Messages

16

18.7 Legacy Series / Help with WIFi errors

« on: September 12, 2018, 06:25:07 pm »

I was able to successfully configure a USB WiFi adapter to run a guest network with Captive Portal using no wireless authentication eg. no WEP or WPA

I'm trying to use either WEP or WPA or WPA2 with a shared password, however, I m unable to connect because I keep getting "incorrect password for network" error on the device and my wireless logfile shows:

Sep 12 12:17:44   hostapd: run0_wlan1: WPA rekeying GTK
Sep 12 12:17:44   hostapd: run0_wlan1: WPA GMK rekeyd
Sep 12 12:17:43   hostapd: run0_wlan1: STA xx:xx:xx:xx:xx:xx IEEE 802.1X: unauthorizing port
Sep 12 12:17:43   hostapd: run0_wlan1: STA xx:xx:xx:xx:xx:xx WPA: event 2 notification
Sep 12 12:17:43   hostapd: run0_wlan1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disassociated
Sep 12 12:17:43   hostapd: run0_wlan1: STA xx:xx:xx:xx:xx:xx MLME: MLME-DELETEKEYS.request(xx:xx:xx:xx:xx:xx)
Sep 12 12:17:43   hostapd: run0_wlan1: STA xx:xx:xx:xx:xx:xx MLME: MLME-DEAUTHENTICATE.indication(xx:xx:xx:xx:xx:xx, 2)
Sep 12 12:17:43   hostapd: run0_wlan1: STA xx:xx:xx:xx:xx:xx IEEE 802.1X: unauthorizing port
Sep 12 12:17:43   hostapd: run0_wlan1: STA xx:xx:xx:xx:xx:xx WPA: event 3 notification
Sep 12 12:17:43   hostapd: run0_wlan1: STA xx:xx:xx:xx:xx:xx WPA: PTKSTART: Retry limit 4 reached
Sep 12 12:17:43   hostapd: run0_wlan1: STA xx:xx:xx:xx:xx:xx WPA: EAPOL-Key timeout
Sep 12 12:17:43   hostapd: run0_wlan1: STA xx:xx:xx:xx:xx:xx WPA: Not in PTKINITDONE; skip Group Key update
Sep 12 12:17:43   hostapd: run0_wlan1: WPA rekeying GTK

Can anyone offer any insight as to why opnsense is rejecting the shared key?

17

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: September 07, 2018, 10:47:10 pm »

Vapourware? Blackbox man-in-the-middle SSL password harvester?

No download links, no source code, no forums

18

18.7 Legacy Series / Question about adding additional WiFi network via USB

« on: August 23, 2018, 02:56:59 pm »

Are there any good tutorials out there about adding USB WiFi devices on Opnsense?

I keep running into problems where enabling a USB WiFi causes all DNS and DHCP to break on my wired networks.

Here's what I'm trying to do:
Add a USB WiFi device to my Opnsense box to run a dedicated guest WiFi network separate from my main wired and wireless network.

19

18.7 Legacy Series / Re: Bug? 18.7 Text Field Edit Problems Safari

« on: August 23, 2018, 02:48:40 pm »

Unfortunately Apple seems to have more than its fair share of idiosyncrasies with Safari not working with a lot of web sites and updates breaking existing functionality...cache or no cache

20

18.7 Legacy Series / Re: Bug? 18.7 Text Field Edit Problems Safari

« on: August 22, 2018, 04:26:03 pm »

Bingo...forced clear of all caches and a cold hard restart of safari did it.  No more console errors now.  Thanks for confirming on your system!

Gotta love Apple, lots of entertainment!

21

18.7 Legacy Series / Re: Bug? 18.7 Text Field Edit Problems Safari

« on: August 22, 2018, 03:55:58 pm »

Under "Allowed Destination TCP Port" your browser is displaying the list that works.  Mine is displaying the list differently in Safari.

Which version of Safari are you running?  I'm using 11.1.2 which seems to be interpreting the JS differently.

22

18.7 Legacy Series / Re: Bug? 18.7 Text Field Edit Problems Safari

« on: August 22, 2018, 02:15:22 pm »

Click on the "Forward Proxy - Down Arrow icon" and select "Access Control List"

23

18.7 Legacy Series / Re: Bug? 18.7 Text Field Edit Problems Safari

« on: August 21, 2018, 10:10:17 pm »

Service - Web Proxy - Administration - Forward Proxy - Access Control List

Under Firefox the Whitelist shows up the way safari used to display the same page under version 18.1.  I just upgraded to 18.7 yesterday and now safari displays the Whitelist data fields as an un-editable dropbox list

SAFARI VIEW https://imgur.com/puYMy9S
FIREFOX VIEW https://imgur.com/grXobvz
SAFARI CONSOLE ERROR https://imgur.com/WpuOtzs

24

18.7 Legacy Series / Re: Bug? 18.7 Text Field Edit Problems Safari

« on: August 21, 2018, 09:49:06 pm »

How do I enable image uploading on this forum?  I have comparison shots between safari and firefox. 
Under /ui/proxy#subtab_proxy-general-authentication Safari Console shows a TypeError: Undefined is not a function opnsense_ui.js:215 so I'm guessing Safari doesn't like something in the javascript for that page which may be related to the drop down list box problem



from the forum help it says
"Attachments - If enabled, this feature allows users to attach files to their posts in the same way as most e-mail clients. Users simply have to browse to the relevant files on their computer before selecting Post. Multiple attachments, up to the limit set by the administrator, can be added to a single post by selecting the Additional Attachments link. Users can delete their attachments or add more by modifying their posts. The permitted file types and sizes are set by the forum administrator. Some forums may display image attachments in line with the post or show them as thumbnails below the post."

