Messages

That is correct, log is full of reports. Please check the attached screenshot.

Hi Fright, this is working for me. As i press apply on MONIT setting i get message regarding CPUUsage, but just once after apply. No other messages regarding CPUUsage are coming, even the load is more that 15%

ok, i found the problem, it's captive portal. There is some issue with the LE certs, anyway, same certificate if working with webgui and no issue there.

Anyway, whatever i do with it no way to fix, also have this in the logs with captive service restarting:

Code Select Expand

configfile.c.1399 WARNING: unknown config-key: dir-listing.activate (ignored)

With client connection i get this one:

Code Select Expand

mod_openssl.c.3367 SSL: 1 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol (XX.XX.XX.XX)

I'm running the last opnsense 23.7.10_1,

Hi, having this kernel error with lighthttpd for a while, thought it could be HAProxy time-out issue so i disable it, but the error is still here. Is here someone who can give me some feedback, I'm lost and do not know how to move forward. Webgui is running pretty fast, there is no problem. Im using LE certs for firewall and they're ok, well at least I'm having no issue there. Not using local DNS plugins, but AD controller.
There is about 7 errors in a minute here and i just cant find the reason of it

Code Select Expand

kernel opnsense.domain.name lighttpd 2815 - - (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.73/src/mod_openssl.c.3327) SSL: -1 5 32: Broken pipe

Thought would be fine to share the powershell code with you guys, so here it is, the czech notes is the only thing you need to translate in case you wont understand :)

Code Select Expand


param (
    [string]$AssignedUserName,
    [string]$ClientIP
)

$ProgressPreference = "SilentlyContinue"

# Nastavení názvu zóny DNS
$DNSZoneName = "domain.name"

# Zjištění správné reverzní zóny
$thirdOctet = $ClientIP.Split('.')[2]
$ReverseDNSZoneName = if ($thirdOctet -in 0..79) { "$thirdOctet.16.172.in-addr.arpa" }
                     elseif ($thirdOctet -in 80..126) { "$thirdOctet.17.172.in-addr.arpa" }
                     else { "Unknown" }

if ($ReverseDNSZoneName -eq "Unknown") {
    Write-Host "Neplatná IP adresa pro existující reverzní zóny."
    return
}

# Získání hostname počítače přiřazeného k uživateli
function Get-AssignedComputerName {
    param ([string]$UserName)

    $user = Get-ADUser -Filter { SamAccountName -eq $UserName } -ErrorAction SilentlyContinue
    if ($user) {
        $computer = Get-ADComputer -Filter { ManagedBy -eq $user.DistinguishedName } -ErrorAction SilentlyContinue
        return $computer.Name
    }
    return $null
}

$assignedComputerName = Get-AssignedComputerName -UserName $AssignedUserName
if (-not $assignedComputerName) {
    Write-Host "A a PTR záznamy nebudou přidány kvůli nepřítomnosti přiřazeného počítače."
    return
}

$hostname = $assignedComputerName -replace "\..*$", ""

# Aktualizace A záznamu
$existingARecord = Get-DnsServerResourceRecord -ZoneName $DNSZoneName -Name $hostname -RRType "A" -ErrorAction SilentlyContinue
if ($existingARecord) {
    $newRecord = $existingARecord.Clone()
    $newRecord.RecordData.IPv4Address = [System.Net.IPAddress]::Parse($ClientIP)
    Set-DnsServerResourceRecord -ZoneName $DNSZoneName -OldInputObject $existingARecord -NewInputObject $newRecord
} else {
    Add-DnsServerResourceRecordA -Name $hostname -ZoneName $DNSZoneName -IPv4Address $ClientIP -AgeRecord
}

# Aktualizace PTR záznamu
$reversedIPParts = $ClientIP.Split('.')
[array]::Reverse($reversedIPParts)
$reversedIP = $reversedIPParts[0]
Add-DnsServerResourceRecordPtr -Name $reversedIP -ZoneName $ReverseDNSZoneName -PtrDomainName "$hostname.$DNSZoneName" -AgeRecord -ErrorAction SilentlyContinue


here in the sh script for client-connect function

Code Select Expand


#!/bin/sh

# Získání hodnot z proměnných OpenVPN
client_name=$common_name
client_ip=$ifconfig_pool_remote_ip

# Spuštění PowerShell skriptu na Windows serveru s těmito hodnotami
# Upravte názvy parametrů podle vašeho PowerShell skriptu
ssh username@your.dc.hostname "powershell -File C:\\Path\\to\\script.ps1 -AssignedUserName \"$client_name\" -ClientIP \"$client_ip\""


rsa_id make the thing, at the end was easy. Well, i can say now :)

So I'm back to close this node.

I was able to fix this issue wit client-connect function added to advanced config of OpenVPN server, this function is calling script and this one connects ssh to AD controller and running another ps1 script. Power-shell dynamically updates DNS records on AD. Everything os working now.

Hello OPNsense community,

I am currently using an OpenVPN server on OPNsense in tun mode on the WAN interface. For DNS, I am using a local AD Windows Server 2019 with DNS service enabled, where dynamic updates for secure/unsecure zones are allowed. However, I am encountering issues with this setup, and I need some assistance.

The problem I am facing is that no DNS records of clients are made on the DNS server.

Here is a summary of my current configuration:

OPNsense OpenVPN server in tun mode on WAN interface with local DNS IP of Win server
Local AD Windows Server 2019 with DNS service enabled.
Dynamic updates for secure/unsecure zones are allowed on the Windows DNS server.


Could you please provide guidance on how to troubleshoot and resolve this issue? Any suggestions, advice, or steps to follow would be greatly appreciated.

Thank you in advance for your help.

Best regards,
Martin

I have purchased business subscription of Zenarmor, means i can not move to os-wireguard. Anyway, will test a bit.

Thanks again for your support!

Thanks Franco, really appreciate!

btw, is there another way how to make my situation different? Just wondering you're complaining about this plugin, so i'm curios .

correct Franco, is there another way how to use it?

I'm using 5x WG connection as gateway for different departments, so i've been assigning WG devices to interfaces as gateway. Now, as u can see at the screenshot, they are not available at the device list and you can see WG connections are UP.

Hello! Got issue after 23.7.9 updat. Wireguard interfaces appear unassigned. As they've been created and configured before the update, they are up and running, so it's kinda cosmetic issue. Just wonder if i need to create new one i won't be able to assign it to interface. Am i the only one with this one?

Same here, restored VM Snapshot as I'm running business on it