Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - santi.benejam

Pages: [1] 2

23.1 Legacy Series / Re: 23.1.7 - Aliases issue

« on: September 19, 2023, 10:05:23 am »

This morning I upgraded to 23.1.11 and all went fine. The deleted/renamed aliases are not present now without doing nothing special. After the upgrade and rebooted the firewall all is working as expected.

23.1 Legacy Series / Re: 23.1.7 - Aliases issue

« on: September 14, 2023, 11:54:42 am »

I will try this solution as soon as I can.

Thanks

23.1 Legacy Series / 23.1.7 - Aliases issue

« on: September 12, 2023, 03:29:16 pm »

Our firewall is on 23.1.7 version. Yesterday I created a Host(s) alias OriginalAlias with one IP for testing. I created then some rules to deny connections from this IP. Today I renamed OriginalAlias to RenamedAlias then I deleted the firewall rules.

Now in Firewall: Diagnostics: Aliases I can see listed both aliases OriginalAlias and RenamedAlias. I have to restart something?.

Listing the /var/db/aliastables folder I can see in it both alias *.txt files. In a config backup file there is only the RenamedAlias.

I read in the forum that I can use /usr/local/opnsense/scripts/filter/update_tables.py to renew the /var/db/aliastables folder content. It's safe to run this command?

I'm planning to upgrade the firewall Thursday to the latest version and I don't want to have problems with a configuration error during the update.

23.1 Legacy Series / Upgrade to OPNsense 23.1.7_3-amd64

« on: May 24, 2023, 04:29:45 pm »

This morning I upgraded to OPNsense 23.1.7_3-amd64 - FreeBSD 13.1-RELEASE-p7 - OpenSSL 1.1.1t 7 Feb 2023 from 23.1.4.
After a few hours the firewall is still working as expected, zero errors during the upgrade.

23.1 Legacy Series / Re: [SOLVED] Cannot update to lastest patches

« on: March 22, 2023, 07:20:18 am »

I just upgraded the OPNSense box to 23.1.4 and it seems that all is working as expected for now.

Many thaks Franco

23.1 Legacy Series / [SOLVED] Re: Cannot update to lastest patches

« on: March 21, 2023, 03:16:44 pm »

I was missing this config as explained in this topic https://forum.opnsense.org/index.php?topic=32539.msg158377#msg158377

I had to disable HW Offload checkboxes and re-enable IPS mode and it now works. Tomorrow morning I'll do the pending updates.

23.1 Legacy Series / Re: Cannot update to lastest patches

« on: March 21, 2023, 09:16:06 am »

I stopped Intrusion detection and updates seems to work now. Enabling Intrusion detections with IPS Mode disabled seems to work too.
I'll try to upgrade later.

23.1 Legacy Series / Re: Cannot update to lastest patches

« on: March 21, 2023, 08:56:09 am »

More info from Health Audit

Code: [Select]

