Messages

Hi,
We are implementing a new OPNSense on 10G Network on Dell Server with 10G interface.
This is the scenario
OPN 20.7.5 on HA
NIC1 - WAN
NIC2 VLAN X - LAN -> Routing/FW with about 250 /24 (Internal and MPLS Networks)
NIC2 VLAN y - DMZ -> 1 Other HA OPN DMZ Firewall with 5 /24 networks (5 different DMZs)

Behind the perimeter OPN We have several networks.

The problem is that only connected vlan can surf on internet: all routed network, doesn't go outside, but from firewall i can ping everytihng.

any idea?

Sorry.
When i do NAT, on the Firewall rule menu i need to specify internal ip address as destination object?
is it corret or there is a way to configure a Public ip address?

Hi all,
We are trying to play with NAT in order to achive the Firewall rule on WAN interface with Public IP Address Alias like destination.

We tryied all this 4 scenario.
This scenario it seems to be impossible to realize.
1 Forwarding rule to NONE -> Firewall rule Matched but no nat applied
2 Forwarding rule to Unassociated -> It works but with Private IP on Firewall rule table (Auto addedd)
3 Forwarding rule to associated -> It work with private IP address but not a dynamic solution: only onle rule
4 Forwarding rule to pass -> It work but without control by firewall rule

What is the best one in order to have more than one rule per destination ip and if it is possible a Pubblic IP like destination on Firewall rule?

Many Many Many thanks

Hi,
sorry for the bìobvious question but can you share the alias object settings use to download the Firehol ip set?
I am new and i am trying to understand.

thanks

You are right.
But if we didn't set it passive, no hello packet go outside MPLS interfaces.
At the end We decide to switch back to static routing.
This behavior is not standard.
We tried with gateway failover.. it is working, not as expected but better than with frr routing.

Thanks to all

We discovered that it seems to be required to have the WAN interface on passive or active state, OSPF speaking.
Without this settings, no OSPF hello packets will go on the wire..... :'(

Hi,
We have 4 OPN 19.7.2 virtual delivered on a Geographical Layer 2 with OSPFv2 to manage routing, disaster recovery of internal and external network.
Every time We change some settings on FRR plugin routing protocols We need to reboot to take effect.

1 is it only our problems or it's known problems?
2 If We want to exchange OSPFv2 Hellp on other nic other than MPLS we need to configure all the remaining interfaces like passive, especially the WAN: witohut WAN no Hello packet on MPLS interface also. is it known problems?

Thanks

Hi,
We had the same behaviour on firewall rules.
We we changed with ip address everytinghs gone.
We used 19.7.2 on virtual
Strange

Technically speaking yes, because is a Layer 2 MPLS.
Is there some place to take logs os something else, packet capture laready shared, to show to provider to help to demostrate that is a Provider problems and not OPN?

Thanks

Hi Guys,
We deliver 3 OPN box on a Layer 2 geographical MPLS.
Every time we restarted the frr daemon We receive this errors.
Jul 31 09:36:46   zebra[63820]: client 9 says hello and bids fair to announce only ospf routes vrf=0
Jul 31 09:36:44   zebra[62162]: Terminating on signal
Jul 31 09:36:44   zebra[62162]: client 9 disconnected. 0 ospf routes removed from the rib
Jul 31 09:36:44   zebra[62162]: Client 'ospf' encountered an error and is shutting down.
Jul 31 09:36:44   ospfd[35643]: Terminating on signal
Jul 30 17:38:42   zebra[62162]: client 9 says hello and bids fair to announce only ospf routes vrf=0
Jul 30 16:54:40   zebra[19959]: client 9 says hello and bids fair to announce only ospf routes vrf=0
Jul 30 16:54:39   zebra[45022]: Terminating on signal
Jul 30 16:53:43   zebra[95862]: Terminating on signal
Jul 30 16:53:43   zebra[95862]: client 9 disconnected. 0 rip routes removed from the rib
Jul 30 16:53:43   zebra[95862]: Client 'rip' encountered an error and is shutting down.

If We do the same configuration with direct cable everithings working well.
Have you some suggestions for us to show the Layer 2 MPLS provider that he is doing some packet adjustments?

Our environment is based on OPN 19.7.1

Thanks