Show posts

#106

General Discussion / Re: prometheus grafana dashboard

December 01, 2018, 01:46:18 AM

just played a bit with telegraf. the metrics are similar. no real gain here. I still miss vpn and PF data for now

#107

General Discussion / Re: prometheus grafana dashboard

November 30, 2018, 10:17:18 PM

Didn't tried telegraf yet. But I will tomorrow
I'll probably make another one

#108

General Discussion / prometheus grafana dashboard

November 30, 2018, 07:29:32 PM

Hi guys,

I just uploaded a grafana dashboard for OPNsense
https://grafana.com/dashboards/9291

Hope it helps you all. we still miss DHCP and VPN stats - hope to have those exported too.

#109

18.7 Legacy Series / Re: Suricata Broken

November 23, 2018, 10:05:45 PM

can you show the logs

#110

18.7 Legacy Series / 18.7.4 PPPoE issues

September 29, 2018, 03:46:15 PM

Hi,

I have several issues after the update.
1. the PPPoE interface automatically renames as "No-Ip ddns" :-\ Same behavior if I change the description on the Point to Point Definition
2. It seems that Unbound DNS refuses to resolve secure requests. to make it work I'm forced to use the forwarding mode.

Any clue if those 2 were touched by the code change in the last patch?

#111

Tutorials and FAQs / Re: DOUBLE BONUS - STAND ALONE DNS OVER TLS STUBBY GETDNS PACKAGE**

June 18, 2018, 10:12:34 AM

thanks again :)

#112

Tutorials and FAQs / Re: DOUBLE BONUS - STAND ALONE DNS OVER TLS STUBBY GETDNS PACKAGE**

June 17, 2018, 06:30:49 PM

Thanks for answering.
root@***:~ # pkg version getdns | grep getdns
getdns-1.4.2
reconfigured all again and seems fine.
It's strange that DNS service dies from time to time - it will be verry helpful to have watchdog as plugin

thanks

#113

General Discussion / Issues getting cert with acme

June 16, 2018, 06:28:17 PM

Hi all,

I'm trying to get a new cert for web-https and i'm pretty sure i miss somethig. if you guys see what i miss please let me know.
acme log looks like this:

root@OptimusPrime:~ # tail -f /var/log/acme.sh.log
[Sat Jun 16 19:22:52 EEST 2018] _ret='0'
[Sat Jun 16 19:22:52 EEST 2018] code='400'
[Sat Jun 16 19:22:52 EEST 2018] The new-authz request is ok.
[Sat Jun 16 19:22:52 EEST 2018] new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: DNS name does not have enough labels","status": 400}
[Sat Jun 16 19:22:52 EEST 2018] pid
[Sat Jun 16 19:22:52 EEST 2018] No need to restore nginx, skip.
[Sat Jun 16 19:22:52 EEST 2018] _clearupdns
[Sat Jun 16 19:22:52 EEST 2018] skip dns.
[Sat Jun 16 19:22:52 EEST 2018] _on_issue_err
[Sat Jun 16 19:22:52 EEST 2018] Please check log file for more details: /var/log/acme.sh.log
[Sat Jun 16 19:27:05 EEST 2018] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Sat Jun 16 19:27:05 EEST 2018] DOMAIN_PATH='/var/etc/acme-client/home/FirewallCertACME_ecc'
[Sat Jun 16 19:27:05 EEST 2018] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Sat Jun 16 19:27:05 EEST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Sat Jun 16 19:27:05 EEST 2018] GET
[Sat Jun 16 19:27:05 EEST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Sat Jun 16 19:27:05 EEST 2018] timeout=
[Sat Jun 16 19:27:05 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g '
[Sat Jun 16 19:27:06 EEST 2018] ret='0'
[Sat Jun 16 19:27:06 EEST 2018] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Sat Jun 16 19:27:06 EEST 2018] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Sat Jun 16 19:27:06 EEST 2018] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Sat Jun 16 19:27:06 EEST 2018] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Sat Jun 16 19:27:06 EEST 2018] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Sat Jun 16 19:27:06 EEST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sat Jun 16 19:27:06 EEST 2018] ACME_NEW_NONCE
[Sat Jun 16 19:27:06 EEST 2018] ACME_VERSION
[Sat Jun 16 19:27:06 EEST 2018] Le_NextRenewTime
[Sat Jun 16 19:27:06 EEST 2018] _on_before_issue
[Sat Jun 16 19:27:06 EEST 2018] _chk_main_domain='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] _chk_alt_domains='nikkon.go.ro'
[Sat Jun 16 19:27:06 EEST 2018] Le_LocalAddress
[Sat Jun 16 19:27:06 EEST 2018] d='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] Check for domain='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] _currentRoot='/var/etc/acme-client/challenges'
[Sat Jun 16 19:27:06 EEST 2018] d='nikkon.go.ro'
[Sat Jun 16 19:27:06 EEST 2018] Check for domain='nikkon.go.ro'
[Sat Jun 16 19:27:06 EEST 2018] _currentRoot='/var/etc/acme-client/challenges'
[Sat Jun 16 19:27:06 EEST 2018] d
[Sat Jun 16 19:27:06 EEST 2018] _saved_account_key_hash is not changed, skip register account.
[Sat Jun 16 19:27:06 EEST 2018] Read key length:ec-256
[Sat Jun 16 19:27:06 EEST 2018] _createcsr
[Sat Jun 16 19:27:06 EEST 2018] Multi domain='DNS:FirewallCertACME,DNS:nikkon.go.ro'
[Sat Jun 16 19:27:06 EEST 2018] Getting domain auth token for each domain
[Sat Jun 16 19:27:06 EEST 2018] d='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] Getting webroot for domain='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] _w='/var/etc/acme-client/challenges'
[Sat Jun 16 19:27:06 EEST 2018] _currentRoot='/var/etc/acme-client/challenges'
[Sat Jun 16 19:27:06 EEST 2018] Getting new-authz for domain='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Sat Jun 16 19:27:06 EEST 2018] Try new-authz for the 0 time.
[Sat Jun 16 19:27:06 EEST 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Sat Jun 16 19:27:06 EEST 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "FirewallCertACME"}}'
[Sat Jun 16 19:27:06 EEST 2018] RSA key
[Sat Jun 16 19:27:08 EEST 2018] GET
[Sat Jun 16 19:27:08 EEST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Sat Jun 16 19:27:08 EEST 2018] timeout=
[Sat Jun 16 19:27:08 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g '
[Sat Jun 16 19:27:08 EEST 2018] ret='0'
[Sat Jun 16 19:27:08 EEST 2018] POST
[Sat Jun 16 19:27:08 EEST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Sat Jun 16 19:27:08 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g '
[Sat Jun 16 19:27:10 EEST 2018] _ret='0'
[Sat Jun 16 19:27:10 EEST 2018] code='400'
[Sat Jun 16 19:27:10 EEST 2018] The new-authz request is ok.
[Sat Jun 16 19:27:10 EEST 2018] new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: DNS name does not have enough labels","status": 400}
[Sat Jun 16 19:27:10 EEST 2018] pid
[Sat Jun 16 19:27:10 EEST 2018] No need to restore nginx, skip.
[Sat Jun 16 19:27:10 EEST 2018] _clearupdns
[Sat Jun 16 19:27:10 EEST 2018] skip dns.
[Sat Jun 16 19:27:10 EEST 2018] _on_issue_err
[Sat Jun 16 19:27:10 EEST 2018] Please check log file for more details: /var/log/acme.sh.log

