Messages

Hi there,

some ips in my network are blocked from the internet after a schedule kicks in.
There is also a cron job to kill all states to make sure that these clients cannot connect to the internet anymore.

Instead of killing all connections with pfctl -f state
I know that with pfctl -k 192.168.1.100 this ips states will be kicked.
How can kill states for several ips with 1 rule?
Or do I have to use an own rule for each ip I want to kick the states of?

Thank you!

and you can see resolved hostnames?

Will there be an option to search logs for blocked sites that a host wanted to visit like in pihole?
In pihole you can filter by blocked and allowed sites in the logs and also easily whitelist blocked sites.

@sol, did a quick check on the time interval issue, and could not reproduce it. In which screen does this happen? With regard to dns, it's most probably due to sensei engine not being able to see dns transactions. See:

https://forum.opnsense.org/index.php?topic=9521.msg66123#msg66123

In all reports
I did update sensei engine to 1.1_ before I updated opnsense to 19.7.6 and had to do a reboot to make sensei work again.
Although the fixed intervals (15 mins, 1h, ...) show me actual data.

In regards of dns: is it maybe dnscrypt proxy which interfers here?

Hi there,

I have a few questions:

Custom interval selection does not let me select any date later than August 7th although the selection of 24h, 7 days, 30 days in the drop down menu does work.

Furthermore show hostnames still keeps showing ip's only although this has been added to the reverse lookups. Opnsense shows hostnams in insight.

And another question. How can I use sensei for my openvpn network. I cannot select it at the interface selection.

And local hostname resolution does not work for me or I'm not using the right configuration.
Opnsense runs unbound and dnscrypt proxy.

Which server do I have to use?
DNS server IP addresses to do reverse IP lookups:
127.0.0.1,192.168.1.1
is the current setup.

Unfortunately sensei chrashed after 3 to 5 days of usage:

Either is was high cpu usage or yesterday this happened:

Sensei has detected a problem during operation and has shut down Sensei services in order to prevent a network outage.

It is because we detected high SWAP (21 -- 13821280% usage)

I run sensei on OPNsense 19.7.4_1-amd64
Intel(R) Core(TM) i5-5250U CPU @ 1.60GHz (4 cores)
8 GB Ram
and also use proxy and ips
Connection is a 100/40 mbit line
and there are about 10 users

Restarting sensei works though, it just crashes after 3 - 5 days.

Hi there,

openvpn supports 2fa and also client certificates.
Is there or will there be an option for wireguard as well?

Thank you mb.
I use unbound.
But only 1 local ip shows the hostname - even when I do not hover over it. See attachment.



Looking forward to the update on "online time". Will it be included in the free version?

quick questions:

I cannot see a feature to resolve local hostnames in reports.
"show hostnames" does not show me names, just ips.
In Reporting / Insights opnsense will show names when using reverse lookup.
Do I miss a setting for this? Or is this not implented yet?
All local users have static ips with

Furthermore is there any way to show in a simple report how long a local ip has used the internet each day; e.g. a chart / graphic ip online from 2pm till 4 pm on Monday, online 5pm till 8pm on a Sunday or something

Cheers

Hi there,

since the update to 19.1.1 I have a weird issue.
Openvpn works. I can connect to my lan and browse the web from an external wlan.
But the status under vpn / openvpn / connection status shows this:

Code Select Expand

OpenVPN Status
OpenVPN Privat UDP:1194 Client connections
Common Name Real Address Virtual Address Connected Since Bytes Sent Bytes Received
[error] Unable to contact daemon Service not running? 0 0 bytes 0 bytes



System: Diagnostics: Services also shows that openvpn isnt running, although it works. Restarting the firewall or just the service doesnt solve the issue.

