Messages

1

23.7 Legacy Series / Re: Free range routing - BGP redistribution.

« on: August 30, 2023, 11:56:11 pm »

Hi Harps,
I am a heavy BGP user regarding OPNSense; however, all my installs are OPNSense business.

I know there is diff between OPNSense Business and the CE. Are you running the CE version or the OBE?

In case you're running the OBE, I am more than happy to assist.

Kind regards
Nils

2

General Discussion / Re: troubleshooting dhcpv6

« on: December 02, 2022, 09:35:47 pm »

Late response, but did you get this working? I've the same lame issue, where I can see my client is getting a ipv6 address but outside the subnet of the interface providing dhcpv6.
Cheers
NIels

3

Intrusion Detection and Prevention / Re: Suricata, LAN and VLAN

« on: January 19, 2021, 04:24:19 pm »

Hi all,

I seem to encounter the same issues. I've 3 setups running IDS/IPS.

First setup is a VM guest with 3 interfaces (vmx0,1,2)
IDS/IPS is configured no VLANs or laggs, so promiscuous mode is not selected.
This is working like a rocket, the only issue is that real-time traffic graphs (REPORTING/TRAFFIC) are not working once you enable IDS/IPs. I think there is already a case open for that as well.

The second setup is a DEC2670 (cluster). With vlanned interfaces.
IDS is configured VLANs so promiscuous mode is selected.
As soon as I enable IPS, no more traffic possible from inside. The only way to recover is to restore a backup.

The third setup is a DEC4610 (single). With lagg interfaces
IDS is configured vlans+laggs so promiscuous mode is selected.
As soon as I enable IPS, no more traffic possible from inside. The only way to recover is to restore a backup.

I think there is an issue with VLANs and lagg. The documentation is also not clear. Do I only need to select the physical interface, lagg interface of vlanned interface, or all of them to work?

I am pretty confident that it works perfectly with normal interfaces, but as soon as LAGG's or VLAN's appear it is kinda unpredictable...
Niels

 

4

20.7 Legacy Series / Re: Fine tuning BGP

« on: November 01, 2020, 09:07:20 pm »

mimugmail,

That's what I expected as well. Probably have to report a bug.
Whatever I put into the "set"  field, it doesn't end up in the vtysh "sh run" .

I see the route maps, but no configuration is added under the header.

Any place where I can find logging where it is logs the parsing of the supplied config?

Niels

5

20.7 Legacy Series / Fine tuning BGP

« on: November 01, 2020, 05:47:44 pm »

Hi guys,

I need some help fine-tuning my FRR BGP Setup.

In particular, setting up "set" parameters on the Route Map.

I need to set a weight or local-preference on the route map via the "set" option as shown on the "Edit route Maps" screen.

However, I've tried adding the following combinations there, but it just doesn't show up in the actual config when issuing sh run from vtysh.

I tried:
local-preference 300
"local-preference 300"
set local-preference 300
"set local-preference 300"

I tried the same for weight, with the same results, they just don't show up in the actual config.

I can add them using "vtshy" and conf term. But I would rather have it done by the gui

Any recommendations on the correct syntax for the "Set" field is more than welcome.

Cheers
Niels

6

German - Deutsch / Re: DHCP Failover in CARP Cluster unknown-state

« on: November 01, 2020, 05:06:18 pm »

Nils,

Sorry for the late response. Yes, we run on Deciso hardware. It has been quite problematic to get a stable cluster inside VMWARE ESX. Sometimes it works, sometimes it fails, depending on which physical host the machines are running.

Niels

7

German - Deutsch / Re: DHCP Failover in CARP Cluster unknown-state

« on: October 06, 2020, 01:07:28 pm »

Nils,

Were you able to resolve the issue? I am having exactly the same problem at this moment.
Disabling the peer resolves the issue, but that is not really a solution for the long term.

Niels

8

20.7 Legacy Series / Re: Extreme slow login GUI and SSH (same as 20.1)

« on: October 04, 2020, 12:27:26 pm »

I found the root cause, had nothing to do with aliases.
Problem was with RADIUS not responding as expected.

