Messages

1

20.7 Legacy Series / Routing Help

« on: December 16, 2020, 10:19:01 pm »

Hi,
We are implementing a new OPNSense on 10G Network on Dell Server with 10G interface.
This is the scenario
OPN 20.7.5 on HA
NIC1 - WAN
NIC2 VLAN X - LAN -> Routing/FW with about 250 /24 (Internal and MPLS Networks)
NIC2 VLAN y - DMZ -> 1 Other HA OPN DMZ Firewall with 5 /24 networks (5 different DMZs)

Behind the perimeter OPN We have several networks.

The problem is that only connected vlan can surf on internet: all routed network, doesn't go outside, but from firewall i can ping everytihng.

any idea?

2

20.7 Legacy Series / Re: Firewall Rule with destination Public IP Address

« on: December 05, 2020, 09:28:22 pm »

Sorry.
When i do NAT, on the Firewall rule menu i need to specify internal ip address as destination object?
is it corret or there is a way to configure a Public ip address?

3

20.7 Legacy Series / Firewall Rule with destination Public IP Address

« on: December 04, 2020, 12:47:28 pm »

Hi all,
We are trying to play with NAT in order to achive the Firewall rule on WAN interface with Public IP Address Alias like destination.

We tryied all this 4 scenario.
This scenario it seems to be impossible to realize.
1 Forwarding rule to NONE -> Firewall rule Matched but no nat applied
2 Forwarding rule to Unassociated -> It works but with Private IP on Firewall rule table (Auto addedd)
3 Forwarding rule to associated -> It work with private IP address but not a dynamic solution: only onle rule
4 Forwarding rule to pass -> It work but without control by firewall rule

What is the best one in order to have more than one rule per destination ip and if it is possible a Pubblic IP like destination on Firewall rule?

Many Many Many thanks

4

German - Deutsch / Re: Blocklist Empfehlungen

« on: October 02, 2020, 01:52:28 pm »

Hi,
sorry for the bìobvious question but can you share the alias object settings use to download the Firehol ip set?
I am new and i am trying to understand.

thanks

5

19.7 Legacy Series / Re: OSPF Errors

« on: August 13, 2019, 11:06:40 am »

You are right.
But if we didn't set it passive, no hello packet go outside MPLS interfaces.
At the end We decide to switch back to static routing.
This behavior is not standard.
We tried with gateway failover.. it is working, not as expected but better than with frr routing.

Thanks to all

6

19.7 Legacy Series / Re: OSPF Errors

« on: August 09, 2019, 11:34:57 am »

We discovered that it seems to be required to have the WAN interface on passive or active state, OSPF speaking.
Without this settings, no OSPF hello packets will go on the wire.....

7

19.7 Legacy Series / FRR Protocols Changes

« on: August 09, 2019, 11:32:58 am »

Hi,
We have 4 OPN 19.7.2 virtual delivered on a Geographical Layer 2 with OSPFv2 to manage routing, disaster recovery of internal and external network.
Every time We change some settings on FRR plugin routing protocols We need to reboot to take effect.

1 is it only our problems or it's known problems?
2 If We want to exchange OSPFv2 Hellp on other nic other than MPLS we need to configure all the remaining interfaces like passive, especially the WAN: witohut WAN no Hello packet on MPLS interface also. is it known problems?

Thanks

8

General Discussion / Re: Rules are applied to all IP Alias IPs

« on: August 07, 2019, 12:01:33 pm »

Hi,
We had the same behaviour on firewall rules.
We we changed with ip address everytinghs gone.
We used 19.7.2 on virtual
Strange

9

19.7 Legacy Series / Re: OSPF Errors

« on: August 05, 2019, 02:19:51 pm »

Technically speaking yes, because is a Layer 2 MPLS.
Is there some place to take logs os something else, packet capture laready shared, to show to provider to help to demostrate that is a Provider problems and not OPN?

Thanks

10

19.7 Legacy Series / OSPF Errors

« on: August 05, 2019, 11:47:05 am »

Hi Guys,
We deliver 3 OPN box on a Layer 2 geographical MPLS.
Every time we restarted the frr daemon We receive this errors.
Jul 31 09:36:46   zebra[63820]: client 9 says hello and bids fair to announce only ospf routes vrf=0
Jul 31 09:36:44   zebra[62162]: Terminating on signal
Jul 31 09:36:44   zebra[62162]: client 9 disconnected. 0 ospf routes removed from the rib
Jul 31 09:36:44   zebra[62162]: Client 'ospf' encountered an error and is shutting down.
Jul 31 09:36:44   ospfd[35643]: Terminating on signal
Jul 30 17:38:42   zebra[62162]: client 9 says hello and bids fair to announce only ospf routes vrf=0
Jul 30 16:54:40   zebra[19959]: client 9 says hello and bids fair to announce only ospf routes vrf=0
Jul 30 16:54:39   zebra[45022]: Terminating on signal
Jul 30 16:53:43   zebra[95862]: Terminating on signal
Jul 30 16:53:43   zebra[95862]: client 9 disconnected. 0 rip routes removed from the rib
Jul 30 16:53:43   zebra[95862]: Client 'rip' encountered an error and is shutting down.

If We do the same configuration with direct cable everithings working well.
Have you some suggestions for us to show the Layer 2 MPLS provider that he is doing some packet adjustments?

Our environment is based on OPN 19.7.1

Thanks