106
23.7 Legacy Series / Re: Upgradethread 23.1.11_1 to 23.7
« on: August 02, 2023, 07:20:10 am »
@mimugmail thnx! I updated right away
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
107
Virtual private networks / Wireguard-go VS Wireguard-kernel plugin
« on: August 02, 2023, 07:00:13 am »
I have been running wireguard-go for quite some time with no problems at all. I use it as always on, on our mobile devices like the iPhones (iOs) (everywhere using dns/adguard home).
Now I have been trying to use the wireguard-kernel version. At first it works flawlessly. But after some time (after the mobile device / iphone have not been used for some time / 10 mins, and start using again) the vpn connection is still there, but there is no data, no internet data. Seems like the tunnel stalls..
I found out that when configuring Endpoints - Keepalive Interval set at 25, the wireguard-kernel keeps working (just like the go version).
Now I wonder, why is it I have to add a keepalive in the kernel version? Is this a bug? The go version has, i think, the default setting of Keepalive Interval = 0, but i can not enter 0 in the endpoint config.
If the only solution is using a Keepalive Interval, what is the best interval setting to use? e.g. 25 or other number?
Others having this issue also? Thanks for the help!
Now I have been trying to use the wireguard-kernel version. At first it works flawlessly. But after some time (after the mobile device / iphone have not been used for some time / 10 mins, and start using again) the vpn connection is still there, but there is no data, no internet data. Seems like the tunnel stalls..
I found out that when configuring Endpoints - Keepalive Interval set at 25, the wireguard-kernel keeps working (just like the go version).
Now I wonder, why is it I have to add a keepalive in the kernel version? Is this a bug? The go version has, i think, the default setting of Keepalive Interval = 0, but i can not enter 0 in the endpoint config.
If the only solution is using a Keepalive Interval, what is the best interval setting to use? e.g. 25 or other number?
Others having this issue also? Thanks for the help!
108
23.7 Legacy Series / Re: Upgradethread 23.1.11_1 to 23.7
« on: July 31, 2023, 09:26:15 pm »
updated to 23.7 also. Had a little hickup with internet not working, probably due to adguard home, but after a another manual reboot with first disabling adguard home and back to only bind the system was working. Put adguard home back on and all is running like it should.
Only in the terminal I have an error building up in # with this:
and failures=1,2,3......up to 52 now and still counting up..
others having this also?
Only in the terminal I have an error building up in # with this:
Quote
[fib_algo] inet.0 (radix4_lockless#2180) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#2180) rebuild_fd_flm: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed
and failures=1,2,3......up to 52 now and still counting up..
others having this also?
109
23.7 Legacy Series / Re: Upgradethread 23.1.11_1 to 23.7
« on: July 31, 2023, 09:19:09 pm »
updated to 23.7 also. Had a little hickup with internet not working, probably due to adguard home, but after a another manual reboot with first disabling adguard home and back to only bind the system was working. Put adguard home back on and all is running like it should.
Only in the terminal I have an error building up in # with this:
others having this also?
Only in the terminal I have an error building up in # with this:
Quote
[fib_algo] inet.0 (radix4_lockless#2180) rebuild_fd_flm: table rebuild failedand failures=1,2,3......up to 52 now and still counting up..
[fib_algo] inet.0 (radix4_lockless#2180) rebuild_fd_flm: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed
others having this also?
110
Documentation and Translation / Re: AdGuard Home setup guide
« on: July 22, 2023, 06:54:04 am »Quote
way to backup and restore AdGuard?
I would say, backup the AdGuardHome.yaml file and restore it after new installation. location:
/usr/local/AdGuardHome
111
Virtual private networks / Re: dec850 wireguard no start
« on: July 16, 2023, 11:13:36 am »
glad to hear that os-wireguard is working for you.
I am using os-wireguard-go without any problems and when I use os-wireguard my vpn stops working after some time. Connection is still there but no dataflow anymore. So that's when I gave up on os-wireguard and still use os-wireguard-go, since there was no noticeable speed difference also
I am using os-wireguard-go without any problems and when I use os-wireguard my vpn stops working after some time. Connection is still there but no dataflow anymore. So that's when I gave up on os-wireguard and still use os-wireguard-go, since there was no noticeable speed difference also
112
Web Proxy Filtering and Caching / Re: Whitelist 6 Domains
« on: July 09, 2023, 01:32:12 pm »
never tried myself, but I would say:
- make an alias for the website (url/ip) for the allowed websites
make a firewall allow rule for this alias port 80 and 443
make another firewall rule below the above with block all port 80 and 443
- make an alias for the website (url/ip) for the allowed websites
make a firewall allow rule for this alias port 80 and 443
make another firewall rule below the above with block all port 80 and 443
113
General Discussion / Re: Wireguard and PiHole
« on: July 08, 2023, 07:36:03 pm »
do you have a firewall rule for your wireguard port 53 pointing to your pihole?
(interface wg, source wg net, destination pi hole, Destination port range DNS)
or
In your guide there is a mention of pi-hole here:
(interface wg, source wg net, destination pi hole, Destination port range DNS)
or
In your guide there is a mention of pi-hole here:
Quote
Note
If you are using alternate DNS server(s) such as Pi-hole, you will need to specify those DNS servers by clicking the “advanced mode” and entering the DNS server IP address in the “DNS Server” box. You will need to have a firewall rule to allow access to the alternate DNS server(s) (unless you have an “allow all” rule for your WireGuard clients, which is not the best security practice).