This is the openvpn log

Code Select Expand

Date Message
Feb 19 17:51:49 openvpn[3190]: Exiting due to fatal error
Feb 19 17:51:49 openvpn[3190]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
Feb 19 17:51:49 openvpn[3190]: TUN/TAP device ovpns1 exists previously, keep at program end
Feb 19 17:51:49 openvpn[3190]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 19 17:51:49 openvpn[22887]: library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
Feb 19 17:51:49 openvpn[22887]: OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Feb 4 2019
Feb 19 17:13:06 openvpn[52155]: MULTI_sva: pool returned IPv4=10.10.0.6, IPv6=(Not enabled)
Feb 19 17:13:06 openvpn[52155]: 46.xxx.xx.49:56646 [stefan] Peer Connection Initiated with [AF_INET]46.xxx.28.49:56646
Feb 19 17:13:06 openvpn: user 'stefan' authenticated using 'TOTP VPN Access Server'
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_GUI_VER="net.tunnelblick.tunnelblick_5180_3.7.8__build_5180)"
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_TCPNL=1
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_COMP_STUBv2=1
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_COMP_STUB=1
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_LZO=1
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_LZ4v2=1
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_LZ4=1
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_NCP=2
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_PROTO=2
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_PLAT=mac
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_VER=2.4.6
Feb 19 16:13:07 openvpn[52155]: stefan/46.xxx.xx.xx:53468 MULTI_sva: pool returned IPv4=10.10.0.6, IPv6=(Not enabled)
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 [stefan] Peer Connection Initiated with [AF_INET]46.xxx.xx.xx:53468
Feb 19 16:13:07 openvpn: user 'stefan' authenticated using 'TOTP VPN Access Server'
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_GUI_VER="net.tunnelblick.tunnelblick_5180_3.7.8__build_5180)"
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_TCPNL=1
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_COMP_STUBv2=1
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_COMP_STUB=1
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_LZO=1
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_LZ4v2=1
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_LZ4=1
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_NCP=2
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_PROTO=2
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_PLAT=mac
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_VER=2.4.6
Feb 19 13:57:15 openvpn[97551]: Exiting due to fatal error
Feb 19 13:57:15 openvpn[97551]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
Feb 19 13:57:15 openvpn[97551]: TUN/TAP device ovpns1 exists previously, keep at program end
Feb 19 13:57:15 openvpn[97551]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 19 13:57:15 openvpn[92632]: library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
Feb 19 13:57:15 openvpn[92632]: OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Feb 4 2019
Feb 19 13:57:13 openvpn[93621]: Exiting due to fatal error
Feb 19 13:57:13 openvpn[93621]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
Feb 19 13:57:13 openvpn[93621]: TUN/TAP device ovpns1 exists previously, keep at program end
Feb 19 13:57:13 openvpn[93621]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 19 13:57:13 openvpn[28853]: library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
Feb 19 13:57:13 openvpn[28853]: OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Feb 4 2019
Feb 18 22:21:32 openvpn[52155]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]185.200.118.66:53610
Feb 18 13:27:13 openvpn[15599]: Exiting due to fatal error
Feb 18 13:27:13 openvpn[15599]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
Feb 18 13:27:13 openvpn[15599]: TUN/TAP device ovpns1 exists previously, keep at program end


Looking forward to your replies.
Thx.

PS
what does this mean
TLS Error: cannot locate HMAC in incoming packet from [AF_INET]185.200.118.66:53610

I get this from time to time from ip of the 185.200.118.xx range?
Is someone trying to connect to my openvpn using a port scan?

so habe ich es auch gemacht.
bei client export muss unter other aber die url von duckdns anders eingetragen werden:
Nur mit www.deinesubdomain.duckdns.org ging es dann.

Und in der Fritzbox muss man folgende Einstellungen setzen damit die Fritzbox auch von außen erreichbar ist:
https://avm.de/service/fritzbox/fritzbox-5490/wissensdatenbank/publication/show/35_Ueber-Dynamic-DNS-auf-die-FRITZ-Box-zugreifen/

So I can just ignore the notice in ntopng and it will keep working like before?

Hi there,

with the recent update ntopng wants a data migration

https://www.ntop.org/support/faq/migrate-the-data-directory-in-ntopng/

How can this guide from ntop be used the change the settings on opnsense via console / ssh?

Thank you.