Topics

Hi all,
Been using OPNsense since v18 and got stumped when clients asked me to install ActiveSync (EAS) on the mail server.
It seems to only send from the local computer or phone. The remote computer cannot send  events out but it receives events.
I know there must be a rule issue. The only rule on the local and remote side is in the pic. (EmailPorts are 25,80,443,465,993,8080,8443).
The remote network also has an opnsense firewall.
Anybody have any rules suggestions on receiving these calendar events from remote computers?

I suspect the issue is the firewall on the remote side, because I can send and receive calendar events on the local computer and my phone (using local or cell service).  I receive events on the remote computer, just can't send any. Nothing in the logs.

Thanks in advance

The OPNsense scrollbar is just a sliver for me on a high res screen. I changed the default in chrome, but when CSS is applied it overrides.
Any way to increase the scrollbar width in OPNsense? I know it is done in CSS, so how do I permanently modify it for OPNsense?

I have been trying to setup the New IPsec VPN and having issues. I think it is all certificate related.
I have been using the Legacy version for a couple years now and it is time to change because it is being retired, I read, and since OPNsense version 25.1 has been disconnecting clients randomly. I'm on my 4th day and I just cannot get the new IPsec VPN to work. The guides have a lot of mis-leading and incomplete info. Most I can figure out, but the sert section is troubling me.
This OPNsense box is ONLY being used for IPsec VPN access to one server and many clients using one dedicated WAN IP (ie 98.99.100.101).
I chose 'IPsec - Roadwarriors IKEv2'
Lets start with the basics - Certificates. I think this is my main source of trouble.
From the guide, I need just one Root Authority and one leaf certificate. I named the root authority 'IPsec CA' and the Certificate 'leaf-vpn'
Both certs are created in OPNsense using the Deciso guide and the 'IPsec CA' Trust Authority is downloaded then uploaded to the Windows 2022 server and installed via mmc.
The 'leaf-vpn' cert is created as a client/server certificate and also uploaded and installed on the server via mmc.
The downloaded 'leaf-vpn.crt' cert is also uploaded to the Windows 11 client. That certificate is installed with the following PowerShell command on Win11
'Import-Certificate -FilePath "leaf-vpn.crt"" -CertStoreLocation Cert:\LocalMachine\Root\'

I am not sure if I also need to use mmc to install the 'leaf-vpn.crt' cert to the Windows 11 client.

Am I missing any steps with these certificates?
Any help is greatly appreciated. Thanks, OPNsense is a fantastic product.

Whenever I try to connect I get 'ike authentication credentials are unacceptable'
I have gone over all the settings multiple times and cannot figure out how to solve this issue.
When it comes to the Trust settings, they aren't very clear to me so I used settings as close as possible from Deciso examples.
I use to have the legacy IPsec VPN and that worked until recently when it kept disconnecting every few hours.

What can I check?
Please help!

Since I updated to 25.1.5, IPsec keeps disconnecting. I am using the legacy version. Tried updating to new version last week with no success Any suggestions?

Help, I cannot get SMB access with a remote user.
I setup a dedicated opnsense firewall using one of my static WAN IP's as the WAN to allow access to/from a single remote user.
OPNsense has the LAN set to 192.168.40.1/24 and the WAN as 99.99.99.99 (using this IP as WAN example)
The IP of the local user is 192.168.40.26 which is what I want the remote user access to.
Let say the IP of the remote user is 50.50.50.50 for now which may change to dynamic later on, so I can just use an Alias when that happens.

All I need is for only the one remote user (50.50.50.50) full access to the local user (192.168.40.26) on all ports. No other access allowed.
I can ping 99.99.99.99 from 50.50.50.50, so I know there is a connection with an ICMP allow rule I put in the WAN rules.
I tried just one WAN rule making the source 50.50.50.50 to any. Didn't work
I tried just one LAN rule making the source any to destination any. Didn't work
I tried both together.

For more info, this local computer has a dedicated NIC with it's IP as 192.168.40.26. This plugs into the OPNsense box. The only other NIC in the OPNsense box is the one for the connection to the WAN IP 99.99.99.99.
There are no active Windows or any other firewalls running on the local or remote computers.

This should be simple, only one remote user to access only one local IP. The main reason I am using OPNsense instead of Windows firewall is because I need to ultimately use an Alias with the remote domain name info.

I can't figure out why one remote IP cannot reach the server. The only clue I have is the absence of a label and different rule number. I have both packets captured in the attachments. The bad pic  cannot get to the server. How do I find the rulenr, as I suspect the rule the bad packet is using is different.

I have been experiencing intermittent internet loss. not sure if it is the firewall. I did have some errors at the same time this happened today in the OPNsense log. Does this point to anything? I am on the latest OPNsense version.