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 23.1_6 at Tue Mar 21 08:54:39 CET 2023
>>> Check installed kernel version
Version 23.1 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 23.1 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
os-clamav 1.8
os-ddclient 1.9_2
os-dmidecode 1.1_1
os-dyndns 1.27_3
os-net-snmp 1.5_2
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 66 dependencies to check.
Checking packages: .
beep-1.0_1 has no upstream equivalent
Checking packages: .
ca_root_nss-3.87 has no upstream equivalent
Checking packages: .
choparp-20150613 has no upstream equivalent
Checking packages: .
cpustats-0.1 has no upstream equivalent
Checking packages: .
dhcp6c-20200512_1 has no upstream equivalent
Checking packages: .
dnsmasq-2.88_1,1 has no upstream equivalent
Checking packages: .
dpinger-3.2 has no upstream equivalent
Checking packages: .
expiretable-0.6_2 has no upstream equivalent
Checking packages: .
filterlog-0.6 has no upstream equivalent
Checking packages: .
flock-2.37.2 has no upstream equivalent
Checking packages: .
flowd-0.9.1_3 has no upstream equivalent
Checking packages: .
hostapd-2.10_5 has no upstream equivalent
Checking packages: .
ifinfo-13.0 has no upstream equivalent
Checking packages: .
iftop-1.0.p4 has no upstream equivalent
Checking packages: .
isc-dhcp44-relay-4.4.3P1 has no upstream equivalent
Checking packages: .
isc-dhcp44-server-4.4.3P1 has no upstream equivalent
Checking packages: .
lighttpd-1.4.67 has no upstream equivalent
Checking packages: .
monit-5.32.0 has no upstream equivalent
Checking packages: .
mpd5-5.9_13 has no upstream equivalent
Checking packages: .
ntp-4.2.8p15_5 has no upstream equivalent
Checking packages: .
openssh-portable-8.9.p1_4,1 has no upstream equivalent
Checking packages: .
openssl-1.1.1s,1 has no upstream equivalent
Checking packages: .
openvpn-2.5.8 has no upstream equivalent
Checking packages: .
opnsense-23.1_6 has no upstream equivalent
Checking packages: .
opnsense-installer-23.1 has no upstream equivalent
Checking packages: .
opnsense-lang-22.7.3 has no upstream equivalent
Checking packages: .
opnsense-update-23.1 has no upstream equivalent
Checking packages: .
pam_opnsense-19.1.3 has no upstream equivalent
Checking packages: .
pftop-0.8_2 has no upstream equivalent
Checking packages: .
php81-ctype-8.1.14 has no upstream equivalent
Checking packages: .
php81-curl-8.1.14 has no upstream equivalent
Checking packages: .
php81-dom-8.1.14 has no upstream equivalent
Checking packages: .
php81-filter-8.1.14 has no upstream equivalent
Checking packages: .
php81-gettext-8.1.14 has no upstream equivalent
Checking packages: .
php81-google-api-php-client-2.4.0 has no upstream equivalent
Checking packages: .
php81-ldap-8.1.14 has no upstream equivalent
Checking packages: .
php81-pdo-8.1.14 has no upstream equivalent
Checking packages: .
php81-pecl-radius-1.4.0b1_2 has no upstream equivalent
Checking packages: .
php81-phalcon-5.1.4 has no upstream equivalent
Checking packages: .
php81-phpseclib-3.0.18 has no upstream equivalent
Checking packages: .
php81-session-8.1.14 has no upstream equivalent
Checking packages: .
php81-simplexml-8.1.14 has no upstream equivalent
Checking packages: .
php81-sockets-8.1.14 has no upstream equivalent
Checking packages: .
php81-sqlite3-8.1.14 has no upstream equivalent
Checking packages: .
php81-xml-8.1.14 has no upstream equivalent
Checking packages: .
php81-zlib-8.1.14 has no upstream equivalent
Checking packages: .
pkg-1.19.1_1 has no upstream equivalent
Checking packages: .
py39-Jinja2-3.1.2 has no upstream equivalent
Checking packages: .
py39-dnspython-2.2.1_1,1 has no upstream equivalent
Checking packages: .
py39-duckdb-0.6.1 has no upstream equivalent
Checking packages: .
py39-netaddr-0.8.0 has no upstream equivalent
Checking packages: .
py39-numpy-1.23.5_1,1 has no upstream equivalent
Checking packages: .
py39-pandas-1.5.1,1 has no upstream equivalent
Checking packages: .
py39-requests-2.28.1_1 has no upstream equivalent
Checking packages: .
py39-sqlite3-3.9.16_7 has no upstream equivalent
Checking packages: .
py39-ujson-5.0.0 has no upstream equivalent
Checking packages: .
py39-vici-5.9.9 has no upstream equivalent
Checking packages: .
radvd-2.19_1 has no upstream equivalent
Checking packages: .
rrdtool-1.8.0_2 has no upstream equivalent
Checking packages: .
samplicator-1.3.8.r1_1 has no upstream equivalent
Checking packages: .
squid-5.7 has no upstream equivalent
Checking packages: .
strongswan-5.9.9_1 has no upstream equivalent
Checking packages: .
sudo-1.9.12p2 has no upstream equivalent
Checking packages: .
suricata-6.0.9_1 has no upstream equivalent
Checking packages: .
syslog-ng-3.38.1 has no upstream equivalent
Checking packages: .
unbound-1.17.1_1 has no upstream equivalent
Checking packages: .
wpa_supplicant-2.10_6 has no upstream equivalent
Checking packages: .
zip-3.0_1 has no upstream equivalent
***DONE***

