Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - Pfirepfox

Pages1
#1
24.7, 24.10 Legacy Series / 3rd Interface Not Working as Expected
September 29, 2024, 01:49:50 PM
Hi All,

I have been using OPNSense for ages in a pretty basic manner with just two interfaces being assigned (WAN & LAN) and a handful of services to up the security (Unbound, IPS, GeoBlocking, and some ACLs), with everything working great. However, recently I added a few security cameras to my house and for security wanted to place this on a new physical interface of my OPNSense device rather than it being a VLAN (My device has 4 ports so it seemed better to just create a new interface rather than mess around with VLANs).

The new interface and network has been assigned and it is a direct replica of my LAN, just with a different subnet. I configured some basic rules such as the below:

  • No WAN traffic on camera network
  • Camera network to camera network allow all (For the NVR + NAS)
  • Camera network to LAN allow all (So the cameras and NVR are accessible by other devices)
  • LAN to Camera network allow all (as per above)

NAT is default with nothing special in it.

This is where it gets a bit weird, everything works as expected for around 12 to 24 hours but then everything on the Camera network becomes unavailable with no apparent reason (to me anyway). I have changed the down stream switch (just for the Camera Network), all ethernet cables, and also tried the 4th port on my OPNSense device, however, the issue persists.

I have also looked at IPS, local DHCP, Firewall rules, and Unbound but havent found any logs which may indicate something is incorrect, as on boot everything works correctly. Restarting the network devices brings everything backup without an issue.

At this stage i have exhausted what i can think of, does anyone else have an idea of what it could be?
#2
22.7 Legacy Series / Cron for OpenVPN
November 16, 2022, 11:18:56 AM
Hi All,

Just having a few issues creating a custom cron to restart the openvpn service on a defined schedule. Hopefully this will resolve an issue i am having with it consistently dropping and failing to reconnect ever 2-3 days. I have followed this topic https://forum.opnsense.org/index.php?topic=2263.0 to generate the below.

Code Select

[stop]
command:/usr/local/sbin/pluginctl -s openvpn stop
parameters:
type:script
message:stop openvpn service
description:Stop openvpn

[start]
command:/usr/local/sbin/pluginctl -s openvpn start
parameters:
type:script
message:start openvpn service
description:Start openvpn

[restart]
command:/usr/local/sbin/pluginctl -s openvpn restart
parameters:
type:script
message:restart openvpn service
description:Restart openvpn


When I manually run
Code Select
/usr/local/sbin/pluginctl -s openvpn restart the expected behavior of restarting the openvpn service occurs. however when I use
Code Select
configctl openvpn restart to call the corresponding function in my conf file it returns "OK" but fails to restart the service.

Does anyone have any ideas on why this is occurring?
#3
21.7 Legacy Series / ET Pro Telemetry Edition rule set not downloading
August 19, 2021, 04:21:49 AM
Hi All,

I was checking my Suricata setup and found that none of my ET Pro rules had been downloaded. I manually selected the categories and re-activated them and trigged a download but it has not appeared to work. I also confirmed that the plugin is installed and active.

I checked my OPNSense account and ordered another license key and installed it but still no luck. Is there an activation period for the license key causing the download of the categories to fail?

All other Rule Sets are downloading and working accordingly.

Thanks
#4
21.1 Legacy Series / Weird Issues Updating Firmware & Firewall Logs Not Updating
August 15, 2021, 02:01:29 PM
Hi All,

Over the past few months, I have had issues with updating the firmware for my system. On occasion, it works without an issue, but on others, it appears to timeout for a reason I cannot find. Updating via CLI also doesn't resolve the issue but has the error below and then appears to hang:
Code Select

fetch: /tmp/changelog/changelog.txz.sig appears to be truncated: 0/1332 bytes


On further analysis today I found some packages had gone from "Installed" to "misconfigured" after my update to 21.7.1 update with the live firewall log just stopping and not updating. I have exhausted my knowledge at this point in debugging and hoping someone may have some insight. Update log below:

Code Select

***GOT REQUEST TO UPDATE***
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (109 candidates): .......... done
Processing candidates (109 candidates): ... done
The following 30 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
cyrus-sasl-gssapi: 2.1.27_1
openldap-client: 2.4.59_1

Installed packages to be UPGRADED:
cyrus-sasl: 2.1.27_1 -> 2.1.27_2
filterlog: 0.4_2 -> 0.4_3
krb5: 1.19.1 -> 1.19.2
libfido2: 1.7.0 -> 1.8.0
libnghttp2: 1.43.0 -> 1.44.0
opnsense: 21.7 -> 21.7.1
opnsense-installer: 21.7 -> 21.7.1
opnsense-update: 21.7 -> 21.7.1
php74: 7.4.21 -> 7.4.22_1
php74-ctype: 7.4.21 -> 7.4.22_1
php74-curl: 7.4.21 -> 7.4.22_1
php74-dom: 7.4.21 -> 7.4.22_1
php74-filter: 7.4.21 -> 7.4.22_1
php74-gettext: 7.4.21 -> 7.4.22_1
php74-json: 7.4.21 -> 7.4.22_1
php74-ldap: 7.4.21 -> 7.4.22_1
php74-mbstring: 7.4.21 -> 7.4.22_1
php74-openssl: 7.4.21 -> 7.4.22_1
php74-pdo: 7.4.21 -> 7.4.22_1
php74-session: 7.4.21 -> 7.4.22_1
php74-simplexml: 7.4.21 -> 7.4.22_1
php74-sockets: 7.4.21 -> 7.4.22_1
php74-sqlite3: 7.4.21 -> 7.4.22_1
php74-xml: 7.4.21 -> 7.4.22_1
php74-zlib: 7.4.21 -> 7.4.22_1
py38-urllib3: 1.25.11,1 -> 1.26.6,1

Installed packages to be REINSTALLED:
squid-4.15 (direct dependency changed: openldap-client)
unbound-1.13.1 (options changed)

Number of packages to be installed: 2
Number of packages to be upgraded: 26
Number of packages to be reinstalled: 2

The process will require 1 MiB more space.
15 MiB to be downloaded.
[1/30] Fetching unbound-1.13.1.txz: .......... done
[2/30] Fetching squid-4.15.txz: .......... done
[3/30] Fetching py38-urllib3-1.26.6,1.txz: .......... done
[4/30] Fetching php74-zlib-7.4.22_1.txz: ... done
[5/30] Fetching php74-xml-7.4.22_1.txz: ... done
[6/30] Fetching php74-sqlite3-7.4.22_1.txz: ... done
[7/30] Fetching php74-sockets-7.4.22_1.txz: ..... done
[8/30] Fetching php74-simplexml-7.4.22_1.txz: ... done
[9/30] Fetching php74-session-7.4.22_1.txz: ..... done
[10/30] Fetching php74-pdo-7.4.22_1.txz: ...... done
[11/30] Fetching php74-openssl-7.4.22_1.txz: ........ done
[12/30] Fetching php74-mbstring-7.4.22_1.txz: .......... done
[13/30] Fetching php74-ldap-7.4.22_1.txz: .... done
[14/30] Fetching php74-json-7.4.22_1.txz: ... done
[15/30] Fetching php74-gettext-7.4.22_1.txz: . done
[16/30] Fetching php74-filter-7.4.22_1.txz: ... done
[17/30] Fetching php74-dom-7.4.22_1.txz: ....... done
[18/30] Fetching php74-curl-7.4.22_1.txz: .... done
[19/30] Fetching php74-ctype-7.4.22_1.txz: . done
[20/30] Fetching php74-7.4.22_1.txz: .......... done
[21/30] Fetching opnsense-update-21.7.1.txz: .... done
[22/30] Fetching opnsense-installer-21.7.1.txz: ... done
[23/30] Fetching opnsense-21.7.1.txz: .......... done
[24/30] Fetching libnghttp2-1.44.0.txz: .......... done
[25/30] Fetching libfido2-1.8.0.txz: .......... done
[26/30] Fetching krb5-1.19.2.txz: .......... done
[27/30] Fetching filterlog-0.4_3.txz: .. done
[28/30] Fetching cyrus-sasl-2.1.27_2.txz: .......... done
[29/30] Fetching openldap-client-2.4.59_1.txz: .......... done
[30/30] Fetching cyrus-sasl-gssapi-2.1.27_1.txz: .... done
Checking integrity... done (1 conflicting)
  - openldap-client-2.4.59_1 conflicts with openldap-sasl-client-2.4.59 on /usr/local/bin/ldapadd
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 31 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
openldap-sasl-client: 2.4.59

