Messages

1

23.7 Legacy Series / Firewall Rule Question ( Resolved )

« on: September 25, 2023, 12:46:49 pm »

Hi there,

I'm in the process of uploading an ISO to a VMware server from the LAN to VLAN20. There are existing firewall rules allowing any-to-any traffic on both sides. However, I'm currently facing a firewall-related error on the screen. Your assistance in resolving this issue would be greatly appreciated.

Edite: issue is resolved and can be closed

2

23.7 Legacy Series / Re: Intrusion Detection stops after 1 minute

« on: September 11, 2023, 05:23:12 pm »

i had this issue last year, i've been working with the support team and they couldnt fix it.
i give up using it.
now i am using Firewall Alias.

3

23.1 Legacy Series / Re: Print over the vpn

« on: August 20, 2023, 01:55:45 pm »

We managed to find the blocked port on the firewall live vieuw
Thank you everyone

4

23.1 Legacy Series / Re: Print over the vpn

« on: July 31, 2023, 09:21:01 pm »

Thank you for your answer
I see we have on the printer Alias the next ports 137/138/139/161/162/427/9100/9220/9500
Still killing the printer during the print
When the users print I don’t see anything on the LAN interface being blocked.

5

23.1 Legacy Series / Re: Print over the vpn

« on: July 29, 2023, 11:28:14 am »

Is the tunnel NATing traffic?

The tunnel interface firewall rules is allowing any to any of this what you mean.

6

23.1 Legacy Series / Print over the vpn

« on: July 29, 2023, 12:41:49 am »

Hello everyone,

We have set up a site-to-site Wireguard VPN to our datacenter. The LAN interface is configured to allow ports 443, 80, 53, and 9100 for printing Konica devices.

However, when the users attempt to print from the remote location to the office, it doesn't work. Printing only functions when we add the rule "any to any."

Could someone advise why this is happening and what I might be missing here? Thank you!

7

23.1 Legacy Series / Re: Disk is 109% full

« on: July 10, 2023, 05:01:00 pm »

Thank you so much found the cause a lot of logs were hanging in /var/log/filter

i've cleaned them and now i got my storage back

8

23.1 Legacy Series / Disk is 109% full

« on: July 10, 2023, 04:27:54 pm »

Hi guys,
today we noticed the box is full %109.

Code: [Select]

/dev/gpt/rootfs 49G 49G -3.9G 109% /

devfs 1.0K 1.0K 0B 100% /dev

devfs 1.0K 1.0K 0B 100% /var/dhcpd/dev

devfs 1.0K 1.0K 0B 100% /var/unbound/dev

/usr/local/lib/python3.9 49G 49G -3.9G 109% /var/unbound/usr/local/lib/python3
i cannot seem to find the log that full up my disk.

can you please advise how to clean this up ?

9

23.1 Legacy Series / Re: IPv6 DNS issues in 23.1.8?

« on: May 30, 2023, 01:34:57 pm »

i have the same problem with 23.1.7_3.
i advice to go back to 23.1.6 most of people has tested this

Thanks for the tip. I actually just disabled IPv6 (as it's not critical for me for the moment - and have to get some work done) and everything is now working as a charm. DNS resolution back down to ~1ms for locally cached results (and 4ms for results fetched from Cloudflares cache).

I applied the patch mentioned in https://forum.opnsense.org/index.php?topic=34241.msg165713#msg165713 and it fixed some issues, but no the DNS lookup issue.

when you say disabled IPV6 do you mean on Firewall: Settings: Advanced and uncheck the IPV6 ?
on the page you provided i don't see a patch, which one do you mean?

10

23.1 Legacy Series / Re: 23.1.7_1 broke my Firewall

« on: May 30, 2023, 11:23:44 am »

@My_Network

https://github.com/opnsense/core/commit/25e2c0a30

# opnsense-patch 25e2c0a30


Cheers,
Franco

Hi Franco,

thank you so much for your answer.
when i enter the command line nothing happens with this machine.
i have the feeling this one is broke.
i tried it on a different one 23.1.8 and it seems to be applied succecefully.

Code: [Select]

Patching file etc/inc/system.inc using Plan A...
Hunk #1 succeeded at 677 (offset -10 lines).
done
All patches have been applied successfully.  Have a nice day.