23.1 Legacy Series / Re: Cannot update to lastest patches

« on: March 21, 2023, 08:53:23 am »

Code: [Select]

System: Firmware
Status
Settings
Changelog
Updates
Plugins
Packages
Type	opnsense	
Version	23.1_6	
Architecture	amd64	
Flavour	OpenSSL	
Commit	6621e1999	
Mirror	https://pkg.opnsense.org/FreeBSD:13:amd64/23.1	
Repositories	OPNsense	
Updated on	Tue Mar 21 06:57:11 CET 2023	
Checked on	N/A

23.1 Legacy Series / Re: Cannot update to lastest patches

« on: March 21, 2023, 08:48:20 am »

I can ping to pkg.opnsense.org from console.

Code: [Select]

ping pkg.opnsense.org
PING pkg.opnsense.org (89.149.211.205): 56 data bytes
64 bytes from 89.149.211.205: icmp_seq=0 ttl=50 time=58.724 ms
64 bytes from 89.149.211.205: icmp_seq=1 ttl=50 time=59.299 ms
64 bytes from 89.149.211.205: icmp_seq=2 ttl=50 time=59.112 ms
64 bytes from 89.149.211.205: icmp_seq=3 ttl=50 time=58.237 ms
64 bytes from 89.149.211.205: icmp_seq=4 ttl=50 time=58.720 ms
64 bytes from 89.149.211.205: icmp_seq=5 ttl=50 time=59.095 ms
64 bytes from 89.149.211.205: icmp_seq=6 ttl=50 time=58.481 ms
64 bytes from 89.149.211.205: icmp_seq=7 ttl=50 time=58.477 ms
64 bytes from 89.149.211.205: icmp_seq=8 ttl=50 time=59.455 ms
64 bytes from 89.149.211.205: icmp_seq=9 ttl=50 time=58.424 ms
64 bytes from 89.149.211.205: icmp_seq=10 ttl=50 time=58.432 ms
64 bytes from 89.149.211.205: icmp_seq=11 ttl=50 time=58.549 ms
64 bytes from 89.149.211.205: icmp_seq=12 ttl=50 time=65.933 ms
64 bytes from 89.149.211.205: icmp_seq=13 ttl=50 time=58.496 ms
64 bytes from 89.149.211.205: icmp_seq=14 ttl=50 time=58.185 ms
64 bytes from 89.149.211.205: icmp_seq=15 ttl=50 time=59.128 ms
64 bytes from 89.149.211.205: icmp_seq=16 ttl=50 time=59.122 ms
64 bytes from 89.149.211.205: icmp_seq=17 ttl=50 time=59.091 ms
64 bytes from 89.149.211.205: icmp_seq=18 ttl=50 time=58.743 ms
^C
--- pkg.opnsense.org ping statistics ---
19 packets transmitted, 19 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 58.185/59.142/65.933/1.641 ms

23.1 Legacy Series / [SOLVED] Cannot update to lastest patches

« on: March 21, 2023, 08:41:54 am »

I upgraded to OPNSense 23.1 and I get this errors in audit connectivity.
Suricata emerging rules not updating

Code: [Select]

***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 23.1_6 at Tue Mar 21 08:13:21 CET 2023
Checking connectivity for host: pkg.opnsense.org -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes
1508 bytes from 89.149.211.205: icmp_seq=0 ttl=50 time=59.467 ms
1508 bytes from 89.149.211.205: icmp_seq=1 ttl=50 time=62.226 ms
1508 bytes from 89.149.211.205: icmp_seq=2 ttl=50 time=59.678 ms
1508 bytes from 89.149.211.205: icmp_seq=3 ttl=50 time=59.301 ms

--- 89.149.211.205 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 59.301/60.168/62.226/1.196 ms
Checking connectivity for repository (IPv4): https://pkg.opnsense.org/FreeBSD:13:amd64/23.1
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/meta.txz: Operation timed out
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/packagesite.pkg: Operation timed out
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/packagesite.txz: Operation timed out
Unable to update repository OPNsense
Error updating repositories!
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:4f00:a005:5::
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:13:amd64/23.1
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
***DONE***

22.7 Legacy Series / Re: Upgrade to 22.7.7/8 from 22.7.6

« on: November 30, 2022, 11:20:19 am »

Anyone can answer this question post, I'ts safe to upgrade with this audit results?.