New packages to be INSTALLED:
cyrus-sasl-gssapi: 2.1.27_1
openldap-client: 2.4.59_1

Installed packages to be UPGRADED:
cyrus-sasl: 2.1.27_1 -> 2.1.27_2
filterlog: 0.4_2 -> 0.4_3
krb5: 1.19.1 -> 1.19.2
libfido2: 1.7.0 -> 1.8.0
libnghttp2: 1.43.0 -> 1.44.0
opnsense: 21.7 -> 21.7.1
opnsense-installer: 21.7 -> 21.7.1
opnsense-update: 21.7 -> 21.7.1
php74: 7.4.21 -> 7.4.22_1
php74-ctype: 7.4.21 -> 7.4.22_1
php74-curl: 7.4.21 -> 7.4.22_1
php74-dom: 7.4.21 -> 7.4.22_1
php74-filter: 7.4.21 -> 7.4.22_1
php74-gettext: 7.4.21 -> 7.4.22_1
php74-json: 7.4.21 -> 7.4.22_1
php74-ldap: 7.4.21 -> 7.4.22_1
php74-mbstring: 7.4.21 -> 7.4.22_1
php74-openssl: 7.4.21 -> 7.4.22_1
php74-pdo: 7.4.21 -> 7.4.22_1
php74-session: 7.4.21 -> 7.4.22_1
php74-simplexml: 7.4.21 -> 7.4.22_1
php74-sockets: 7.4.21 -> 7.4.22_1
php74-sqlite3: 7.4.21 -> 7.4.22_1
php74-xml: 7.4.21 -> 7.4.22_1
php74-zlib: 7.4.21 -> 7.4.22_1
py38-urllib3: 1.25.11,1 -> 1.26.6,1

Installed packages to be REINSTALLED:
squid-4.15 (direct dependency changed: openldap-client)
unbound-1.13.1 (options changed)

Number of packages to be removed: 1
Number of packages to be installed: 2
Number of packages to be upgraded: 26
Number of packages to be reinstalled: 2

