OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of errored out »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - errored out

Pages: 1 ... 5 6 [7] 8 9 ... 12
91
21.1 Legacy Series / Re: Bind & Dynamic dns
« on: May 26, 2021, 07:52:10 pm »
I'm not familiar with these as I do not use them. Have you looked at the syslog to see any message which could point you in the right direction?
You may want to check out these logs to see if anything points to your problems.

System: Log Files: Backend   
System: Log Files: General
also look at the bind log file (assuming it has one)

92
21.1 Legacy Series / [solved] Website lock-out information
« on: May 26, 2021, 07:45:02 pm »
Does anyone know where the information for firewall access regarding locking-out time-frames and attempts is located (using local authentication)?

Looking for information how to change the attempts count before lock-out and the duration. 

93
Documentation and Translation / Re: To Developers/Moderators-Announcements: Request providing additional information
« on: May 26, 2021, 07:32:58 pm »
Any response?

94
21.1 Legacy Series / Issue:Website Login - credentials being rejected.
« on: May 26, 2021, 07:26:15 pm »
The firewall has been rejecting valid credentials to the point where the account was locked-out.  Came back to the FW next day and was able to login.  Reviewed System: Log Files: Web GUI and found the following. Also, all Internet access (gateways) was down caused by loss of connectivity to external resources.


2021-05-25T17:06:19   lighttpd[95849]   (mod_openssl.c.3253) SSL: 5 -1 error:02FFF00D:system library:func(4095):Permission denied   
2021-05-25T17:06:19   lighttpd[95849]   (mod_openssl.c.3253) SSL: 5 -1 error:02FFF00D:system library:func(4095):Permission denied   
2021-05-25T17:06:19   lighttpd[95849]   192.168.0.12 - - [25/May/2021:17:06:19 -0700] "PRI * HTTP/2.0" 100 122937 "-" "-"   
2021-05-25T17:06:19   lighttpd[95849]   (mod_openssl.c.2912) SSL: 5 -1 error:02FFF00D:system library:func(4095):Permission denied


Search on the Internet shows there were similar problems which was caused by the certifcate access being denied. 


Has anyone ran into this problem?  Is this really an certificate access issue?  Possibly a programming error?

95
Intrusion Detection and Prevention / Re: Suricata ET Open & Pro SSL mitm
« on: May 15, 2021, 09:08:43 am »
It's not supported.  Suricata uses fingerprinting on encrypted traffic.  The packets are not opened, thus MITM is not happening.  In order to open encrypted traffic i.e. squid, the software would need a certificate authority and have it installed on the computer accessing it.  However, suricata does not have an area to instruct it to utilize a certificate authority.


https://suricata.readthedocs.io/en/suricata-5.0.6/rules/tls-keywords.html
https://suricata.readthedocs.io/en/suricata-5.0.6/file-extraction/file-extraction.html

96
Virtual private networks / Using WAN port 53 for VPN server - traffic / communication errors
« on: May 15, 2021, 08:14:00 am »
I have created an openvpn server and configured it for WAN port 1194.  The FW rules have been setup and in testing, the client is able to connect fine. 

Once I change the openvpn server to use WAN port 53 and the FW rules for port 53, the client is not able to maintain a connection.  It is able to communicate, however, it looks like something is interfering with the traffic. I can't figure out what it is.  BTW, DNS is not configured on this interface.
 




2021-05-14T23:01:30   openvpn[23633]   84.25.30.98:36220 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:36220: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=2 DATA len=1030   
2021-05-14T23:01:30   openvpn[23633]   84.25.30.98:36220 UDPv4 WRITE [1128] to [AF_INET]84.25.30.98:36220: P_CONTROL_V1 kid=0 pid=[ #2 ] [ 1 ] pid=1 DATA len=1030   
2021-05-14T23:01:30   openvpn[23633]   84.25.30.98:36220 UDPv4 READ [363] from [AF_INET]84.25.30.98:36220: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=277   
2021-05-14T23:01:30   openvpn[23633]   84.25.30.98:36220 UDPv4 READ [94] from [AF_INET]84.25.30.98:36220: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]   

