Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - thijs

Pages1
#1
22.7 Legacy Series / PPPOE interface down after upgrade to 22.7.4
September 18, 2022, 11:38:50 AM
Hi all,

This week we upgraded two older OPNSense firewalls (the white boxes) at different locations from a version 22.1.x to 22.7.4. Both firewalls are connected to WAN with PPPOE (no VLAN). They both stopped connecting to the internet after the upgrade, the physical interface doesn't even show any sign of connectivity as no LEDs are lid while there is a network cable connected to it.

We were able to get it working again on one of the firewalls by creating a new PPPOE-interface on a different physical interface but then we also needed to change all the firewall rules. That was doable at the first site, but not at the second one. Luckily the second site is still online as it has two firewalls in a HA scenario and I didn't update the active one.

In the update notes I saw one line about PPPOE: "interfaces: refactor DHCP and PPPoE scripts to use ifctl exclusively". Does this corrupt our config/interface? And if so, where do I find the config files or log files to fix this? The logging under "Interfaces > Point-to-Point > Log File" isn't of much help.
#2
16.1 Legacy Series / Outbound NAT with proxy
August 09, 2016, 09:14:27 PM
After reading through the boards and wiki I've found different posts with questions regarding the outbound NAT. Most of them are about OpenVPN and Outbound NAT. People seem to get this working, but I can't get it to work with the proxy server instead of OpenVPN.

Is it even possible? I've done the following:
- WAN is PPPOE with /28 subnet;
- added virtual IP as "Other" in firewall with ip in range of WAN subnet;
- changed NAT to hybrid and added a rule:
    = Interface: WAN
    = Source: 192.168.x.x/24
    = Source Port: *
    = Destination: *
    = Destination port: 3128
    = NAT Address: my virtual ip
    = NAT Port: *
    = Static port: NO
    = Description: Proxy WAN2
- there is an automatically created rule in the firewall which allows proxy to go outside.

And that's it, but when I test the proxy I'm getting the ip address of the WAN back (first in DHCP from PPPOE). I do want it to go out on the second ip address.

Any thoughts?

Edit: found this post @ PFSense: https://forum.pfsense.org/index.php?topic=114087.msg635214#msg635214
I can't however find the field "Custom ACLS (After Auth)". Is this an option at OPNsense at all?

Edit2: found out that you need to add tcp_outgoing_address into the /usr/local/etc/squid/squid.conf file. But then Squid gives me another error: "commBind: Cannot bind socket FD 21 to xxx.xxx.xxx.xxx: (49) Can't assign requested address"
Pages1