16
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
17
24.1 Production Series / Re: GUI limited - Error 403 after update to 24.1.3_1
« on: March 10, 2024, 08:07:26 am »
Hi
"password policy constraints" enabled maybe?
"password policy constraints" enabled maybe?
18
Development and Code Review / Re: Alias JSON Import Possible Bug
« on: March 08, 2024, 07:54:51 pm »Quote
The name must start with a letter or single underscore, be less than 32 characters and only consist of alphanumeric characters or underscoresand still try to use hyphens?
19
24.1 Production Series / Re: How can I import from the cli an externally generated SSL certificate?
« on: March 08, 2024, 06:36:10 pm »
wait for https://github.com/opnsense/core/issues/7248 maybe?)
20
24.1 Production Series / Re: UI input validation
« on: March 07, 2024, 08:47:28 pm »
Hi
looks like % 22USERNAME1%22 is the reason.
it might be reasonable to limit the location header by the url without params in authgui.inc(202) ?
looks like % 22USERNAME1%22 is the reason.
it might be reasonable to limit the location header by the url without params in authgui.inc(202) ?
Quote
And, if yes, where?https://github.com/opnsense/core/issues/new?assignees=&labels=&projects=&template=bug_report.md&title=
Quote
This may be an edge case.definitely )
21
General Discussion / Re: Unbound DNS not starting - port in use
« on: February 28, 2024, 08:58:53 am »
ah, sorry, @mimugmail repo. can't help with this.
may be you should find actual install path and run
https://forum.opnsense.org/index.php?topic=22162.msg114958#msg114958
but but I don't know what I'm saying )
may be you should find actual install path and run
https://forum.opnsense.org/index.php?topic=22162.msg114958#msg114958
but but I don't know what I'm saying )
22
General Discussion / Re: Unbound DNS not starting - port in use
« on: February 28, 2024, 08:17:10 am »
or just search for ":53" at
INTERFACES: DIAGNOSTICS: NETSTAT -> Sockets
INTERFACES: DIAGNOSTICS: NETSTAT -> Sockets
23
General Discussion / Re: Unbound, DNSSEC, and Resolution Weirdness
« on: February 27, 2024, 04:05:59 pm »
i think you can try
opnsense-patch 387fc59
and disable it via gui
or place aggressive-nsec no somewhere in /usr/local/opnsense/service/templates/OPNsense/Unbound/core/advanced.conf
and Apply unbound settings
opnsense-patch 387fc59
and disable it via gui
or place aggressive-nsec no somewhere in /usr/local/opnsense/service/templates/OPNsense/Unbound/core/advanced.conf
and Apply unbound settings
24
General Discussion / Re: Unbound, DNSSEC, and Resolution Weirdness
« on: February 26, 2024, 05:37:08 pm »
have you tried with aggressive-nsec no ?
i think it should work like https://www.cloudflare.com/dns/dnssec/dnssec-complexities-and-considerations/
so if you dig up the nsec record for trendnet.com it should return something other then trendnet.com for the next record (actual name or some white lie if zone owner is afraid of zone enumeration). like
https://digwebinterface.com/?hostnames=%0D%0Acloudflare.com&type=NSEC&showcommand=on&ns=resolver&useresolver=9.9.9.9&nameservers=
(returns \000.cloudflare.com. for the next record)
but for trendnet.com it return:
https://digwebinterface.com/?hostnames=trendnet.com&type=NSEC&showcommand=on&ns=resolver&useresolver=9.9.9.9&nameservers=
(returns trendnet.com. for the next record)
actualy saying that there is no records between trendnet.com and trendnet.com
I think this is a zone config error
i think it should work like https://www.cloudflare.com/dns/dnssec/dnssec-complexities-and-considerations/
so if you dig up the nsec record for trendnet.com it should return something other then trendnet.com for the next record (actual name or some white lie if zone owner is afraid of zone enumeration). like
https://digwebinterface.com/?hostnames=%0D%0Acloudflare.com&type=NSEC&showcommand=on&ns=resolver&useresolver=9.9.9.9&nameservers=
(returns \000.cloudflare.com. for the next record)
but for trendnet.com it return:
https://digwebinterface.com/?hostnames=trendnet.com&type=NSEC&showcommand=on&ns=resolver&useresolver=9.9.9.9&nameservers=
(returns trendnet.com. for the next record)
actualy saying that there is no records between trendnet.com and trendnet.com
I think this is a zone config error
25
Web Proxy Filtering and Caching / Re: Nginx not recognising upstream servers
« on: February 26, 2024, 01:23:23 pm »
glad it worked )
26
Web Proxy Filtering and Caching / Re: Nginx not recognising upstream servers
« on: February 26, 2024, 01:11:45 pm »
if you remember to hit Apply in General tab after the change, then perhaps there are some errors in the backend log (SYSTEM: LOG FILES: BACKEND)
27
Web Proxy Filtering and Caching / Re: Nginx not recognising upstream servers
« on: February 26, 2024, 01:05:28 pm »
no. you can have multiple http servers on the same ip:port
in the config file you still have http servers and streams on the same ports.
can you delete streams if it true?
in the config file you still have http servers and streams on the same ports.
can you delete streams if it true?
28
Web Proxy Filtering and Caching / Re: Nginx not recognising upstream servers
« on: February 26, 2024, 12:54:26 pm »
The config was not applied or an error occurred while applying the config?
there are no corresponding directives in the configuration file
there are no corresponding directives in the configuration file
29
Web Proxy Filtering and Caching / Re: Nginx not recognising upstream servers
« on: February 26, 2024, 12:26:59 pm »
i dont see proxy_ssl_* directives at all
is Enable TLS (HTTPS) enabled on Upstream settings?
is Enable TLS (HTTPS) enabled on Upstream settings?
30
Web Proxy Filtering and Caching / Re: Nginx not recognising upstream servers
« on: February 26, 2024, 11:56:46 am »Quote
The " TLS: Servername override" now is set to the external subdomainit should be set to the fqdn that the upstream expects (may or may not match the external (requst) address)
can you share your current config?