Messages

1

17.1 Legacy Series / Re: Vlan configuration deleted after firmware update

« on: October 11, 2017, 09:43:15 am »

Hi Franco,

after factory reset I have applyed the lock on all interfaces, thanks for your suggestion.

Why this option is not set as default? now I will install zerotier without issue? on zerotier interface this future is needed ?

Regards,
Liberomic

2

17.1 Legacy Series / Re: Vlan configuration deleted after firmware update

« on: October 06, 2017, 09:34:42 am »

Hi All,

I have installed the zerotier plugin in the last version of opnsense after the reboot all vlan will be deleted.

Uses of zerotier on opnsense with vlan is very critical.

 

3

17.1 Legacy Series / Re: Upgrade from 16.7.14: Firewall rules doesn't works as before

« on: July 28, 2017, 06:35:27 pm »

Hi Franco,

we want test this on new device in production but the file is missed.

opnsense-update -kr 17.1.9-ipsec
Fetching kernel-17.1.9-ipsec-amd64.txz: ...opnsense-verify: Unable to open /var/cache/opnsense-update/69564/kernel-17.1.9-ipsec-amd64.txz: No such file or directory
 failed

We have updated to 17.1.11, this fix is included?

Regards,
Liberomic

4

17.1 Legacy Series / Re: Upgrade from 16.7.14: Firewall rules doesn't works as before

« on: July 20, 2017, 12:49:32 pm »

Hi Franco,

IT WORKS!!!! 

I have tested in my lab and work fine!!!!

In my production enviroment I have the version 17.1.6, Do you suggest doing any updates first to 17.1.10 and then changing the kernel?

Many thanks
Liberomic

5

17.1 Legacy Series / Re: Upgrade from 16.7.14: Firewall rules doesn't works as before

« on: July 13, 2017, 10:57:08 am »

Hi Franco,

thanks for your reply, do you have a tecnique to set my workaround permanent?

I have deleted this line from /tmp/rules.debug
block in  log inet from {any} to {any} label "Default deny rule"
block in  log inet6 from {any} to {any} label "Default deny rule"

I have added this line at the end of file  (all interface without IPSEC "enc0")

block in  log on $WAN inet from {any} to {any} label "Default deny rule"
block in  log on $WAN inet6 from {any} to {any} label "Default deny rule"
block in  log on $LAN inet from {any} to {any} label "Default deny rule"
block in  log on $LAN inet6 from {any} to {any} label "Default deny rule"

# pfctl -f /tmp/rules.debug

Regards,
Liberomic

6

17.1 Legacy Series / Re: IPSEC fw rules don't trigger

« on: July 04, 2017, 11:58:43 am »

Hi all,

I have the same problem from many days but this big issue is not considered highest from support.

in this post you can find my workaround
https://forum.opnsense.org/index.php?topic=4385.0

See you
Liberomic

7

17.1 Legacy Series / Re: Upgrade from 16.7.14: Firewall rules doesn't works as before

« on: June 26, 2017, 12:53:53 pm »

UP!

 

8

17.1 Legacy Series / Re: Upgrade from 16.7.14: Firewall rules doesn't works as before

« on: June 05, 2017, 05:17:36 pm »

Hi All,

this issue is very bad, with my workaround the incoming traffic working fine....
But this change in the file /tmp/rules.debug will be lost, when you modify firewall rules or restart the appliance....

Regards,
Liberomic

9

17.1 Legacy Series / Re: SIP please help

« on: May 30, 2017, 09:07:08 am »

Hi All,

I have downgraded to 17.1.6 and voip working fine.....

bye
liberomic

10

17.1 Legacy Series / Re: Upgrade from 16.7.14: Firewall rules doesn't works as before

« on: May 29, 2017, 03:46:10 pm »

Hi All,

do you have news for this PF issue?

Regards,
Liberomic

11

17.1 Legacy Series / Re: SIP please help

« on: May 29, 2017, 03:44:47 pm »

Hi Julien,

with 17.1.6 the voip in my network working fine (with stun server or redirect the voip traffic with NAT), after the upgrade to 17.1.7 the voip traffic does not work.

Today I will try to downgrade the software

#opnsense-revert -r 17.1.6 opnsense

You can check the voip traffic with this command:

tcpdump -n -e -ttt -i pflog0 'host IPOFYOURPBX'

Bye Bye
Liberomic

12

17.1 Legacy Series / Re: SIP please help

« on: May 25, 2017, 08:27:28 pm »

Hi All,

I have the same issue after upgrade 17.1.7 with 3CX PBX, in pflog all session are accepted.
The registration to sip provider working fine but the calls will be blocked.

I have reinstalled my old firewall at a moment......

Regards,
Liberomic

13

17.1 Legacy Series / Re: Vlan configuration deleted after firmware update

« on: May 22, 2017, 10:49:30 am »

Hi Franco,

I have upgraded this configuration to 17.1.7 (zerotier now is removed) and working fine, but we want use Zerotier on Opnsense.

Do you have checked this issue on different configurations?

Regards
Liberomic

14

17.1 Legacy Series / Re: Upgrade from 16.7.14: Firewall rules doesn't works as before

« on: May 22, 2017, 10:45:16 am »

Hi Franco,

on IPSEC interface we have checked all combinations.

ANY--ANY--Accept
SurceVPN subnet--Local subnet--Accept

But the issue persist......

I have replicated the issue on different site and this issue will be replicable.

To clarify the issue I am writing network scheme, I have four site connected by IPSEC to central Office (HO).

- Office1 (opnsense) to Head Office: in this site working fine the wan interface of opnsense is Public IP
- Office2 (opnsense) to Head Office: I have WAN interface NATed and the inbound traffic will be blocked on enc0 interface
- Office3 (opnsense) to Head Office: I have WAN interface NATed and the inbound traffic will be blocked on enc0 interface

for Office2 and Office3 I have applyed my workaround for inbound traffic coming from Head Office, because without my workaround working only ICMP traffic and TCP/UDP will be blocked.

Note: on Office2 and Office3 I have enabled Nat Traversal and the router forward all ports to opnsense WAN interface. I have upgraded all opnsense to 17.1.7.

Thanks for your support
Liberomic
 

15

17.1 Legacy Series / Re: Upgrade from 16.7.14: Firewall rules doesn't works as before

« on: May 19, 2017, 05:22:21 pm »

Hi all,

I have checked in 17.1.7 and the issue persist.

Regards,
Liberomic