Messages

Hello, Let me explain my setup
I have an ISP that wants everyone on IPv6, however, for a static IP, they only offer IPv4 :/
I am wondering if I can setup OpnSense to use both at the same time? Is this even possible? (sorry I am not very well versed in this). They do offer something called IPv4 Over IPv6, But, I am not sure if that supports the static IP. The issue is that some of the incomming connections rightnow are lagging a ton as the IPv4 network is overloaded, and down data is running at only around 4mbps, when the connection I am paying for is 1bgps.
This may have been a bit disjointed, and have made little sense, but if anyone could help me, I would be very greatful.

(for more info)
Here is my provider: https://asahi-net.jp/service/option/ipv6/4over6.html
and this explains (sorta...) IPv6 over v4 :/

Thank you so much,
-Kevin

Is Sync from Master to Backup going away?

On a brand new install of OpnSense on a Sophos SG330 I am attempting to setup HA.

I create an HA interface that corresponds with the HA port on the box.
I create a PFSync rule in the firewall as shown in this tutorial: https://devopstales.github.io/linux/opnsense-ha/
I get a crash message on the dashboard right after specifically the PFSync rule is added. The software never seems to recover.

Code Select Expand

[13-Feb-2021 17:22:15 Etc/UTC] PHP Warning:  in_array() expects parameter 2 to be array, string given in /usr/local/www/firewall_rules_edit.php on line 1222

Any idea why I am getting this error, or what I may be missing in my config? I had this working before. I am guessing There is something I am not doing that needs to happen before.

Thanks for the help.
-Kevin

I have a problem with the latest version of OpnSense version: 19.7.4

The Problem: The error I am getting is really odd. upon a fresh restart (power cycle OR reboot via console) I am able to be assigned an IP address from my LAN interface If I disconnect the ethernet cable, and re-connect I am never assigned an IP.

What I have checked: I believe I have the DHCP server on that interface configured correctly

my WIFI interface that is also configured and connected to an AP works just fine and always assigns an IP

LOGS: After checking the logs on the LAN interface(aka em0), I found:

Code Select Expand

Sep 19 20:53:46 dhcpd: send_packet: No buffer space available
Sep 19 20:53:46 dhcpd: DHCPOFFER on 192.168.1.100 to 00:22:20:13:89:e6 (kevin-V110) via em0
Sep 19 20:53:46 dhcpd: DHCPDISCOVER from 00:22:20:13:89:e6 (kevin-V110) via em0
Sep 19 20:53:43 dhcpd: dhcp.c:4056: Failed to send 300 byte long packet over em0 interface.

Google Searching: I found only a couple of articles, one was another question here on SE, however... I don't think it is useful in my case... https://askubuntu.com/questions/811817/failed-to-send-300-byte-long-packet-over-wlan2-interface

What I am wondering...: Is there anyone that has experienced this, or knows if I can make this work... I hate having to reboot every time I want to connect a computer to LAN

Update 1: I want to add, I have checked and verified that the built-in rule to allow UDP traffic to LAN(em0) on port 67 is there and is active.

I not be totally wrong here. However, I think it may need a route in your firewall between your internal interface to your vpn interface.
so, say (LAN or WIFI) to OpenVPN
Give that a shot. I think I made it work once like that.

Hey Rokoman, I am trying to get an ssl proxy working too. I am not 100% sure, but I have come to believe that this is due to SSL Pinning https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning The reason I want an ssl proxy is so I can scan viruses, and I would say that Facebook is safe. you can exclude it and it should work just fine. It is also recommended that you exclude any banking/known secure sites from ssl interception too

I am not there yet, however I am not seeing a change in the file: /usr/local/etc/squid/squid.conf when I turn on/off
ssl. I am not sure if this is even the correct file. I believe it is because turning on icap in the file worked. editing the file
manually even though it says not to, I added:
https_port 127.0.0.1:3129 intercept ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on
but still nothing... I will report more here as I learn.

Hello Franco,
The OpenVPN interface is the interface created by the OpenVPN wizard. That is working just fine.
I would like to intercept the ssl connections because the anti-virus clamAV is not scanning files that are
https, it works great with files over http though, and that is good. I had ssl interception working about 6
months ago, however I removed it because I was having trouble with playing a few games on my desktop.
but that was on my wired connection. What I would really like to do is have my wifi blocking all ports, except
for OpenVPN and then when i want to connect to my home network, I will connect to my wifi, then vpn in, and
also have clamAV scanning for viruses as well. (i know calm av isn't great, but it is something)
I am starting to wonder if it isn't working because it isn't a real port on my box...

Hello,
Would anyone mind assisting me determine what is wrong with my configuration of my ssl proxy? I have activated SSL proxy, however, when I go to a website, I don't get the missing ssl message.
I have not installed the ssl cert on my pc yet as a test, so i believe that the proxy is not intercepting correctly.

As attachments I have uploaded images of my configuration. I think I have done everything correctly, and I have
tried changing the config in many many different ways and have come to this, I really thought it would work, but does
not.
any help would be greatly appreciated.
Thank you very much