11

23.1 Legacy Series / Re: IPv6 DNS issues in 23.1.8?

« on: May 30, 2023, 11:15:59 am »

DNS resolution has also become very unstable for me after upgrading to 23.1.8. Using Unbound and Cloudflare as upstream DNS.

I've been running dual stack IPv4/IPv6 on my current ISP with no issues for more than half a year, and nothing seams to have changed on their side.

Looking at Smokeping, resolving test.test on unbound from my local network, I see a huge difference after upgrading to 23.1.8. Spikes going over 800ms and even some timeouts. Internal latency is <0.7 ms.

DNS resolution from my wired laptop are now fairly consistent > 40ms (even for cached results) and before the upgrade they were < 1ms for cached results.

I used to have 20/20 on ipv6-test.com, but now various tests time-out (inconsistent between refreshes) so I end up somewhere between 10/20 and 18/20.

I'll try to downgrade to 23.1.7_3 to see if it helps.

i have the same problem with 23.1.7_3.
i advice to go back to 23.1.6 most of people has tested this

12

23.1 Legacy Series / Re: Questions Regadring Subnets

« on: May 29, 2023, 09:36:57 pm »

thank you for your answer.
i just been doing some reading and i think the issue is related to the 23.17_1 with the gateway switching ect..
i'll have to revers back to 23.1.6 but the box is not reversing.
i'll have to reinstall it

13

23.1 Legacy Series / Re: 23.1.7_1 broke my Firewall

« on: May 29, 2023, 06:07:32 pm »

i am facing the same issue with one box 23.1.7_3.
the gateway keeps showing offline but everything is working. only sometimes it has to think about reloading websites.
when i tried the revert back to opnsense-revert -r 23.1.6 on the shell nothing happens on the shell.
supposed to reboot after the command line opnsense-revert -r 23.1.6 ?

14

23.1 Legacy Series / Questions Regadring Subnets

« on: May 29, 2023, 05:56:13 pm »

Hi Guys,

i hope someone can point me to the right direction here.
we have from ISP and /29 Subnet which we have configured our WAN on
XX.XX.XX.XX/29 WAN1
we have added the other 8 IP to virtual IPS and it works fine.
with the second  subnet /29 we did the same add it to the Virtual IPS.
and add both gateways to the System: Gateways: Single

this week we got the 3th subnet to test for our 10GB up links with the same subnet.
when i tried to add the 3rd gateway its error out

Code: [Select]

The following input errors were detected:

The gateway address "X.XXX.X.X does not lie within one of the chosen interface's IPv4 subnets.
is this because the WAN is /29 and not /32 ?

your help is appreciate it.

thank you

15

23.1 Legacy Series / Re: Update to 23.1.8 got stuck

« on: May 29, 2023, 12:30:14 am »

i cannot say i have the same issue.
but it keeps erroring during the update. DNS and everything else is working


i noticed the wireguard has stopped working and works only between 23.1.7_3 and not with 23.1.8



***GOT REQUEST TO CHECK FOR UPDATES***

Currently running OPNsense 23.1.7_3 at Mon May 29 00:00:08 CEST 2023

Fetching changelog information, please wait... fetch: transfer timed out

Updating OPNsense repository catalogue...

Fetching meta.conf: . done



and after changing mirro to AMD



***GOT REQUEST TO CHECK FOR UPDATES***

Currently running OPNsense 23.1.7_3 at Mon May 29 00:00:08 CEST 2023

Fetching changelog information, please wait... fetch: transfer timed out

Updating OPNsense repository catalogue...

Fetching meta.conf: . done

pkg: http://mirror.ams1.nl.leaseweb.net/opnsense/FreeBSD:13:amd64/23.1/latest/packagesite.pkg: Operation timed out





this just happens like this without changing anything.

the only think is the other boxes a re updated to 23.1.8


when i do audit connectivity
its comes back with this error

***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 23.1.7_3 at Mon May 29 00:53:18 CEST 2023
Checking connectivity for host: pkg.opnsense.org -> 89.149.222.99
PING 89.149.222.99 (89.149.222.99): 1500 data bytes

--- 89.149.222.99 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv4): https://pkg.opnsense.org/FreeBSD:13:amd64/23.1
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 822 packages processed.
All repositories are up to date.
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:5300:a010:1::1
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:13:amd64/23.1
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
***DONE***