The operation will free 2 MiB.
[1/31] Upgrading libnghttp2 from 1.43.0 to 1.44.0...
[1/31] Extracting libnghttp2-1.44.0: .......... done
[2/31] Upgrading php74 from 7.4.21 to 7.4.22_1...
[2/31] Extracting php74-7.4.22_1: .......... done
[3/31] Upgrading php74-session from 7.4.21 to 7.4.22_1...
[3/31] Extracting php74-session-7.4.22_1: .......... done
[4/31] Upgrading php74-pdo from 7.4.21 to 7.4.22_1...
[4/31] Extracting php74-pdo-7.4.22_1: .......... done
[5/31] Upgrading php74-json from 7.4.21 to 7.4.22_1...
[5/31] Extracting php74-json-7.4.22_1: .......... done
[6/31] Reinstalling unbound-1.13.1...
===> Creating groups.
Using existing group 'unbound'.
===> Creating users
Using existing user 'unbound'.
[6/31] Extracting unbound-1.13.1: .......... done
[7/31] Upgrading php74-zlib from 7.4.21 to 7.4.22_1...
[7/31] Extracting php74-zlib-7.4.22_1: ....... done
[8/31] Upgrading php74-xml from 7.4.21 to 7.4.22_1...
[8/31] Extracting php74-xml-7.4.22_1: ........ done
[9/31] Upgrading php74-sqlite3 from 7.4.21 to 7.4.22_1...
[9/31] Extracting php74-sqlite3-7.4.22_1: ........ done
[10/31] Upgrading php74-sockets from 7.4.21 to 7.4.22_1...
[10/31] Extracting php74-sockets-7.4.22_1: .......... done
[11/31] Upgrading php74-simplexml from 7.4.21 to 7.4.22_1...
[11/31] Extracting php74-simplexml-7.4.22_1: ......... done
[12/31] Upgrading php74-openssl from 7.4.21 to 7.4.22_1...
[12/31] Extracting php74-openssl-7.4.22_1: ....... done
[13/31] Upgrading php74-gettext from 7.4.21 to 7.4.22_1...
[13/31] Extracting php74-gettext-7.4.22_1: ....... done
[14/31] Upgrading php74-filter from 7.4.21 to 7.4.22_1...
[14/31] Extracting php74-filter-7.4.22_1: ........ done
[15/31] Upgrading php74-dom from 7.4.21 to 7.4.22_1...
[15/31] Extracting php74-dom-7.4.22_1: .......... done
[16/31] Upgrading php74-curl from 7.4.21 to 7.4.22_1...
[16/31] Extracting php74-curl-7.4.22_1: ....... done
[17/31] Upgrading php74-ctype from 7.4.21 to 7.4.22_1...
[17/31] Extracting php74-ctype-7.4.22_1: ....... done
[18/31] Upgrading opnsense-update from 21.7 to 21.7.1...
[18/31] Extracting opnsense-update-21.7.1: .......... done
[19/31] Upgrading opnsense-installer from 21.7 to 21.7.1...
[19/31] Extracting opnsense-installer-21.7.1: .......... done
[20/31] Upgrading filterlog from 0.4_2 to 0.4_3...
[20/31] Extracting filterlog-0.4_3: .... done
[21/31] Upgrading krb5 from 1.19.1 to 1.19.2...
[21/31] Extracting krb5-1.19.2: .......... done
[22/31] Upgrading cyrus-sasl from 2.1.27_1 to 2.1.27_2...
*** Added group `cyrus' (id 60)
*** Added user `cyrus' (id 60)
[22/31] Extracting cyrus-sasl-2.1.27_2: .......... done
[23/31] Deinstalling openldap-sasl-client-2.4.59...
[23/31] Deleting files for openldap-sasl-client-2.4.59: .......... done
[24/31] Installing cyrus-sasl-gssapi-2.1.27_1...
[24/31] Extracting cyrus-sasl-gssapi-2.1.27_1: .......... done
[25/31] Installing openldap-client-2.4.59_1...
[25/31] Extracting openldap-client-2.4.59_1: .......... done
[26/31] Reinstalling squid-4.15...
===> Creating groups.
Using existing group 'squid'.
===> Creating users
Using existing user 'squid'.
===> Creating homedir(s)
===> Pre-installation configuration for squid-4.15
[26/31] Extracting squid-4.15: .......... done
[27/31] Upgrading php74-ldap from 7.4.21 to 7.4.22_1...
[27/31] Extracting php74-ldap-7.4.22_1: ....... done
[28/31] Upgrading py38-urllib3 from 1.25.11,1 to 1.26.6,1...
[28/31] Extracting py38-urllib3-1.26.6,1: .......... done
[29/31] Upgrading php74-mbstring from 7.4.21 to 7.4.22_1...
[29/31] Extracting php74-mbstring-7.4.22_1: .......... done
[30/31] Upgrading libfido2 from 1.7.0 to 1.8.0...
[30/31] Extracting libfido2-1.8.0: .......... done
[31/31] Upgrading opnsense from 21.7 to 21.7.1...
[31/31] Extracting opnsense-21.7.1: .......... done
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh'
Keep version OPNsense\Monit\Monit (1.0.9)
Keep version OPNsense\Firewall\Alias (1.0.0)
Keep version OPNsense\Firewall\Category (1.0.0)
Keep version OPNsense\OpenVPN\Export (0.0.1)
Keep version OPNsense\CaptivePortal\CaptivePortal (1.0.0)
Keep version OPNsense\Core\Firmware (1.0.0)
Keep version OPNsense\Interfaces\Loopback (1.0.0)
Keep version OPNsense\Interfaces\VxLan (1.0.1)
Keep version OPNsense\Cron\Cron (1.0.2)
Keep version OPNsense\IPsec\IPsec (1.0.0)
Keep version OPNsense\TrafficShaper\TrafficShaper (1.0.3)
Keep version OPNsense\Syslog\Syslog (1.0.0)
Keep version OPNsense\IDS\IDS (1.0.6)
Keep version OPNsense\Proxy\Proxy (1.0.4)
Keep version OPNsense\Diagnostics\Lvtemplate (0.0.1)
Keep version OPNsense\Diagnostics\Netflow (1.0.1)
Keep version OPNsense\Routes\Route (1.0.0)
Keep version OPNsense\Unbound\Unbound (1.0.0)
Keep version OPNsense\Wireguard\General (0.0.1)
Keep version OPNsense\Wireguard\Server (0.0.2)
Keep version OPNsense\Wireguard\Client (0.0.6)
Writing firmware setting...done.
Writing trust files...done.
Configuring login behaviour...done.
Configuring system logging...done.
=====
Message from openldap-client-2.4.59_1:

