1
Hardware and Performance / Re: Install OPNsense in Netgate 3100?
« Last post by aj. on Today at 04:14:06 am »Oh well... will start with this unit, and will then move to an opnSense supported unit ASAP.
Thanks!
Thanks!
Recent Posts
2
Development and Code Review / Re: Registering callbacks on controller actions?
« Last post by ndejong on Today at 02:57:26 am »Hi Fabian
That makes sense
What I am suggesting would require new functionality at the core which in turn would create a major new dependency (aka Redis) on the OPNsense system - all of which sounds very resource heavy and is way beyond my pay-grade
What did not occur to me earlier is that Phalcon actually has a callback mechanism that allows you to register for callbacks on events:-
- https://docs.phalconphp.com/en/3.3/api/Phalcon_Events_Manager
With this, it seems like it might be possible to achieve what I was originally thinking of here without the heavyweight Redis approach.
A quick grep of both the opnsense-core and opnsense-plugins repos shows only one instance of the Phalcon `attach()` function being used `opnsense/mvc/app/config/services_api.php` so perhaps use of callbacks in OPNsense is not (yet) a common thing??
That makes sense
What I am suggesting would require new functionality at the core which in turn would create a major new dependency (aka Redis) on the OPNsense system - all of which sounds very resource heavy and is way beyond my pay-grade
What did not occur to me earlier is that Phalcon actually has a callback mechanism that allows you to register for callbacks on events:-
- https://docs.phalconphp.com/en/3.3/api/Phalcon_Events_Manager
With this, it seems like it might be possible to achieve what I was originally thinking of here without the heavyweight Redis approach.
A quick grep of both the opnsense-core and opnsense-plugins repos shows only one instance of the Phalcon `attach()` function being used `opnsense/mvc/app/config/services_api.php` so perhaps use of callbacks in OPNsense is not (yet) a common thing??
3
Intrusion Detection and Prevention / GeoIP Just Not Working
« Last post by ObecalpEffect on Today at 02:54:50 am »Hi,
I've noticed for quite a long time that my user defined IDS GeoIP drop rules just aren't working. I just verified it this evening when SPAM from 45.65.227.2 was delivered to my email server which is behind my OPNsense firewall.
45.65.227.2 is identified by goeiplookup on the OPNsense server as Argentina which is in my source block rule.
I just don't understand why if geoiplookup from the shell of the OPNsense server itself successfully identiifies the country of origin, why isn't it being blocked?
Nearly everything that makes it through my firewall should be blocked by the countries I'm blocking with the IDS goeipblock rule but they aren't. Is there anyway this feature could be improved on please?
Thanks,
ObecalpEffect.
I've noticed for quite a long time that my user defined IDS GeoIP drop rules just aren't working. I just verified it this evening when SPAM from 45.65.227.2 was delivered to my email server which is behind my OPNsense firewall.
45.65.227.2 is identified by goeiplookup on the OPNsense server as Argentina which is in my source block rule.
I just don't understand why if geoiplookup from the shell of the OPNsense server itself successfully identiifies the country of origin, why isn't it being blocked?
Nearly everything that makes it through my firewall should be blocked by the countries I'm blocking with the IDS goeipblock rule but they aren't. Is there anyway this feature could be improved on please?
Thanks,
ObecalpEffect.
4
Development and Code Review / Re: new sidebar-> changing font-size from 11px to 12px for better reading experience
« Last post by noname12123 on August 18, 2018, 07:14:25 pm »I think it all takes place in bootstrap.js or bootstrap.min.js.
Can anyone confirm that?
Can anyone confirm that?
5
18.7 Production Series / Unbound stopped working with error "Could not set up local zones"
« Last post by jwestan on August 18, 2018, 06:22:51 pm »Hi All,
I recently upgraded from 18.1.13 to 18.7.1_3 and the upgrade went well. However overnight, unbound stopped working with the following errors. The device at the ip listed is a wireless printer. To get the wan connection resolving again I disabled unbound and enabled dnsmasq dns.
Not sure if it is a really big deal using dnsmasq compared to unbound in a small home network but would like to resolve the issue and use unbound again. I probably configured unbound based on a guide I was following setting up opnsense.
Aug 18 05:32:23 unbound: [36062:0] fatal error: Could not set up local zones
Aug 18 05:32:23 unbound: [36062:0] error: Bad local-data RR .(mydomainname) IN A 192.168.1.188
Aug 18 05:32:23 unbound: [36062:0] error: error parsing local-data at 2 '.(mydomainname) IN A 192.168.1.188'
I recently upgraded from 18.1.13 to 18.7.1_3 and the upgrade went well. However overnight, unbound stopped working with the following errors. The device at the ip listed is a wireless printer. To get the wan connection resolving again I disabled unbound and enabled dnsmasq dns.
Not sure if it is a really big deal using dnsmasq compared to unbound in a small home network but would like to resolve the issue and use unbound again. I probably configured unbound based on a guide I was following setting up opnsense.