2021-05-14T23:01:30   openvpn[23633]   84.25.30.98:36220 UDPv4 WRITE [98] to [AF_INET]84.25.30.98:36220: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0   
2021-05-14T23:01:30   openvpn[23633]   84.25.30.98:36220 TLS: Initial packet from [AF_INET]84.25.30.98:36220, sid=b17d5146 05abbd85   
2021-05-14T23:01:30   openvpn[23633]   84.25.30.98:36220 UDPv4 READ [86] from [AF_INET]84.25.30.98:36220: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0

2021-05-14T23:01:30   openvpn[23633]   84.25.30.98:36220 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'   
2021-05-14T23:01:30   openvpn[23633]   84.25.30.98:36220 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'   
2021-05-14T23:01:30   openvpn[23633]   84.25.30.98:36220 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]   
2021-05-14T23:01:30   openvpn[23633]   84.25.30.98:36220 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]   
2021-05-14T23:01:30   openvpn[23633]   84.25.30.98:36220 Re-using SSL/TLS context   
2021-05-14T23:01:30   openvpn[23633]   MULTI: multi_create_instance called   
2021-05-14T23:01:28   openvpn[48602]   User403/84.25.30.98:26394 UDPv4 WRITE [40] to [AF_INET]84.25.30.98:26394: P_DATA_V2 kid=0 DATA len=39   

2021-05-14T23:01:26   openvpn[23633]   84.25.30.98:49400 SIGUSR1[soft,tls-error] received, client-instance restarting   
2021-05-14T23:01:26   openvpn[23633]   84.25.30.98:49400 TLS Error: TLS handshake failed   
2021-05-14T23:01:26   openvpn[23633]   84.25.30.98:49400 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)   

