Messages

1

19.7 Legacy Series / Re: Virtual IPs blocked, no port forward

« on: October 19, 2019, 01:42:08 am »

I've resolved the issue. I think I may have found a bug that has been persistent for several versions. My current running opnsense is version 19.1 which is still dealing with this problem (will fix when I can stop all services).

I have been testing on a fully updated 19.7 which experienced the same error.

The problem was with my Aliases

Apparently, Alias names cannot be numbers only.
I named my Aliases according to the last octet of my usable static IP leases.

So my IP 10.10.10.211 > Alias name: 211

My logs showed there was a syntax error on line 20 of /tmp/rules.debug

Code: [Select]

[There were error(s) loading the rules: /tmp/rules.debug:52: syntax error - The line in question reads [52]:211 =]
The syntax appeared normal when comparing two Aliases (opnsense and 211 below):

Code: [Select]

table <opnsense> persist
opnsense = "<opnsense>"
table <211> persist
211 = "<211>"

As soon as I remove the numbers-only Aliases and restart all services - the firewall loads properly and port forwarding is working as expected. No syntax errors either.

I have not found anywhere that makes this notice in naming the Alias. Likewise, the GUI has no problem accepting the name.

2

19.7 Legacy Series / [SOLVED - BUG?] Virtual IPs blocked, no port forward

« on: October 18, 2019, 08:59:15 pm »

I really need help, I've spent days working on this and I'm at wit's end.

I have a a /29 CIDR block of static IPs from my ISP.

Nothing I try will get any traffic forwarded through OPNsense to my LAN hosts using my Virtual IPs.
I have tried several suggestions found on the forums or elsewhere when searching for a solution.

From what I can tell, I've done everything right and OPNsense should be able to forward traffic using the Virtual IPs to LAN clients.

My setup:
WAN is configured with static IPv4 using first usable static IP from my ISP.
WAN is configured to use the Gateway of my /29 CIDR block of IPs and the Gateway is set to default.
Firewall > Virtual IPs > has my other usable static IPs configured.
LAN configured with 192.168.30.0/24 subnet.


Firewall: NAT: Port Forward:

Interface: WAN
Proto: TCP
Source: any
Source Ports: any
Destination: WAN address
Destination Port: HTTP
NAT IP: 192.168.30.100
NAT Ports: HTTP

Result: Success. I can reach the LAN server at 192.168.30.100 by accessing the IP assigned to my WAN interface.

My Virtual IP NAT: Port Forward rule:

Interface: WAN
Proto: TCP
Source: any
Source Ports: any
Destination: [Virtual IP]*
Desination Port: HTTP
NAT IP: 192.168.30.100
NAT Ports: HTTP

* Note on [Virtual IP]: I have attempted using an Alias using IP Alias for Host(s) with the Static/Virtual IP;
I have tried using the Virtual IP without the Alias;
I have tried using Single host or Network and defining the Virtual IP.

Result: Connection Refused

I can see traffic in the Logs calling the Virtual IP- but every request is refused.

I've also tested the LAN/HTTP host (192.168.30.100) and configured its network with one of my usable static IPs and NOT behind OPNsense.
Result: Success

Virtual IPs are pingable from WAN and LAN interfaces.

Code: [Select]

# /sbin/ping -S '192.168.30.1' -c '3' '[Virtual IP]'
PING [Virtual IP] ([Virtual IP]) from 192.168.30.1: 56 data bytes
64 bytes from [Virtual IP]: icmp_seq=0 ttl=64 time=0.172 ms
64 bytes from [Virtual IP]: icmp_seq=1 ttl=64 time=0.190 ms
64 bytes from [Virtual IP]: icmp_seq=2 ttl=64 time=0.123 ms

--- [Virtual IP] ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.123/0.162/0.190/0.028 ms

Ive tried only one rule for port 80/HTTP using only my Virtual IP;
and I've also tried different ports, all with the same results.
Only the WAN interface IP will port forward, and no joy for Virtual IPs.

I have not created any other firewall rules. Am I missing something?
Everything I have found concerning multiple Static IPs suggests my configuration should work.

3

19.1 Legacy Series / Re: Outbound NAT rules ignored

« on: June 21, 2019, 12:44:00 am »

So I changed the the NAT Outbound mode to manual and it caused all outbound traffic to stop.
It's as if my outbound rules are ignored completely.

I see several posts about Outbound NAT with no replies. If you think you can help me, please share your thoughts.
Thanks.

4

19.1 Legacy Series / Outbound NAT rules ignored

« on: June 20, 2019, 12:07:50 pm »

With my ISP I get a dynamic IP and I have also purchased several static IP addresses.
I noticed that gmail said it could not authenticate the sender and Microsoft is bouncing the mail entirely.

At first I thought it was only my SPF records. But, as I investigated I found out that all email is being sent through the WAN dynamic IP.

I have tried every way I can imagine to make the Outbound NAT work but I have had no success.
I have tried with Virtual IPs.. as well as working interface IPs that are assigned to ports.

Every change results in the WAN/dynamic IP being used.

My outbound NAT mode is: Hybrid outbound NAT rule generation
Any thoughts on what I might be missing to get this setup?

5

19.1 Legacy Series / Re: Network devices dropping

« on: June 04, 2019, 11:36:07 am »

I have dozens of VPS connected. That's not really practical.


Its just happened again. This time I had left the console on the shell so it wasn't locked up and i was able to resolve the matter without rebooting.

My WAN port was down. Pings to the WAN gateway said host was down.
To restore I issued

Code: [Select]

ipconfig em9 down/up
I never touched anything physical and all devices that are bypassing opnsense have no connectivity problems. Something is up and im not sure how to resolve it

6

19.1 Legacy Series / Network devices dropping

« on: June 02, 2019, 09:41:00 am »

Recently my opnsense system has been intermittently crashing multiple times a day.

I am still able to access the web GUI through opnsense the LAN address but am unable to ping the WAN gateway.
If I bypass opnsense my other devices communicate with the WAN normally.
Opnsense console appears to be locked up (attachment) and I must reboot to restore connectivity until it occurs again.

That has been the case for a few days, but today it was slightly different wherein my LAN interface went down but the console remained up. I was able to restore connectivity by issuing (ifconfig em6 down/up).

I'm not sure what's going on. Right now I've bypassed opnsense on a few devices that need stable uptime which is of course not ideal

Any thoughts that might help me?

7

18.7 Legacy Series / OpenVPN on internal IP?

« on: January 21, 2019, 05:52:48 am »

Is it possible to run OpenVPN ontop of OPNsense for internal connections only?

I currently have OPNsense behind a modem/router and setup as the DMZ.

So far it has worked well except that I would like to allow clients on the router above to be able to connect to OPNsense via OpenVPN.

The OpenVPN server is setup authenticating ONLY with clients that are on a different external IP.

When changing the FQDN to the OPNsense WAN interface IP, every attempt fails to connect.

I do not see any traffic on OPNsense logs indicating why it has failed.

Any suggestions to make this work?
Thanks for your time!

8

18.7 Legacy Series / Cloudflare Dynamic DNS API broke in update

« on: January 21, 2019, 05:35:25 am »

I preformed an upgrade and now my Dynamic DNS settings for Cloudflare fail.

Ive reverted back and it works again.

I have two systems with the same symptoms.
(1) OPNsense 18.1.13_1-amd64 -- Cloudflare works until updated
(2) Clean install using OPNsense-18.7-OpenSSL-dvd-amd64.iso -- Cloudflare works until updated

Cached IP shows 0.0.0.0 and does not update.
When researching the problem I only find old mentions at pfsense from years ago

Any thoughts?