Messages

1

Web Proxy Filtering and Caching / nginx default_server

« on: September 27, 2020, 03:27:15 am »

Hello,

is there a possibility to specify the "default_server" in the nginx module?

I use more than on http(s) server in direction WAN as well multiple servers as upload servers. Routing is done by domain name and by parameter "servername". All works fine. But if someone accesses my server by IP address I would like to point to a specific upload server. In nginx config I would realise this by the parameter "default_server". Currently any upload server is called, but always the same.

Is it possible to do specify the default server?
What is current logic the upload server is getting selected in case if access by IP?

2

20.7 Production Series / Re: Swap used to 70%?

« on: September 13, 2020, 03:37:51 am »

I have the same issue sind 20.7.x.

Before the system was running fine with 8 GB RAM installed and plenty of free RAM. No other change beside upgrade to 20.7.x. In my case after a while Sensei is running out of memory, stops automatically and is getting disabled. After Sensei stopped all is fine. But if Sensei is cause or effect I cannot say.

Code: [Select]

Sensei has detected a problem during operation and has shut down Sensei services in order to prevent a network outage.

It is because we detected high SWAP usage 36 % ( 2.95GB / 8GB )

If you think this is something we should have a look, just click here to let us know about the details and we will investigate this further.

You can re-enable the services from Status page.

3

General Discussion / Re: OpenSense As As A Virtual Machine Hosted In FreeNAS

« on: May 12, 2020, 01:04:46 pm »

I like it. I did the same about 7 or 8 years ago. Still running.

But soon I did a small step backwards again and I "outsourced" my router/firewall due to the reason mentioned above. (And to free up a little bit RAM as the 32 GB limit of my machine is also the limit of my freedom to run VMs on it.)

4

General Discussion / Re: os-rfc2136 - documentation?

« on: May 11, 2020, 04:10:43 pm »

Also no VPN tagging on OPNsense for me.

Thank you.
I will check when I find some time.
At least good to know that in a similar set-up is is working somewhere else.

5

General Discussion / Re: os-rfc2136 - documentation?

« on: May 11, 2020, 03:49:02 pm »

Do you get a new IP when you reboot the OPNsense box? This is the case for me as the OPN sense box also handles the PPPoE connection over the VDSL modem. And this is the situation I do have the issue with the rfc 2136 plugin. Normal IP updates are not so often. This seems to run fine.

6

General Discussion / Re: os-rfc2136 - documentation?

« on: May 11, 2020, 02:53:55 pm »

Are you dining something special or are you using the plugin out of the box?

In my case it sometimes fails after reboot of OPNsense. After reboot I get a new IP and the plugin reports success. But no update done. For IP updated during running OPNsense I did not observed failures.

7

General Discussion / Re: OpenSense As As A Virtual Machine Hosted In FreeNAS

« on: May 11, 2020, 01:09:11 pm »

Power consumption also for me is something I take care of. But is it really so much for a small box running OPNsense? I guess the hardware costs will be the cost driver and are higher than the lifetime costs for energy consumption.

Next point is that it will not run for free on the big machine. The power also comes from somewhere. But I never could find reliable data showing the comparison of power consumption of single box and in VM.

8

General Discussion / Re: os-rfc2136 - documentation?

« on: May 11, 2020, 12:51:38 pm »

For me, in the current version the plugin is not a reliable solution. Sometimes the plugin is reporting success but update was not done on DNS side. No second trial seems to be done.

I see potential in this plugin and I would be happy to see an improved version in the near future.

(PowerDNS does not support dynamic update by "simple command" over the API. And the API is to complex to get it integrated in OPNsense dyndns plugin. Therefore, I see the rfc 2136 method as best solution in combination with PowerDNS if you do not want to webserver + php only for dns update on the DNS server.)

9

20.1 Legacy Series / Re: os-acme - DNS-01 not working with Letsencrypt production environment

« on: May 10, 2020, 08:25:27 am »

All is fine again.

There was something set-up wrong on network side and I only checked the logs for the failed attempts. But for some reason the trials with staging did not re-verify ("already verified") and issued the cert while in production environment the verification failed.

10

20.1 Legacy Series / Re: os-acme - DNS-01 not working with Letsencrypt production environment

« on: May 09, 2020, 05:47:20 am »

The same issue I got when changing from nsupdate method to PowerDNS API method.
Staging environment is OK but with production environment I get the error above.

I observed the logs of Letsencrypt plugin during renew. It looks like the plugin is ignoring the waiting time defined in the settings. I used standard setting of 120 s.

11

20.1 Legacy Series / os-acme - DNS-01 not working with Letsencrypt production environment

« on: May 09, 2020, 04:27:53 am »

Hello,

On my OPNsense box 20.1 I changed Lesencrypt validation from HTTP-01 to DNS-01 using the nsupdate (RFC 2136) method. Testing with staging environment is OK. I get issued the certificate.

But when I change Letsencrypt to production environment I get the following error:

Code: [Select]

[Sat May 9 11:09:58 JST 2020] The supported validation types are: http-01 , but you specified: dns-01
[Sat May 9 11:09:58 JST 2020] Error, cannot get domain token entry abcdefgh.de
With staging environment, I also can re-issue without waiting time. So, no DNS caching or refresh issue.

Due to the fact that testing with staging environment is working I assume there is something wrong on OPNsense side. Or do I miss something?

12

General Discussion / Re: MAIL SERVER (postfix plugin ?)

« on: May 07, 2020, 05:58:56 pm »

... without having to buy another computer to make a mail server run + all the additional tiresome routing configuration and maintenance that it will imply.

If you want to run it on one PC set-up a visualised system (ESXi, hyper-v, proxmox, ...) and run both as VM: OPNsense and an all-in-one mail server package like mailcow, iRedMail or mail-in-a-box. Once set-up there is nothing to maintain.

13

General Discussion / Re: os-rfc2136 - documentation?

« on: May 07, 2020, 02:35:19 am »

Thanks’ for the answer.


Abandoned and waiting for its death, is my interpretation of this explanation.
The user base might be limited to home users as this is the place where you can find dynamic IPs. But when you are running your own DNS server, dynamic IP update by rfc 2136 it is a great feature. In comparison to DynDNS There is no need for additional code or a full webserver on DNS server side.

A small improvement idea to increase the user base. Add some more words to the title of the plugin. I only found this feature by chance. As home user I was not aware about the meaning of “rfc 2136”. But “dynamic update” everybody can associate with a function.

14

General Discussion / Re: Web server port forwarding problems.

« on: May 06, 2020, 03:47:32 pm »

You solved your problem. But is port forwarding really what you want to do?

Why not take advantage of using OPNsense as reverse proxy by HAproxy or nginx plugin for your webserver instead?

15

General Discussion / Re: OpenSense As As A Virtual Machine Hosted In FreeNAS

« on: May 06, 2020, 03:18:55 pm »

I would not do if I understand your use case correctly.

I switched my home set-up from virtualized OPNsense firewall (ESXi host, passthrough NIC) to small bare metal box. I do not have concerns regarding security or technical aspects of the set-up. It depends on how often you modify your system (SW or HW) or how often you require reboots. In my case no OPNsense running means no device has internet access, no streaming TV, no streaming music, no IP phone. With separate box now I can "play" on my servers without disturbing the services mentioned above.