2021-05-14T23:01:18   openvpn[48602]   User403/84.25.30.98:26394 UDPv4 WRITE [40] to [AF_INET]84.25.30.98:26394: P_DATA_V2 kid=0 DATA len=39   
2021-05-14T23:01:08   openvpn[48602]   User403/84.25.30.98:26394 UDPv4 WRITE [40] to [AF_INET]84.25.30.98:26394: P_DATA_V2 kid=0 DATA len=39   
2021-05-14T23:00:59   openvpn[23633]   84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #16 ] [ ] pid=6 DATA len=1030   
2021-05-14T23:00:58   openvpn[48602]   User403/84.25.30.98:26394 UDPv4 WRITE [40] to [AF_INET]84.25.30.98:26394: P_DATA_V2 kid=0 DATA len=39   
2021-05-14T23:00:48   openvpn[48602]   User403/84.25.30.98:26394 UDPv4 WRITE [40] to [AF_INET]84.25.30.98:26394: P_DATA_V2 kid=0 DATA len=39   
2021-05-14T23:00:43   openvpn[23633]   84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #15 ] [ ] pid=6 DATA len=1030   
2021-05-14T23:00:38   openvpn[48602]   User403/84.25.30.98:26394 UDPv4 WRITE [40] to [AF_INET]84.25.30.98:26394: P_DATA_V2 kid=0 DATA len=39   
2021-05-14T23:00:35   openvpn[23633]   84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #14 ] [ ] pid=6 DATA len=1030   
2021-05-14T23:00:31   openvpn[23633]   84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #13 ] [ ] pid=6 DATA len=1030   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 READ [94] from [AF_INET]84.25.30.98:49400: P_ACK_V1 kid=0 pid=[ #11 ] [ 9 ]   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 READ [94] from [AF_INET]84.25.30.98:49400: P_ACK_V1 kid=0 pid=[ #10 ] [ 8 ]   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 READ [94] from [AF_INET]84.25.30.98:49400: P_ACK_V1 kid=0 pid=[ #9 ] [ 7 ]   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 WRITE [101] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #12 ] [ ] pid=9 DATA len=15   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 READ [94] from [AF_INET]84.25.30.98:49400: P_ACK_V1 kid=0 pid=[ #8 ] [ 5 ]   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #11 ] [ ] pid=8 DATA len=1030   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 READ [94] from [AF_INET]84.25.30.98:49400: P_ACK_V1 kid=0 pid=[ #7 ] [ 4 ]   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #10 ] [ ] pid=7 DATA len=1030   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 READ [94] from [AF_INET]84.25.30.98:49400: P_ACK_V1 kid=0 pid=[ #6 ] [ 3 ]   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #9 ] [ ] pid=6 DATA len=1030   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 READ [94] from [AF_INET]84.25.30.98:49400: P_ACK_V1 kid=0 pid=[ #5 ] [ 2 ]   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #8 ] [ ] pid=5 DATA len=1030   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 READ [94] from [AF_INET]84.25.30.98:49400: P_ACK_V1 kid=0 pid=[ #4 ] [ 1 ]   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #7 ] [ ] pid=4 DATA len=1030   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #6 ] [ ] pid=3 DATA len=1030   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 WRITE [1116] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #5 ] [ ] pid=2 DATA len=1030   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 WRITE [1128] to [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #4 ] [ 1 ] pid=1 DATA len=1030   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 READ [363] from [AF_INET]84.25.30.98:49400: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=277   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 WRITE [94] to [AF_INET]84.25.30.98:49400: P_ACK_V1 kid=0 pid=[ #3 ] [ 0 ]   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 READ [98] from [AF_INET]84.25.30.98:49400: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ 0 ] pid=0 DATA len=0   
2021-05-14T23:00:28   openvpn[23633]   84.25.30.98:49400 UDPv4 WRITE [86] to [AF_INET]84.25.30.98:49400: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0   
2021-05-14T23:00:27   openvpn[48602]   User403/84.25.30.98:26394 UDPv4 WRITE [40] to [AF_INET]84.25.30.98:26394: P_DATA_V2 kid=0 DATA len=39   
2021-05-14T23:00:26   openvpn[23633]   84.25.30.98:49400 UDPv4 WRITE [98] to [AF_INET]84.25.30.98:49400: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0   
2021-05-14T23:00:26   openvpn[23633]   84.25.30.98:49400 TLS: Initial packet from [AF_INET]84.25.30.98:49400, sid=feaecab0 420d0d44   
2021-05-14T23:00:26   openvpn[23633]   84.25.30.98:49400 UDPv4 READ [86] from [AF_INET]84.25.30.98:49400: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0   
2021-05-14T23:00:26   openvpn[23633]   84.25.30.98:49400 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'   
2021-05-14T23:00:26   openvpn[23633]   84.25.30.98:49400 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'   
2021-05-14T23:00:26   openvpn[23633]   84.25.30.98:49400 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]   
2021-05-14T23:00:26   openvpn[23633]   84.25.30.98:49400 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]   
2021-05-14T23:00:26   openvpn[23633]   84.25.30.98:49400 Re-using SSL/TLS context   
2021-05-14T23:00:26   openvpn[23633]   MULTI: multi_create_instance called

97
21.1 Legacy Series / Re: Running a single openvpn server on multiple WAN interfaces?
« on: May 15, 2021, 07:33:16 am »
Just a FYI, there is board dedicate to VPN issues. You might have better luck over there.  https://forum.opnsense.org/index.php?board=36.0

98
21.1 Legacy Series / Re: VPN Between Locations
« on: May 15, 2021, 07:32:34 am »
Just a FYI, there is board dedicate to VPN issues. You might have better luck over there.  https://forum.opnsense.org/index.php?board=36.0

99
21.1 Legacy Series / Re: vpn works but no dns
« on: May 15, 2021, 07:31:51 am »
Just a FYI, there is board dedicate to VPN issues. You might have better luck over there.  https://forum.opnsense.org/index.php?board=36.0

100
Documentation and Translation / Re: To Developers/Moderators-Announcements: Request providing additional information
« on: May 15, 2021, 07:28:16 am »
The information provided is incorrect.  I had posted last year this specific issues, 


Quote from: faunsen on April 16, 2020, 06:16:50 pm
Quote from: errored out on April 12, 2020, 01:17:53 am
The M/Monit URL.  https://user:pass@192.168.1.10:8443/collector.  If you want to control Monit services from your M/Monit instance you have to configure the Monit Port too and add corresponding firewall rules as well.