--
The OpenLDAP client package has been successfully installed.

Edit
  /usr/local/etc/openldap/ldap.conf
to change the system-wide client defaults.

Try `man ldap.conf' and visit the OpenLDAP FAQ-O-Matic at
  http://www.OpenLDAP.org/faq/index.cgi?file=3
for more information.
You may need to manually remove /usr/local/etc/squid/squid.conf if it is no longer needed.
=====
Message from py38-urllib3-1.26.6,1:

--
Since version 1.25 HTTPS connections are now verified by default which is done
via "cert_reqs = 'CERT_REQUIRED'".  While certificate verification can be
disabled via "cert_reqs = 'CERT_NONE'", it's highly recommended to leave it on.

Various consumers of net/py-urllib3 already have implemented routines that
either explicitly enable or disable HTTPS certificate verification (e.g. via
configuration settings, CLI arguments, etc.).

Yet it may happen that there are still some consumers which don't explicitly
enable/disable certificate verification for HTTPS connections which could then
lead to errors (as is often the case with self-signed certificates).

In case of an error one should try first to temporarily disable certificate
verification of the problematic urllib3 consumer to see if that approach will
remedy the issue.
=====
Message from opnsense-21.7.1:

--
The song remains the same
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 1 packages:

Installed packages to be REMOVED:
libsodium: 1.0.18

Number of packages to be removed: 1

The operation will free 2 MiB.
[1/1] Deinstalling libsodium-1.0.18...
[1/1] Deleting files for libsodium-1.0.18: .......... done
Checking all packages: .......... done
The following package files will be deleted:
/var/cache/pkg/os-etpro-telemetry-1.5~6dcdd75c65.txz
/var/cache/pkg/os-theme-rebellion-1.8.7.txz
/var/cache/pkg/os-etpro-telemetry-1.5.txz
/var/cache/pkg/os-intrusion-detection-content-et-open-1.0.1~5749c40acd.txz
/var/cache/pkg/os-intrusion-detection-content-snort-vrt-1.1_1~1b1996af41.txz
/var/cache/pkg/os-theme-rebellion-1.8.7~731bb22ca2.txz
/var/cache/pkg/os-intrusion-detection-content-snort-vrt-1.1_1~2aa8a8a971.txz
/var/cache/pkg/os-intrusion-detection-content-et-pro-1.0.2_1~c4fa1a14b3.txz
/var/cache/pkg/smartmontools-7.2_1.txz
/var/cache/pkg/os-intrusion-detection-content-snort-vrt-1.1_1.txz
/var/cache/pkg/os-smart-2.2~bd4d8c16f4.txz
/var/cache/pkg/os-smart-2.2.txz
/var/cache/pkg/os-intrusion-detection-content-et-pro-1.0.2_1.txz
/var/cache/pkg/smartmontools-7.2_1~67dbef1aa4.txz
/var/cache/pkg/os-wireguard-1.7~f69316daa0.txz
/var/cache/pkg/bash-5.1.8~d14ba7f85d.txz
/var/cache/pkg/os-wireguard-1.7.txz
/var/cache/pkg/wireguard-tools-1.0.20210424~db8a8be741.txz
/var/cache/pkg/wireguard-tools-1.0.20210424.txz
/var/cache/pkg/bash-5.1.8.txz
/var/cache/pkg/wireguard-go-0.0.20210424,1~cb0ce3f425.txz
/var/cache/pkg/unbound-1.13.1~d5a823b661.txz
/var/cache/pkg/wireguard-go-0.0.20210424,1.txz
/var/cache/pkg/os-intrusion-detection-content-et-open-1.0.1~33ae5d4a33.txz
