Messages

Hey there

Voip stopped working after upgrading to  24.1.2_1
However If I deselect IPS my VOIP server comes online again.
But thats not the way it should be. Everything has funktioned without problems for years now.

Is there anyway to get it funktion with IPS on - or is there an update on the way that solves the problem.

Kind regards
Joergen

[Just for info I have a fixed IP from my provider]

Hey All

I can confirm

# opnsense-patch c83bb8d

works. I have been online on VPN more than 2 hours now.
Just for info I have a fixed IP from my provider.

For my setup it seems to work fine again now. Hope there is some smart people who makes sure it will be included in the next update.

Thanks to all for helping solving the problem.

Regards
Joergen

I was just going to reply the same as Mark

https://wiki.opnsense.org/manual/opnsense_tools.html?highlight=reverse

The only thing is I dont know if its possible to reverse from 19 to 18?? or its only possible inside the same series??

Regards

Joergen

Hey Mark

Thanks for the help.

Hope somebody find out. I am not a technician

Best regards

Joergen

Is there an easy and fast way to return to 18.7

Joergen

I can confirm that it has something to do with automaticly renewal of WAN. Here on my box 19.1.1 it happens every 30 minutes. (13:00, 13:30 etc) And the same time all VPN connections are lost.
Thats why the VPN drops after 0 to 30 minutes - its depending on what time you connect.

It most be someting new in 19.1.

here is my log from the box
_______
Feb 6 13:00:06   opnsense: /usr/local/etc/rc.newwanip: Interface '' is disabled or empty, nothing to do.
Feb 6 13:00:06   opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'ovpns1'
Feb 6 13:00:06   kernel: ovpns1: link state changed to UP
Feb 6 13:00:04   kernel: ovpns1: link state changed to DOWN
Feb 6 13:00:04   opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN.
Feb 6 13:00:02   opnsense: /usr/local/etc/rc.newwanip: ROUTING: skipping IPv6 default route
Feb 6 13:00:02   opnsense: /usr/local/etc/rc.newwanip: ROUTING: keeping current default gateway X.XXX.XX.XXX'
Feb 6 13:00:02   opnsense: /usr/local/etc/rc.newwanip: ROUTING: setting IPv4 default route to X.XXX.XX.XXX
Feb 6 13:00:02   opnsense: /usr/local/etc/rc.newwanip: ROUTING: no IPv6 default gateway set, assuming wan
Feb 6 13:00:02   opnsense: /usr/local/etc/rc.newwanip: ROUTING: no IPv4 default gateway set, assuming wan
Feb 6 13:00:02   opnsense: /usr/local/etc/rc.newwanip: ROUTING: entering configure using 'wan'
Feb 6 13:00:02   opnsense: /usr/local/etc/rc.newwanip: On (IP address: X.XXX.XX.XXX) (interface: WAN[wan]) (real interface: em1).
Feb 6 13:00:02   opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'em1'
______

Any idears for solutions??

Joergen

Hey Mark

If you take the time to read my first post you would see it has been working fine with OTP.
I made the setup in march 2017.
Only change since then is an update of the cerfificates in March 2018.
I use the vpn quite often and it has always been with OTP for the ekstra security.
In oktober 2018 I was away from my country and was working remotely via VPN. That time i had sessions up to 10 hours via VPN - there was no proplem at all - it just worked perfekt.

Just to see if there was a problem with Viscosity I tried to connect from my android device via open vnp to android.
Its the same problem the connection drops after some time because of inactivity in the certificate. Same message as when connecting via Viscosity. You can see the log in my first post.

So there most clearly be a bug in opnsense

Joergen

Just updated to the new 19.1.1 version

The connection still drop after maximum 30 minuttes. Typical after around 22 minutes.

The logs still shows like in my first post over here.
I even tried to make a new export to Viscosity to see if it would help with a new export. Its the same problem.

The connection just drop.

Any solutions out there

Joergen

Any other solutions for more users. Is it something that will be fixed in 19.1.1?

