"Recent posts
#21
25.7, 25.10 Series / Re: Help Troubleshooting OPNse...
Last post by mb19 - Today at 11:23:01 AMThanks to both of you.
On the one hand, I don't think this is a DNS issue, since name resolution does work:
And on the other hand, my system clock is also correct (I'm in Spain) and here's the output:
root@opnsense:/var/log/filter # date
Thu Dec 11 11:08:38 CET 2025
root@opnsense:/var/log/filter #
https://ibb.co/QF2bkBcm
Here is the drill test as well:
Finally, I've tried different combinations about the interfaces (out of lack of knowledge and some desperation, hoping that one of them would work by elimination).
In the screenshot I shared earlier I only had LAN selected, but I can leave it by default with all of them, I restart the service, and it still remains in "pending":
https://ibb.co/TxjNtrpj
On the one hand, I don't think this is a DNS issue, since name resolution does work:
Code Select
root@opnsense:/var/log/filter # dig pool.ntp.org
; <<>> DiG 9.20.15 <<>> pool.ntp.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60156
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;pool.ntp.org. IN A
;; ANSWER SECTION:
pool.ntp.org. 130 IN A 162.159.200.1
pool.ntp.org. 130 IN A 195.95.153.59
pool.ntp.org. 130 IN A 194.164.164.175
pool.ntp.org. 130 IN A 92.113.12.77
;; Query time: 454 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Thu Dec 11 11:06:49 CET 2025
;; MSG SIZE rcvd: 105
And on the other hand, my system clock is also correct (I'm in Spain) and here's the output:
root@opnsense:/var/log/filter # date
Thu Dec 11 11:08:38 CET 2025
root@opnsense:/var/log/filter #
https://ibb.co/QF2bkBcm
Here is the drill test as well:
Code Select
root@opnsense:/var/log/filter # drill 0.europe.pool.ntp.org
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 22650
;; flags: qr rd ra ; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; 0.europe.pool.ntp.org. IN A
;; ANSWER SECTION:
0.europe.pool.ntp.org. 130 IN A 193.219.94.180
0.europe.pool.ntp.org. 130 IN A 193.1.8.98
0.europe.pool.ntp.org. 130 IN A 193.32.222.35
0.europe.pool.ntp.org. 130 IN A 188.225.9.167
;; Query time: 581 msec
;; SERVER: 127.0.0.1
;; WHEN: Thu Dec 11 11:11:23 2025
;; MSG SIZE rcvd: 103
root@opnsense:/var/log/filter #
Finally, I've tried different combinations about the interfaces (out of lack of knowledge and some desperation, hoping that one of them would work by elimination).
In the screenshot I shared earlier I only had LAN selected, but I can leave it by default with all of them, I restart the service, and it still remains in "pending":
https://ibb.co/TxjNtrpj
#22
25.7, 25.10 Series / Re: OPNCentral cannot provisio...
Last post by nono - Today at 11:19:22 AMI can confirm that the issue continues when all nodes are up to date.
But I'm not willing to downgrade my productive nodes honestly ... They are "heavily" used for business purpose so this is something I would like to avoid.
But I'm not willing to downgrade my productive nodes honestly ... They are "heavily" used for business purpose so this is something I would like to avoid.
#23
Announcements / Re: OPNsense 25.7.9 released
Last post by franco - Today at 11:14:28 AMA hotfix release was issued as 25.7.9_7:
o system: fix hidden syslog HA XMLRPC sync option
o firewall: aliases: add has_parser() to check if an alias has a valid parser available
o firewall: clean up rules edit cancel button
o unbound: fix condition in safesearch template
o unbound: fix "configctl unbound check" after 25.7.8
o system: fix hidden syslog HA XMLRPC sync option
o firewall: aliases: add has_parser() to check if an alias has a valid parser available
o firewall: clean up rules edit cancel button
o unbound: fix condition in safesearch template
o unbound: fix "configctl unbound check" after 25.7.8
#24
25.7, 25.10 Series / Re: os-OPNWAF / Exchange 2019 ...
Last post by Monviech (Cedrik) - Today at 11:09:10 AMThanks for testing.
The Sophos config has these two settings, can you add them to the location?
If that didn't change anything remove http/2 and force http/1.1
Replace:
Please try these one by one so we can figure out which one did the trick. I imagine the http/1.1 might do something, since Caddy does the same when enabling the NTML module in it.
The Sophos config has these two settings, can you add them to the location?
Code Select
SetEnv proxy-initial-not-pooled
SetEnv proxy-aside-c
If that didn't change anything remove http/2 and force http/1.1
Replace:
Code Select
Protocols h2 http/1.1With:Code Select
Protocols http/1.1Please try these one by one so we can figure out which one did the trick. I imagine the http/1.1 might do something, since Caddy does the same when enabling the NTML module in it.
