build/css/main.css" rel="stylesheet">
<link href="/ui/themes/opnsense/build/images/favicon.png" rel="shortcut icon">
<script type="text/javascript" src="/ui/js/jquery-3.2.1.min.js"></script>
<script type="text/javascript" src="/ui/js/jquery-migrate-3.0.1.min.js"></script>
<!--[if lt IE 9]><script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.2/html5shiv.min.js"></script><![endif]-->
<script type="text/javascript">
$( document ).ready(function() {
$.ajaxSetup({
'beforeSend': function(xhr) {
xhr.setRequestHeader("X-CSRFToken", "SEtpaEhPdXN6OWlQMmphdHdxNitadz09" );
}
});
});
</script>
</head>
<body class="page-login">
<div class="container">
<main class="login-modal-container">
<header class="login-modal-head" style="height:55px;">
<div class="navbar-brand">
<img src="/ui/themes/opnsense/build/images/default-logo.png" height="30" alt="logo"/>
</div>
</header>
<div class="login-modal-content">
<div id="inputerrors" class="text-danger"> </div><br />
<form class="clearfix" id="iform" name="iform" method="post" autocomplete="off" action="/diag_backup.php"><input type="hidden" name="RFlMUHFrV3p1M1RqNzhEcFdINFZLdz09" value="SEtpaEhPdXN6OWlQMmphdHdxNitadz09" />
<div class="form-group">
<label for="usernamefld">Username:</label>
<input id="usernamefld" type="text" name="usernamefld" class="form-control user" tabindex="1" autofocus="autofocus" autocapitalize="off" autocorrect="off" />
</div>
<div class="form-group">
<label for="passwordfld">Password:</label>
<input id="passwordfld" type="password" name="passwordfld" class="form-control pwd" tabindex="2" />
</div>
<button type="submit" name="login" value="1" class="btn btn-primary pull-right">Login</button>
</form>
</div>
</main>
<div class="login-foot text-center">
<a target="_blank" href="https://opnsense.org/" class="redlnk">OPNsense</a> (c) 2014-2018 <a href="https://www.deciso.com/" class="tblnk">Deciso B.V.</a>
</div>
</div>
</body>
</html>