114
Web Proxy Filtering and Caching / Re: Need help creating a NAXSI whitelist
« on: July 08, 2023, 02:42:04 pm »
I use wireguard with my fam. Can be always on on the mobile devices. It's that fast that they do not even see the difference being on and/or off, so it can be allways on (although you can set when to connect or not to connect when e.g. on wifi at home automatically). And with doing so, and using e.g. adguard, they have adguard ads blocking on the go also :-)
115
Web Proxy Filtering and Caching / Re: Need help creating a NAXSI whitelist
« on: July 08, 2023, 07:42:05 am »
Maybe you can use a VPN on opnsense and with that you can use static ip's and use those in nginx whitelist.
116
Web Proxy Filtering and Caching / Re: Need help creating a NAXSI whitelist
« on: July 07, 2023, 07:36:53 pm »
from terminal I do not know how to do it, but from opnsense nginx gui:
Go HTTP-server, and tick advanced mode,
than look for the field " Naxsi Trusted Source IPs"
(Enter a list of IP addresses or CIDR networks which will be whitelisted for the Naxsi rules.)
Go HTTP-server, and tick advanced mode,
than look for the field " Naxsi Trusted Source IPs"
(Enter a list of IP addresses or CIDR networks which will be whitelisted for the Naxsi rules.)
117
General Discussion / Re: Access the web interface whit domain
« on: June 24, 2023, 07:59:50 pm »
You can disable the rebind check if you want:
OPnsense- system - settings- administration: DNS Rebind Check: [check] Disable DNS Rebinding Checks
Or put your domainname in de field below the above one:
Alternate Hostnames: yourdomain.com
hope that helps.
OPnsense- system - settings- administration: DNS Rebind Check: [check] Disable DNS Rebinding Checks
Or put your domainname in de field below the above one:
Alternate Hostnames: yourdomain.com
hope that helps.
118
23.1 Legacy Series / Re: after update Nginx wont start error (OPNsense 23.1.10-amd64)
« on: June 24, 2023, 12:18:54 pm »
With the naxsi rules enabled and started with reverting in same order as stated below:
1.22: # opnsense-revert -r 23.1.9 nginx. ->nginx fails to start:
1.24: # opnsense-revert nginx -> nginx fails to start:
1.24: # opnsense-revert -z nginx -> nginx running with only this error:
1.22: # opnsense-revert -r 23.1.9 nginx. ->nginx fails to start:
Quote
ginx: configuration file /usr/local/etc/nginx/nginx.conf test failed
nginx: [emerg] module "ngx_http_vhost_traffic_status_module" is already loaded in /usr/local/etc/nginx/nginx.conf:7
1.24: # opnsense-revert nginx -> nginx fails to start:
Quote
nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed
nginx: [emerg] Naxsi-Config : Incorrect line MainRule id:1500 (/usr/obj/usr/ports/www/nginx/work/naxsi-29793dc/naxsi_src/naxsi_skeleton.c/973)... in /usr/local/etc/nginx/nginx.conf:50
1.24: # opnsense-revert -z nginx -> nginx running with only this error:
Quote
nginx: [warn] could not build optimal variables_hash, you should increase either variables_hash_max_size: 1024 or variables_hash_bucket_size: 64; ignoring variables_hash_bucket_size
119
23.1 Legacy Series / Re: after update Nginx wont start error (OPNsense 23.1.10-amd64)
« on: June 24, 2023, 11:57:30 am »
Ok, first impression:
did the [# opnsense-revert -z nginx]
Nginx still runs after adding the naxsi rules back. Did a nginx hard stop en start, still works. That's the good part
looking at the log, I still see the error appearing, but not fatal anymore(?) since nginx keeps running...:
[emerg] 98860#122256: Naxsi-Config : Incorrect line MainRule id:1500 (/usr/obj/usr/ports/www/nginx/work/naxsi-29793dc/naxsi_src/naxsi_skeleton.c/973)... in /usr/local/etc/nginx/nginx.conf:50
I also noticed this in the log, what I do not remember being there before:
nginx: [warn] could not build optimal variables_hash, you should increase either variables_hash_max_size: 1024 or variables_hash_bucket_size: 64; ignoring variables_hash_bucket_size
did the [# opnsense-revert -z nginx]
Nginx still runs after adding the naxsi rules back. Did a nginx hard stop en start, still works. That's the good part
looking at the log, I still see the error appearing, but not fatal anymore(?) since nginx keeps running...:
[emerg] 98860#122256: Naxsi-Config : Incorrect line MainRule id:1500 (/usr/obj/usr/ports/www/nginx/work/naxsi-29793dc/naxsi_src/naxsi_skeleton.c/973)... in /usr/local/etc/nginx/nginx.conf:50
I also noticed this in the log, what I do not remember being there before:
nginx: [warn] could not build optimal variables_hash, you should increase either variables_hash_max_size: 1024 or variables_hash_bucket_size: 64; ignoring variables_hash_bucket_size
120
23.1 Legacy Series / Re: after update Nginx wont start error (OPNsense 23.1.10-amd64)
« on: June 23, 2023, 04:37:18 pm »
Ok, update nginx to latest version.
Disable naxsi rules SQL Injections 1000-1099 and File Uploads 1500-1600
Save and reload config and start nginx again.
Hope that works for you also.
Disable naxsi rules SQL Injections 1000-1099 and File Uploads 1500-1600
Save and reload config and start nginx again.
Hope that works for you also.