"
No replies right? I'm seeing same errors in my log file and really curious if anyone is seeing the same and/or knows the cause
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
General Discussion / Re: Errorconfigct error in configd communication Traceback (most recent call last)
July 18, 2024, 09:21:07 PM #2
22.7 Legacy Series / Re: PLEASE HELP! WAN FLAPPING!
January 13, 2023, 09:16:23 AMQuote from: SolarCzar on January 07, 2023, 04:45:27 PM
OK, I'm getting desperate. Just when I think my changes based on recommendations are stable, my WAN port starts flapping again.
Any errors/collisions on Interfaces -> Overview --> WAN ?
And did you add any parameters to Interfaces -> WAN --> DHCP client configuration (one of the tabs)? Is 'override MTU' ticked?
I had similar issues when I started with opnsense some years back and had to add this to the 'Option modifiers':
supersede interface-mtu 0
Which was for a specific ISP here in my country, but it might help in your case.
#3
22.7 Legacy Series / Re: OPNSense VLAN and Unifi Switch/AP
October 24, 2022, 10:28:30 AM
Enable logging for those VLAN fw rules and check the live log (filter on the vlan interface if you like) while connecting your mobile to the guest wifi network. Perhaps it will show you the issue already.
If you don't find anything obvious there, then I would run a tcpdump on the opnsense box to see if the DHCP traffic even reaches it. If not then there must be a config issue on either your switches or AP's.
In that case I would check if the switchport where the AP is connected to allows the guest VLAN to pass through
If you don't find anything obvious there, then I would run a tcpdump on the opnsense box to see if the DHCP traffic even reaches it. If not then there must be a config issue on either your switches or AP's.
In that case I would check if the switchport where the AP is connected to allows the guest VLAN to pass through
#5
Zenarmor (Sensei) / Re: Error during update
June 21, 2022, 08:50:51 AM
seems https://www.sunnyvalley.io is also down
#6
Zenarmor (Sensei) / Error during update
June 21, 2022, 08:47:48 AM
I'm getting errors on attempting to update the repo's:
Updating SunnyValley repository catalogue...
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.1/OpenSSL/latest/meta.txz: Internal Server Error
repository SunnyValley has no meta file, using default settings
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.1/OpenSSL/latest/packagesite.pkg: Internal Server Error
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.1/OpenSSL/latest/packagesite.txz: Internal Server Error
Unable to update repository SunnyValley
Error updating repositories!
The 'cloud node' status for both Europe and Europe2 is intermittently on and off as well, I guess related.
Anyone else experiencing the same?
Updating SunnyValley repository catalogue...
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.1/OpenSSL/latest/meta.txz: Internal Server Error
repository SunnyValley has no meta file, using default settings
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.1/OpenSSL/latest/packagesite.pkg: Internal Server Error
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.1/OpenSSL/latest/packagesite.txz: Internal Server Error
Unable to update repository SunnyValley
Error updating repositories!
The 'cloud node' status for both Europe and Europe2 is intermittently on and off as well, I guess related.
Anyone else experiencing the same?
#7
21.7 Legacy Series / Re: 21.7.3 OpenVPN - tls-crypt not working?
September 24, 2021, 08:59:38 AM
Thanks!
Never had to patch before, so nice to finally do this :)
And it works!
Never had to patch before, so nice to finally do this :)
And it works!
#8
21.7 Legacy Series / 21.7.3 OpenVPN - tls-crypt not working?
September 23, 2021, 12:23:11 PM
Hi all,
I just upgraded to 21.7.3 and I see it has tls-crypt support for OpenVPN.
So I headed over to my server config looking to enable tls-crypt and found an option under 'TLS Authentication' called 'enabled - authentication & encryption', which seemed the right option (Although not sure if this was there in a previous version or not).
So I select this option and press 'Save' and go back into the settings. And there I see that the option jumped back to 'Enabled - authentication only', which was the initial value.
Can't find anything in the logs that point in the right direction. Anyone any idea?
I just upgraded to 21.7.3 and I see it has tls-crypt support for OpenVPN.
So I headed over to my server config looking to enable tls-crypt and found an option under 'TLS Authentication' called 'enabled - authentication & encryption', which seemed the right option (Although not sure if this was there in a previous version or not).
So I select this option and press 'Save' and go back into the settings. And there I see that the option jumped back to 'Enabled - authentication only', which was the initial value.
Can't find anything in the logs that point in the right direction. Anyone any idea?
