Recent posts

#21
So far not all components have an API yet but thats the long term goal, some features like Router Advertisements are migrated to MVC as we speak: https://opnsense.org/roadmap/



Maybe here you can find some inspiration how to automate non api components?
https://github.com/O-X-L/ansible-opnsense
#22
Okay thank, this one is the interesting one

-rwxr-xr-x 1 root root  67496 Jun 16  2023 mod_proxy_msrpc.so

We use exactly the same (as stated in my first response)

So it must be something else, maybe we find something obvious when comparing configurations.
#23
Hello,

i hope this is the right forum for this question, but i have a bit of a problem. I need a way to configure a Firewall using scripts and automation, but some things (AuthServers, Gateways, dhcpd, router advertisements, and Interface Assignments) cant be configured using the API.

What is the most elegant way to configure these other things using a script? The only way that i found, was using a php script that includes config.inc, and running that through the php interpreter.

Thanks.
#24
25.7, 25.10 Series / Re: os-OPNWAF / Exchange 2019 ...
Last post by humnab - Today at 08:42:11 AM
Hello,

thats the content of ls -lla /var/chroot-reverseproxy/usr/apache/modules/

Thanks!

-rw-r--r-- 1 root root  17381 Jun 16  2023 httpd.exp
-rwxr-xr-x 1 root root   9832 Jun 16  2023 mod_access_compat.so
-rwxr-xr-x 1 root root  18080 Jun 16  2023 mod_alias.so
-rwxr-xr-x 1 root root   5704 Jun 16  2023 mod_allowmethods.so
-rwxr-xr-x 1 root root  13956 Jun 16  2023 mod_auth_basic.so
-rwxr-xr-x 1 root root  34636 Jun 16  2023 mod_auth_digest.so
-rwxr-xr-x 1 root root  26308 Jun 16  2023 mod_auth_form.so
-rwxr-xr-x 1 root root   9860 Jun 16  2023 mod_authn_core.so
-rwxr-xr-x 1 root root   9828 Jun 16  2023 mod_authn_file.so
-rwxr-xr-x 1 root root  13992 Jun 16  2023 mod_authn_socache.so
-rw-r--r-- 1 root root  30436 Jun 16  2023 mod_authnz_aua.so
-rwxr-xr-x 1 root root  18092 Jun 16  2023 mod_authz_blacklist.so
-rwxr-xr-x 1 root root  22212 Jun 16  2023 mod_authz_core.so
-rwxr-xr-x 1 root root  13956 Jun 16  2023 mod_authz_dbd.so
-rwxr-xr-x 1 root root   9868 Jun 16  2023 mod_authz_groupfile.so
-rwxr-xr-x 1 root root   9860 Jun 16  2023 mod_authz_host.so
-rwxr-xr-x 1 root root   5700 Jun 16  2023 mod_authz_user.so
-rwxr-xr-x 1 root root  79776 Jun 16  2023 mod_avscan.so
-rw-r--r-- 1 root root  18120 Jun 16  2023 mod_backtrace.so
-rwxr-xr-x 1 root root  13920 Jun 16  2023 mod_buffer.so
-rwxr-xr-x 1 root root  34532 Jun 16  2023 mod_cache_disk.so
-rwxr-xr-x 1 root root  71696 Jun 16  2023 mod_cache.so
-rwxr-xr-x 1 root root  34572 Jun 16  2023 mod_cache_socache.so
-rwxr-xr-x 1 root root  18112 Jun 16  2023 mod_cookie.so
-rw-r--r-- 1 root root   9804 Jun 16  2023 mod_custom_blockpage.so
-rwxr-xr-x 1 root root  34532 Jun 16  2023 mod_deflate.so
-rw-r--r-- 1 root root   7460 Jun 24  2010 mod_envbyip.so
-rwxr-xr-x 1 root root   9824 Jun 16  2023 mod_env.so
-rwxr-xr-x 1 root root  13960 Jun 16  2023 mod_expires.so
-rwxr-xr-x 1 root root  22308 Jun 16  2023 mod_ext_filter.so
-rwxr-xr-x 1 root root   9892 Jun 16  2023 mod_file_cache.so
-rwxr-xr-x 1 root root  18080 Jun 16  2023 mod_filter.so
-rw-r--r-- 1 root root  13988 Jun 16  2023 mod_firehose.so
-rwxr-xr-x 1 root root  59280 Oct 27  2023 mod_form_hardening.so
-rwxr-xr-x 1 root root  18180 Jun 16  2023 mod_headers.so
-rwxr-xr-x 1 root root  51044 Jun 16  2023 mod_include.so
-rwxr-xr-x 1 root root  26276 Jun 16  2023 mod_info.so
-rwxr-xr-x 1 root root   5712 Jun 16  2023 mod_lbmethod_bybusyness.so