2020-10-04T12:22:39   opnsense[32536]   Radius unexpected response:
2020-10-04T11:56:18   opnsense[42422]   Radius unexpected response:
2020-10-04T11:55:53   opnsense[13094]   Radius unexpected response:
2020-10-04T11:55:43   opnsense[78258]   Radius unexpected response:
2020-10-04T11:55:26   opnsense[55908]   Radius unexpected response:
2020-10-04T11:54:12   opnsense[30413]   Radius unexpected response:


Will have a look to see why this magicly starts happening
Cheers and have a great sunday.
Niels

9

20.7 Legacy Series / Extreme slow login GUI and SSH (same as 20.1)

« on: October 04, 2020, 12:07:14 pm »

It seems I am having the same issues as @karam
https://forum.opnsense.org/index.php?topic=15922.0

We are preparing to migrate from our old PFSense to our new OPNSense on DEC2690 (https://www.applianceshop.eu/security-appliances/19-rack-appliances/opnsense-based/opnsense-dual-a10-qc-ssd-rack-gen2.html)

I recreated almost all of the aliases. (now totaling 143) however, when I login via SSH or WEBGUI it takes forever to login.

I do have a lot of nested aliases. For instance, I created a "PROTO_WEB" as an alias and created two aliases "PORT_HTTP" and "PORT_HTTPS". I've added PORT_HTTP and HTTPS to PROTO_WEB.

Is this normal behavior? Is this tuneable? At the moment this is a big show stopper.

Kind regards
Niels

 

10

20.1 Legacy Series / Re: Restore from Google drive

« on: September 08, 2020, 04:09:49 pm »

I can confirm this. Found out the hardway that password-less configurations cannot be restored!
I agree this needs to be addressed.
NIels

11

20.7 Legacy Series / Re: Help || instalation

« on: August 26, 2020, 08:16:35 pm »

Hi Chandan,

I understand you need some help here. First, let us try to get rid of any no-brainers, you may have done so, but I just want to be sure.

1. Update your 946gmx bios
2. Reset the bios to factory defaults
3. enable USB booting

Now that we have covered that let's go to the USB booting part. (Assuming Windows)
1. Get a decent USB stick, not a 50 cents aliexpress one.
2. download your image from opnsense.org/download
- get amd64 / vga
3. You should end up with "OPNsense-20.7-OpenSSL-vga-amd64.img.bz2"
4. Use 7-zip to extract the img file from the bz2 file
5. Now you should have  a 1,8Gb img file
6. Start Win32Disk imager
7. Select "OPNsense-20.7-OpenSSL-vga-amd64.img" as the Image file
8. Select your favorite USB stick as "Device"
9. select Write
You are now on you way in frying a OPNSense bootable USB stick.

Once finished, remove it from your PC and insert it in the designated firewall.
You should now see OPNSense booting.
Log in using "installer" to get in installed to your Firewall.

Good luck

12

20.7 Legacy Series / Re: BGPv4 died after upgrade to 20.7

« on: August 26, 2020, 08:00:58 pm »

mimugmail,

Will schedule update during the next maintenance window.

Hope it will be solved.

Niels

13

20.7 Legacy Series / Re: Virtual IP disappeared from GUI after update to 20.7

« on: August 26, 2020, 07:59:24 pm »

Franco,

Thanks for that my bad.

Niels

14

20.7 Legacy Series / BGPv4 died after upgrade to 20.7

« on: August 26, 2020, 01:41:51 pm »

BGP Table is fucked up

* >   10.4.0.0/16   0.0.0.0   0      32768   i
1 0 .   60.0.0/17 0.0   .0.0   0   32   768 i   
1 0 .   60.4.128/25 0.0   .0.0   0   32   768 i   
* >   10.60.132.0/22   0.0.0.0   0      32768   i
* >   10.60.136.0/24   0.0.0.0   0      32768   i
* >   10.60.251.0/24   0.0.0.0   0      32768   i

As you can see it is "shifted" a bit. (second and third line)...

Seems to be a parsing error of the configuration. the other side is not receiving any route updates as well (logical in this situation..)

Please advise.
NIels

15

20.7 Legacy Series / Virtual IP disappeared from GUI after update to 20.7

« on: August 26, 2020, 01:15:38 pm »

VIP's seem to have disappeared from GUI. Just updated a cluster and VIP's are not to be found in the GUI below "firewall". Direct link does work.. (https://x.y.z.t/firewall_virtual_ip.php#Firewall_VIP).