Messages

[EDIT after some more trying:]

When I used pfSense I had a setup with two VPN (provider, no connection to a company or something like that) connections in a group so clients would load balance (via a gateway group) between those connections.

Somehow I can't get this to work on OPNsense. The settings are the same as on pfSense but no internet. I think the traffic doesn't go in and out the same interface. Do I miss something?

EDIT after some more trying:
When I keep 'redirect-gateway autolocal;' in both configs and let one connect with TCP and one with UDP so they don't get the same 10.7.7.x it works for a few minutes only.

I'm migrating from a 32b OPNsense system to a 64b system and importing seems to work with some hiccups.

Is this even possible if the versions match but the bitset doesn't?

i386 will eventualy have to go and I wonder if there are any plans to stop supporting i386 in the (near future)?

I have a transparant web proxy with my own cert installed on the devices and Suricata monitoring it but it only blocks http-traffic, not SSL somehow.

Is this even possible? A MITM attack: Suricata sniffing the web proxy?

I did al this but it's still not working for me.

Is there a solution for this problem in 18.7 perhaps?

Ah, same here. TOTP was activated for VPN users.

Aha, like so. Thanks, I'm back in.

Is that documented yet? I don't know how exactly.

Same problem, and I can't login as root on the console. I guess I'm locked out.

Thanks for all the fast responses!

The problem is gone... In addition I've used Traffic Shaper to set the max soeed a bit lower and the CPU doesn't go to 100% (and stalling the device) anymore.

Do you have a local AV scanner active? Trendmicro? Kaspersky?

None. But the connection is steady now for longer than one hour after 2 reboots. I guess I'll have to wait and see for now.

This happens every hour

Code Select Expand

Jul 19 11:16:34 openvpn[73285]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Jul 19 11:16:34 openvpn[73285]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 19 11:16:34 openvpn[73285]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 19 11:16:34 openvpn[73285]: VERIFY OK: depth=0, CN=nl307.nordvpn.com
Jul 19 11:16:34 openvpn[73285]: VERIFY EKU OK
Jul 19 11:16:34 openvpn[73285]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jul 19 11:16:34 openvpn[73285]: Validating certificate extended key usage
Jul 19 11:16:34 openvpn[73285]: VERIFY KU OK
Jul 19 11:16:34 openvpn[73285]: VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA2
Jul 19 11:16:34 openvpn[73285]: VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Jul 19 11:16:34 openvpn[73285]: TLS: tls_process: killed expiring key

Stupid of me but I didn't save those. You see the connection renegotiating and the internet connection drops for a few seconds. When this happens, it's takes longer and the connection closes and it's trying to reconnect but slowly.

I'll immediately save the log when it happens again. But I do notice this now:
Jul 19 09:16:45   openvpn[73285]: MANAGEMENT: TCP send error: Broken pipe
Strange...

It a connection with a VPN provider by the way, not my own site-to-site.

Correct. And the problem isn't the internet connection. But sometimes it's completely frozen and I discovered something weird, A LOT of packets in and out: