Topics

Hi,

Does anyone have any information whether the openvpn obfuscate patch in OPNSense 18 is broken?
My VPN seem not to get any connection anymore.
Does anyone experience the same problem?

Kind regards, DJ

You may ignore the message below, since I decided to do a clean install. As stated in the message below it was running already for a long time. A clean install wouldn't hurt.

Dear All,

I've installed opnsense on a VM in the cloud by using the opnsense-bootstrap.sh script for over years now. Never had trouble with it until now. I wanted to upgrade to 18.1. During the upgrade process encountered problems with upgrading the kernel.  So in the end I decided to run the latest opnsense-bootstrap.sh script to set everything right. The upgrade process ended without any problems/errors, but now when booting I get to the console, but get errors:
Configuring OpenSSH .....failed
Starting Web GUI ..... failed
/usr/local/lib/libssl.so.44: Undefined symbol "timingsafe_memcmp"

When I go into the shell and try to start lighttpd manually it gives me the error:
/usr/local/sbin/lighttpd: Undefined symbol "memset_s"

The VM is used as endpoint of a VPN. On the other router I can also see that the VPN is not able to connect to the VM, so probably more services are not starting.

How to move on in troubleshooting these problems? any suggestions are very much appreciated....
Thanks in advance,
JJ

Hi,

I did some testing to set up Tinc mesh VPN, however I'm missing some basic features in the GUI:
Most important one:
- I have nodes with dynamic IP's. I believe Tinc can work with dynamic DNS names, however the OPNSense GUI doesn't seem to accept DNS names. Please make it possible to either fill in an IP or a DNS name.
Other ones:
- option to select the mode: router | switch | hub
- option to set ping time out (on poor speed connection I got "time out during authentication" errors.
- option to set custom port number

- feature add static routes to up/down scripts? This may be not be the right place to put the static routes, since OPNSense has a specific section for static routes, however - and I believe this is not solely a problem related to Tinc, but also to openvpn connection - I would like to influence the static routes in case a connection goes down/breaks (split-tunnel routing enable/disable); I know that this normally may be done by adding two static routes for the same destination, but via different gateways and putting a weight on the routes, but this feature is not provided by OPNSense.
In case there's a way to set this up by using the gateway down mechanism, I would appreciate some pointers on the how to.

Thanks for taking notice. Keep up the good work!

EDIT: I've created an issue in github for these features (except the one for the up/down scripts, because I believe it is not related to tinc).

Hi, I encounter a problem and can't figure out what the problem is.

I have a opnsense 16.7.3 installation running as router on my local lan.
My LAN has two gateways:
- one gateway is on the mentioned opnsense box (ip: 10.0.0.5/24) -> WAN interface connected to another DMZ network.
- one gateway is another router (not opnsense) on the LAN (10.0.0.1/24), which is directly connected to the internet.
All clients have the opnsense box set as default gateway. The purpose of the opnsense box is to split up the traffic bound for the internet (routes the traffic to the other gateway on the LAN: 10.0.0.1 gateway) and the traffic bound for the DMZ (routes it over the WAN). The splitting up is done with the help of static routes.
NAT rules are only applied on the WAN outbound, source = LAN and destination = any. Of course no NAT rules on the LAN interface. Firewall rules on LAN: any to any allowed on any protocol. Firewall rules on WAN: source = LAN to any allowed on any protocol.

Problem: web browsing is no problem, however if I want to upload an attachment to a webmail account on the internet I can't upload the attachment. If I try to send files over the internet to a git server (by use of http/https protocol) I can't upload the files; Git reports error: RPC failed; result=56, HTTP code = 0.
When I do a tracert from the client to the git server on the internet, I can see that the traffic is routed from opnsense to the other gateway on the LAN and doesn't show any problem.
The problem is very likely with opnsense, because if I change the default gateway on the client directly to the other gateway (so bypassing the opnsense router) everything works; I can upload attachments to my webmail accounts and upload my files to the git server without any problem.

I have not set any special settings on opnsense other than static routes, no proxy modules enabled.

Does anyone have an idea why I can browse the web, but not able to upload files?

Thanks in advance.
DJ

From the documentation on the link below, it is not clear to me whether the database is stored locally (and maybe updated every Tuesday ?) or whether the database is stored online and queried by OPNSense everytime?
In case of the latter, is there any caching mechanism to reduce querying ?

Link to doc on GeoIP: https://docs.opnsense.org/manual/ips.html#maxmind-geolite2-country

Thanks in advance.

EDIT: Never mind. Found this forum message:
https://forum.opnsense.org/index.php?topic=3081.msg9579#msg9579

Should have checked the forum first. :-o

I know....PPTP is cracked and not secure anymore...

Are their any plans to also include the client option for mpd; not for connecting to a provider, but for building a connection between two opnsense boxes. I've noticed that on a Russian website, someone created this patch for pfsense. It was just the adding of the a client text box and little code for adding the 'client' setting to the config file.

mpd also has the option to create (very stable) multilink ppp/pptp connections between. This feature also only involves adding settings to the config.

Any plans for this? If preferred I have a set of working config files.

After reboot the openvpn connection comes up, but the LAGG -in which the openvpn connections are- does not come up after reboot.

The same problem also occurs when the openvpn connections were disconnected due to bad internet connection. After the openvpn have reconnected, it seems the LAGG doesn't notice this.

This was a bug previously reported in pfsense: https://redmine.pfsense.org/issues/4231
It seems OPNsense (latest dev release) still has this problem?

Does anyone know where to find any information, documentation or help files on opnsense's intrusion detection?

thnx in advance