#9
Intrusion Detection and Prevention / Re: PHP error when applying policy
May 11, 2021, 02:51:39 PM
Seems downloading rules helps :)
Still not a very friendly error to throw, but at least I got it working
Still not a very friendly error to throw, but at least I got it working
#10
Intrusion Detection and Prevention / PHP error when applying policy
May 11, 2021, 02:38:42 PM
Hi all,
I've created a policy and when tying to save it I get a PHP error. See screenshots attached.
I haven't done anything fancy, if even possible here. Just selected a few rules and the actions and that's about it.
Anyone here an idea of what the cause could be and how to solve it?
Thanks in advance!
P.s. Running OPNsense 21.1.5
I've created a policy and when tying to save it I get a PHP error. See screenshots attached.
I haven't done anything fancy, if even possible here. Just selected a few rules and the actions and that's about it.
Anyone here an idea of what the cause could be and how to solve it?
Thanks in advance!
P.s. Running OPNsense 21.1.5
#11
Dutch - Nederlands / Re: Hulp gevraagd bij VLAN config
January 15, 2021, 02:14:55 PM
Ja, heb het uiteindelijk inderdaad zo aan de praat gekregen. Dank voor je hulp!
#12
Dutch - Nederlands / Hulp gevraagd bij VLAN config
January 06, 2021, 04:27:58 PM
Hoi,
Even een vraag over wat de logische setup zou zijn in mijn geval.
Ik heb een hardware appliance gekocht voor opnsense bij osnet.eu. Dit apparaat heeft 6 ethernetpoorten, en is als volgt aangesloten:
igb0 --> modem
igb1 --> switch1
igb2 --> switch2
igb3-5 --> nog niet in gebruik
Ik wil 2 netwerken 'serveren', waarvan 1 voor mijn reguliere apparaten (phones, tablets, laptops) en 1 voor wat IoT devices. Dus 2 gescheiden subnetten/VLANs, bijvoorbeeld VLAN10/192.168.10.1/24 (regulier) en VLAN20/192.168.20.1/24 (IoT).
Ik heb de VLAN's reeds geconfigureerd op de switches en wifi accesspoints (allen van ubiquity en redelijk makkelijk te configureren/managen)
Ik heb aan mijn LAN kant:
2x switch
2x wireless AP
Switch 1:
Port1: Uplink naar router port igb1
Port 2: wifi AP1 (met SSID 'regulier' gelinkt aan VLAN10 en SSID 'iot' gelinkt aan VLAN20)
Port 3-6: 4 apparaten die ik bedraad wil aansluiten (in het reguliere netwerk aka VLAN10)
Switch 2:
Port1: Uplink naar router port igb2
Port2: wifi AP2 (met SSID 'regulier' gelinkt aan VLAN10)
Port 3-7: 5 apparaten die ik bedraad wil aansluiten (NAS, rPI's etc. Mix van VLAN10 en VLAN20)
Op wifi AP1 kunnen dus pakketten met VLAN10 en/of VLAN20 worden ge-tagged die vervolgens via port2 en port1 van switch1 naar mijn opnsense router gaan en daar binnen komen op port igb1.
Hoe kan ik mijn opnsense router nu het beste configureren (qua interfaces/assignments en VLANs), om ervoor te zorgen dat bijvoorbeeld mijn telefoon en tablet een IP adres krijgen uit hetzelfde subnet (VLAN10) en mijn IoT apparaten uit een ander subnet, gelinkt aan VLAN20. Wat allemaal binnenkomt op 1 poort nl. igb1
Ik twijfel over bijvoorbeeld hoe ik op mijn opnsense router beide VLANs moet aanmaken en aan welke (parent) interface ik die moet toewijzen. Een VLAN kan maar aan 1 parent interface, dus ik dacht aan VLAN10 aan igb1 en VLAN20 aan igb2. Maar op igb1 krijg ik dus pakketjes binnen voor beide VLAN's. Dus hoe werkt dat dan voor VLAN20?
Hopelijk iemand hier die me van advies kan voorzien. Bedankt alvast!
Even een vraag over wat de logische setup zou zijn in mijn geval.
Ik heb een hardware appliance gekocht voor opnsense bij osnet.eu. Dit apparaat heeft 6 ethernetpoorten, en is als volgt aangesloten:
igb0 --> modem
igb1 --> switch1
igb2 --> switch2
igb3-5 --> nog niet in gebruik
Ik wil 2 netwerken 'serveren', waarvan 1 voor mijn reguliere apparaten (phones, tablets, laptops) en 1 voor wat IoT devices. Dus 2 gescheiden subnetten/VLANs, bijvoorbeeld VLAN10/192.168.10.1/24 (regulier) en VLAN20/192.168.20.1/24 (IoT).
