Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - cnu80

Pages1
#1
General Discussion / Re: monit and configctl
April 18, 2022, 08:04:40 AM
Wrapping the command within a shell was the solution. Thanks

Code Select
/bin/sh -c '/usr/local/sbin/configctl interface reconfigure vtnet1; /usr/local/sbin/configctl interface linkup start vtnet1'
#2
General Discussion / monit and configctl
April 17, 2022, 09:20:42 AM
Hi, is it possible to use monit with configctl?
I have problems with my WAN Interface when my provider is changing the public IP. I have to reboot or disable and enable the WAN interface to get opnsense connected again.

Now I tried to configure monit with configtl and following commands to "restart" the WAN Interface

Start Service:
Code Select
/usr/local/sbin/configctl interface reconfigure vtnet1; /usr/local/sbin/configctl interface linkup start vtnet1
Stop Service:
Code Select
/usr/local/sbin/configctl interface linkup stop vtnet1

When I manually execute the command, the WAN Interface is online again, via monit it does not work. I can see in the log file, that monit ist executing the commands, but nothing happens.

Logfile from monit:
Code Select
<30>1 2022-04-16T10:48:18+02:00 xx.xx.at monit 58983 - [meta sequenceId="8"] 'wan_check' stop: '/usr/local/sbin/configctl interface linkup stop vtnet1'
<30>1 2022-04-16T10:48:19+02:00 xx.xx.at monit 58983 - [meta sequenceId="9"] 'wan_check' start: '/usr/local/sbin/configctl interface reconfigure vtnet1; /usr/local/sbin/configctl interface linkup start vtnet1'
<28>1 2022-04-16T10:50:19+02:00 xx.xx.at monit 58983 - [meta sequenceId="1"] Ping request for 8.8.8.8 1/5 failed -- No route to host
<28>1 2022-04-16T10:50:19+02:00 xx.xx.at monit 58983 - [meta sequenceId="2"] Ping request for 8.8.8.8 2/5 failed -- No route to host
<28>1 2022-04-16T10:50:19+02:00 xx.xx.at monit 58983 - [meta sequenceId="3"] Ping request for 8.8.8.8 3/5 failed -- No route to host
<28>1 2022-04-16T10:50:19+02:00 xx.xx.at monit 58983 - [meta sequenceId="4"] Ping request for 8.8.8.8 4/5 failed -- No route to host
<27>1 2022-04-16T10:50:19+02:00 xx.xx.at monit 58983 - [meta sequenceId="5"] Ping request for 8.8.8.8 5/5 failed -- No route to host
<27>1 2022-04-16T10:50:19+02:00 xx.xx.at monit 58983 - [meta sequenceId="6"] 'wan_check' ping test failed
<30>1 2022-04-16T10:50:19+02:00 xx.xx.at monit 58983 - [meta sequenceId="7"] 'wan_check' trying to restart
<30>1 2022-04-16T10:50:19+02:00 xx.xx.at monit 58983 - [meta sequenceId="8"] 'wan_check' stop: '/usr/local/sbin/configctl interface linkup stop vtnet1'
<30>1 2022-04-16T10:50:20+02:00 xx.xx.at monit 58983 - [meta sequenceId="9"] 'wan_check' start: '/usr/local/sbin/configctl interface reconfigure vtnet1; /usr/local/sbin/configctl interface linkup start vtnet1'
<28>1 2022-04-16T10:52:20+02:00 xx.xx.at monit 58983 - [meta sequenceId="1"] Ping request for 8.8.8.8 1/5 failed -- No route to host
<28>1 2022-04-16T10:52:20+02:00 xx.xx.at monit 58983 - [meta sequenceId="2"] Ping request for 8.8.8.8 2/5 failed -- No route to host
<28>1 2022-04-16T10:52:20+02:00 xx.xx.at monit 58983 - [meta sequenceId="3"] Ping request for 8.8.8.8 3/5 failed -- No route to host
<28>1 2022-04-16T10:52:20+02:00 xx.xx.at monit 58983 - [meta sequenceId="4"] Ping request for 8.8.8.8 4/5 failed -- No route to host
<27>1 2022-04-16T10:52:20+02:00 xx.xx.at monit 58983 - [meta sequenceId="5"] Ping request for 8.8.8.8 5/5 failed -- No route to host
<27>1 2022-04-16T10:52:20+02:00  monit 58983 - [meta sequenceId="6"] 'wan_check' ping test failed
<30>1 2022-04-16T10:52:20+02:00 xx.xx.at monit 58983 - [meta sequenceId="7"] 'wan_check' trying to restart

