Messages

Hi,
not having migrated the rules to new yet I made a few experiments with what I have now and it seems I understood what to do.
Thanks a lot to Franco and Vimage22 for their help.

Best wishes

Let's see if I succeed in explaining:
prior to 26.1 Destination NAT was Firewall --> NAT --> Port Forwarding
and it was renamed so (Destination NAT) by the upgrade (also if the rules were written not exactly as previously, for example the Destination NAT rule that derives from the one I attached had Manual as action and not PASS)

but

in the Legacy Rules Section there are still the old rules made before the upgrade, for example the one I attached (Firewall --> Rules  ---> WAN)

The old WAN rule has pass, the Destination NAT rule is not active...........Why it doesn't work?

The attached WAN rule has pass in the field Action.
But now it requires also that the Destionation NAT rule created by the upgrade is active.

Hope to have cleared my doubt.

In the past the WAN rule (WAN_RULE.jpg, attached) was enough.
Now, without making any transfer to new rules mode, it needs also the Destination NAT rule created by the upgrade to 26.1 to be activated.

If one of the two is not activated the port forwarding does not work.

Hi Franco,
thanks for the answer.
In the past the rule on wan forwarding the port was enough and worked.

Still confused............

Hi,
I have updated to Opnsense 26.1.4.
Since the new rule system was introduced my portforwarding rule on WAN only works if is activated both in destination NAT (where it was introduced by the upgrade to 26.1) and in the old rules section.
I have not migrated rules yet, so i was wondering why this behaviour.

Thanks in advance

First of all...............upgrade to RC1 succeeded.
Applied all the patches mentioned in the other thread.
All the old rules migrated to new following the 5 steps of the Migration Assistant done.
OpenVPN Instance and port forwarding rules (now Destination NAT) all working (also the ones using Aliases).
Not tried the Shaper yet.

I'd have a question: in the OpenVPN section and in the WAN section of the Rules (new) I find rules that are already present in Destination NAT.
Furthemore if a rule is disabled in Destination NAT but enabled in the WAN section of Rules (new) the thing doesn't work till I enable it in Destination NAT.

I find confusing the apparent "duplication" of rules, could someone please help me clarifyng the function of the two section and why rules are present in both?

Thanks in advance

Hello everybody,
I had the message on 2 of my 3 OPNSense sysyems.
The only difference between them is that the two with the danger message had running:
- one OpenVPN Legacy server
- one OpenVPN Instance

while the one without the danger message has only the new OpenVPN Instance running.

All three systems upgraded succesfully and are working without problems as far a s I can see.

Don't know if it's related but hope this can help.

Best Wishes

Thanks for the quick answer, Franco.

We do not use the Business Edition, that's why I wrote 24.7 and not 24.10.

In the forum, here the why of my question, they are not differentiated while in reality, by your answer, they are.

Anyway now the situation is clear, thank you very much.

@Franco

I apologize for my dumbness but I've not the thing clear enough.

Let me rephrase the question:

is 25.1 stable enough to be used in a production environment?
is 24.7 secure enough to be used in a production environment till the shipping of 25.4?

Apart from the wording, it'd seem that a EOL (or not?) version can still be used safely.

Thanks in advance

Greetings,

I meant exactly what DEC670airp414user said.

If 24.7 is EOL why is still marked as production on the forum?

Best Wishes

Greetings,

with the release of Community version 25.1 as Production I see the 24.7 is still indicated as Production too.

Is it a typo or ......

Thanks in advance

Hello,

I remotely connected and, since I had no access to the described VM, installed ZenArmor on a working OPNSense install in a slightly less powerful host I had access to:

CPU Model: 12th Gen Intel(R) Core(TM) i7-12700
CPU Score: 1203386
Physical Memory Size: 16.6 GB

On this one, for now, I'm able to apply to ZenArmor free the same customizations I did on the other (no ads, High Control in the Category based tab..........) without any bandwidth limitation side effect.

So, for the moment, I thank you vey much for your help and when I come back to work I'll experiment on settings paying attention to the bandwidth side after every modification.

This way, if the problem arises again, I'll be able to describe which step introduced the problem and provide the logs you asked for.

Thanks you very much again for your support.

Sure,

I'm away from work for a few days for the holidays but I'll post it ASAP.

Thanks for the help

Best Wishes

Hi,

yeah, stopping ZenArmor didn't change the behaviour at all.

Best Regards