Messages

Versions    OPNsense 16.7.10-amd64
FreeBSD 10.3-RELEASE-p11
LibreSSL 2.4.4

This update has broken my VPN / Virtual Gateway connections.

How do i revert back to 16.7.9 please

seeing this in the log
configd.py: unable to sendback response [OK ] for [filter][reload][None] {e4d2f24c-3fe2-4951-9d29-1633b9dc70f1}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 202, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pip

In the UPNP settings for Interfaces, there is no option to select the OpenVPN Client Gateway.

I have three VPN interfaces defined and a gateway for interface down.

I can't use UPNP with plex unless the VPN Gateway is included.

I have two LAN segments green and blue.
WAN is connected via OpenVPN.
I have a work laptop which i want to bypass the VPN and go over normal WAN.

If i set on Firewall-Rule on
Interface Green0
Proto Any
Source mylaptop
destination Any
Gateway Red0_DHCP

it is working.

if i try to make this rule as a floating rule

Interface Green0, Blue0
Proto Any
Direction (tried both out and in)
Source  mylaptop
Destination Any
Gateway Red0_dhcp

It continues to route via OpenVPN and not the Red interface.

This is also true for a DNS rule.
I have to make a separate DNS rule on the green and blue interface
Proto TCP/UDP
Source Any
Port Any
Destination Any
Port 53
Gateway *
This is working.

If i make a floating rule.
The services that use the openVPN work, but mylaptop doesn't resolve DNS names.

Franco, the problem is under the Services, UPNP, Settings, Interfaces:
there are only;
Blue, Green, Red, Opt1, Opt2, Opt3

there is no Openvpn interface.

As i have openvpn setup as a client going to Opt1, 2, 3 for failover no ports are opened.

I note this same issue appears on the pfsense board as well.

It doesn't work for me.

But I note there is no OPENVPN interface, so don't see how it can be setup to work anyway.

openvpn udp / expressvpn  with multiple connections and gateway for latency and packetloss

found it, thanks.

Issue seemed to be with the vpn - although i didn't have the issue when there were no rules.
I setup the VOIP connection to bypass the vpn and it seems to work now.

I have a single sip phone and have set the NAT rules up.

Connections work and outgoing/incoming calls work, however are talking for sometime the call drops.

i see on pfsense forums that they say the default UDP timeout is too aggressive for sip and needs to be increased.
it that true for opnsense as well? if so, where do we do it?

after some struggles, i managed to get opnsense setup so that it connects to 3 separate locations of my VPN provider and routes that traffic from two separate lan segments via the vpn. the vpn balancing based on packet loss and latency seems to work as i verified that provider point changes throughout the day.

i have a work laptop which connects via a vpn client on the laptop. obviously i don't need to route this via my home vpn.

can someone advise how i set this up to exclude the client which could potentially connect via either of the two lan segments.

gracias

Hi there,

I have trying to achieve the same thing you have succeeded in, but without success.
https://forum.opnsense.org/index.php?topic=3859.0

Would you mind to share your config steps please? I have followed the instructions for wan load balancing and so on, per my post...but i still can't get it to work properly.

The gateway service (apinger) doesn't start on boot - and the vpn works with dns resolution until i start the service.. then nothing works, but i see a route of 0.0.0.0 to the 3rd VPN...which does have traffic as my provider only allows to active connections at once. 

This is very bizarre, i followed the instructions here https://docs.opnsense.org/manual/how-tos/multiwan.html i.e. regarding setting up the monitoring on the gateways, but for the VPNs.

Now:
- according to system/gateways page: vpn3 (tier 2) is down
- dashboard status, all 3x vpn connections are up
- system/routes/status / default gateway is vpn3
- vpn/status - all three are up
- firewall/rules/openvpn - green0/blue0 * * * Gateway = gateway pool name
- firewall/rules/vpn1&2&3 / no rules defined

- tracert goes via vpn3 (tier2) while other two are tier1
- if i change the gateway on the green0/blue/ to the pool as stated, routing doesn't go via vpn at all.

I'm close, but not there yet and could use some help.

a) 3x VPN Clients established (vpn0, vpn1, vpn3)

b) 3x interfaces defined (vint0, vint1, vpn2)

c) 1x Group (EVPN) round robin, all Tier1 vpn0, vpn1,  Tier 2 vpn2

d) FW-Rules
OPENVPN source green0 to any - gateway EVPN
GREEN0 source green0 to any - gateway EVPN
VINT0 source green0 to any - gateway EVPN
VINT1 source green0 to any - gateway EVPN
VINT2 source green0 to any - gateway EVPN

3) FW-NAT-Outbound
VINTO source green0 to any nat VINTO
OpenVPN source green0 to any nat OpenVPN

I am doing something wrong, cause the clients on green0 are not routing through the VPN.
Not even talking about the vpn pool.

*** after reboot, routing goes via the vpn goes across vpn0 but doesn't auto re-reroute across vpn1 if i stop vpn0

to be able to build a complete set of rules and then apply them at once.....
if something broken, quick reversion to the previous working ones.

i am beginner.....

Does anyone know if http://www.fwbuilder.org is compatible with opnsense 16.7 such that the firewall rules can be built off line and trasnferred by ssh?