2023-10-23T16:24:35-07:00   Error   api   no active session, user not found   
2023-10-23T16:18:34-07:00   Error   configd.py   [872b9217-6625-4f0b-9e90-f1e42cc38724] Script action failed with Command '/usr/local/opnsense/scripts/firmware/query.sh remote ' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 44, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/firmware/query.sh remote ' returned non-zero exit status 1.   
2023-10-23T16:18:34-07:00   Error   configd.py   Timeout (120) executing : firmware tiers   

Also the general log shows this
2023-10-23T16:24:29-07:00   Error   opnsense   /usr/local/etc/rc.newwanip: The command '/bin/kill -'TERM' '57694''(pid:/var/run/unbound.pid) returned exit code '1', the output was 'kill: 57694: No such process'   
2023-10-23T16:24:23-07:00   Error   dhcp6c   transmit failed: Can't assign requested address   
2023-10-23T16:24:23-07:00   Warning   opnsense   /usr/local/etc/rc.bootup: dhcpd_radvd_configure(auto) found no suitable IPv6 address on lan(ixl0)   
2023-10-23T16:22:14-07:00   Error   opnsense   /usr/local/etc/rc.newwanipv6: The command '/bin/kill -'TERM' '76961''(pid:/var/dhcpd/var/run/dhcpdv6.pid) returned exit code '1', the output was 'kill: 76961: No such process'   
2023-10-23T16:19:22-07:00   Warning   opnsense   /usr/local/etc/rc.linkup: dhcpd_radvd_configure(auto) found no suitable IPv6 address on lan(ixl0)   
2023-10-23T16:18:53-07:00   Error   dhcp6c   transmit failed: Network is down   
2023-10-23T16:18:37-07:00   Error   dhcp6c   transmit failed: Network is down   
2023-10-23T16:18:36-07:00   Error   dhcp6c   transmit failed: Network is down   
2023-10-23T16:18:35-07:00   Error   dhcp6c   transmit failed: Network is down   
2023-10-23T16:18:29-07:00   Error   dhcp6c   transmit failed: Network is down   
2023-10-23T16:18:28-07:00   Error   dhcp6c   transmit failed: Network is down   
2023-10-23T16:18:28-07:00   Error   dhcp6c   transmit failed: Network is down   
2023-10-23T16:18:25-07:00   Error   dhcp6c   transmit failed: Network is down   
2023-10-23T16:18:24-07:00   Error   dhcp6c   transmit failed: Network is down   
2023-10-23T16:18:24-07:00   Error   dhcp6c   transmit failed: Network is down   
2023-10-23T16:18:23-07:00   Error   dhcp6c   transmit failed: Network is down   
2023-10-23T16:18:22-07:00   Error   dhcp6c   transmit failed: Network is down   
2023-10-23T16:18:22-07:00   Error   dhcp6c   transmit failed: Network is down

I am running 2 WAN's in the OPNsense box. Only one WAN died. The ISP said there was no outage.
Problem happens once a day. Problem always points to dhcp6. the WAN that works only uses IPv4. Should I disable IPv6 on the problem LAN? I am using Prefix delegation size of 64. Is that a problem. ISP is Cox

Any help is appreciated.

This appears in the log when the firewall goes down. This happens 4-8 times a day.
Funny thing is. this system does not use IPv6 at all, so where could this come from? What does this mean?
Firewall uses a static IP on the WAN. No DHCP

2023-08-15T10:34:33-04:00   Error   opnsense   /usr/local/etc/rc.linkup: The command '/bin/kill -'TERM' '77804''(pid:/var/dhcpd/var/run/dhcpdv6.pid) returned exit code '1', the output was 'kill: 77804: No such process'

Any help is greatly appreciated.

Running 23.7.1_3
I tried every email address I have, local and remote, and all I get is this

023-08-15T10:36:15-07:00   Error   monit   Aborting event   
2023-08-15T10:36:15-07:00   Error   monit   Mail: Delivery failed -- no mail server is available   
2023-08-15T10:36:15-07:00   Error   monit   Cannot open a connection to the mailserver 192.168.100.5:465
2023-08-15T10:36:15-07:00   Error   monit   Cannot connect to [192.168.100.5]:465 -- Connection timed out   

I cannot find any email service to work with Monit. Tried Gmail, Yahoo, Local emails. Nothing works.
Apparently you can no longer use Gmail or Yahoo due to new security on those sites, so I am stuck with using the local account. Not sure if I need a firewall rule to do this.

Monit itself works fine. Just won't send email messages from my main site.
I gave up and just disabled Monit. Not really useful if I can't get messages.

Any ideas on how to get it to work on the same machine as the email servers. Do I need a new firewall rule?

My logs are filled with errors. Using v23.7.1_3
This is a repeating error every second in the logs there are actually thousands of these. Using DHCP on the WAN
How can I fix this?

2023-08-08T08:46:36-04:00   Error   opnsense   /usr/local/etc/rc.linkup: The command '/bin/kill -'TERM' '77804'' returned exit code '1', the output was 'kill: 77804: No such process'   
2023-08-08T08:45:53-04:00   Error   opnsense   /usr/local/etc/rc.linkup: The command '/bin/kill -'TERM' '77804'' returned exit code '1', the output was 'kill: 77804: No such process'   
2023-08-08T08:45:42-04:00   Error   opnsense   /usr/local/etc/rc.linkup: The command '/bin/kill -'TERM' '77804'' returned exit code '1', the output was 'kill: 77804: No such process'   
2023-08-08T08:44:37-04:00   Error   opnsense   /usr/local/etc/rc.linkup: The command '/bin/kill -'TERM' '77804'' returned exit code '1', the output was 'kill: 77804: No such process'   
2023-08-08T08:44:31-04:00   Error   opnsense   /usr/local/etc/rc.routing_configure: ROUTING: refusing to set inet gateway on addressless wan(igc0)   

Quick question.
Should I use "Bind states to interface" if I have two isolated WAN's. One static and one dynamic.
I am not using failover or load balancing.