22.7 Legacy Series / Upgrade to 22.7.7/8 from 22.7.6

« on: November 21, 2022, 03:17:20 pm »

Our firewall runs on version OPNsense 22.7.6 (amd64/OpenSSL). I made an audit Health and connectivity and I get this results.
My question is, it's safe to upgrade to the lastest version?.

Code: [Select]

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.7.6 (amd64/OpenSSL) at Mon Nov 21 15:09:19 CET 2022
>>> Check installed kernel version
Version 22.7.5 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.7.5 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
os-clamav 1.7_1
os-ddclient 1.9
os-dmidecode 1.1_1
os-dyndns 1.27_3
os-net-snmp 1.5_1
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 63 dependencies to check.
Checking packages: ...................
mpd5-5.9_11 version mismatch, expected 5.9_12
Checking packages: ...
openssl-1.1.1q,1 version mismatch, expected 1.1.1s,1
Checking packages: .
openvpn-2.5.7 version mismatch, expected 2.5.8
Checking packages: .
opnsense-22.7.6 version mismatch, expected 22.7.8
Checking packages: ...
opnsense-update-22.7.5 version mismatch, expected 22.7.7
Checking packages: ...
php80-ctype-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-curl-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-dom-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-filter-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-gettext-8.0.24 version mismatch, expected 8.0.25
Checking packages: ..
php80-ldap-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-pdo-8.0.24 version mismatch, expected 8.0.25
Checking packages: ..
php80-phalcon-5.0.3 version mismatch, expected 5.1.1
Checking packages: ..
php80-session-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-simplexml-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-sockets-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-sqlite3-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-xml-8.0.24 version mismatch, expected 8.0.25
Checking packages: .
php80-zlib-8.0.24 version mismatch, expected 8.0.25
Checking packages: ..
py39-Jinja2-3.0.1 version mismatch, expected 3.1.2
Checking packages: ....
py39-sqlite3-3.9.14_7 version mismatch, expected 3.9.15_7
Checking packages: .......
strongswan-5.9.8 version mismatch, expected 5.9.8_1
Checking packages: .
sudo-1.9.11p3 version mismatch, expected 1.9.12p1
Checking packages: .
suricata-6.0.8 version mismatch, expected 6.0.8_1
Checking packages: ..
unbound-1.16.3 version mismatch, expected 1.17.0
Checking packages: .. done
***DONE***

***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 22.7.6 (amd64/OpenSSL) at Mon Nov 21 15:13:12 CET 2022
Checking connectivity for host: pkg.opnsense.org -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes
1508 bytes from 89.149.211.205: icmp_seq=0 ttl=50 time=60.162 ms
1508 bytes from 89.149.211.205: icmp_seq=1 ttl=50 time=60.108 ms
1508 bytes from 89.149.211.205: icmp_seq=2 ttl=50 time=59.890 ms
1508 bytes from 89.149.211.205: icmp_seq=3 ttl=50 time=60.095 ms

--- 89.149.211.205 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 59.890/60.064/60.162/0.103 ms
Checking connectivity for repository (IPv4): https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 809 packages processed.
All repositories are up to date.
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:4f00:a005:5::
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
***DONE***

22.7 Legacy Series / Re: Upgraded to 22.7.4 now unable to check for updates

« on: October 20, 2022, 08:08:00 am »

I upgraded today to 22.7.6 and then deactivated the NAT Rule and connections to internet from local box are working now.
Connectivity audits and check for updates ara working too.
Franco, If you need something that can help to debug this errors, how can I help?

22.7 Legacy Series / Re: Upgraded to 22.7.4 now unable to check for updates

« on: October 19, 2022, 03:26:30 pm »

Hi Franco, I've been using OPNSense in a FW6 Protectli since 2019 and this is the first time an update fails with these symptoms.

I added an outgoing NAT rule as suggested by schup and now ping works and I can get updates. I don't know if it happened during the update. I think that for some reason the update failed or had to be updated to version 22.7.6 and was not done because it could not be downloaded.
Tomorrow morning I'll update it to 22.7.6.

Pages: [1] 2