/var/cache/pkg/php74-zlib-7.4.22_1.txz
/var/cache/pkg/unbound-1.13.1.txz
/var/cache/pkg/os-intrusion-detection-content-et-open-1.0.1.txz
/var/cache/pkg/squid-4.15~7909842b44.txz
/var/cache/pkg/squid-4.15.txz
/var/cache/pkg/py38-urllib3-1.26.6,1~7fbf3eccb2.txz
/var/cache/pkg/php74-xml-7.4.22_1~96c1396e58.txz
/var/cache/pkg/py38-urllib3-1.26.6,1.txz
/var/cache/pkg/php74-zlib-7.4.22_1~80ceab2289.txz
/var/cache/pkg/php74-sqlite3-7.4.22_1.txz
/var/cache/pkg/php74-xml-7.4.22_1.txz
/var/cache/pkg/php74-sqlite3-7.4.22_1~d45ec2555b.txz
/var/cache/pkg/php74-sockets-7.4.22_1~894f5d9442.txz
/var/cache/pkg/php74-simplexml-7.4.22_1.txz
/var/cache/pkg/php74-sockets-7.4.22_1.txz
/var/cache/pkg/php74-simplexml-7.4.22_1~a5ac052907.txz
/var/cache/pkg/php74-session-7.4.22_1~55bc0af20e.txz
/var/cache/pkg/php74-session-7.4.22_1.txz
/var/cache/pkg/php74-pdo-7.4.22_1~a01dab3b01.txz
/var/cache/pkg/php74-pdo-7.4.22_1.txz
/var/cache/pkg/php74-openssl-7.4.22_1~99b36c32bd.txz
/var/cache/pkg/php74-openssl-7.4.22_1.txz
/var/cache/pkg/php74-mbstring-7.4.22_1~b95d44fb0b.txz
/var/cache/pkg/php74-mbstring-7.4.22_1.txz
/var/cache/pkg/php74-ldap-7.4.22_1~5793203b95.txz
/var/cache/pkg/php74-ldap-7.4.22_1.txz
/var/cache/pkg/php74-json-7.4.22_1~c2d4449850.txz
/var/cache/pkg/php74-json-7.4.22_1.txz
/var/cache/pkg/php74-gettext-7.4.22_1~1f1f7b953c.txz
/var/cache/pkg/php74-gettext-7.4.22_1.txz
/var/cache/pkg/php74-filter-7.4.22_1~a3e341f69a.txz
/var/cache/pkg/php74-filter-7.4.22_1.txz
/var/cache/pkg/php74-dom-7.4.22_1~63eddd3a62.txz
/var/cache/pkg/php74-7.4.22_1.txz
/var/cache/pkg/php74-dom-7.4.22_1.txz
/var/cache/pkg/php74-curl-7.4.22_1~e048566e2c.txz
/var/cache/pkg/php74-curl-7.4.22_1.txz
/var/cache/pkg/php74-ctype-7.4.22_1~85e4c7a59e.txz
/var/cache/pkg/php74-7.4.22_1~1a267aa017.txz
/var/cache/pkg/php74-ctype-7.4.22_1.txz
/var/cache/pkg/opnsense-update-21.7.1~e89cff4534.txz
/var/cache/pkg/opnsense-update-21.7.1.txz
/var/cache/pkg/opnsense-installer-21.7.1~4342b86780.txz
/var/cache/pkg/opnsense-21.7.1~ac01c2e89b.txz
/var/cache/pkg/opnsense-installer-21.7.1.txz
/var/cache/pkg/opnsense-21.7.1.txz
/var/cache/pkg/libfido2-1.8.0~8c651e96a3.txz
/var/cache/pkg/libnghttp2-1.44.0~6588232a8a.txz
/var/cache/pkg/libnghttp2-1.44.0.txz
/var/cache/pkg/libfido2-1.8.0.txz
/var/cache/pkg/krb5-1.19.2~240baf8e3b.txz
/var/cache/pkg/krb5-1.19.2.txz
/var/cache/pkg/filterlog-0.4_3~6202f309b9.txz
/var/cache/pkg/filterlog-0.4_3.txz
/var/cache/pkg/cyrus-sasl-2.1.27_2~ac6c747ffb.txz
/var/cache/pkg/cyrus-sasl-2.1.27_2.txz
/var/cache/pkg/openldap-client-2.4.59_1~3e6709808c.txz
/var/cache/pkg/openldap-client-2.4.59_1.txz
/var/cache/pkg/cyrus-sasl-gssapi-2.1.27_1~bd9c11ef4b.txz
/var/cache/pkg/cyrus-sasl-gssapi-2.1.27_1.txz
The cleanup will free 18 MiB
Deleting files: .......... done
All done
Your system is up to date.
Starting web GUI...done.
Generating RRD graphs...done.
Fetching base-21.7.1-amd64.txz: ...
#5
20.7 Legacy Series / Updates not working
February 14, 2021, 02:57:09 PM
Hi all,

