Messages

1

19.7 Legacy Series / Re: Network outage randomly - Need help to investigate

« on: November 29, 2019, 03:23:36 pm »

Yup, on your advices I just checked my ovs-vswitchd.log history and find that on last week, I get

Code: [Select]

2019-11-21T20:52:15.544Z|00788|netdev_linux|WARN|veth104i0: removing policing failed: No such device
2019-11-21T20:52:15.544Z|00789|ofproto|WARN|vmbr1: cannot get STP status on nonexistent port 33
2019-11-21T20:52:15.544Z|00790|ofproto|WARN|vmbr1: cannot get RSTP status on nonexistent port 33
2019-11-21T20:52:15.546Z|00791|bridge|WARN|could not open network device veth104i0 (No such device)
2019-11-21T20:52:20.155Z|00792|bridge|WARN|could not open network device veth103i0 (No such device)
2019-11-21T20:53:20.214Z|00793|bridge|WARN|could not open network device veth102i0 (No such device)

I keep investigating that way.

Thanks for your quick reply !

Regards,

2

French - Français / Re: Router le trafic de mon VLAN guest sur un autre WAN que mon VLAN 1

« on: November 29, 2019, 03:09:37 pm »

Hello,

Firewall -> Nat -> Outbound
Sélectionne Hybrid outbound NAT rule generation puis ajoute une règle manuelle :

Interface wan
Source address : vlan wifi
tcp/ip version : IPv4
protocol : any
source port : any
destination address : any
destination port : any
Translation address : wan adsl

Je le fais pour plusieurs vm et ça fonctionne plutôt bien. Ainsi chaque vm sort avec une ip dédiée.

3

19.7 Legacy Series / Network outage randomly - Need help to investigate

« on: November 29, 2019, 02:54:34 pm »

Hi,

I used opnsense for few years now and I really like it !

I run a virtual machine on Proxmox (kvm) with 2vcpu and 2gb of ram, 10Gb hdd.

On this vm, I have 4 virtual interfaces with dedicated mac address and routing on the hoster network (ovh).
These interfaces are dedicated to haproxy to deliver web services, and 3 openvpn servers.

On the lan side, I have multiple vlan on the same interface. Each of this vlan is a /30 subnet where I configure a virtual server and an opnsense ip address for gateway.

It was working without any reboot for last 4 months. And, randomly last week, our services where not available anymore and we had to stop / restart the firewall.

Today, another outage and I tried to reboot directly the virtual machine without success, our services became available for 10 seconds. Then the firewall stopped to respond.

For troubleshoot, I checked at the arp table and found that every local ip had the same mac address.

I tried to stop the vm and to start it (cold boot) again, and miracle, everything seems to be fine and working again. I checked at the arp table and every local ip has a specific mac address now.

I think that the arp table was full, and everything dropped. The reboot did not flush the table, maybe because the table is directly reloaded in case of reboot ?

Please if anyone has any king of solution, investigation, or anything else ? I do not really know how to troubleshoot quickly this problem before it appears again ?

Thanks for your reply.

Regards,

4

19.7 Legacy Series / Multi wan with clustered configuration

« on: November 13, 2019, 04:52:56 pm »

Hi,

I want to setup a ha cluster with two of my physical firewalls. I was reading the differents docs but no one of them seems to solve my problem.

I have two opnsense with a wan connection. They have a lan interface connected to a switch and every of their wan interface is connected to a dedicated fibre link.

In your opinion, what are the docs, and how do I  can make a ha cluster with failover and loadbalancing.
Every docs talks about multiwan with one firewall or ha with two firewalls but one connection.

I just attached a picture of my setup.

Thanks for your advices.

5

17.1 Legacy Series / Re: Multi Wan with bridge mode

« on: May 16, 2017, 02:27:41 pm »

Okay.

For the moment I have an ip address on my bridge interface.

So, If we check at L3, I have br0 interface and lte interface.

If I configure my client with br0 defaut gateway, it should work nope ?

Cheers,

6

17.1 Legacy Series / Multi Wan with bridge mode

« on: May 16, 2017, 12:14:35 pm »

Hello,

I am currently testing multi wan capabilities with ethernet/4G uppon bridged configuration.

In the past I already played with multi wan setup in router mode but I just modified my setup to have a transparent firewall with LTE failover.