Is it a permissions or environment problem ?!
#3
Virtual private networks / Re: OPNsense prevents FortiClient IPSec VPN connection
January 27, 2022, 04:53:40 PM
Hi, did you find a solution? My problem is a little different. I can connect to the company VPN server with my FortiClient VPN but after ~10min the connection is lost. Without OpnSense it is working.

I checked the logfiles and cannot find  suspicious. Any ideas to locate the problem? thanks
#4
17.1 Legacy Series / dynamic public ip / default gateway offline
March 08, 2017, 09:43:19 PM
Hi,

my WAN-Interface is configured to dhcp to get a public IP address from my provider. I use a LTE-moden in bridge mode. I think my provider change the address every 24hours and after the public IP has changed my internet connection is broken. Opnsense  switched the default gateway to offline because ping to 8.8.8.8 failed.

To get my internet connection online again I found two options:
* Reboot the complete system
* Start the script /usr/local/etc/rc.reload_interfaces

Is it possible to renew the IP address when the default GW is offline? Is there a existing function?

If not I will try to implement a script via cron.

like:
Code Select
#!/bin/sh
/usr/bin/timeout 10 /sbin/ping -c4 google.com > /dev/null

if [ $? != 0 ]
then
  /usr/local/etc/rc.reload_interfaces
fi


thanks
#5
17.1 Legacy Series / Re: Pure NAT
March 08, 2017, 09:03:39 PM
I switched my modem to bridge mode. Now the public address is directly bounded on the WAN-Interface.
Port forwarding and Pure-Nat are working as expected.
#6
17.1 Legacy Series / Re: Pure NAT
March 08, 2017, 05:45:07 PM
thanks for response.

I used split DNS before and it works create with stationary devices, but with my laptop and other mobile devices I have to restart applications, flush dns caches and so on to get the internal IP.

In the meantime I found the problem, but not the solution.  ;) I get from my ISP a dynamic public IP address and my modem is in router mode. From my understanding I have a double NAT.

When I create the port forward with destination "WAN-address or WAN-Network" pure nat does not work.
When I create the port forward with destination "single host" and fill in my public IP, it works.

But when my ISP change the public IP, the rule is broken again.
Is there a feature to track the public IP and change rules dynamic?

thanks
 
#7
17.1 Legacy Series / [SOLVED] Pure NAT
March 08, 2017, 09:31:49 AM
Hi,

I migrated from a Ubiquiti Edgerouter to a virtual opnsense installation. Migration was successfully, edge router is powered off  ;) .  Now i configure some additional services, like DHCP, port forwarding, dyndns ....

Port forwarding works as expected (access from Internet), but from my internal LAN I cannot connect to  the forwarded ports. I used following manual to configure the "Reflection NAT

https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

My setup:
* opnsense latest version
* virtual machine with one network adapter
* I use VLANs to separate DMZ,WAN,LAN, GUEST an so on. This configuration is working fine.
* My WAN connection: I use a Netgear LTE Modem in router mode. WAN Interface is a static IP4 Address (192.168.5.100) and my default gateway is 192.168.5.1 (Netgear modem). Is this a problem? Should I set the modem to "bridge mode"?

I tried to set the "Filter rule association" to "Pass" but the connection i still not possible.

What can I do to find the failure?

BR, cnu80

PS: Is it better to use several network interfaces instead of a VLAN-trunk?

Pages1