Topics

Hello, today I upgraded 2 sites to 24.7.9_1-amd64 (I believe I was previously on 24.7.4_1-amd64). After doing that everything seemed to be OK except that I noticed that my syslog server on the LAN was no longer getting syslogs from client devices on the other side of the IPsec connection.

Upon investigation it appears the remote site's individual client device IP addresses (for each device transmitting syslog output) were all being seen on the IPsec link with the remote sites public WAN IP instead. I was seeing denies in the firewall for the public IP on the IPsec interface and then after doing a temporary rule to allow the public IP I saw the same via tcpdump on the syslog server.

I was not able to resolve the issue, and as I needed to fix it as quickly as possible I took the opportunity to convert over to WireGuard. That said, I did want to pass this information on in case it was helpful and is reproducible by someone else.

Thank you.

[success - the problem disappears]

Hello, I have used OPNsense for a few years now successfully with a Vonage VoIP plan and am not sure if the following is a regression in upgrading to the 24.7 branch or not, and I do not have an easy way to test with downgrade. I am currently running OPNsense 24.7.4_1-amd64.

I have been trying to troubleshoot an issue relating to outbound Vonage VoIP calls getting dropped (inbound does not appear to have same problem). My Vonage service is not frequently utilized except that on most evenings my wife makes a call to her mother (some lasting more than 15 minutes). The current issue is that:

- Every evening that she goes to make the call to her mother that is longer than 15 minutes, each time the call drops exactly at 15 minutes, which I believe is the 900s value that the Firewall Optimization "Conservative" setting I have always had configured uses in OPNsense. While she makes the call I observe in the Firewall sessions that this also seems to be the case and once the call drops the 900s countdown starts and eventually expires and disappears.
- She calls her mother back soon after the call drops, and the following call is able to go longer than 15 minutes without getting dropped.
- Based on the sessions table I have seen it happen with various Vonage destination server IPs (which appear to be AWS-hosted).

In my troubleshooting I have tried on multiple occasions:

- Rebooting the cable modem [Same behavior as described above]
- Rebooting the Vonage adapter [Same behavior as described above]
- Rebooting OPNsense [Same behavior as described above]
- Modifying OPNsense to have an outbound static port for the Vonage adapter (even though it has worked without this previously) [Same behavior as described above]
- Moving the Vonage adapter to connect directly to my cable modem (bypass OPNsense) [Unless a coincidence, success - the problem disappears]

While I am already in the process of migrating off of Vonage, I would still like to understand if there could be a possible UDP session timeout issue (or perhaps something else) with the more recent versions of OPNsense? I find it odd that it only happens on the initial call but the subsequent post-dropped call seems to never have the problem.

Thank you.

Hello,

I am not sure if the following process created the situation I am facing, or if this is being seen by default:

- I installed 22.1.1_3 today on new hardware and imported a config file from my previous system.
- I disabled the one existing IPSec Tunnel Settings Phase 1 and Phase 2 rows I had.
- I cloned the one existing Phase 1 row I had.
- I cloned the one existing Phase 2 row I had.
- After making changes to the cloned Phase 1 and Phase 2 rows and enabling them, I clicked on checkbox to the left of the Phase 1 section "Enabled" checkbox for both the original and cloned row and noticed that the cloned Phase 2 entry was associated with the original Phase 1 entry and not the cloned one.
- At this point I could not see any "add" button to add a Phase 2 entry.
- I then deleted all Phase 1 and Phase 2 entries to and created a new Phase 1 entry.
- I am still not seeing an "add" button to create a Phase 2 entry. (image attached)

I am not sure if the steps I reference above created the problem, or if the add button in the Phase 2 entry is missing?

Any assistance would be greatly appreciated.

Thank you.