Thanks in advance

#114

Tutorials and FAQs / Re: DOUBLE BONUS - STAND ALONE DNS OVER TLS STUBBY GETDNS PACKAGE**

June 16, 2018, 10:30:47 AM

Thank you for describing every step in details.
The only issue I have is that after doing everything the DNS service doesn't start anyone.

#115

Tutorials and FAQs / Re: Telegraf input/output

March 31, 2018, 10:50:14 AM

Thank you for sharing

Sent from my iPad using Tapatalk

#116

Tutorials and FAQs / Re: Telegraf input/output

March 31, 2018, 12:20:00 AM

can you detail how you do that? I'm also interested to push data from Suricata to influxdb
btw: does anyone use a "standard" grafana dashboard for opnsense already?

#117

18.1 Legacy Series / Re: web interface issues after upgrade to 18.1.5

March 24, 2018, 09:21:58 PM

thx for answering. in this specific case was my home fw. so restart was not an issue. @ work...well it's a different story
fortunately after 3 restarts worked.

#118

18.1 Legacy Series / Re: web interface issues after upgrade to 18.1.5

March 24, 2018, 07:41:57 AM

Several restarts solved it.
Thank you

#119

18.1 Legacy Series / web interface issues after upgrade to 18.1.5

March 23, 2018, 05:59:20 PM

Hi,
I have issues accessing the update & plugins section. look like is looping for 10 sec then it goes back to dashboard.
any clue?

#120

Tutorials and FAQs / Re: Multiple dnscrypt-proxy Opnsense 16.7 / 17.1 / 17.7 / 18.1 :-)

February 05, 2018, 01:51:54 PM

+1 for the plugin :)

Messages - nikkon

General Discussion / Re: prometheus grafana dashboard

General Discussion / Re: prometheus grafana dashboard

General Discussion / prometheus grafana dashboard

18.7 Legacy Series / Re: Suricata Broken

18.7 Legacy Series / 18.7.4 PPPoE issues

Tutorials and FAQs / Re: **DOUBLE BONUS** - STAND ALONE DNS OVER TLS STUBBY GETDNS PACKAGE**

Tutorials and FAQs / Re: **DOUBLE BONUS** - STAND ALONE DNS OVER TLS STUBBY GETDNS PACKAGE**

General Discussion / Issues getting cert with acme

Tutorials and FAQs / Re: **DOUBLE BONUS** - STAND ALONE DNS OVER TLS STUBBY GETDNS PACKAGE**

Tutorials and FAQs / Re: Telegraf input/output

Tutorials and FAQs / Re: Telegraf input/output

18.1 Legacy Series / Re: web interface issues after upgrade to 18.1.5

18.1 Legacy Series / Re: web interface issues after upgrade to 18.1.5

18.1 Legacy Series / web interface issues after upgrade to 18.1.5

Tutorials and FAQs / Re: Multiple dnscrypt-proxy Opnsense 16.7 / 17.1 / 17.7 / 18.1 :-)

Tutorials and FAQs / Re: DOUBLE BONUS - STAND ALONE DNS OVER TLS STUBBY GETDNS PACKAGE**

Tutorials and FAQs / Re: DOUBLE BONUS - STAND ALONE DNS OVER TLS STUBBY GETDNS PACKAGE**

Tutorials and FAQs / Re: DOUBLE BONUS - STAND ALONE DNS OVER TLS STUBBY GETDNS PACKAGE**