#25
25.7, 25.10 Series / Re: os-OPNWAF / Exchange 2019 ...
Last post by humnab - Today at 11:01:20 AMAnd the log for the actual test:
Code Select
<166>1 2025-12-11T10:51:22+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="1"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/nspi/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 3798 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="2"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/nspi/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="3"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/nspi/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1480 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="4"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="5"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1752 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="6"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="7"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1627 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="8"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="9"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1565 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="10"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="11"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1471 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="12"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="13"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1482 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="14"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="15"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1682 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="16"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="17"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1453 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="18"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="19"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 844 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="20"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1481 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="21"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="22"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 2149 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="23"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="24"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1472 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="25"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/nspi/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="26"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/nspi/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1479 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="27"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="28"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1484 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="29"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="30"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1482 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="31"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="32"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1488 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="33"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="34"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 2737 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="35"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="36"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1484 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="37"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="38"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1599 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="39"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="40"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1491 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="41"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="42"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1596 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="43"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="44"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1484 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="45"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="46"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1473 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="47"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="48"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1475 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="49"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="50"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1455 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)" #26
25.7, 25.10 Series / Re: Help Troubleshooting OPNse...
Last post by Patrick M. Hausen - Today at 10:59:59 AMYou are right - you do not have any active peers. The output should look similar to this one:
So the pool entries stay as they are but there should be individual servers *from* these pools that are active peers or candidates, respectively.
The states "pending", "active peer", "candidate" are shown in the UI status page if all is correct.
You can try on OPNsense e.g.:
You do have your NTP service enabled on all interfaces (the default), do you?
Code Select
$ ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================
0.freebsd.pool. .POOL. 16 p - 64 0 0.000 +0.000 0.000
2.freebsd.pool. .POOL. 16 p - 64 0 0.000 +0.000 0.000
+94.16.122.152 131.188.3.222 2 u 754 1024 377 2.674 -0.052 1.608
+78.46.87.46 189.97.54.122 2 u 217 1024 377 0.434 -0.297 0.117
-46.38.241.235 189.97.54.122 2 u 600 1024 377 2.654 -1.037 0.401
*141.144.241.16 195.145.119.188 2 u 435 1024 377 5.366 -0.225 0.043
So the pool entries stay as they are but there should be individual servers *from* these pools that are active peers or candidates, respectively.
The states "pending", "active peer", "candidate" are shown in the UI status page if all is correct.
You can try on OPNsense e.g.:
Code Select
$ drill 0.europe.pool.ntp.org
[...]
0.europe.pool.ntp.org. 130 IN A 185.123.84.51
0.europe.pool.ntp.org. 130 IN A 51.250.68.198
0.europe.pool.ntp.org. 130 IN A 46.160.198.122
0.europe.pool.ntp.org. 130 IN A 87.63.200.138
$ ntpdate -q 185.123.84.51
You do have your NTP service enabled on all interfaces (the default), do you?
#27
25.7, 25.10 Series / Re: os-OPNWAF / Exchange 2019 ...
Last post by humnab - Today at 10:59:53 AMHello,
I changed it to:
Unfortunately no difference, popups are still appearing.
I changed it to:
Code Select
ServerName mail.example.com
Listen 443
<VirtualHost *:443>
ServerName mail.example.com
Options -FollowSymLinks
Options -Indexes
Options -ExecCGI
LogLevel warn
ProxyRequests Off
RequestHeader set X-Forwarded-Proto "https"
SSLProxyEngine On
SSLProxyCheckPeerName On
SSLProxyCheckPeerExpire On
SSLEngine on
Protocols h2 http/1.1
SSLCertificateFile /var/etc/apache_2dd88e9b-e1af-45c0-bbb9-b157bf809e66.pem
SSLCertificateKeyFile /var/etc/apache_2dd88e9b-e1af-45c0-bbb9-b157bf809e66.key
# https://wiki.mozilla.org/Security/Server_Side_TLS
# TLS Intermediate configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
SSLHonorCipherOrder off
SSLCompression off
SSLSessionTickets off
SSLOptions +StrictRequire
SSLUseStapling On
# Start ExchangeHttps
OutlookAnywherePassthrough On
Header always set X-Frame-Options SAMEORIGIN
Header set Server Apache
Header unset X-AspNet-Version
Header unset X-OWA-Version
Header unset X-Powered-By
RequestHeader unset Expect early
ProxyRequests Off
ProxyPreserveHost On
ProxyVia Full
RequestHeader edit Transfer-Encoding Chunked chunked early
RequestHeader unset Accept-Encoding
TimeOut 1800
# Change Character set to allow umlaute
AddDefaultCharset ISO-8859-1
# Redirect to owa (Outlook Web Access)
# Redirect / /owa/
# Allow sending large files via attachement in Active Sync > 128KByte (new value 30MB)
<Directory /Microsoft-Server-ActiveSync>
SSLRenegBufferSize 31457280
</Directory>
<Location />
ProxyPass https://10.10.10.5/ connectiontimeout=900
ProxyPassReverse https://10.10.10.5/
</Location>
# End ExchangeHttps
<Location "/__waf_errors__">
ProxyPass "!"