I have a working IPsec VPN. I want to use my alternate WAN Interface to connect to it. If I change the IP in my DNS Record I get a policy Error when trying to connect. The certificate uses my OPNsense Hostname and not an IP. I did make sure the Firewall rules were duplicated for the second WAN, LAN, and NAT.

I have created another VPN connection using the new local IP's and it works fine, but changing the DNS record to the secondary WAN does not work.

Any ideas?

I have VPN working fine, but I want to change the Local IP as shown in the VPN Status Overview page.
Where can I do that? Or more specifically, how does OPNsense determine the Local IP for VPN IPsec?

When I try to connect via my other WAN Interface, I get a Policy Error.

I could not find a scenario chart of when Multi-WAN is useful. My goal is to get as much redundancy as possible.
My question is basically if I should use Multi-WAN. Would it benefit me with the following setup?
First of I want to state that I did try to set up a failover Multi-Wan configuration following the online documentation to the letter. It was not successful as I had many stalled internet accesses. I removed it.

This OPNsense box has 2 WAN's. The business Internet has a 100/20MB Mbps static IP (WAN1), and the other a 1000/50MB Mbps dhcp residential connection (WAN2).
WAN1 is used for incoming SMTP and business websites.
WAN2 is for residential internet, IMAP and SMTP outgoing, IPsec VPN to a local server, FTP, RSYNC, and video streaming server because of it's faster connection. WAN 2 also uses Dynamic DNS

I basically just use WAN1 for ports not allowed by my ISP residential service.

Now the big question. Is Multi-WAN an option for this scenario? Seems to me I have set IP's to do most connections, so I assume failover can't handle that.

I am also having LTE failover installed in a few day on WAN1. That is external to OPNsense.

Your thoughts?

I have been unsuccessful trying to reset the state table using cron. All I get is 'returned exit status 127'
can anyone help with my code? Here is what I did

/usr/local/opnsense/service/conf/actions.d/actions_ResetST.conf

Code Select Expand


[start]
command:/usr/local/etc/rc.d/rstate.sh
parameters:%s
type:script
message:starting reset_state_table
description:Reset State Table


usr/local/etc/rc.d/rstate.sh

Code Select Expand


#!/bin/sh
pfctl -F states


Then ran 'service configd restart' in shell and setup the time in cron.

What am I doing wrong?
Thanks

Using 23.1.9. Very basic generic setup. One LAN, one DHCP WAN.
Internet speeds come to a crawl. If I reboot speeds come back, but withing a few hours, back to crawling. I can barely remote into the WebGUI when it is slow.
Resources look fine. Memory is at 14% when slow and 7% when rebooted.

Anything I should be looking at? Nothing meaningful in any logs.

This is a new box that I installed OPNsense on and just restored the config. The old box had a minor disk issue. This slowdown issue is since I put this new box in.

I was doing updates on all my remote OPNsense firewall when one of them would not update so I started investigating.
I tried to do it via SSH and get Input/output error. Shell not working with same error.
Reboot doesn't work
When I try update from WebGUI I get
Checking integrity...Child process pid=30552 terminated abnormally: Bus error

Funny thing is, firewall is working. I just can't do anything.
Using ZFS, but can't run scrub from cron.

All services are running. This is a vanilla install with no additional features.
If I try a reboot via console I get
/usr/local/etc/rc.reboot: /sbin/shutdown: Input/output error

Any suggestions? This firewall is 300 miles away. I really do not want to make a trip there.

How do I assign a specific gateway to a NAT rule?
Is this determined by the NAT Outbound?
The WAN rules that are not NAT'ed I can specify the gateway. NAT rules I cannot.

Hi all,
I am now running 2 OPNsense boxes where box one has a DHCP WAN, and a LAN (192.168.100.0/24).
Box two has a static WAN and LAN (192.168.20.0/24). Both work fine right now.

My goal is to eliminate box two since the only task on that box is to NAT port 25 to the email server on the LAN.
This email server has another NIC which connects to the LAN subnet on box one (192.168.100.5).

I tried moving the box two WAN to box one WAN2. Then using a NAT rule on box one to forward WAN2 port 25 connections to the email server. This does not work.
The WAN2 gateway is online. I can ping WAN2.
The box one LAN rule is matched to the one from Box 2
WAN2   TCP   *   *   WAN2 address    25    192.168.100.5    25

I assumed all I needed to do was install the WAN2 interface/gateway on OPT1, then NAT WAN2 to port 25 to the email server.
Am I missing something? Is there something else I need to do to isolate these gateways?
Please reply if you need more info.