Ik heb de VLAN's reeds geconfigureerd op de switches en wifi accesspoints (allen van ubiquity en redelijk makkelijk te configureren/managen)
Ik heb aan mijn LAN kant:
2x switch
2x wireless AP
Switch 1:
Port1: Uplink naar router port igb1
Port 2: wifi AP1 (met SSID 'regulier' gelinkt aan VLAN10 en SSID 'iot' gelinkt aan VLAN20)
Port 3-6: 4 apparaten die ik bedraad wil aansluiten (in het reguliere netwerk aka VLAN10)
Switch 2:
Port1: Uplink naar router port igb2
Port2: wifi AP2 (met SSID 'regulier' gelinkt aan VLAN10)
Port 3-7: 5 apparaten die ik bedraad wil aansluiten (NAS, rPI's etc. Mix van VLAN10 en VLAN20)
Op wifi AP1 kunnen dus pakketten met VLAN10 en/of VLAN20 worden ge-tagged die vervolgens via port2 en port1 van switch1 naar mijn opnsense router gaan en daar binnen komen op port igb1.
Hoe kan ik mijn opnsense router nu het beste configureren (qua interfaces/assignments en VLANs), om ervoor te zorgen dat bijvoorbeeld mijn telefoon en tablet een IP adres krijgen uit hetzelfde subnet (VLAN10) en mijn IoT apparaten uit een ander subnet, gelinkt aan VLAN20. Wat allemaal binnenkomt op 1 poort nl. igb1
Ik twijfel over bijvoorbeeld hoe ik op mijn opnsense router beide VLANs moet aanmaken en aan welke (parent) interface ik die moet toewijzen. Een VLAN kan maar aan 1 parent interface, dus ik dacht aan VLAN10 aan igb1 en VLAN20 aan igb2. Maar op igb1 krijg ik dus pakketjes binnen voor beide VLAN's. Dus hoe werkt dat dan voor VLAN20?
Hopelijk iemand hier die me van advies kan voorzien. Bedankt alvast!
#13
Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering
March 22, 2020, 02:27:18 PM
Ok, makes sense.
So I got Sensei to work, but then I found my wifi access point (Unifi AP-HD) stopped working right after.
And after some troubleshooting I saw that it could not reach the controller anymore (running on server in same LAN). Since Sensei was the only and most recent change in my network I disabled it and within seconds the UAP-HD came online again an I was able to adopt it again in the controller.
So it seems Sensei is blocking my Unifi AP to reach the controller (http://ip-of-controller:8080/inform) somehow. I'm using the hostname.domain of my controller, perhaps it's something to do with DNS being blocked or so?
So I got Sensei to work, but then I found my wifi access point (Unifi AP-HD) stopped working right after.
And after some troubleshooting I saw that it could not reach the controller anymore (running on server in same LAN). Since Sensei was the only and most recent change in my network I disabled it and within seconds the UAP-HD came online again an I was able to adopt it again in the controller.
So it seems Sensei is blocking my Unifi AP to reach the controller (http://ip-of-controller:8080/inform) somehow. I'm using the hostname.domain of my controller, perhaps it's something to do with DNS being blocked or so?
#14
Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering
March 20, 2020, 11:29:08 PMQuote from: scrensen on March 20, 2020, 11:21:14 PM
during Sensei installation I get the following message: "Oops, it looks like LAN interface is also in use by Suricata"
But I do not have Suricata running
I still decided to check the Captive Portal settings and I removed LAN from the interfaces and applied. And that actually solved the issue. Even though it was not active....
#15
Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering
March 20, 2020, 11:21:14 PM
I've searched the forums as well as Google but didn't find the answer to my issue. Which is that during Sensei installation I get the following message: "Oops, it looks like LAN interface is also in use by Suricata"
But I do not have Suricata running, Intrusion detection is completely disabled. I did have it running few weeks back, but disabled it a week ago. So to be sure I rebooted my router/fw before installing Sensei, but still same message.
I did a quick search via the command line for Suricate config files to check for interface config, but didn't find anything useful.
Anyone that might be able to help me out here?
Thanks in advance!
But I do not have Suricata running, Intrusion detection is completely disabled. I did have it running few weeks back, but disabled it a week ago. So to be sure I rebooted my router/fw before installing Sensei, but still same message.
I did a quick search via the command line for Suricate config files to check for interface config, but didn't find anything useful.
Anyone that might be able to help me out here?
Thanks in advance!
