Messages

Hello Skywalker. Your link does not work ;-)

This one should:
https://cloud.sector42.eu/f/32dfda4989134974a637/

Hey this links is not working anymore.

Anyway I have a MR401 too since I moved and there's no other way to get TV. My conf is currently a Fritzbox with Exposed Host to my OPNSense on a pcengine APU and the MR401 is connecting via LAN to the APU. working firewall rules are prob on this picture.

Hi,

Also habe die IP auf 127.0.0.1 geändert, ging erst nicht, dann mal die Firewall rebooted, weil 'reboot tut gut' und siehe da es geht

Hi,

Danke schonmal, aber jetzt kann das normale Telefon hören, aber nicht senden. Logs geben noch blocks aus.

Habe die Siproxd Bilder angeschaut und bei mir eingetragen.

Mir ist aber aufgefallen, dass du eine NAT Regel in Bild 1 anlegst, aber diese nicht in Bild 2 auftaucht. Außerdem nehme ich an, dass 192.168.230.20 die OPNSense WAN Adresse ist oder?

Und geblockte Pakete gibt's nicht?

Nein, die Liveview gibt keine roten Zeilen aus.

Das Problem ist in dem Fall NAT zwischen FritzBox und Phonerlite. Damit das funktioniert musst du Static NAT bei der OPNsense für den Phoner Client einstellen, mit den Ports die in Phoner festgelegt sind. Denn diese müssen eben statisch auf die Adresse des "WAN"-Interfaces gemappt werden.

Habe ich doch eigentlich gemacht oder?

Oder du benutzt Siproxd  ;), dann musst du das alles nicht.

Wie wird der dann eingerichtet?

Habe ich


Sogar ein Outbound NAT habe ich erstellt:

Hallo,

Bin nun auf eine OPNSense zuhause umgestiegen, da ich diese schon auf meinen Servern laufen habe. Davor lief eine pfSense zuhause (APU)
Habe die Regeln 1:1 eingestellt, aber wenn ich via normales Telefon auf meinem PC anrufe, klingelt mein Phonerlite, doch ich kann nur die Sounds vom Telefon hören, aber das Telefon nicht die Sounds von Phonerlite...

Grob ist mein Netzwerk so aufgebaut:
ISP (Telekom) -> Fritzbox -> OPNSense -> Desktop
                                |                                       |
                      normales Telefon                Phonerlite



Hier nochmal detailiert:

Code Select Expand

WAN / Internet
             :
             : ISP (Telekom)
             :
       .-----+-----.                  .------------------.
       |  Fritzbox  +-----------------+ normales Telefon |
       '-----+-----'                  '------------------'
             |
LAN Fritzbox | 192.168.178.1
WAN OPNSense | 192.168.178.254
             |
       .-----+------.
       |  OPNSense
       '-----+------'
             |
         LAN | 10.88.0.0/24
             |
       .-----+------.       IP         .------------.
       | Desktop PC  +-----------------+ Phonerlite |
       '-----+------'    10.88.0.1     '------------'


Grüße
MAGIC

you startet tor as root once.
you have to remove /var/log/tor.log to start it as user _tor again

Removed it and restarted it with tor user. Still same error that it can't write the log.

Maybe I'll install a opnsense from scratch and try again

So, after I saw how I can switch to the develop version of OPNSense, I did it.
Then I pulled the patch and reloaded the templated. After invoking service tor start I'll get following output:

