Messages

1

16.1 Legacy Series / Re: NAT Outbound And VPN

« on: June 24, 2016, 05:23:22 pm »

Hi framura,

routing table decides, which interface will be used outbound.
Afterwards, NAT rules for that single interface are used.

So it is dependent on the destination and the routingtable.

If you try to access 1.1.1.1 and you have a route, which sends that traffic through openvpn, then NAT rules on openvpn interface are followed.
If you try to acces 99.99.99.99 and you have a route, which sends that through your WAN interface, then that NAT rules are used.

To influence, which interface is used outbound, you can use policy based routing.
This is done on OPNsense, by changing the gateway inside a firewall rule.
So lets assume, you use the default LAN out rule and nothing else, then you could:

• add a rule above that LAN rule, which allows traffic from 192.168.2.12 to destinations of your choice (maybe any?)
• in "Advanced features" section of that rule change gateway from "default" the the gateway representing your internet router.

Afterwards traffic coming from 192.168.2.12 to specified destinations will go out through WAN interface and not openvpn.
You do not need to add additional outbound NAT rules, cause what you defined is already included in
nat on $WAN  from $tonatsubnets to any -> 192.168.1.7/32 port 1024:65535
(192.168.2.12/32 is part of 192.168.2.0/24)
So you can remove your additional outbound NAT rule.


Regards,

Joerg

2

16.1 Legacy Series / Re: Port forward (web:80)

« on: June 24, 2016, 04:54:49 pm »

Hi teuna,

you have configured "WAN net" as destination in your NAT Rule.
Try "WAN address" instead (or enter that single IP, you want to translate, if this is not the address of the WAN interface).

What do you mean by "in the same LAN"?
Did you connect your workstation to the LAN network or to the WAN network of your OPNsense?

Regards,

Joerg

3

16.1 Legacy Series / Re: [SOLVED] update using http fails but works using https

« on: June 14, 2016, 05:40:24 pm »

just for the records....

Updated to 16.1.15 a while ago.
Tried to go to 16.1.16 using WebUI today, without changing to https.

Operation timed out and I got message in WebUI.

Code: [Select]

Fetching opnsense-update-16.1.16.txz: ... done
pkg-static: http://pkg.opnsense.org/FreeBSD:10:i386/16.1/latest/All/opnsense-16.1.16.txz: Operation timed out
So now expected message is visible in WebUI and troubleshooting of update issues will be easier. 

Thank you again for your great work.

Best regards,

Joerg

4

16.1 Legacy Series / Re: [SOLVED] update using http fails but works using https

« on: May 17, 2016, 11:29:24 am »

Hi franco,

thank you for your assistance.
No cache but malware protection could be the reason...
I tried with browser at my first attempt to update (3 month ago or so).
Download via http was not possible. Tried different browsers.
At the end chrome automatically switched to https and download started...
That was the reason to start testing with https and change url in origin.conf.
Since then I updated arround 5 times or so. Everytime same package and solution to download via https.
Since I didn't receive any message from our malware filter i didn't think about that... 

But at the end this of minor importance for me.

I think, important is to change messages of failed updates in WebUI.
As you also see in Message "Update failed on ALIX OPNsense" it takes some time to get the idea to change to update via shell to get meaningfull messages.

Can I place this as a whish or feature request somewhere?

Thanks and best regards,

Joerg

5

16.1 Legacy Series / Re: Update failed on ALIX OPNsense 16.1.8-i386

« on: May 12, 2016, 05:02:58 pm »

Hi,

could you please try this:

edit /usr/local/etc/pkg/repos/origin.conf
change url from http to https. url looks like this afterwards:
url: "pkg+https://pkg.opnsense.org/${ABI}/16.1/latest"

run update again.

Regards,

Joerg

6

16.1 Legacy Series / [SOLVED] update using http fails but works using https

« on: May 12, 2016, 05:00:39 pm »

Hi,

don't know, if its just with me. Started using OPNsense with 16.1.
Every update I did since then, which included the "opensense-x.y.z.txz" package failed.

WebUI Messages didn't help. Messages I got while upgrading vie shell menu have led to the right direction.

Today I took the time to collect messages and so on, so I want to share this, just in case, anyone else runs into this problem.

End of message in WebUI (which doesn't help):

Code: [Select]

Fetching perl5-5.20.3_12.txz: .......... done
Fetching opnsense-update-16.1.9_1.txz: .. done
Restarting webConfigurator...done.
***DONE***

Update stops here. Nothing gets updated.

End of messages in shell menu:

Code: [Select]

19 MiB to be downloaded.
pkg-static: http://pkg.opnsense.org/FreeBSD:10:i386/16.1/latest/All/opnsense-16.1.13.txz: Operation timed out

It is allways that package, which leeds to timeout.

I do this to work around:

edit /usr/local/etc/pkg/repos/origin.conf
change url from http to https. url looks like this afterwards:
url: "pkg+https://pkg.opnsense.org/${ABI}/16.1/latest"

Now update runs perfectly.
After update content of orign.conf is changed back to http. I assume origin.conf is included in update.

So this is no big deal for me anymore, nevertheless I have following wishes 
- please change messages in WebUI, so that one can see, that download of a certain package fails
- does the repository have some donwload issue? Is it desired, that this package is available by https but not by http?
- maybe change url in origin.conf to https?

Thank you for your great work!
Best regards,

Joerg