I am attempting to upgrade to the latest series but keep getting greeted with "Timeout while connecting to the selected mirror" or occasionally "the package manager is not responding". At the moment i am using LibreSSL, Production and Hostcentral in Melbourne Australia and able to hit the mirror on my LAN and download the packages individually. Updating from console remains at "Fetching change log information, please wait...". Also all plugins installed are now showing "orphaned". IDS/IPS appears clean with no alerts triggered at update time and Unbound appears ok as i can browse to the mirror.

Also "do not use the local DNS service as a nameserver for this system" is checked
As well as "prefer to use IPv4 even if IPv6 is available" is checked

Has anyone experienced this or know of a fix?

Thanks
#6
21.1 Legacy Series / VDSL SFP Setup
February 14, 2021, 02:22:33 PM
Hi everyone,

Just wondering how OPNSense would handle a setup where the hardware has two SFP module slots, and are taken up by these. https://www.versatek.com/product/vx-160kit-vdsl2-sfp-modems-co-rt/

If I configure one as WAN as well as the DSL, removing the need for a modem, and the other as LAN directly to a switch. Does OPNSense have the capability of utilizing the DSL capabilities of the SFP modules?

Thanks
#7
20.1 Legacy Series / OpenVPN does not reconnect when gateway switches
April 30, 2020, 03:45:19 PM
Hi All,

I have two gateways, one normal WAN via a physical connection and another via 4G for fail over. On the rare occasion where the physical connection fails the 4G successfully takes over and most of the network is redirected to the 4G conenction via the gateway group.

The one exception to this is the OpenVPN (client) tunnel. This fails to renegotiate and connect back to the server, restart the connection then works and everything is ok.

Is there someway to use Monit to test the connection and if it is down then restart the tunnel? Or does OpenVPN have the ability to do this?

