91
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
92
23.1 Legacy Series / Re: BUG: NGINX doesnt start
« on: March 30, 2023, 07:28:29 pm »
I'm not running the plugin myself, but if it is using the rc.d system to start, does the REQUIRE: keyword include the NETWORKING option.
For comparison inetd has: # REQUIRE: DAEMON LOGIN FILESYSTEMS
For comparison inetd has: # REQUIRE: DAEMON LOGIN FILESYSTEMS
93
23.1 Legacy Series / Re: OpenVPN UI Regressions in 23.1.5 - Dashboard Widget & Connection Status Page
« on: March 30, 2023, 07:14:02 pm »
Looks like prior to 23.1.4, the openvpn_get_client_status function in src/etc/inc/plugins.inc.d/openvpn.inc did:
Quote
One option might be to re-write the script to parse:
The clientX.conf file for the "CN";- The output of state for "Real Address"; &
- The output of status for "Bytes Sent" & "Bytes Received".
94
23.1 Legacy Series / Re: OpenVPN UI Regressions in 23.1.5 - Dashboard Widget & Connection Status Page
« on: March 30, 2023, 06:49:10 pm »
That certainly fixes the dashboard widget.
I had a quick look-see re the Connection Status page by installing socat and looking at the management interface output for the state and status commands, which the src/opnsense/scripts/openvpn/ovpn_status.py script appears to use.
State:
Status:
The OpenVPN Management Interface Community Resource states (emphasis added):
...and the Reference Manual for OpenVPN 2.5 states (emphasis added):
The script looks mainly written for servers; for clients a different solution might be needed.
One option might be to re-write the script to parse:
Another way might be to use the --status directive and a status file for clients... Not sure whether that would yield routing information, or whether routing information is even relevant for clients.
EDIT: This will not work as the same limitation applies. Only multi-client server instances get replies with the relevant information, regardless of whether it is in a status file or a unix socket.
I had a quick look-see re the Connection Status page by installing socat and looking at the management interface output for the state and status commands, which the src/opnsense/scripts/openvpn/ovpn_status.py script appears to use.
State:
Code: [Select]
root@opnsense_redacted_host:~ # echo state | socat - unix-connect:/var/etc/openvpn/clientX.sock
>INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info
1680171329,CONNECTED,SUCCESS,<VIP redacted>,<Server IP Redacted>,<Redacted Server (Destination) Port>,<I/F IP Redacted>,<Redacted Source Port>
END
Status:
Code: [Select]
root@opnsense_redacted_host:~ # echo status 3 | socat - unix-connect:/var/etc/openvpn/clientX.sock
>INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info
OpenVPN STATISTICS
Updated,2023-03-31 03:08:03
TUN/TAP read bytes,707211
TUN/TAP write bytes,954184
TCP/UDP read bytes,1151666
TCP/UDP write bytes,898354
Auth read bytes,955224
pre-compress bytes,0
post-compress bytes,0
pre-decompress bytes,0
post-decompress bytes,0
END
The OpenVPN Management Interface Community Resource states (emphasis added):
Quote
COMMAND -- status
-----------------
Show current daemon status information, in the same format as
that produced by the OpenVPN --status directive.
Command examples:
status -- Show status information using the default status
format version.
status 3 -- Show status information using the format of
--status-version 3.
...and the Reference Manual for OpenVPN 2.5 states (emphasis added):
Quote
--status args
Write operational status to file every n seconds.
Valid syntaxes:
status file
status file n
Status can also be written to the syslog by sending a SIGUSR2 signal.
With multi-client capability enabled on a server, the status file includes a list of clients and a routing table. The output format can be controlled by the --status-version option in that case.
For clients or instances running in point-to-point mode, it will contain the traffic statistics.
--status-version n
Set the status file format version number to n.
This only affects the status file on servers with multi-client capability enabled. Valid status version values:
1 -- Traditional format (default). The client list contains the following fields comma-separated: Common Name, Real Address, Bytes Received, Bytes Sent, Connected Since.
2 -- A more reliable format for external processing. Compared to version 1, the client list contains some additional fields: Virtual Address, Virtual IPv6 Address, Username, Client ID, Peer ID, Data Channel Cipher. Future versions may extend the number of fields.
3 -- Identical to 2, but fields are tab-separated.
The script looks mainly written for servers; for clients a different solution might be needed.
One option might be to re-write the script to parse:
- The clientX.conf file for the "CN";
- The output of state for "Real Address"; &
- The output of status for "Bytes Sent" & "Bytes Received".
EDIT: This will not work as the same limitation applies. Only multi-client server instances get replies with the relevant information, regardless of whether it is in a status file or a unix socket.
95
23.1 Legacy Series / Re: OpenVPN UI Regressions in 23.1.5 - Dashboard Widget & Connection Status Page
« on: March 30, 2023, 02:03:30 pm »
As for Connection Status...
Could it be the management interface parsing in the ovpn_status function of src/opnsense/scripts/openvpn/ovpn_status.py...?
Everything else looks good to me.
Could it be the management interface parsing in the ovpn_status function of src/opnsense/scripts/openvpn/ovpn_status.py...?
Everything else looks good to me.
96
23.1 Legacy Series / Re: OpenVPN UI Regressions in 23.1.5 - Dashboard Widget & Connection Status Page
« on: March 30, 2023, 01:35:37 pm »
Think I found the widget one:
src/www/widgets/widgets/openvpn.widget.php
Maybe?
Definitely. Made change on running system.
src/www/widgets/widgets/openvpn.widget.php
Code: [Select]
Line 123: <td><?=$client['remote_host'];?><br/><?=$client['virtual_addr'];?></td>
Should be : <td><?=$client['remote_host'];?><br/><?=$client['virtual_address'];?></td>
Definitely. Made change on running system.
