Messages

1

19.7 Legacy Series / Re: [solved] OPNSense ver 19.7.10 and 20.1 openvpn service

« on: February 01, 2020, 12:29:44 am »

Hello, client machine also get served its IP via DHCP query and gateway properly forwards packets.
This was not the issue.

What was the issue we never figured out, however...

We wiped the disk of the appliance and re-installed the OPNsense from scratch using the most up to date version 20.1-amd64.
Certificates where generated for server, for clients. opnevpn instance was configured... and this time, client machine connect as expected with out any issues.

Only difference this time, we did not just wiped the local openvpn service config and related certificates, we wiped out the whole base and started with a empty disk, installing everything from the scratch.

I would like to thank all who looked at this post(s) and helped us to figure this out.

OPNsense team - thank you for your development efforts, you guys are awesome!

Damien

2

19.7 Legacy Series / Re: OPNSense ver 19.7.10 and 20.1 openvpn service - remote clients unable to connect

« on: January 31, 2020, 08:11:24 am »

Yes, wan interface configured for a private subnet for a duration of QA, testing, and threat analysis before it goes to production.
WAN iface configured to ignore filtering for a private and bogon network while system is on a privet subnet.

Screenshots below, thank you for looking over this.

Damien

3

19.7 Legacy Series / Re: CVE-2020-7450

« on: January 31, 2020, 08:00:08 am »

Oh, i did not realized that's what 'Audit' function is for.
Thank you for pointing this out. This is super cool.
As far as positive mentality... could not agree with you more. This is a open source project. we get to use this software royalty free and I would not dare to be negative about any of this.

OPNsense has been a reliable software for quite some time. I trust it any time over ciso, juniper or whowawa... and I can't thank enough developers and every one who contribute to the project.

Damien

4

19.7 Legacy Series / Re: OPNSense ver 19.7.10 and 20.1 openvpn service - remote clients unable to connect

« on: January 31, 2020, 07:51:29 am »

So... the hardware has four (4) physical interfaces. Only tree of them actually configured. There is only one WAN interface configured and enabled. It was labeled as WAN1 just in case we bring in a second link to a different ISP for redundancy.
As of right now there is only one WAN interface configured on the system. 

5

19.7 Legacy Series / Re: CVE-2020-7450

« on: January 31, 2020, 01:07:10 am »

It helps us, so we know this vulnerability affects this specific software and it's components. 

6

19.7 Legacy Series / Re: openvpn service - remote clients unable to connect

« on: January 31, 2020, 12:55:00 am »

Continued.... screenshots.
openvpn log file when client attempts to connect.
Verbouse level -6 

7

19.7 Legacy Series / Re: openvpn service - remote clients unable to connect

« on: January 31, 2020, 12:53:25 am »

Continued....screenshots:
openvpn configuration:

8

19.7 Legacy Series / Re: openvpn service - remote clients unable to connect

« on: January 31, 2020, 12:51:23 am »

Hello banym,

So this is what we have done today...
There was another patch released today (we are in US California) and we installed it bringing the base version from: 19.7.10 to 19.7.10_1

This did not resolved the issue with openvpn instance.

Than, just hours later major update was issued, and we installed it, bringing the base to: 20.1

Once done, we wiped out clean the local CA, and all the certificates.
Generated the new internal CA, and the server certificate for the openvpn instance, as well as a user certificate.

A new openvpn instance was configured using GUI+Wizard, openpvn config files was generated using 'Client Export' tab in GUI, config files was copied to the client machine, and.... nothing - client can't connect.

Please note - to be consistent, we have used exact same network infrastructure to replicate same process using software called PFsense, and it's very similar to OPNsense, except the openvpn instance worked right a way with no issues, clients (the same client machine) connect with no problems to the PFsense instance as expected.

We also tested the client machine against a commercial version of OpenVPN appliance - no problems, client connects just fine.

This excludes client machine as potential source of the issue and it appears that OPNsense+openvpn is not properly ... ether configured, or we missed something in config, or there is in fact a bug.

Please find attached screen shots of the firewall rules, opnevpn instance configuration and  the logs generated on openvpn instance running on OPNsense base when client attempts to connect.

Please let me and users in general, to know if there is a tested and approved official set-up guidelines or a guide for the openvpn configuration that is consistent/up to date version of OPNsense.

The current posted guide in OPNsense docs is out of date and following that guide - did not resolved to a working server/client openvpn set up.
 
Damien.

9

19.7 Legacy Series / [solved] OPNSense ver 19.7.10 and 20.1 openvpn service

« on: January 30, 2020, 10:14:15 am »

Hello OPNsense community,
Please take a look at the bug/issue I opened on github:

https://github.com/opnsense/core/issues/3899

Basic openvpn instance is set ( in testing we did both - gui+wizard and manual in gui) and ... remote clients unable to successfully negotiate a TLS session. instance was set up as TLS+user auth server.

Certs are generated, and in place, firewall rules configured... logs where looked at, we could not get it work

Official guide for setting up the openvpn instance does not match the gui options of the most current and... stable OPNsense instance. There is no more options in the 'Client config export'  for mobile platforms.

Logs are posted on github...

If someone has been able to set up openvpn instance using OPNsense version 'OPNsense 19.7.10-amd64' - please comment and share your experience. 

Thank you.

DM

10

19.1 Legacy Series / GUI Firmware upgrade - no longer works correctly

« on: March 25, 2019, 02:03:46 am »

Hi guys, after upgrading the firmware from 19.1.3 to 19.1.4, subsequent attempts to check against a repository mirror, returns a banner message in GUI "Could not find the repository on the selected mirror."

Changing the "Firmware Mirror" to other mirrors on the list has no effect.

Please advise how this can be mitigated.

Thank you.

11

18.7 Legacy Series / 18.7.9-amd64 GUI firewall - aliases mising description field

« on: December 20, 2018, 09:50:12 am »

Hello OPNsese community.
Could some one advise me if what I am experiencing is a bug in a GUI or software is functioning as designed.
I am running OPNsense 18.7.9-amd64 and it appears that I do not have an option for description field when creating an host type of alias.
I have looked at the wiki pages for OPNsense, and there is a different looking GUI elements with description field present for host(s) type of alias, while my actual instance of OPNses completely missing that option all together.

Please see screen-shots attached.