Code Select Expand

magic@opnsense:~ % sudo service tor start
Starting tor.
Sep 24 17:07:35.002 [notice] Tor 0.3.0.10 (git-c33db290a9d8d0f9) running on FreeBSD with Libevent 2.1.8-stable, OpenSSL 1.0.2l and Zlib 1.2.8.
Sep 24 17:07:35.002 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Sep 24 17:07:35.002 [notice] Read configuration file "/usr/local/etc/tor/torrc".
Sep 24 17:07:35.006 [warn] You specified a public address 'xxx.xxx.191.150:9050' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Sep 24 17:07:35.006 [notice] Your ContactInfo config option is not set. Please consider setting it, so we can contact you if your server is misconfigured or something else goes wrong.
Sep 24 17:07:35.006 [notice] Based on detected system memory, MaxMemInQueues is set to 1281 MB. You can override this by setting MaxMemInQueues by hand.
Sep 24 17:07:35.007 [warn] You specified a public address 'xxx.xxx.191.150:9050' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Sep 24 17:07:35.007 [notice] Opening Socks listener on 127.0.0.1:9050
Sep 24 17:07:35.007 [notice] Opening Socks listener on [::1]:9050
Sep 24 17:07:35.007 [notice] Opening Socks listener on xxx.xxx.191.150:9050
Sep 24 17:07:35.007 [notice] Opening Control listener on 127.0.0.1:9051
Sep 24 17:07:35.007 [notice] Opening OR listener on xxx.xxx.191.150:9001
Sep 24 17:07:35.000 [warn] Couldn't open file for 'Log debug file /var/log/tor.log': Permission denied
Sep 24 17:07:35.000 [notice] Closing partially-constructed Socks listener on 127.0.0.1:9050
Sep 24 17:07:35.000 [notice] Closing partially-constructed Socks listener on ::1:9050
Sep 24 17:07:35.000 [notice] Closing partially-constructed Socks listener on xxx.xxx.191.150:9050
Sep 24 17:07:35.000 [notice] Closing partially-constructed Control listener on 127.0.0.1:9051
Sep 24 17:07:35.000 [notice] Closing partially-constructed OR listener on xxx.xxx.191.150:9001
Sep 24 17:07:35.000 [warn] Failed to parse/validate config: Failed to init Log options. See logs for details.
Sep 24 17:07:35.000 [err] Reading config failed--see warnings above.
/usr/local/etc/rc.d/tor: WARNING: failed to start tor


Yes

Code Select Expand

magic@opnsense:~ % configctl tor start
OK
magic@opnsense:~ % service tor start
Cannot 'start' tor. Set tor_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.
magic@opnsense:~ % service tor onestart
/usr/local/etc/rc.d/tor: WARNING: /var/db/tor is not a directory.
/usr/local/etc/rc.d/tor: WARNING: failed precmd routine for tor


Yes that seems to work. Atleast Tor has started

Code Select Expand

magic@opnsense:~ % sudo -u _tor tor
Sep 24 13:56:30.129 [notice] Tor 0.3.0.10 (git-c33db290a9d8d0f9) running on FreeBSD with Libevent 2.1.8-stable, OpenSSL 1.0.2l and Zlib 1.2.8.
Sep 24 13:56:30.129 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Sep 24 13:56:30.129 [notice] Read configuration file "/usr/local/etc/tor/torrc".
Sep 24 13:56:30.132 [notice] Opening Socks listener on 127.0.0.1:9050
Sep 24 13:56:30.000 [notice] Parsing GEOIP IPv4 file /usr/local/share/tor/geoip.
Sep 24 13:56:30.000 [notice] Parsing GEOIP IPv6 file /usr/local/share/tor/geoip6.
Sep 24 13:56:30.000 [notice] Bootstrapped 0%: Starting
Sep 24 13:56:31.000 [notice] Starting with guard context "default"
Sep 24 13:56:31.000 [notice] Bootstrapped 5%: Connecting to directory server
Sep 24 13:56:31.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Sep 24 13:56:31.000 [notice] Bootstrapped 15%: Establishing an encrypted directory connection
Sep 24 13:56:31.000 [notice] Bootstrapped 20%: Asking for networkstatus consensus
Sep 24 13:56:31.000 [notice] Bootstrapped 25%: Loading networkstatus consensus
Sep 24 13:56:31.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
Sep 24 13:56:31.000 [notice] Bootstrapped 40%: Loading authority key certs
Sep 24 13:56:31.000 [notice] Bootstrapped 45%: Asking for relay descriptors
Sep 24 13:56:31.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/6775, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of exit bw = 0% of path bw.)
Sep 24 13:56:31.000 [notice] Bootstrapped 50%: Loading relay descriptors
Sep 24 13:56:32.000 [notice] Bootstrapped 56%: Loading relay descriptors
Sep 24 13:56:32.000 [notice] Bootstrapped 64%: Loading relay descriptors
Sep 24 13:56:34.000 [notice] Bootstrapped 71%: Loading relay descriptors
Sep 24 13:56:34.000 [notice] Bootstrapped 78%: Loading relay descriptors
Sep 24 13:56:35.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Sep 24 13:56:35.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Sep 24 13:56:35.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Sep 24 13:56:35.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Sep 24 13:56:35.000 [notice] Bootstrapped 100%: Done

Hi I installed it on my testing OPNSense, but the relay option is not working (cant start the deamon) or I am doing something wrong.

I will add some images, maybe you see some mistake.