Joergen

Hey there
I am a very happy user of OPN for aprox 2 years now. However, I am not a programmer. I am using the firewall via the webguide. I have set up VPN according to the guide "Setup SSL VPN Road Warrior" and use Visocity to connect from remote locations. I use two factor login with google Autentificering as described in the guide.
Until now it has worked fantastic. I could stay online on VPN for hours without problems. The Firewall is an A10 from Deciso.
After the latest updates – the VNP connection have started to drop. Its not at a specific time some times after 5 min other times after 20 minutes or more.
I have checked Renegoation time on the server side – its still set to 0. I have not changed anything in the setup the last 6 month - everything is how it used to be.
The logs looks like this
____
Viscosity
feb 04 13:49:25: [SSLVPN Server Certificate 2018] Inactivity timeout (--ping-restart), restarting
feb 04 13:49:25: SIGUSR1[soft,ping-restart] received, process restarting
feb 04 13:49:26: Tilstand ændret til Forbinder

Opnsense
Feb 4 13:49:28   openvpn[89317]: XX.XX.XX.XX:43026 [USERXX] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:43026
Feb 4 13:49:28   openvpn[89317]: XX.XX.XX.XX:43026 TLS Auth Error: Auth Username/Password verification failed for peer
Feb 4 13:49:28   openvpn[89317]: XX.XX.XX.XX:43026 WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 255
Feb 4 13:49:28   openvpn: user 'USERXX' could not authenticate.
Feb 4 13:49:27   openvpn[89317]: XX.XX.XX.XX:43026 peer info: IV_GUI_VER=Viscosity_1.7.14_1595
Feb 4 13:49:27   openvpn[89317]: XX.XX.XX.XX:43026 peer info: IV_TCPNL=1
Feb 4 13:49:27   openvpn[89317]: XX.XX.XX.XX:43026 peer info: IV_COMP_STUBv2=1
Feb 4 13:49:27   openvpn[89317]: XX.XX.XX.XX:43026 peer info: IV_COMP_STUB=1
Feb 4 13:49:27   openvpn[89317]: XX.XX.XX.XX:43026 peer info: IV_LZO=1
Feb 4 13:49:27   openvpn[89317]: XX.XX.XX.XX:43026 peer info: IV_LZ4v2=1
Feb 4 13:49:27   openvpn[89317]: XX.XX.XX.XX:43026 peer info: IV_LZ4=1
Feb 4 13:49:27   openvpn[89317]: XX.XX.XX.XX:43026 peer info: IV_NCP=2
Feb 4 13:49:27   openvpn[89317]: XX.XX.XX.XX:43026 peer info: IV_PROTO=2
Feb 4 13:49:27   openvpn[89317]: XX.XX.XX.XX:43026 peer info: IV_PLAT=win
Feb 4 13:49:27   openvpn[89317]: XX.XX.XX.XX:43026 peer info: IV_VER=2.4.6
Feb 4 13:48:32   openvpn[89317]: Initialization Sequence Completed
Feb 4 13:48:32   openvpn[89317]: UDPv4 link remote: [AF_UNSPEC]
Feb 4 13:48:32   openvpn[89317]: UDPv4 link local (bound): [AF_INET]5.103.15.154:1194
Feb 4 13:48:32   openvpn[89317]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Feb 4 13:48:31   openvpn[89317]: /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpns1 1500 1622 10.10.0.1 10.10.0.2 init
Feb 4 13:48:31   openvpn[89317]: /sbin/ifconfig ovpns1 10.10.0.1 10.10.0.2 mtu 1500 netmask 255.255.255.255 up
________
Any ideas what could be wrong.
I doubt there is anything with my connections. I have a very stabil fiber in both ends.
Best regards
Joergen

Thanks for the answer.

So there is no easy way to renew or extend the existing certificates or copy the settings from the old ones? – or do I have to make them from zero again?

That means I have to make new ones for the 3 certificates used for "SSL VPN ROAD WARRIOR"?
-   Authorities
-   CA OpenVPN server
-   CA Open VPN User
Is that correct?

Kind regards
Joergen

Hello there

I am quite new to opnsense - so bear with me.
I can see that the web GUI SSL certificate and some self-signed certificates soon is to expire.
I am taking about the certificates used for VPN access as explained in the documentation "SSL VPN Road Warrior".

Is there any easy way to renew those 3 certificates?

Best regards
Joergen