Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Morta

Pages 1 2 3 4 ... 8
#16
23.7 Legacy Series / Re: DHCPv6 range
August 02, 2023, 04:21:21 AM
A screenshot from a client



No SLAAC at all

#17
23.7 Legacy Series / Re: DHCPv6 range
August 02, 2023, 04:16:24 AM
Where can I check if it's SLAAC adresses?

Second try



#18
23.7 Legacy Series / DHCPv6 range
August 01, 2023, 09:04:57 PM
Hi

I want for my clients a range from 2a02:XXX:a774::2 to 2a02:XXX:a774::ffff

I did this under Service -> DHCPv6 following settings



but mi clients has still addresses like this one, why?

2a02:XXX:a774:be33:de22:ab42:3245:ff32

Should look like this

2a02:XXX:a774::34d4
#19
23.7 Legacy Series / Re: acme.sh broken with cloudflare
August 01, 2023, 06:02:43 PM
false flag... i could fix it. sorry!
#20
23.7 Legacy Series / Re: acme.sh broken with cloudflare
August 01, 2023, 05:31:02 PM
I'm do. So is there the error?
#21
23.7 Legacy Series / Re: acme.sh broken with cloudflare
August 01, 2023, 05:01:14 PM
Have you a wildcard cert with haproxy?
#22
23.7 Legacy Series / acme.sh broken with cloudflare
August 01, 2023, 04:43:17 PM
hi

I can't renew my certs.... validation failed always was working with opnsense 23.1.11

