Messages

916

19.1 Legacy Series / Re: WAN Link Cycling Up and Down

« on: March 04, 2019, 04:05:05 am »

It would be best to open a ticket on Github then, core issues section -- referencing this thread.

I'll ask one more time, were you actually on 19.1.2 as I suggested ? Should have been fixed there. Do 12 in the console after installation

917

19.1 Legacy Series / Re: Revert unbound to 18.7.7 - not possible?

« on: March 03, 2019, 04:22:18 pm »

Arguably out of it. It dies on the hands of HBSD apparently. Otherwise Unbound thrives on DoT/Doh on 1.8.3 using pfSense which lacks the HBSD hardening. It would be extremely doubtful that any major workarounds that aren't public have been done in pfS in that regard.

918

19.1 Legacy Series / Re: LDAP + OTP AUthentication

« on: March 03, 2019, 04:16:22 pm »

The QR code needs to be scanned by their phone app. Keep in mind this is a security feature, so sending out emails with QR codes might not be the best avenue

919

19.1 Legacy Series / Re: Kernel trap 12 after upgrading from 18.7 to 19.1

« on: March 03, 2019, 04:12:44 pm »

Check in Interfaces that all Hardware Offloading is off

920

19.1 Legacy Series / Re: WAN Link Cycling Up and Down

« on: March 03, 2019, 04:10:39 pm »

Should have been 1000 for gigabit

921

19.1 Legacy Series / Re: Network: Intel 10Gbe interfaces of Xeon D-1500 do not show

« on: March 03, 2019, 04:08:55 pm »

Anything odd in the dmesg output ? And is it on the latest BIOS as well ?

922

19.1 Legacy Series / Re: Revert unbound to 18.7.7 - not possible?

« on: March 03, 2019, 04:05:15 pm »

Kinda hard seing the value of 'dumping half of the old/buggy/unused for decades OpenSSL code in the first 30 days of forking it' ;-)

So yeah, I'm pushing for it everywhere and worked just fine until 18.7.10. I have a higher degree of confidence the OpenBSD people are more concerned and focused on secure coding principles and a good track record in that regard than pretty much anyone else playing with forks.

923

General Discussion / Re: How to install?

« on: March 03, 2019, 03:54:56 pm »

If it's an old OPNsense the configuration file might not work. Take screenshots of your rules on the interfaces, NAT or VPN as it may be applicable. Although it would be rather surprising to see more than Allow Any on LAN at this point.

Once OPNsense is installed and running, first thing is to run 12 in the console to fully update 19.1.

You'll need both a new OPNsense _and_ the latest firmware - and if your information is correct and you have the blackbox in the link then the APU 1-5 thread in the Hardware subforum has all the information you need in pages 5-6 to successfully update to v4.9.0.2

924

19.1 Legacy Series / Re: Revert unbound to 18.7.7 - not possible?

« on: March 03, 2019, 05:44:03 am »

Monit might be able to help, however that doesn't change the fact that whatever changes were introduced in 18.7.10 in either Unbound or HBSD keep on lingering and causing it to crash. I couldn't touch any of the PRD systems to enable the swap and provide better info for lattera to look into...


Interestingly, there's one system that's not affected among many others, and I just noticed Suricata was not ON there. I'm trying now on an APU that crashes heavily to see if there are any changes.

925

19.1 Legacy Series / Re: IPSec firewall problems

« on: March 03, 2019, 05:22:06 am »

Out of curiosity, how was pfS handling this error ? o_0

Code: [Select]

Feb 28 20:18:03 calgary charon: 09[ENC] <con1|2> parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Feb 28 20:18:03 calgary charon: 09[IKE] <con1|2> received AUTHENTICATION_FAILED notify error

Could it be something to look into ?

926

General Discussion / Re: Static Routes Not Working

« on: March 03, 2019, 04:43:13 am »

Sounds like you're talking about port forwarding or policy routing here, unsure what documentation you followed -- it doesn't seem to be the right one though. A bit more detail would be helpful in figuring out what's needed (screenshots would be fine too)

927

General Discussion / Re: Help with access between two interfaces

« on: March 03, 2019, 04:31:02 am »

Entirely unclear what your vision of "Lan2Lan" is. Your screenshot merely depicts a name you have chosen for another interface.

From the firewall perspective, you're talking about Rules applied to the interfaces that Allow or Block traffic accordingly.


Last but not least, OPNsense 19.1.2 is out for a few days - and that's your first concern.

928

General Discussion / Re: openVPN with TLS 1.3 ?

« on: March 03, 2019, 04:18:34 am »

Yeah..."the application must" ? Color me skeptical o_0

Found this recent research though you might not have seen yet, glad to see there's work being done still:

Session Resumption Protocols and Efficient Forward Security for TLS 1.3 0-RTT

https://eprint.iacr.org/2019/228

929

19.1 Legacy Series / Re: WAN Link Cycling Up and Down

« on: March 03, 2019, 04:03:41 am »

Upgrade to 19.1.2 and see if it fixes your issue.

Also, cross-posting won't help your cause, however it may actually keep people from replying...

930

19.1 Legacy Series / Re: Gatway monitoring offline

« on: March 03, 2019, 03:57:57 am »

The Monitor IP must be different between the two, it doesn't appear to be in your case