-rwxr-xr-x 1 root root   5712 Jun 16  2023 mod_lbmethod_byrequests.so
-rwxr-xr-x 1 root root   5712 Jun 16  2023 mod_lbmethod_bytraffic.so
-rwxr-xr-x 1 root root  14032 Jun 16  2023 mod_lbmethod_heartbeat.so
-rwxr-xr-x 1 root root  30544 Jun 16  2023 mod_log_config.so
-rwxr-xr-x 1 root root   9860 Jun 16  2023 mod_log_debug.so
-rwxr-xr-x 1 root root  18080 Jun 16  2023 mod_macro.so
-rwxr-xr-x 1 root root  18112 Jun 16  2023 mod_mime.so
-rwxr-xr-x 1 root root  30632 Jun 16  2023 mod_mpm_prefork.so
-rwxr-xr-x 1 root root  43012 Jun 16  2023 mod_mpm_worker.so
-rwxr-xr-x 1 root root  30536 Jun 16  2023 mod_negotiation.so
-rw-r--r-- 1 root root  22148 Jun 16  2023 mod_pcap.so
-rwxr-xr-x 1 root root  59340 Jun 16  2023 mod_proxy_balancer.so
-rwxr-xr-x 1 root root  13992 Jun 16  2023 mod_proxy_connect.so
-rwxr-xr-x 1 root root   9832 Jun 16  2023 mod_proxy_express.so
-rwxr-xr-x 1 root root  30564 Jun 16  2023 mod_proxy_fcgi.so
-rwxr-xr-x 1 root root   9832 Jun 16  2023 mod_proxy_fdpass.so
-rwxr-xr-x 1 root root  30568 Jun 16  2023 mod_proxy_hcheck.so
-rwxr-xr-x 1 root root  38732 Jun 16  2023 mod_proxy_html.so
-rwxr-xr-x 1 root root  38820 Jun 16  2023 mod_proxy_http.so
-rwxr-xr-x 1 root root  67496 Jun 16  2023 mod_proxy_msrpc.so
-rwxr-xr-x 1 root root  18180 Jun 16  2023 mod_proxy_scgi.so
-rwxr-xr-x 1 root root 154504 Jun 16  2023 mod_proxy.so
-rwxr-xr-x 1 root root  14036 Jun 16  2023 mod_proxy_uwsgi.so
-rwxr-xr-x 1 root root  22216 Jun 16  2023 mod_proxy_wstunnel.so
-rwxr-xr-x 1 root root   9828 Jun 16  2023 mod_ratelimit.so
-rwxr-xr-x 1 root root  26340 Jun 16  2023 mod_remoteip.so
-rwxr-xr-x 1 root root  13992 Jun 16  2023 mod_reqtimeout.so
-rwxr-xr-x 1 root root   9860 Jun 16  2023 mod_request.so
-rw-r--r-- 1 root root  13928 Jun 16  2023 mod_reverse_auth.so
-rwxr-xr-x 1 root root  71748 Jun 16  2023 mod_rewrite.so
-rw-r--r-- 1 root root 617532 Jun 16  2023 mod_security2_beta.so
-rw-r--r-- 1 root root 650424 Jun 16  2023 mod_security2.so
-rwxr-xr-x 1 root root  34496 Jun 16  2023 mod_sed.so
-rwxr-xr-x 1 root root   9832 Jun 16  2023 mod_session_cookie.so
-rwxr-xr-x 1 root root  22248 Jun 16  2023 mod_session_crypto.so
-rwxr-xr-x 1 root root  13992 Jun 16  2023 mod_session_dbd.so
-rw-r--r-- 1 root root  51084 Jun 16  2023 mod_session_server.so
-rwxr-xr-x 1 root root  18116 Jun 16  2023 mod_session.so
-rwxr-xr-x 1 root root  13956 Jun 16  2023 mod_setenvif.so
-rwxr-xr-x 1 root root  18088 Jun 16  2023 mod_slotmem_shm.so
-rwxr-xr-x 1 root root  13992 Jun 16  2023 mod_socache_dbm.so
-rwxr-xr-x 1 root root  13968 Jun 16  2023 mod_socache_memcache.so
-rwxr-xr-x 1 root root  13964 Jun 16  2023 mod_socache_redis.so
-rwxr-xr-x 1 root root  22156 Jun 16  2023 mod_socache_shmcb.so
-rwxr-xr-x 1 root root 237392 Jun 16  2023 mod_ssl.so
-rwxr-xr-x 1 root root  22212 Jun 16  2023 mod_status.so
-rwxr-xr-x 1 root root  18084 Jun 16  2023 mod_substitute.so
-rwxr-xr-x 1 root root   9748 Jun 16  2023 mod_unique_id.so
-rwxr-xr-x 1 root root  13952 Jun 16  2023 mod_unixd.so
-rwxr-xr-x 1 root root  30472 Jun 16  2023 mod_url_hardening.so
-rwxr-xr-x 1 root root   9828 Jun 16  2023 mod_version.so
-rw-r--r-- 1 root root  14088 Jun 16  2023 mod_waf_exceptions.so
-rwxr-xr-x 1 root root  18152 Jun 16  2023 mod_watchdog.so
-rw-r--r-- 1 root root  18204 Jun 16  2023 mod_whatkilledus.so
-rwxr-xr-x 1 root root  26340 Jun 16  2023 mod_xml2enc.so
#25
Does the IPsec tunnel have an SA open that allows the OpenVPN source network through, and the other side of the IPsec tunnel to return packets to that source?
#26
I have an ipsec VPN set up between Site A (192.168.168.0/24) and Site B (10.0.0.0/24).

