Messages

1

22.7 Legacy Series / Re: OPNsense and Proton VPN (Wireguard)

« on: November 06, 2022, 09:14:51 pm »

hmm, yes makes sense to try the other (not free) servers as there should be no packet loss. The servers NL#227 - NL#252 seems to be not that loaded in the NL..

2

22.7 Legacy Series / Re: OPNsense and Proton VPN (Wireguard)

« on: November 05, 2022, 04:48:35 pm »

@Chrome, I did the proton vpn setup like @koala outlined and it works fine since Proton made the WG configurations available. The only problem that I have (since switching from Proton OpenVPN to WG) is that the OPNsense system updates and bogon ip updates time out. When I stop WG, the updates go through smoothly.

3

22.7 Legacy Series / Re: OPNsense 22.7_4: Loss of Network Connectivity

« on: September 05, 2022, 09:36:44 pm »

quick update: when I switch off the wireguard vpn and disable the gateway switching, the firewall firmware can be updated again. Not sure what the problem really is..

4

22.7 Legacy Series / Re: OPNsense 22.7_4: Loss of Network Connectivity

« on: September 04, 2022, 01:54:24 pm »

Same here, but both opnsense-bootstrap and disable default gateway switching didn't help. I still have 100% packet loss for the updates...

I have a multiwan with 3 single WAN gateways and two gateway groups for the WANs. Used to work well beforehand but struggle since 22.7...

Pls advise

**GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 22.7.3_2 (amd64/OpenSSL) at Sun Sep  4 13:43:45 CEST 2022
Checking connectivity for host: pkg.opnsense.org -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes

--- 89.149.211.205 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv4): https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: Operation timed out
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: Operation timed out
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: Operation timed out
Unable to update repository OPNsense
Error updating repositories!
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:4f00:a005:5::
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
***DONE***

5

22.7 Legacy Series / Re: Congratulations on a job well done

« on: July 30, 2022, 07:51:43 am »

+1! The upgrade went well on both Intel and AMD based Deciso DEC appliances. Thank you!

6

22.1 Legacy Series / Re: Wireguard works well in 22.1 but the UI dashboard shows wireguard-go red?

« on: March 06, 2022, 06:11:12 pm »

Yes wireguard-kmod is installed. It is a just cosmetics, but I go hide then wireguard-go in the dashboard! Thanks 🙏!

7

22.1 Legacy Series / Wireguard works well in 22.1 but the UI dashboard shows wireguard-go red?

« on: March 06, 2022, 01:56:30 pm »

Hi, I have the Mulllvad wireguard clients with wg0 and wg1 properly working with 22.1. In the dashboard, the wireguard-go service shows as red as opposed to green (see attached). Is this a mistake or anything I need to worry about?

8

22.1 Legacy Series / Firewall/Rules: What is interface WireGuard(Group)

« on: March 06, 2022, 01:50:49 pm »

Hi, In the firewall service (under rules) in the UI there is under Firewall/Rules an interface called WireGuard(Group), see also attachment. Under Firewall/Groups, I have not created any interface group. Why is it there and how (if at all) can I remove this WireGuard(Group) entry?

9

Zenarmor (Sensei) / Re: Cannot start elasticsearch service after most recent update...

« on: January 01, 2022, 05:26:28 pm »

alright, I followed this route here to get it back to normal..

https://forum.opnsense.org/index.php?topic=26066.0

10

Zenarmor (Sensei) / Cannot start elasticsearch service after most recent update...

« on: January 01, 2022, 05:15:30 pm »

Hi, I cannot start the elasticsearch service after the most recent update. I tried to uninstall and install sensei multiple times but didn't succeed to make it work... pls advise..



2022-01-01T17:10:41   root[52744]   /usr/local/etc/rc.d/elasticsearch: WARNING: failed precmd routine for elasticsearch   
2022-01-01T17:10:41   root[88508]   /usr/local/etc/rc.d/elasticsearch: WARNING: /usr/local/etc/elasticsearch/elasticsearch.yml is not readable.   
2022-01-01T17:09:45   kernel   /usr/local/sensei/output/active/temp: optimization changed from TIME to SPACE   
2022-01-01T17:09:36   root[1288]   /usr/local/etc/rc.d/elasticsearch: WARNING: failed precmd routine for elasticsearch   
2022-01-01T17:09:36   root[64005]   /usr/local/etc/rc.d/elasticsearch: WARNING: /usr/local/etc/elasticsearch/elasticsearch.yml is not readable.   
2022-01-01T17:07:36   kernel   /usr/local/sensei/output/active/temp: optimization changed from SPACE to TIME   
2022-01-01T17:05:51   kernel   /usr/local/sensei/output/active/temp: optimization changed from TIME to SPACE   
2022-01-01T17:04:10   kernel   /usr/local/sensei/output/active/temp: optimization changed from SPACE to TIME

11

21.7 Legacy Series / Re: Error deleting states with the API killStates function?

« on: August 21, 2021, 10:02:21 am »

thanks!

12

21.7 Legacy Series / Re: Error deleting states with the API killStates function?

« on: August 13, 2021, 04:07:36 pm »

hmm, the only thing that I got to work is the following one:

have a shell script logging to the firewall with SSH in and execute in the CLI:

Code: [Select]

sudo pfctl -k 192.168.1.0/24
Seems to be the brute force method to kill all states for the LAN (in the above case 192.168.1.0/24). 

Perhaps someone in the forum knows more on the killStates API, and how to include Alias?

13

General Discussion / Re: Firewall rules for standard setup including bonjour, airprint, homekit, sip

« on: August 12, 2021, 11:19:04 pm »

Got it thanks!

14

21.7 Legacy Series / Error deleting states with the API killStates function?

« on: August 12, 2021, 11:01:50 pm »

Hi, I try to kill states after enabling some filter rules to stop the (established) connections immediately. This is to turn-off the internet / TV for the kids immediately. I integrate this an on-off switch in HomeKit (via node-red)...

I use the below curl Post killStates command:

Code: [Select]

curl -k -u "$KEY":"$SECRET" -X POST "https://opnsenseIP/api/diagnostics/firewall/killStates" -d ""

Error message I get is as following:

Code: [Select]

{"result":"failed"}%     

The question is: How can I kill the states (via the API) for a specific destination or source ip/alias?

15

General Discussion / Firewall rules for standard setup including bonjour, airprint, homekit, sip

« on: August 04, 2021, 10:31:38 am »

Hi, I couldn’t find any 101 article or examples for setting up some simple standard setup of the firewall rules for opnsense. Beside the standard rules, I will need to allow all apple services (bonjour, airprint, homekit) and have some Siemens VOIP phones to connect to the outside world. Pls advise what basic rules need to be set up..