Messages

Hi - a general question that is puzzling me.
I have a (primary lan) setup on igb2 with 10.10.11.0/24 and Opnsense interface is 10.10.11.1
In addition - I have another network (guests) on igb3 - with ip 192.168.5.1/24 - opnsense is 192.168.5.1

Reflection is turned on btw, if that matters.

I want to prevent all/any client on the 10.10.11 - network from pinging 192.168.5.1
I have tried all combinations I can think of, but regardless of the rules I make in the firewall, the ping goes through....
Is there something mystical or special about the local IP that I haven't thought about ?

Yeah - rebooting does nothing..

Yes I know. I only ever had one enabled at a time.

I have tried both SNMP and USB - both turn up when I access them through the command-line, but not in diagnostics. Here are settings when I use in USB-mode.

Not sure what you asked.... Do you mean in Opnsense config ?- Name is just "apc" nothing more.

I have installed the NUT add-on, and configured an older APC Smart-PS 1000 RM to work with it in Standalone mode.
Wether I use SNMP or USB - the ups is listed if I do upsc -l
Also - the parameters are read and displayed (correctly) if I do upsc <upsname>.
So - far - as expected, as should be,and all seems ok, BUT - in Services->NUT->Diagnostics - the screen is just ... blank. And curl http://localhost/ui/nut/diagnostics gives nothing.

I saw nothing fishy in any logfile either ....

Is there some standard basic error I may have done ?

No, it is UEFI.
Have now tested with legacy and non-legacy and all the settings I can think of....

As my old Opnsense installation resides on a computer that is getting a bit old and tired, I purchased a new desktop PC and downloaded 20.7 to install. The problem is that the boot sequence stops right after some information about the video-card. The machine is then completely frozen, and has to be power-cycled.

Image is OPNsense-20.7-OpenSSL-vga-amd64.img.bz2
Installed to a 16G USB stick
Hardware : HP ProDesk 600 G5
-SFF
- Core i5 9500 / 3 GHz
- RAM 8 GB
- SSD 256 GB
- NVMe
- DVD-Writer
- UHD Graphics 630
- GigE

Attached is an image of where in the boot process it freezes.
Does anybody know what on earth this could be caused by ?

I have a functioning IPSEC-tunnel up running on an OPNsense 17.7.4, and traffic between machines on either side is running perfectly.

I want to use an LDAP-server on the remote side of the IPSEC tunnel for authentication (for incoming openvpn roadwarrior clients). When I try to set this up as a server in OPNsense menu, there is no response from LDAP server. I then tried to ping the server from the OPNsense - no reply.
Doing ping or LDAP from any client on the LAN-side of the OPENsense - works fine.

What on earth could I be missing ??

I have seen variations of this question, but I really cannot see that hey have been answered to a degree that I can understand how to set it up.

I have a /27 of public addresses say 199.199.199.34 .. .62
On the inside I use 10.10.10.0/24.

I have some servers running on the inside, and need to expose various ports on public IPs.
First off ; am I better off using Port forwarding, or one-to-one NAT and fw-rules ?
It seemed the port forwarding worked fine until I had 3-4 rules with some of the same ports (but on different public IPs of course) - then it just didnt work like I thought.

If I need to use one-to-one NAT - can someone please give me a blow-by-blow ? I cannot wrap my head around it.

[TAP]

Unfortunately, only the physical interfaces are listed as possible members when creating a bridge. Neither Openvpn nor IPSEC interfaces/tunnels are listed in any way... I am running 17.7.4 btw

Hi, well - meanwhile You got it running^^ *thumbsup*
nevertheless I wonder why You don't see the TAP interface? <-- it's only working with a TAP configuration in openVPN

Cheers, Stephan

I would like to know that as well !

No, you need SPD entries in your ipsec setup and NAT

https://mimugmail.github.io/NATbeforeIPSEC.html

It looks a bit different now, but you should get it to work.

I made this work!! Thank you so much!!

Unfortunately, only the physical interfaces are listed as possible members when creating a bridge. Neither Openvpn nor IPSEC interfaces/tunnels are listed in any way... I am running 17.7.4 btw

Current firewall is getting old, and I am planning to switch it with a computer running OpnSense.
I have one issue that I cannot seem to find an answer to ;
Our LAN is 10.10.11.0/24 and we are connected to a service we use through IPSEC, and the remote network is 10.1.1.0/24.

Here is the snag : the old Sonicwall set aside a few addresses in the LAN-segment for road-warriors connecting with SSL-VPN - and the remote network only knows that 10.10.11.0/24 is available though the tunnel.
I want to use OpenVPN road warrior setup, but the setup requires a separate (virtual?) subnet for these connections - meaning roadwarriors will have addresses outside of the LAN. If I can't change or add the routing on the remote side - how can I either ;
a) assign roadwarriors IPs from the LAN-segment (ideally using DHCP-relay to another server) ?
b) make traffic from roadwarriors seem like it comes from LAN-IPs when they in fact do not.

My instinct tells me to look closer at ProxyARP, but I am not sure, and I cannot seem to find thorough docs on the subject.

Does anyone have ideas as to the solution, and does anyone know some good examples and documentation for proxy-arp ?

========
Alf

God, yes!
I don't understand why, but I tried on two different machines and was not able to make a bootable/installable USB or DVD. I tried all the relevant images, but no go. The closest I got was once on a USB - the words "gptboot: primary GPT table checksum mismatch" flashed by before it rebooted in an endless cycle.
In the end I spent some time googling etc, and LUCKILY - I found this post. Thank you for saving what little was left of my hair  ;D