So far i have attempted to use "keepalive 240 480" in the advanced configuration but no success so far.
#8
20.1 Legacy Series / Intercept DOH Request to 1.1.1.1 etc... and forward them to DNSCrypt
April 22, 2020, 11:55:37 AM
Hi All,

Is it possible to intercept all DOH requests to 1.1.1.1 and all other external DNS providers and then redirect them to the OPNSense DNSCrypt DOH DNS Server?

Currently i use Unbound for all unencrypt DNS traffic and it works wonderfully with DNS blacklists included. I am now concerned that DOH will be able to bypass my blacklist settings and the destinations to remain unlogged. I am currently running Squid to inspect both HTTP and HTTPS traffic but have not found a way to redirect just the DOH data to DNSCrypt and then to provide the answer to the DOH request.

Has anyone been able to acomplish a DOH redirect to a DNSCrypt service?
#9
20.1 Legacy Series / Wildcard hosts in Firewall alias
April 07, 2020, 02:53:19 PM
Hi All,

It seems as if the alias "Hosts" lists under the Firewall do not accept wildcard entries. I have tried using "*.domain.com" and ".domain.com" but neither appear to work and i cant find any documentation on this.

What is the syntax to allow wildcards in Firewall Aliases?
#10
20.1 Legacy Series / Unbound Crashes when Blacklist is Enabled
March 31, 2020, 08:55:49 AM
Hi All,

I recently installed the blacklist option within Unbound using "pkg install os-unbound-plus-devel". However, every time i attempt to enabled it and select a few DNS Blacklist sources it crashes unbound.

unbound: fatal error: Could not set up local zones
unbound: error: local-data in redirect zone must reside at top of zone, not at srv-2018-01-25-08.pixel.parsely.com A 0.0.0.0

Is this an issue with the blacklist file or my configuration of Unbound?
#11
20.1 Legacy Series / LightSquid Support
March 30, 2020, 09:27:33 AM
Hi All,

Is the LightSquid plugin in the pipeline to be added, if so what is the ETA?
#12
20.1 Legacy Series / 4G Connection Strength
March 19, 2020, 05:48:01 AM
Hi All,

Is there some plugin/Graph that tracks the connection strength of a 4G connection such as a mobile phone (EG 3 out of 4 bars).

I can see there is a quality of the connection under Reporting > Health > Quality, but no strength of connection
#13
20.1 Legacy Series / Use Monit for Squid, OpenVPN etc
March 13, 2020, 02:37:25 PM
Hi all,

I am having some difficulty setting up Monit to restart my services when/if the crash. So far the standard Monit configuration is working but any time i tried to add a services to be monitored it give me an error about my syntax.

My Service Test is this:
Name: Squid
Condition: check process squid with pidfile /var/run/squid/squid.pid
Action: Restart

My Service is this:
Name: squid
Type: Process
PID File: /var/run/squid/squid.pid
Start: /usr/local/sbin/configctl squid start
Stop: /usr/local/sbin/configctl squid stop
Tests: Squid (from above setup)

Each time i try to enable this the error is "/usr/local/etc/monitrc:33: syntax error 'check process '"
I am not too sure how i am using the incorrect syntax of the "Process" command but if someone could correct me that would be awesome.
#14
Web Proxy Filtering and Caching / Bypass Proxy with Alias List - Help
March 11, 2020, 02:46:32 PM
Hi All,

I have spent the last month configuring OPNSense and have so far been quite successful and have been really happy with the feature set. I have configured the Transparent Proxy and have setup the NAT and Firewall rules without issue as well. Everything is going super well apart from some websites that just appear to break for no reason that i can find.

I have setup an alias list of the domains that exhibit this behavior and now need to find a way to bypass the proxy. I have searched the forum and found some posts about the "No RDR" feature under NAT > Port Forwarding and have setup a NAT rule using "No RDR" for the alias list in question for HTTP/S and FTP. So far i have not gotten this to work and have been unsuccessful with routing certain domains to bypass the proxy and then follow my normal Firewall Rule set.

Can someone please let me know of a solution to correctly bypass the proxy for an alias list?
Pages1