Aug 18 05:32:23 unbound: [36062:0] fatal error: Could not set up local zones
Aug 18 05:32:23 unbound: [36062:0] error: Bad local-data RR .(mydomainname) IN A 192.168.1.188
Aug 18 05:32:23 unbound: [36062:0] error: error parsing local-data at 2 '.(mydomainname) IN A 192.168.1.188'
6
18.7 Production Series / Port forwarding issues?
« Last post by swingline on August 18, 2018, 04:12:52 pm »I seem to be having some port forwarding issues. All but one of my port forwards stopped working when I moved to 18.7
Here is my setup
WAN (Static IP)
LAN 10.0.0.1/24
Ovpn 10.8.0.2
I have created an Alias that includes all of the IP addresses that I want to route around the VPN to the WAN. All other LAN traffic routes through the OpenVPN connection.
I have deleted all rules and port forwards that stopped working. For some reason, I have 3 rules for my Plex server (the working port forward) and at this point, I don't know which one is still working so I didn't delete any of them.
Is anyone else having issues with port forwarding?
Here is my setup
WAN (Static IP)
LAN 10.0.0.1/24
Ovpn 10.8.0.2
I have created an Alias that includes all of the IP addresses that I want to route around the VPN to the WAN. All other LAN traffic routes through the OpenVPN connection.
I have deleted all rules and port forwards that stopped working. For some reason, I have 3 rules for my Plex server (the working port forward) and at this point, I don't know which one is still working so I didn't delete any of them.
Is anyone else having issues with port forwarding?
7
Development and Code Review / Re: new sidebar-> changing font-size from 11px to 12px for better reading experience
« Last post by noname12123 on August 18, 2018, 03:07:13 pm »Can someone give me a hint where I find the click event for the main menu control?
I would like to build a pure hover navigation for the new sidebar and for that I would have to find the beginning. So where do I have to start in the mvc!
I would like to build a pure hover navigation for the new sidebar and for that I would have to find the beginning. So where do I have to start in the mvc!
8
German - Deutsch / Re: Updatepolitik Sicherheitsupdates
« Last post by fabian on August 18, 2018, 02:44:59 pm »Nunja, das kommt auf den Schweregrad drauf an. Grundsätzlich werden alle Updates auf einmal herausgebeben - dafür in der Regel auch regelmäßig.
Wenn ein Programm ein schweres Sicherheitsproblem aufweist, kann es sein, dass mal entweder ein einzeles Update herausgegeben wird oder das Release von der nächsten Version vorgezogen wird.
Wenn ein Programm ein schweres Sicherheitsproblem aufweist, kann es sein, dass mal entweder ein einzeles Update herausgegeben wird oder das Release von der nächsten Version vorgezogen wird.
9
German - Deutsch / Updatepolitik Sicherheitsupdates
« Last post by user11 on August 18, 2018, 02:36:09 pm »Hallo,
wie ist den das Vorgehen von OPNSense bei Updates?
Verstehe ich es richtig, dass Sicherheitsupdates immer gebündelt herausgegeben werden für die einzelnen Programmen (z.B. OpenVPN) und nicht sofort als einzelne Pakete, wenn diese verfügbar sind?
Beispielsweise wurden in der OpenVPN Version 2.4.3 mehrere Sicherheitslücken behoben.
FreeBSD hat am 21.06.2017 das OpenVPN Update 2.4.3 in der Paketverwaltung veröffentlicht ( https://svnweb.freebsd.org/ports?view=revision&revision=444043).
Die OpenVPN Version 2.4.3 wurde am 05.07.2017 in OPNSense aktualisiert (https://opnsense.org/opnsense-17-1-9-released/).
Bedeutet dies also, dass OpenVPN in diesem Zeitraum von 14 Tagen unnötig unsicher war?
wie ist den das Vorgehen von OPNSense bei Updates?
Verstehe ich es richtig, dass Sicherheitsupdates immer gebündelt herausgegeben werden für die einzelnen Programmen (z.B. OpenVPN) und nicht sofort als einzelne Pakete, wenn diese verfügbar sind?
Beispielsweise wurden in der OpenVPN Version 2.4.3 mehrere Sicherheitslücken behoben.
FreeBSD hat am 21.06.2017 das OpenVPN Update 2.4.3 in der Paketverwaltung veröffentlicht ( https://svnweb.freebsd.org/ports?view=revision&revision=444043).
Die OpenVPN Version 2.4.3 wurde am 05.07.2017 in OPNSense aktualisiert (https://opnsense.org/opnsense-17-1-9-released/).
Bedeutet dies also, dass OpenVPN in diesem Zeitraum von 14 Tagen unnötig unsicher war?
10
Development and Code Review / Re: Registering callbacks on controller actions?
« Last post by fabian on August 18, 2018, 12:07:56 pm »Hello ndejong,
I wrote the redis plugin a long time ago (a year maybe) because I needed redis for rspamd - it is a soft dependency to cache data etc.
Since it is a plugin, it has to be installed manually so it is hard to include some stuff depending on it in core.
I wrote the redis plugin a long time ago (a year maybe) because I needed redis for rspamd - it is a soft dependency to cache data etc.
Since it is a plugin, it has to be installed manually so it is hard to include some stuff depending on it in core.