I finally was able to start Monit HTTPD and access the page. Here is the issue, I am not able to use a secure connection.  In advance mode, I first started Monit with http access.  Then, after enabling "secure connection"  I am not able to access Monit with https. 
The "Secure Connection" is meant for the mail server connection to send notifications encrypted.
SSL for the Monit http service is not supported yet.

Quote from: errored out on April 12, 2020, 01:17:53 am
Also, does any know how to modify the configuration file manually?  I only have found /usr/local/etc/monitrc.  The file indicates it's autogenerated.  I'm assuming any changes made would be wiped. The page for monit in the opnsense docs only point to monit documentation.
Yes it is auto generated. Please use the webinterface for configuration.

Quote from: errored out on April 12, 2020, 01:17:53 am
(/usr/local/etc/monitrc)
# DO NOT EDIT THIS FILE -- OPNsense auto-generated file

set httpd unixsocket /var/run/monit.sock port 2812

    allow localhost
    allow root:"XXXXXXXXXXXXXXXX"
    allow testinguser:"testingpass"

set daemon 120 with start delay 120
Looks like a bug.
I'll take a look on this.


My posting from 2020 shows that that feature was not integrated as it is now.  This can be seen where a users has to access monit by port 2812 and non-core url.



The github tickets show there were migration issues after version 18.

https://github.com/opnsense/core/pulls?q=monit+

monit: fix migration
#3661 by fbrendel was merged on Aug 21, 2019

Don't working migration for Monit on 19.7.
#3598 by kekek2 was closed on Jul 25, 2019

Monit, remove __items and fix migration issue
#3336 by fbrendel was merged on Mar 15, 2019


Also at the time of my 2020 post, monit was an optional plugin rather than included package under system:firmware.


As for the documentation, I know where it is located.   I made reference to monit documentation not having any indication there was an issue to the program had migration issues / not being integrated effecting its usage.

Opnsense is impressive, I have moved from pfsense and will not being going back.  I also do appreciate what you are building.  What I am asking for is more communication in the announcements / documentation when you have issues (such as migration, in this case).


101
Tutorials and FAQs / Re: Unable to connect to Discord
« on: April 30, 2021, 07:25:11 am »
What are the firewall block entries say? If you click on the i at the right of an entry, you can get the details.  Without any additional information, no one will be able to help you.

102
Intrusion Detection and Prevention / Re: Suricata ET Open & Pro SSL mitm
« on: April 30, 2021, 05:47:32 am »
Short Answer, none.  Suricata uses the netmap which is at the driver level.

103
Intrusion Detection and Prevention / Re: Issue After Enabling Suricata
« on: April 30, 2021, 05:39:33 am »
Are you still having issues?

104
Intrusion Detection and Prevention / Re: IDS Rulesets Per Interface/VLANS
« on: April 30, 2021, 05:07:13 am »
This is not possible as suricata operates with netmap framework.  Meaning, prior to when VLAN's are processed.

105
21.1 Legacy Series / Re: Slow Download, Fast Upload
« on: April 30, 2021, 03:15:37 am »
The only reason why I recommended it is the issues I have had with opensouce hypervisors.  They have all been difficult to setup / configure, and I was constantly researching for information to resolve errors / issues I end up with.  Like microsoft, I don't care for them much;  but one thing these company are great at is ease of use.  I'm not speaking of "clicking", rather, setting up NICs does not take 1 day to search how to change the MTU because the way I found in the forum does not work anymore.

Pages: 1 ... 5 6 [7] 8 9 ... 12
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2