25

18.7 Legacy Series / Bug? 18.7 Text Field Edit Problems Safari

« on: August 21, 2018, 05:03:24 pm »

After updating to 18.7 I've discovered "Access Control List" data fields are now un-editable on Safari.  Other similar data fields are also affected.

I am unable to add new or edit data fields to Whitelists as the data is now displayed as a static drop down list box.

I can still view and edit the data in firefox.

Is this a known issue?

26

General Discussion / Re: Suricata bug in OPNsense 18.1.10-i386?

« on: June 29, 2018, 01:50:38 pm »

why do you install the i386 (32Bit) OPNsense on a 64-Bit CPU?

probably because I'm old school used to seeing x86_64 or x64 binary labels in distros because I still have pre-conceived incompatibility notions between AMD and intel chipsets

And AFAIK the Intel Celeron N3150 supports a max. memory size of 8GB RAM

What's your direct email address?  How good is your mandarin/cantonese? I'm going to write a letter to Amazon asking their vendor to contact you regarding their pre-canned systems being sold online as "BSD" compatible systems with too much advertised RAM and wireless hardware having no working BSD drivers...

27

General Discussion / Re: Suricata bug in OPNsense 18.1.10-i386?

« on: June 28, 2018, 08:37:24 pm »

Just as an update...

I changed update servers (from NY to NL) and a bunch of updates appeared.  I first restored to an older backup then performed the updates.  After the updates I re-enabled features one by one and now suricata appears to be working as expected.  I eliminated rules 1+2 and all appears to be working better with ping times now 40-80ms and download speeds back to 40Mbit.

28

General Discussion / Suricata bug in OPNsense 18.1.10-i386?

« on: June 28, 2018, 03:21:47 pm »

I recently installed OPNsense 18.1.8-i386 after my IPFIRE system got corrupt after an update.

After getting the system configured I let it do an update to OPNsense 18.1.10-i386.

What I'm finding is that Suricata is causing my download bandwidth go from 40Mbit with Suricata disabled to 4Mbit with it enabled.  The other problem I am finding is that my ping times to my firewall start to increase from 0.3ms average to 10,000+ms and it starts dropping packets and eventually the firewall locks up and becomes unresponsive.  Stopping Suricata makes everything run well again.

I am running OPNsense 18.1.10-i386 on a Intel(R) Celeron(R) CPU N3150 @ 1.60GHz (4 cores) with 16GB RAM and 120GB SSD.

I'm not sure if I was getting network slowdowns with Suricata prior to the update. I tried re-installing Suricata but it doesn't make a difference.

I'm at the point of either a complete re-install back to 18.1.8 to test the difference or going back to IPFIRE or PFSENSE.  So far I like many of the OPNSENSE features but Suricata unstability is a deal breaker for me.

Has anybody else seen this issue?

I was running 4 rules under Suricata which is monitoring LAN+WAN traffic:
1. Alert for incoming packets to countries other than US/CA
2. Alert for outgoing packets to countries other than US/CA
3. Drop incoming packets from a list of countries like CHINA, Africa, Middle East, Eastern Europe
4. Drop outgoing packets from a list of countries like CHINA, Africa, Middle East, Eastern Europe

The other odd part was that Suricata was Alerting for rule 1+2 for all LAN IP .  Is there a way to exclude private IP LAN traffic from rules 1+2 from being flagged in the country codes?  I want Suricata to tell me which IP addresses on my LAN are trying to make connections to black listed countries.

29

General Discussion / Re: Block ads with alias?

« on: June 27, 2018, 07:45:34 pm »

I've tried the script using the MVPS hosts file on OPNsense 18.1.10-i386 but the script just generates a 0 byte file and doesn't work.

What is the correct format of the /var/unbound/ad-blacklist.conf file?

I've tried
abcstats.com 0.0.0.0

and
0.0.0.0 abcstats.com

and
abcstats.com 127.0.0.1

and
127.0.0.1 abcstats.com

but I keep getting the error

opnsense: /usr/local/etc/rc.bootup: The command '/usr/local/sbin/unbound -c '/var/unbound/unbound.conf'' returned exit code '1', the output was '/var/unbound/ad-blacklist.conf:1: error: unknown keyword '127.0.0.1' /var/unbound/ad-blacklist.conf:1: error: unknown keyword 'abcstats.com' read /var/unbound/unbound.conf failed: 2 errors in configuration file [1530118919] unbound[39953:0] fatal error: Could not read config file: /var/unbound/unbound.conf'

and DNS crashes