"
I have a few office's that need the ability to track the mac-addresses attached to their network for audit purposes. The way the some of offices do that today is by a program on the server using LAN sweeper. Is there a plugin for OPNsense to offer similar functionaility?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
24.1, 24.4 Legacy Series / Reset Tunables
May 06, 2024, 06:39:51 PM
Is there any way to just reset the system tunables?
#3
22.1 Legacy Series / libevent missing openssl
January 31, 2022, 04:23:20 PM
Since upgrading to 22.1, I have been seeing this message on the update screen.
pkg: libevent has a missing dependency: openssl
Below is a complete capture of the update check.
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 22.1 (amd64/LibreSSL) at Mon Jan 31 07:20:39 PST 2022
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: .......... done
Processing entries: .......... done
OPNsense repository update completed. 779 packages processed.
Updating mimugmail repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: ....... done
Processing entries: .......... done
mimugmail repository update completed. 168 packages processed.
All repositories are up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking for upgrades (2 candidates): .. done
Processing candidates (2 candidates): .
pkg: libevent has a missing dependency: openssl
Processing candidates (2 candidates)... done
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***
pkg: libevent has a missing dependency: openssl
Below is a complete capture of the update check.
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 22.1 (amd64/LibreSSL) at Mon Jan 31 07:20:39 PST 2022
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: .......... done
Processing entries: .......... done
OPNsense repository update completed. 779 packages processed.
Updating mimugmail repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: ....... done
Processing entries: .......... done
mimugmail repository update completed. 168 packages processed.
All repositories are up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking for upgrades (2 candidates): .. done
Processing candidates (2 candidates): .
pkg: libevent has a missing dependency: openssl
Processing candidates (2 candidates)... done
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***
#4
21.1 Legacy Series / CVE-2020-15078
April 28, 2021, 10:05:53 PM
I was running a security audit and came across this, will this be addressed?
CVE-2020-15078
Overview
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Detailed description
This bug allows - under very specific circumstances - to trick a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup.
In combination with "--auth-gen-token" or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account.
CVE-2020-15078
Overview
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Detailed description
This bug allows - under very specific circumstances - to trick a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup.
In combination with "--auth-gen-token" or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account.
Pages1
