1
18.1 Legacy Series / Re: Strange Networkproblems
« on: March 23, 2018, 03:43:16 pm »
I won't give up. I created an Image of my Opnsense-Installation and will try again to debug it as soon as I can make my network offline for a while..
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
18.1 Legacy Series / Re: Strange Networkproblems
« on: March 09, 2018, 08:01:52 pm »
Problem solved using Linux(with bridge, dnsmasq, shorewall, suricata, aso.) instead. Seems like it isn't a hardware problem. I would really really have known what the cause was.
3
18.1 Legacy Series / Re: Strange Networkproblems
« on: February 09, 2018, 08:33:10 pm »
Thanks but I don't have any explicit block-rules.
4
18.1 Legacy Series / Re: Strange Networkproblems
« on: February 09, 2018, 06:43:38 pm »
I deaktivated IDS now. It shouldn't block anything because I didn't configure IPS, but who knows. Since I am out of ideas this is my last try. If the problem occurs again, I will setup a Linux-Firewall. If this happens then it might be a hardware error or user-fail but if its fixed then, I'll let you know.
5
18.1 Legacy Series / Re: Strange Networkproblems
« on: February 07, 2018, 04:26:54 pm »
Right. DHCP is working
6
18.1 Legacy Series / Re: Strange Networkproblems
« on: February 06, 2018, 01:58:21 pm »
The NAS-Box, which was lately affected by this bug, is connected via cable and not wifi. And even if it would be connected, the wifi is configured as access-point, not router. So there is no nat in this network.
The mac-adresses do not change. I checked it and can also see it in my tcpdump(on the client device).
What i don't understand is:
client sends ARP-Reply to the firewall. I see the arp-packet in the tcpdump on the client, but not in the tcpdump on the firewall. So even if the packet gets dropped by the firewall i expect to see that packet. Or am I wrong?
The mac-adresses do not change. I checked it and can also see it in my tcpdump(on the client device).
What i don't understand is:
client sends ARP-Reply to the firewall. I see the arp-packet in the tcpdump on the client, but not in the tcpdump on the firewall. So even if the packet gets dropped by the firewall i expect to see that packet. Or am I wrong?
7
18.1 Legacy Series / Strange Networkproblems
« on: February 05, 2018, 08:28:41 pm »
Here is my setup:
1 Port -> WAN (configured with DHCP)
2 Ports -> bridge0(LAN)
2 Ports -> bridge1(WIFI)
Wifi-Ports:
- igb8 connected to a NAS
- igb9 connected to an access-point
All devices in Wifi are configured with DHCP and have static arp entries.
Sometimes, Ports "die" on the WIFI-Interface. This means, the device connected on this NIC-port is not available. The NIC-Port is marked as UP on both sides but if i do a tcpdump on the firewall and on the device-connected on this port, and try to make an arp-scan from the firewall to the device, then i can see arp-packets goint to my device, on the device I see that it replies correctly. But I can't see any replies on the tcpdump of the firewall.
That is strange, because the device is connected via ethernet-cable(Yes i also tried another cable too). And the problem is fixed as soon as i disable the WIFI-Interface and enable it again. The problem doesn't always occur. Somedays it doesn't occur at all, sometimes it happens many times.
If a device "died" i tried out some things:
- disconnect the device from the firewall, and directly connect it to another device. no problems.
- disconnect the diveice from the firewall and connect another device on the same port. same problems
I have no idea how to fix this or even how to find out the source of this strange behaviour.
1 Port -> WAN (configured with DHCP)
2 Ports -> bridge0(LAN)
2 Ports -> bridge1(WIFI)
Wifi-Ports:
- igb8 connected to a NAS
- igb9 connected to an access-point
All devices in Wifi are configured with DHCP and have static arp entries.
Sometimes, Ports "die" on the WIFI-Interface. This means, the device connected on this NIC-port is not available. The NIC-Port is marked as UP on both sides but if i do a tcpdump on the firewall and on the device-connected on this port, and try to make an arp-scan from the firewall to the device, then i can see arp-packets goint to my device, on the device I see that it replies correctly. But I can't see any replies on the tcpdump of the firewall.
That is strange, because the device is connected via ethernet-cable(Yes i also tried another cable too). And the problem is fixed as soon as i disable the WIFI-Interface and enable it again. The problem doesn't always occur. Somedays it doesn't occur at all, sometimes it happens many times.
If a device "died" i tried out some things:
- disconnect the device from the firewall, and directly connect it to another device. no problems.
- disconnect the diveice from the firewall and connect another device on the same port. same problems
I have no idea how to fix this or even how to find out the source of this strange behaviour.
8
17.7 Legacy Series / Re: OpenVPN as Client: Routingproblems
« on: November 14, 2017, 10:34:04 pm »
Explicitly setting the gateway on all rules of the lan interface solved the problem. Thank you very much!
9
17.7 Legacy Series / OpenVPN as Client: Routingproblems
« on: November 13, 2017, 11:19:47 am »
Hi,
I am a little bit lost with my openvpn configuration. I configured opnsense as a openvpn-client. The tunnel is "UP". I configured an interface with ovpnc1, created a gateway(with dhcp because openvpn pushes all the config) and even created a static route for the remote-network. I even created a few rules for lan-network and outbound-nat. But I am not able to ping from the lan-network into the remote-vpn-network. traceroute tells me, that opnsense routes even the traffic for the vpn to the defaultgateway instead of the vpn-gateway. If I connect via ssh to opnsense and try to ping the remote-vpn from there, it works as considered. I have no clue why opnsense routes my vpn-traffic to the defaultgw instead of the vpngw.
Any ideas?
I am a little bit lost with my openvpn configuration. I configured opnsense as a openvpn-client. The tunnel is "UP". I configured an interface with ovpnc1, created a gateway(with dhcp because openvpn pushes all the config) and even created a static route for the remote-network. I even created a few rules for lan-network and outbound-nat. But I am not able to ping from the lan-network into the remote-vpn-network. traceroute tells me, that opnsense routes even the traffic for the vpn to the defaultgateway instead of the vpn-gateway. If I connect via ssh to opnsense and try to ping the remote-vpn from there, it works as considered. I have no clue why opnsense routes my vpn-traffic to the defaultgw instead of the vpngw.
Any ideas?
Pages: [1]