<RequireAny>
# error pages are allowed for all.
Require all granted
</RequireAny>
</Location>
Alias "/__waf_errors__" "/usr/local/opnsense/data/OPNWAF/errors/default"
ErrorDocument 400 /__waf_errors__/400.html
ErrorDocument 401 /__waf_errors__/401.html
ErrorDocument 403 /__waf_errors__/403.html
ErrorDocument 404 /__waf_errors__/404.html
ErrorDocument 408 /__waf_errors__/408.html
ErrorDocument 500 /__waf_errors__/500.html
ErrorDocument 502 /__waf_errors__/502.html
ErrorDocument 504 /__waf_errors__/504.html
</VirtualHost>
<VirtualHost *:443>
ServerName autodiscover.example.com
Options -FollowSymLinks
Options -Indexes
Options -ExecCGI
LogLevel warn
ProxyRequests Off
RequestHeader set X-Forwarded-Proto "https"
SSLProxyEngine On
SSLProxyCheckPeerName On
SSLProxyCheckPeerExpire On
SSLEngine on
Protocols h2 http/1.1
SSLCertificateFile /var/etc/apache_d5ddeeb9-32c1-42a0-be53-f9b92602e492.pem
SSLCertificateKeyFile /var/etc/apache_d5ddeeb9-32c1-42a0-be53-f9b92602e492.key
# https://wiki.mozilla.org/Security/Server_Side_TLS
# TLS Intermediate configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
SSLHonorCipherOrder off
SSLCompression off
SSLSessionTickets off
SSLOptions +StrictRequire
SSLUseStapling On
# Start ExchangeHttps
OutlookAnywherePassthrough On
Header always set X-Frame-Options SAMEORIGIN
Header set Server Apache
Header unset X-AspNet-Version
Header unset X-OWA-Version
Header unset X-Powered-By
RequestHeader unset Expect early
ProxyRequests Off
ProxyPreserveHost On
ProxyVia Full
RequestHeader edit Transfer-Encoding Chunked chunked early
RequestHeader unset Accept-Encoding
TimeOut 1800
# Change Character set to allow umlaute
AddDefaultCharset ISO-8859-1
# Redirect to owa (Outlook Web Access)
# Redirect / /owa/
# Allow sending large files via attachement in Active Sync > 128KByte (new value 30MB)
<Directory /Microsoft-Server-ActiveSync>
SSLRenegBufferSize 31457280
</Directory>
# End ExchangeHttps
<Location "/__waf_errors__">
ProxyPass "!"
<RequireAny>
# error pages are allowed for all.
Require all granted
</RequireAny>
</Location>
Alias "/__waf_errors__" "/usr/local/opnsense/data/OPNWAF/errors/default"
ErrorDocument 400 /__waf_errors__/400.html
ErrorDocument 401 /__waf_errors__/401.html
ErrorDocument 403 /__waf_errors__/403.html
ErrorDocument 404 /__waf_errors__/404.html
ErrorDocument 408 /__waf_errors__/408.html
ErrorDocument 500 /__waf_errors__/500.html
ErrorDocument 502 /__waf_errors__/502.html
ErrorDocument 504 /__waf_errors__/504.html
</VirtualHost>
Unfortunately no difference, popups are still appearing.
#28
25.7, 25.10 Series / Re: Help Troubleshooting OPNse...
Last post by OPNenthu - Today at 10:54:11 AMI've so far seen two cases where NTP fails to sync:
1) local DNS is broken (for the firewall itself, not the LAN) so it can't resolve the pools
2) system date is too far out of sync with the local time (like when CMOS battery dies) and NTP refuses to sync
#2 can be fixed by setting the date manually with the 'date' command to within ~5 minutes of the actual time, then NTP starts to work.
1) local DNS is broken (for the firewall itself, not the LAN) so it can't resolve the pools
2) system date is too far out of sync with the local time (like when CMOS battery dies) and NTP refuses to sync
#2 can be fixed by setting the date manually with the 'date' command to within ~5 minutes of the actual time, then NTP starts to work.
#29
German - Deutsch / Re: Probleme mit DNS + VLAN + ...
Last post by Patrick M. Hausen - Today at 10:53:57 AMDu kannst den Betreff im ersten Post editieren und "[GELÖST]" oder "[SOLVED]" rein schreiben.
#30
German - Deutsch / Re: Probleme mit DNS + VLAN + ...
Last post by mfreudenberg - Today at 10:44:41 AMKann man Posts in dem Forum als gelöst markieren?
