Messages

Sorry, forgot to mention that I have OPNsense 18.1.13-amd64 installed.

And please forgive me for posting in English. I read German fairly good but writing is another matter.

//ou812

Hi,

just found this old post, well not all that old since it is still from this year :)
I also run on a Gigabyte N3150N D3V (which comes with dual Realtek NIC) with an added dual Intel NIC.
I've had this do the same freeze on me twice. Works like a charm for weeks and then just completely freeze. Hard power off is all you can do.
Checking the system log and all is quiet until the boot messages after the shutdown.
Any suggestion on what to do to be able to collect more debug info while preparing for the next event?

Since I cannot trigger it at will it is difficult to know if it persists or not after any modification.... Annoying as hell. Can't move my production server in behind the FW until I can trust it.

neobiotics - did you get to grips with the issue?

//ou812

In Step 8, Rule 6, shouldn't that read "Same as rule 5" instead of "Same as rule 1"?

Yes, that is correct. It should be "same as rule 5".

Also as I mentioned in a previous post, Step 8 rule 1-4 are auto generated if you select hybrid mode.

Another thing is that someone might be able to explain to me is the significance of rule 7. 127.0.0.0/8 to VPN? I don't see a reason for this if only the VPNTraffic hosts should send traffic over the VPN. Why mixing in firewall local addresses?

Ok, solved the kill switch problem.
The error in the guide is to create Rule 1 and Rule 2 on the LAN interface. Forget Rule 2 and add the PIA_NO_WAN_EGRESS tag already in Rule 1 and it works as intended. (18.1.11) :)

The floating rule on the WAN interface could by the way be set to Direction: out instead of any. No functional change but a more exact rule.

Also, on the NAT setup, if you check the Hybrid mode instead of Manual you get the auto configured NAT rules for free. I found that better.

The kill switch does not work for me.
I set logging on both rule 1 and 2 (step 9, firewall rules) and I can see that I get a match on the first one from VPNTraffic clients no matter the state of the VPN connection.
It seems that the rule match even if the auto generated gateway does not exist, as a result of the VPN being down, and as a fallback sets the default gateway.

I'm running 18.1.11.