Messages

Hi,
as subject line, running on 26.1.1. Had migrated firewall rules succesfully. Upon creating a new vlan and device, the rules have reverted to only showing in the legacy firewall rules pane.

Has anyone else had similar?

Hi,
Bit of an odd one, checking with ISP, but current upstream seems to be limited in terms of speed.
I had setup shaper on upload, then removed it all, but the Shaper status still shows Pipes/Queues still in place?

Is there a way to remove the remaining entities to rule out affecting my upload speed?

Hi,
I have a Sophos SG 450 Rev1 with OPNSense on it working flawlessly.
However I would like to use the LCD screen, has anyone had any luck or could someone advise how to go about diagnostics to reverse engineer it to work with LCDProc?

Thanks

Waiting to catch it again, been away for the weekend. Will do some digging.
It did happen again on Friday, and its resolved by unplugging the port and replugging.
Not sure which end is causing it, as using a cable modem that has restricted access to it.

Hi,
Could someone suggest how to track down why my uplink to my modem goes down randomly?
Disconnectin and reconnecting the cable works, but I am trying to find out if I have a hardware problem or a software network driver issue causing hanging.

FYI the Sophos Flexiport card NICs are 'I350 Gigabit Network Connection'

Very frustrating!

Thanks in advance.

Having had a further read from ExpressVPN, an article suggested clearing the Routing table, which I completed with no luck.

I have read this link: https://github.com/opnsense/core/issues/2610 and despite opevpn not running:

Code Select Expand

root@OPNsense:~ # ps aux | grep openvpn
root@OPNsense:~ # ls -lah /var/etc/openvpn/*.sock
srwxrwxrwx  1 root  wheel     0B Jun 25 13:20 /var/etc/openvpn/client1.sock
root@OPNsense:~ #


I seem to have a socket created?

Further reading https://github.com/opnsense/core/issues/3223#issuecomment-465714685 explains the issue. I guess I'll have to wait for a fix... :-(

Hi all,

hoping someone can point me in the right direction?

Have setup OpenVPN client to use ExpressVPN as per their instructions. It worked a couple of times but now I get the following errors:

Code Select Expand

Jun 25 09:17:12 openvpn[38277]: Exiting due to fatal error
Jun 25 09:17:12 openvpn[38277]: TCP/UDP: Socket bind failed on local address [AF_INET]10.***.0.**:0: Can't assign requested address (errno=49)
Jun 25 09:17:12 openvpn[38277]: Socket Buffers: R=[42080->524288] S=[57344->524288]
Jun 25 09:17:12 openvpn[38277]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.***.110.***:1195
Jun 25 09:17:12 openvpn[38277]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Jun 25 09:17:12 openvpn[38277]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Jun 25 09:17:12 openvpn[38277]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 25 09:17:12 openvpn[38277]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
Jun 25 09:17:12 openvpn[15394]: library versions: OpenSSL 1.0.2s 28 May 2019, LZO 2.10
Jun 25 09:17:12 openvpn[15394]: OpenVPN 2.4.7 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 4 2019
Jun 25 09:17:12 openvpn[15394]: WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible
Jun 25 09:17:12 openvpn[5889]: SIGTERM[hard,] received, process exiting
Jun 25 09:17:10 openvpn[5889]: /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown ovpnc1 1500 1557 10.****.0.** 10.***.0.** init
Jun 25 09:17:10 openvpn[5889]: Closing TUN/TAP interface
Jun 25 09:15:10 openvpn[5889]: /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpnc1 1500 1557 10.***.0.** 10.***.0.** init
Jun 25 09:15:10 openvpn[5889]: /sbin/ifconfig ovpnc1 10.***.0.** 10.***.0.** mtu 1500 netmask 255.255.255.255 up
Jun 25 09:15:10 openvpn[5889]: TUN/TAP device /dev/tun1 opened
Jun 25 09:15:10 openvpn[5889]: TUN/TAP device ovpnc1 exists previously, keep at program end
Jun 25 09:15:10 openvpn[5889]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jun 25 09:15:10 openvpn[5889]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jun 25 09:15:10 openvpn[5889]: Data Channel: using negotiated cipher 'AES-256-GCM'
Jun 25 09:15:10 openvpn[5889]: OPTIONS IMPORT: data channel crypto options modified
Jun 25 09:15:10 openvpn[5889]: OPTIONS IMPORT: adjusting link_mtu to 1629
Jun 25 09:15:10 openvpn[5889]: OPTIONS IMPORT: peer-id set
Jun 25 09:15:10 openvpn[5889]: OPTIONS IMPORT: --ifconfig/up options modified
Jun 25 09:15:10 openvpn[5889]: OPTIONS IMPORT: compression parms modified
Jun 25 09:15:10 openvpn[5889]: OPTIONS IMPORT: timers and/or timeouts modified
Jun 25 09:15:10 openvpn[5889]: Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Jun 25 09:15:10 openvpn[5889]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Jun 25 09:15:10 openvpn[5889]: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Jun 25 09:15:10 openvpn[5889]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.***.0.*,comp-lzo no,route 10.***.0.*,topology net30,ping 10,ping-restart 60,ifconfig 10.***.0.** 10.***.0.**,peer-id 26,cipher AES-256-GCM'
Jun 25 09:15:10 openvpn[5889]: SENT CONTROL [Server-4262-1a]: 'PUSH_REQUEST' (status=1)
Jun 25 09:15:08 openvpn[5889]: [Server-4262-1a] Peer Connection Initiated with [AF_INET]185.**.110.***:1195
Jun 25 09:15:08 openvpn[5889]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Jun 25 09:15:08 openvpn[5889]: VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-4262-1a, emailAddress=support@expressvpn.com
Jun 25 09:15:08 openvpn[5889]: VERIFY X509NAME OK: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-4262-1a, emailAddress=support@expressvpn.com
Jun 25 09:15:08 openvpn[5889]: VERIFY EKU OK
Jun 25 09:15:08 openvpn[5889]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jun 25 09:15:08 openvpn[5889]: Validating certificate extended key usage
Jun 25 09:15:08 openvpn[5889]: VERIFY KU OK
Jun 25 09:15:08 openvpn[5889]: VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
Jun 25 09:15:08 openvpn[5889]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jun 25 09:15:08 openvpn[5889]: TLS: Initial packet from [AF_INET]185.**.110.***:1195, sid=88eea284 5df0331e
Jun 25 09:15:08 openvpn[5889]: UDP link remote: [AF_INET]185.**.110.***:1195
Jun 25 09:15:08 openvpn[5889]: UDP link local: (not bound)
Jun 25 09:15:08 openvpn[5889]: Socket Buffers: R=[42080->524288] S=[57344->524288]
Jun 25 09:15:08 openvpn[5889]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.**.110.***:1195
Jun 25 09:15:08 openvpn[5889]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Jun 25 09:15:08 openvpn[5889]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Jun 25 09:15:08 openvpn[5889]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

IP addresses in above obfuscated.

Reading another post:https://forum.opnsense.org/index.php?topic=6376.0 suggested restarting dpinger, however I cannot find any mention of dpinger in the services, I tried re-installing the package with no luck.

Here is a screenshot of the OpenVPN connection status page:


Completetly stuck and dont know what to do now? HELP!