Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - iBROX

Pages1
#1
24.1, 24.4 Legacy Series / Inbound Wildcard DNS block
April 22, 2024, 08:21:22 AM
Hi,

Is there anyway to block say *.abc.com (obviously being a wildcard) it will block all hostnames under it ?

I've looked everywhere and can't seem to find an easy solution, is there a way within Opnsense or perhaps using Sensei or some other plug in?
#2
23.1 Legacy Series / Dynamic DNS issues with ddclient
February 13, 2023, 04:44:12 AM
Hi,

Got an interesting issue with os-ddclient and I've done a fair bit of testing relating to the issue, I'll try and explain the scenario best I can.

Primary Link : Always on 24/7 - assigned a Public IP - lets say it is 116.255.4.225
Secondary Link : Only active when primary link goes down - assigned a public IP - lets say it is 1.144.230.31

os-ddclient updates my domain with no problem when the primary link is active.  Now when I test failover and all traffic is routed out via the Secondary link, give it about 5-10 minutes and os-ddclient then updates my domain to be given the Secondary link IP, no issues here. 

I check my control panel with my domain provider and you can see it has been updated when the primary link fails with the secondary link IP.

The problem I see is when the primary link comes back and os-ddclient attempts to update the DNS record it fails and says that the IP was already set to 116.255.4.225. log below :

<29>1 2023-02-13T14:13:25+11:00 gateway. client[28050] 34812 - [meta sequenceId="1"] SUCCESS:  DNSNAME: skipped: IP address was already set to 116.255.4.225.

I then check the DNS provider control panel and its still got the secondary link IP in there, I have to actually go in and manually add back in my primary link IP to get things working again.


I then deployed a Debian VM and installed ddclient on that with the exact same config as Opnsense and on this VM it works perfectly as expected :

Primary Link fails and it updates the DNS record with the Secondary link IP, then I bring the Primary link back and it says to wait for 5 minutes which is fine, but then on the next attempt 5 minutes later it correctly updates the DNS record with the Primary link IP, there is no manual intervention required basically.

Any ideas why Opnsense is failing to act properly in the above scenario ?
#3
General Discussion / NTOPNG & 22.1
January 29, 2022, 01:32:41 AM
Hi,

First things first, great work with the release of 22.1, I have an issue in regards to NTOPNG, when I install it as per :

https://packages.ntop.org/FreeBSD/

I don't see the services listed under the services menu option on the right hand side, I have cleared cookies etc and tried multiple browsers, even reset the router and still nothing shows, so I can't configure the redis and NtopNG service, any ideas?

#4
21.7 Legacy Series / Iperf speeds slow (Vmware environment)
October 08, 2021, 06:01:40 AM
Pretty simple setup here.

Running latest version of Opnsense in Vmware (7) installed Iperf in Opnsense and I have a standard debian VM connecting as the client, only getting the following speeds :

[  5] 549.00-550.00 sec  71.2 MBytes   598 Mbits/sec    2    525 KBytes
[  5] 550.00-551.00 sec  73.8 MBytes   619 Mbits/sec    0    621 KBytes
[  5] 551.00-552.00 sec  71.2 MBytes   598 Mbits/sec    0    704 KBytes
[  5] 552.00-553.00 sec  72.5 MBytes   608 Mbits/sec    2    567 KBytes
[  5] 553.00-554.00 sec  76.2 MBytes   640 Mbits/sec    0    663 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-554.46 sec  41.0 GBytes   635 Mbits/sec  567             sender
[  5]   0.00-554.46 sec  0.00 Bytes  0.00 bits/sec                  receiver

Network topology is quite straight forward

Test VM (Vlan50) ----> OPNsense VM (Trunk port, VLAN50)

I've read multiple threads that there are known performance issues with running in a virtualised environment with the VMXNET3 driver, is this still the case?

I don't need a lot of bandwidth but would have expected to see at least 1GB
#5
21.7 Legacy Series / FW rule issue
October 04, 2021, 09:06:59 AM
Hi,

This should be simple and it probably is, but for some reason it isn't working, I'll explain best I can.

Network A : 192.168.90.0/24
Network B : 192.168.100.0/24

I am trying to connect to TCP/22 from Network A to Network B , I have the rule in place but for some reason it keeps getting picked up by the default deny rule in the logs.  I can ping a host on network B from network A no problems but for some reason it isn't parsing the rule.  I can also see the request come into the host on network B using a netstat or a tshark capture.

From the deny log for some reason it looks like it is the wrong way around (unless I'm reading it wrong)

I've attached the deny log.

I can access the host on Network B from another host on Network B no problems.
#6
21.7 Legacy Series / ARP moved messages in the logs
September 28, 2021, 10:03:26 AM
Hi,

I'm getting the following messages in the dmesg and console log of my Opsense install :


vmx2: promiscuous mode enabled
arp: x.x.x.x moved from x.x.x.x to y.y.y.y on vmx2


https://lucatnt.com/2016/02/arp-moved-messages-in-freenaspfsense-explained/


I've tried a few things to turn this off but no matter what I do it still shows, I've added a system tunable of :

net.link.ether.inet.log_arp_movements = 0

I see that be added to /boot/loader.conf but after a reboot if I do a sysctl -a it shows it as a value of 1 :

net.link.ether.inet.log_arp_movements: 1

If I run sysctl -w after a reboot it stops the messages, however after a reboot it reverts back to a value of "1" and starts the messages again.

Any ideas?
#7
21.1 Legacy Series / VLAN to VLAN FW allow
March 15, 2021, 08:22:34 AM
Hi,

This should be a simple rule but for some reason it aint working, I'll give a rundown of my setup :

VLAN 10 (Secure)
VLAN 15 (Guest)

Pc on vlan 15 with ip 192.168.15.55

I want to be able to pc 192.168.15.55 (3389) from a range of PCs on VLAN 10.

I thought it would've been a simple addition of a FW rule in the GuestNetwork in FW rules allowing this, but it doesn't seem to work, for some reason the traffic is coming from my WAN interface (Internet) instead of the internal network (VLAN 10).

Any ideaS?
#8
21.1 Legacy Series / Backups To Google broken ?
February 25, 2021, 05:42:40 AM
Hi,

I've just noticed that my daily overnight backups of the config file to Google have stopped working for some reason, settings are fine because if I go in and do a manual backup it uploads to Google just fine.

Any ideas on where to start looking , last successful backup was a manual one I did on 22/2/21 @ 10:03am none have gone up since.
#9
20.7 Legacy Series / GEOip list update interval
January 27, 2021, 03:14:40 AM
Hi,

How often does the GEOip list under Firewall>Aliases>GEOIp setting?  Is it every 24 hours or ?

Thanks
#10
20.7 Legacy Series / GEOip issue when choosing two countries
January 26, 2021, 06:52:52 AM
Hi,

Got an issue when I choose Russie and Ukraine to block via GEOip, I get the following error (see attached).

I've narrowed it down to these two countries and when it bombs out with the error the entire list is ignored, maybe a parsing issue somewhere?


Pages1