Site A is behind a Sonicwall; Site B is behind OPNSense. They can ping, file share, RDP, etc. correctly.

I've configured OpenVPN on the OPNSense box (assigning users an IP in the range 10.10.10.0/24 upon successful connection.) OpenVPN users can successfully reach the Site B LAN network (10.0.0.0/24) no problem.

What I want is for them to also be able to reach the Site A network; to ping or RDP to 192.168.168.x and for that to successfully go through OpenVPN, through the ipsec tunnel, and respond back.

However, a traceroute OpenVPN -> Site A won't even go through the OpenVPN tunnel unless 192.168.168.0/24 is a local route on the OpenVPN instance.

My current ipsec config has two children:

Local         Remote
10.0.0.0/24      192.168.168.0/24
10.10.10.0/24           192.168.168.0/24

My OpenVPN instance has 10.0.0.0 and 192.168.168.0 as local networks for routing.

What am I missing? Any help would be appreciated.
#27
High availability / Re: HA setup with no WAN CARP ...
Last post by MysteryIron - Today at 06:51:39 AM
Can we do something like this? I was able to get IP from my ISP to my virtual switch. But I am running into routing issues at my virtual switch.

[Modem] → hostpci0 (0000:06:00) → Virtual Switch VM
    ↓
[Virtual Switch bridges to two virtio NICs]
    ↓                           ↓
vtnet5 (opnsense1)         vtnet5 (opnsense2)
    ↓                           ↓
  [WAN]                       [WAN]

I was able to get opnsense1 as primary and opensense2 as backup. Failover etc all are working. My trouble is getting the routing done at Virtial Switch. I used Alpine Linux for my virtual switch.

All this on a Micro Firewall with 6 port - 2.5GB nics on motherboard / J6413 processor. I see CPU spiking up, but if this fix works, I won't mind throwing more cores to this.
#28
German - Deutsch / Re: VPN lässt sich nach Verwen...
Last post by RalfOE - Today at 06:40:58 AM
Vielen Dank.
Ich hatte schon erwartet, dass es so einfach ist.
Das wäre dann damit gelöst.
#29
General Discussion / Re: UPNP Broken
Last post by lmnsour - Today at 05:28:42 AM
Ok, fixed it.  Stupid error / typo on IP address... Thanks for the assist @franco!
#30
General Discussion / Re: Micron exits consumer mark...
Last post by lmnsour - Today at 05:01:50 AM
The entire market is trending towards online subscriptions. Software subscriptions (Windows in on the war path to a Windows subscription model), gaming (Geforce Now), and soon hardware.  Our kids will have to rent CPU cores, Memory, GPUs, etc... if someone (cough *STEAM*) doesn't step in.

Game development is also going down the proverbial "cooperate greed" toilet.  I don't believe lack of graphics and HDD space optimizations are solely fueled laziness but part of a *wink *wink towards hardware developers such as Nvidia to drive up high end component demand and reliance on scaling and frame gen.  Helldivers 2 just released a beta version that decreases HDD space by almost 1/3rd, from 130ish to 30ish GBs. 

It's all a racket and I'm slowly turning into the old grumpy guy complaining about the good'ole days!