I configure my hardware (APU 3a4) with a group gateway with bridge gw + 4g gw. But when I unplug eth0 link, 4G setup does not route the traffic through its interface because (I suppose) I do not run dhcp server, and so my clients does not know they have to send their traffic to my equipment instead of default gateway.

I am currently looking for solutions and testing advices but I am not very sure about the way I have to look for.

Thanks for your answers.

Cheers,

7

17.1 Legacy Series / Re: Unable to get 4G connection on pc engine APU3a4

« on: April 27, 2017, 06:07:08 pm »

Ok, I found an answer here : https://forum.pfsense.org/index.php?topic=86064.150

- As mentionned, I had to add &F0E1Q0 +CMEE=2 in front of Iinit string text box
- I also had to delete PIN code from SIM card, then after a reboot, connectivity seems ok !

8

17.1 Legacy Series / [Solved] Unable to get 4G connection on pc engine APU3a4

« on: April 27, 2017, 12:15:32 pm »

Hello,

I'm actually running OPNsense 17.1.4 on a pcengine APU3A4.

I choose this device for its 4G/LTE advantages.

To get 4G/LTE working fine, I bought a SierraWireless MC7304 card and tried to get it owrking with a Free Mobile and Bouygues sim card unsuccessfull.

I followed this documentation : https://docs.opnsense.org/manual/how-tos/cellular.html and did exactly the same as specified inside, especially the device number specified here : https://docs.opnsense.org/manual/mobile_wan.html (uaUx.2).

Here are parts of logs from point to point logs :

Code: [Select]

Apr 27 12:10:06 ppp: [wan_link0] Link: reconnection attempt 51
Apr 27 12:10:05 ppp: [wan_link0] Link: reconnection attempt 51 in 1 seconds
Apr 27 12:10:05 ppp: [wan_link0] LCP: Down event
Apr 27 12:10:05 ppp: [wan_link0] Link: DOWN event
Apr 27 12:10:05 ppp: [wan_link0] MODEM: chat script failed
Apr 27 12:10:05 ppp: [wan_link0] CHAT: The modem is not responding to "AT" at ModemCmd: label.
Apr 27 12:09:51 ppp: [wan_link0] Link: reconnection attempt 50
Apr 27 12:09:47 ppp: [wan_link0] Link: reconnection attempt 50 in 4 seconds
Apr 27 12:09:47 ppp: [wan_link0] LCP: Down event
Apr 27 12:09:47 ppp: [wan_link0] Link: DOWN event
Apr 27 12:09:47 ppp: [wan_link0] MODEM: chat script failed
Apr 27 12:09:47 ppp: [wan_link0] CHAT: The modem is not responding to "AT" at ModemCmd: label.
Apr 27 12:09:34 ppp: [wan_link0] Link: reconnection attempt 49
Apr 27 12:09:30 ppp: [wan_link0] Link: reconnection attempt 49 in 4 seconds

I do not know *bsd systems very well and where to find specifics logs.

- Where could I find debug informations ?
- Can I turn on debug on lte connectivity or anything else ?

Thanks for your help and answers.

Cheers,

9

French - Français / Configuration Wan ipv6 Online

« on: July 27, 2016, 04:24:37 pm »

Salut,

Je loue actuellement un dédié chez Online, la dédibox LT2016.
J'utilise l'ipv4 du dédié pour l'administrer, puis une seconde ipv4 connectée directement sur un opnsense virtualisé avec Proxmox qui dispose d'une interface vmbr0.

Tout ça fonctionne bien en ipv4. J'ai décidé de mettre la double stack partout en commençant par le dédié et en suivant cette doc : https://documentation.online.net/fr/dedicated-server/network/ipv6/prefix Bon j'y arrive tant bien que mal, bien que ça ne fonctionne pas automatiquement, je suis obligé d'ajouter l'ipv6 à la main après chaque reboot mais ce n'est pas le plus important.

J'essaie maintenant de configurer une ipv6 sur l'opn sans succès. En effet dans l'interface web je ne vois pas ou entrer le DUID comme mentionné dans la doc Online, ainsi que toutes les informations nécessaires.

J'ai bien essayé de mettre une adresse en dur avec la passerelle ipv6 récupérée sur le dédié mais sans succès.

Certains d'entres vous ont déjà configuré ipv6 sur le wan de l'opn chez un hébergeur comme Online ? Auriez vous des indices / pistes à me fournir ?

Merci pour vos retours.