Code Select
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] skip dns.
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] dns_entries
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] _clearupdns
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] No need to restore nginx, skip.
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] pid
#define WITH_MSGLEVEL 0 /*debug*/
#define WITH_RETRY 1
#define WITH_FILAN 1
#define WITH_SYCLS 1
#define WITH_LIBWRAP 1
#undef WITH_FIPS
#define WITH_OPENSSL 1
#define WITH_PTY 1
#undef WITH_TUN
#undef WITH_READLINE
#define WITH_EXEC 1
#define WITH_SYSTEM 1
#define WITH_PROXY 1
#undef WITH_VSOCK
#define WITH_SOCKS4A 1
#define WITH_SOCKS4 1
#define WITH_LISTEN 1
#define WITH_SCTP 1
#define WITH_UDP 1
#define WITH_TCP 1
#undef WITH_INTERFACE
#define WITH_GENERICSOCKET 1
#define WITH_RAWIP 1
#define WITH_IP6 1
#define WITH_IP4 1
#undef WITH_ABSTRACT_UNIXSOCKET
#define WITH_UNIX 1
#define WITH_PIPE 1
#define WITH_TERMIOS 1
#define WITH_GOPEN 1
#define WITH_CREAT 1
#define WITH_FILE 1
#define WITH_FDNUM 1
#define WITH_STDIO 1
features:
running on FreeBSD version FreeBSD 13.2-RELEASE-p1 stable/23.7-n254737-f223233eef4 SMP, release 13.2-RELEASE-p1, machine amd64
socat version 1.7.4.4 on Jul 28 2023 02:30:20
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat:
nginx doesn't exist.
nginx:
apache doesn't exist.
apache:
OpenSSL 1.1.1t-freebsd 7 Feb 2023
openssl:openssl
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] Diagnosis versions:
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] code='200'
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] _ret='0'
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg'
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] POST
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] payload='{}'
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg'
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] code='200'
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] _ret='0'
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q'
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] POST
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] payload='{}'
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q'
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] Please add '--debug' or '--log' to check more details.
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] _on_issue_err
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] Error add txt for domain:_acme-challenge.xxx.ch
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] invalid domain
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] h
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] ret='0'
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] timeout=
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] url='https://api.cloudflare.com/client/v4/zones?name=ch&account.id=83f5c74cb3acc5ca609b3d2127439721'
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] GET
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] zones?name=ch&account.id=83f5c74cb3acc5ca609b3d2127439721
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] h='ch'
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] ret='0'
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] timeout=
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] url='https://api.cloudflare.com/client/v4/zones?name=xxx.ch&account.id=83f5c74cb3acc5ca609b3d2127439721'
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] GET
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] zones?name=xxx.ch&account.id=83f5c74cb3acc5ca609b3d2127439721
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] h='xxx.ch'
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] ret='0'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] timeout=
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] url='https://api.cloudflare.com/client/v4/zones?name=_acme-challenge.xxx.ch&account.id=83f5c74cb3acc5ca609b3d2127439721'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] GET
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] zones?name=_acme-challenge.xxx.ch&account.id=83f5c74cb3acc5ca609b3d2127439721
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] h='_acme-challenge.xxx.ch'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] First detect the root zone
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] Adding txt value: vBGqNBwnBNPub-yg8pwc16AL0Sa3-kLgeOuU332S0p0 for domain: _acme-challenge.xxx.ch
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] Found domain api file: /usr/local/share/examples/acme.sh/dnsapi/dns_cf.sh
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] d_api='/usr/local/share/examples/acme.sh/dnsapi/dns_cf.sh'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] txt='vBGqNBwnBNPub-yg8pwc16AL0Sa3-kLgeOuU332S0p0'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] txtdomain='_acme-challenge.xxx.ch'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] _d_alias
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] d='xxx.ch'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] vlist='xxx.ch#ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I#https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q#dns-01#dns_cf,*.xxx.ch#W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I#https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg#dns-01#dns_cf,'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] d
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] dvlist='*.xxx.ch#W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I#https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg#dns-01#dns_cf'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] keyauthorization='W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] token='W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg","token":"W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI"'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] _currentRoot='dns_cf'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] _w='dns_cf'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] Getting webroot for domain='*.xxx.ch'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] d='*.xxx.ch'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] dvlist='xxx.ch#ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I#https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q#dns-01#dns_cf'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] keyauthorization='ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] token='ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q","token":"ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4"'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] _currentRoot='dns_cf'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] _w='dns_cf'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] Getting webroot for domain='xxx.ch'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] d='xxx.ch'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] code='200'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] _ret='0'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/250977615786'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] POST
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] payload
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/250977615786'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] code='200'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] _ret='0'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/250977615776'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] POST
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] payload
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/250977615776'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/406092430/198736715916'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/406092430/198736715916'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] code='201'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] _ret='0'
2023-08-01T16:26:33 acme.sh [Tue Aug 1 16:26:33 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:33 acme.sh [Tue Aug 1 16:26:33 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
2023-08-01T16:26:33 acme.sh [Tue Aug 1 16:26:33 CEST 2023] POST
2023-08-01T16:26:33 acme.sh [Tue Aug 1 16:26:33 CEST 2023] _ret='0'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g -I '
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] HEAD
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] RSA key
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] payload='{"identifiers": [{"type":"dns","value":"xxx.ch"},{"type":"dns","value":"*.xxx.ch"}]}'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] d
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] d='*.xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Getting domain auth token for each domain
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Multi domain='DNS:xxx.ch,DNS:*.xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _createcsr
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Read key length:ec-384
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _saved_account_key_hash is not changed, skip register account.
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] d
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _currentRoot='dns_cf'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Check for domain='*.xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] d='*.xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _currentRoot='dns_cf'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Check for domain='xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] d='xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Le_LocalAddress
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _chk_alt_domains='*.xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _chk_main_domain='xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _on_before_issue
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] ACME_NEW_AUTHZ
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] ret='0'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] timeout=
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] url='https://acme-v02.api.letsencrypt.org/directory'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] GET
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _init api for server: https://acme-v02.api.letsencrypt.org/directory
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Le_NextRenewTime
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] DOMAIN_PATH='/var/etc/acme-client/home/xxx.ch_ecc'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Using config home:/var/etc/acme-client/home
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _alt_domains='*.xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _main_domain='xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Running cmd: issue
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Using server: https://acme-v02.api.letsencrypt.org/directory