97
23.1 Legacy Series / Re: OpenVPN UI Regressions in 23.1.5 - Dashboard Widget & Connection Status Page
« on: March 30, 2023, 01:25:48 pm »
Sorry Franco, I was referring to Fright's patch and pull 6440.
https://github.com/opnsense/core/pull/6440/commits/13d77cc36219e21f5536711605d4bb6eff007b28
It seemed to be working following that...
https://github.com/opnsense/core/pull/6440/commits/13d77cc36219e21f5536711605d4bb6eff007b28
It seemed to be working following that...
98
23.1 Legacy Series / Re: BUG Report - Duplicate DHCP Leases
« on: March 30, 2023, 01:14:36 pm »
You might want to check this old thread.
99
23.1 Legacy Series / Re: BUG Report - Duplicate DHCP Leases
« on: March 30, 2023, 01:10:05 pm »
Did your range include the static IP?
The implementation is not ideal.
The implementation is not ideal.
100
23.1 Legacy Series / Re: Not picking up 23.1.5_2 hotfix from mirror
« on: March 30, 2023, 12:46:54 pm »
Just weird I can download the named package in a browser. Perhaps the metadata wasn't updated yet on my local server... Anyway, like you said Franco, it is what it is.
The NZ mirror seems to be working well for now.
The NZ mirror seems to be working well for now.
101
23.1 Legacy Series / [SOLVED] OpenVPN UI Regressions in 23.1.5 - Dashboard Widget & Connection Status
« on: March 30, 2023, 12:43:04 pm »
Note: I can only speak for client connections.
Following up from the previous topic:
The Dashboard Widget now only displays the gateway (remote server) IP address. The VIP is no longer shown.
The Connection Status page is missing the CN, Real Address (is this the gateway address?) and both Bytes Sent and Bytes Received.
I guess something changed between commit 13d77cc and the 23.1.5 release. Maybe due to changes for local server instances / connections..?
EDIT: Set to [SOLVED]
Following up from the previous topic:
The Dashboard Widget now only displays the gateway (remote server) IP address. The VIP is no longer shown.
The Connection Status page is missing the CN, Real Address (is this the gateway address?) and both Bytes Sent and Bytes Received.
I guess something changed between commit 13d77cc and the 23.1.5 release. Maybe due to changes for local server instances / connections..?
EDIT: Set to [SOLVED]
102
23.1 Legacy Series / Re: Not picking up 23.1.5_2 hotfix from mirror
« on: March 30, 2023, 12:08:02 pm »
Oh, and Cloudflare (mirror.dns-root.de) still isn't offering 23.1.5_2..! 
103
23.1 Legacy Series / Re: Not picking up 23.1.5_2 hotfix from mirror
« on: March 30, 2023, 12:06:56 pm »
Ok, it's weird because you can see the package when you browse the tree.
Regretting this comment now. Methinks I was a bit quick shutting down @Greelan...
My closest neighbour is the NZ mirror.catalyst.net.nz, which is ~55ms for me...
It's up to date but not in the list so I had to add the custom URI, https://mirror.catalyst.net.nz/opnsense.
As for the others: mirror.venturasystems.tech in Colombia is quickest @ ~11ms..! No opnsense, only suricata. Probably Cloudflare anyway, as the Cloudflare mirror (mirror.dns-root.de) is also ~11ms. Probably the same for fourdots.com in Serbia at ~11ms too, but got various pkg errors, including missing repository. The next best after NZ is mirror.sfo12.us.leaseweb.net (West Coast US) at ~175ms, which works, but is not HTTPS, and is slower for me.
NZ for now...
Regretting this comment now. Methinks I was a bit quick shutting down @Greelan...
My closest neighbour is the NZ mirror.catalyst.net.nz, which is ~55ms for me...
It's up to date but not in the list so I had to add the custom URI, https://mirror.catalyst.net.nz/opnsense.
As for the others: mirror.venturasystems.tech in Colombia is quickest @ ~11ms..! No opnsense, only suricata. Probably Cloudflare anyway, as the Cloudflare mirror (mirror.dns-root.de) is also ~11ms. Probably the same for fourdots.com in Serbia at ~11ms too, but got various pkg errors, including missing repository. The next best after NZ is mirror.sfo12.us.leaseweb.net (West Coast US) at ~175ms, which works, but is not HTTPS, and is slower for me.
NZ for now...
104
23.1 Legacy Series / Not picking up 23.1.5_2 hotfix from mirror
« on: March 30, 2023, 12:49:38 am »
I can see the hotfix package on the mirror.dns-root.de mirror, but checking for updates does not prompt to upgrade.
From what I can tell, my auto update occurred right before the hotfix announcement.
I ended up running the following instead:
...and then rebooting.
Is that expected behaviour, i.e. for the hotfix to not be picked up?
From what I can tell, my auto update occurred right before the hotfix announcement.
I ended up running the following instead:
Code: [Select]
opnsense-patch 637bc31
opnsense-patch 4bc36a4
opnsense-patch e2dada5
opnsense-patch 3586e70...and then rebooting.
Is that expected behaviour, i.e. for the hotfix to not be picked up?
105
23.1 Legacy Series / Re: OpenVPN dashboard widget shows no info on 23.1.4
« on: March 24, 2023, 01:29:50 am »
Thanks Fright..! 
I used:
It looks like a couple more commits are needed for the server status to be fixed, but this was for clients. I'll update the title + [SOLVED].
I used:
Code: [Select]
opnsense-patch 13d77cc ...following the merge.It looks like a couple more commits are needed for the server status to be fixed, but this was for clients. I'll update the title + [SOLVED].