Code Select
2023-08-01T16:26:38 opnsense AcmeClient: validation for certificate failed: xxx.ch
2023-08-01T16:26:38 opnsense AcmeClient: domain validation failed (dns01)
2023-08-01T16:26:32 opnsense AcmeClient: running acme.sh command: /usr/local/sbin/acme.sh --issue --syslog 7 --debug --server 'letsencrypt' --dns 'dns_cf' --dnssleep '120' --home '/var/etc/acme-client/home' --certpath '/var/etc/acme-client/certs/621d15ce2aa0d1.02076547/cert.pem' --keypath '/var/etc/acme-client/keys/621d15ce2aa0d1.02076547/private.key' --capath '/var/etc/acme-client/certs/621d15ce2aa0d1.02076547/chain.pem' --fullchainpath '/var/etc/acme-client/certs/621d15ce2aa0d1.02076547/fullchain.pem' --domain 'xxx.ch' --domain '*.xxx.ch' --days '1' --force --ocsp --keylength 'ec-384' --accountconf '/var/etc/acme-client/accounts/6207d3f1b10373.66815486_prod/account.conf'
2023-08-01T16:26:32 opnsense AcmeClient: using challenge type: Cloudflare
2023-08-01T16:26:32 opnsense AcmeClient: account is registered: xxx
2023-08-01T16:26:32 opnsense AcmeClient: using CA: letsencrypt
2023-08-01T16:26:32 opnsense AcmeClient: issue certificate:xxx.ch
2023-08-01T16:26:32 opnsense AcmeClient: certificate must be issued/renewed:xx.ch
2023-08-01T16:26:27 opnsense AcmeClient: ignoring revocation request for certificate xx.ch (not issued yet)


#23
23.1 Legacy Series / sshjump with openssh
May 22, 2023, 01:32:32 PM
I want to forward ssh traffic. I did following config in

/usr/share/etc/ssh/ssh_config

Code Select
#       $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP no
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   VerifyHostKeyDNS yes
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k

### First jump host. Directly reachable
host r0uter.net.work
  HostName xxx.ch

### Second jumphost. Only reachable via jumphost1.example.org
Host 5erver.net.work
  HostName server.xxx.ch
  ProxyJump 5erver

### Host only reachable via alphajump and betajump
Host pikvm.net.work
  HostName kvm.xxx.ch
  ProxyJump pikvm
#
Host nas.net.work
  Hostname nas.xx.ch
  Proxyjump nas

But I can't reach the hosts with the hostnames it goes all to r0uter. Why?

I followed https://wiki.gentoo.org/wiki/SSH_jump_host

How I can edit settings of the openssh daemon of OPNsense?
#24
22.7 Legacy Series / Re: bridge on router and Linux client gives strange behaviour
November 14, 2022, 04:38:27 PM
Thx for the input
#25
22.7 Legacy Series / Re: bridge on router and Linux client gives strange behaviour
November 14, 2022, 03:58:07 PM
Yes, I have 10 Gbps Interfaces and CAT7 cables and a 25 Gbps FTTH uplink to the ISP

#26
22.7 Legacy Series / Re: bridge on router and Linux client gives strange behaviour
November 14, 2022, 03:40:24 PM
Quote from: pmhausen on November 14, 2022, 03:25:09 PM
Or enable spanning tree ...

Ok, where?
#27
22.7 Legacy Series / Re: bridge on router and Linux client gives strange behaviour
November 14, 2022, 02:36:57 PM
A lag of the whole home network. I got my answer in the ArchLinux forum. The problem is two bridge makes a loop. I have to change to a bond interface on the client.
#28
22.7 Legacy Series / bridge on router and Linux client gives strange behaviour
November 14, 2022, 07:21:48 AM
Hi

I have a OPNsense router with all interfaces excepted WAN as bridge.
I go with two ixl 10 Gbps interfaces to a NIC which is a bridge on a Linux client with two 10Gbps.

The network is going down. Why?

I exclude one Interface on router all goes well
#29
22.1 Legacy Series / Re: IPv6 with init7
November 07, 2022, 01:50:08 PM
Yes it's works. Thx for your reply.
#30
22.7 Legacy Series / Re: OPNsense throttle Bittorrent-Traffic
October 31, 2022, 07:44:36 PM
Also traffic from ArchLinux mirrors are throttled I got only 2-4 MB/s

Why all traffic throttled with the new OPNsense version?
Pages 1 2 3 4 ... 8