Messages

I have enabled IPS Mode, and I see Alerts for OPN_Social_Media - Facebook - DNS request for facebook.com from my DNS server to quad9 (9.9.9.9 and 9.9.9.10), but facebook is still loading. It's not blocking the request and I'm still able to load the page.

I am testing the social_media rule to determine if IPS is working before configuring everything else. But it's not. Also, I've tried multiple configs, but it seems flaky because I add LAN to interfaces and include local scope in Home Networks, yet I'm not seeing the activity on my admin computer address reliably. Please help me troubleshoot what I have set incorrectly.

Please disregard. I have found that using a different browser and restarting the OPNSense firewall was what was needed.

Thank you for the link, I checked all of this and suspect that it could be that I need to forward port 1194 to the first IP on my remote subnet (10.0.8.1), but I missed my deadline and won't be able to try this until later in the week. I have already made an exception for the primary Viscocity application and the port on my client's workstation in and out. I will try port forwarding and post my results.

Hey folks,

I am having an issue getting my VPN to work. I see logs in both ends (Client and OPNsense) and they both read the same I think for the most part. But I can't seem to figure out why the handshake keeps failing. I am attaching the logs with my IP address replaced with <MY IP> for privacy. Can someone please help, this is time-sensitive, I need it working by Noon tomorrow.

Edit: BTW, I followed the tutorial at https://www.sparklabs.com/support/kb/article/setting-up-an-openvpn-server-with-opnsense-and-viscosity/

Hyper-V will force the time so you could try to disable NTP (clear the servers in the settings).

But then again if Hyper-V wants to sync it a minute in the past / future the time of the Windows running Hyper-V is simply off and that could be fixed.

Another approach would be to disable Hyper-V time sync in the host. No idea how to do that.


Cheers,
Franco

This did the trick. Thank you folks!

Okay, I'll try that today. Thank you!

Sent from my Pixel 3 XL using Tapatalk

Thank you for responding. My instance is running on a Dell R710 with Windows Server 2016 in a Hyper-V instance. I will try to change the time in UEFI/BIOS today, it's just difficult because I access the server via network and OPNsense runs my network. (I need to clone the Hyper-V instance and let the clone take over while I change the UEFI settings)

Code Select Expand

Date                 Message
Nov 28 10:52:47 ntpd[6708]: receive: Unexpected origin timestamp 0xe18a95d1.631c8f0c does not match aorg 0000000000.00000000 from server@72.30.35.89 xmt 0xe18a95ff.6c85933f
Nov 28 10:06:51 ntpd[6708]: receive: Unexpected origin timestamp 0xe18a8b0d.5e27dd79 does not match aorg 0000000000.00000000 from server@108.61.73.244 xmt 0xe18a8b3b.511790d3
Nov 28 10:06:51 ntpd[6708]: receive: Unexpected origin timestamp 0xe18a8b0d.5e2102df does not match aorg 0xe18a8b3b.4861524a from server@184.60.28.49 xmt 0xe18a8b3b.4d92ba88
Nov 28 08:23:33 ntpd[6708]: receive: Unexpected origin timestamp 0xe18a72d7.a0952c7f does not match aorg 0xe18a7305.7a93e2f1 from server@184.60.28.49 xmt 0xe18a7305.7d7905a7
Nov 28 08:17:46 ntpd[6708]: receive: Unexpected origin timestamp 0xe18a717c.b16a1cec does not match aorg 0xe18a71aa.90de33a7 from server@72.30.35.89 xmt 0xe18a71aa.88e8005e
Nov 28 07:30:32 ntpd[6708]: receive: Unexpected origin timestamp 0xe18a666a.6a99dc2c does not match aorg 0000000000.00000000 from server@184.60.28.49 xmt 0xe18a6698.3efb2d80
Nov 28 06:58:25 ntpd[6708]: receive: Unexpected origin timestamp 0xe18a5ee3.ba57b5e5 does not match aorg 0000000000.00000000 from server@72.30.35.89 xmt 0xe18a5f11.86af40bb
Nov 28 06:01:23 ntpd[6708]: receive: Unexpected origin timestamp 0xe18a5185.aa776b4c does not match aorg 0000000000.00000000 from server@184.60.28.49 xmt 0xe18a51b3.6bda5042
Nov 28 05:04:14 ntpd[6708]: receive: Unexpected origin timestamp 0xe18a4420.78c8503b does not match aorg 0xe18a444e.1d8f1bd9 from server@108.61.73.244 xmt 0xe18a444e.1fd24683
Nov 28 03:59:41 ntpd[6708]: receive: Unexpected origin timestamp 0xe18a3500.2ae3ac85 does not match aorg 0000000000.00000000 from server@184.60.28.49 xmt 0xe18a352d.caa14f40
Nov 28 03:30:55 ntpd[6708]: receive: Unexpected origin timestamp 0xe18a2e41.6ac7cf31 does not match aorg 0xe18a2e6f.027e9698 from server@184.60.28.49 xmt 0xe18a2e6f.0b703387
Nov 28 02:37:30 ntpd[6708]: receive: Unexpected origin timestamp 0xe18a21bc.f113ab69 does not match aorg 0000000000.00000000 from server@72.30.35.89 xmt 0xe18a21ea.889fa0ec
Nov 28 01:32:20 ntpd[6708]: receive: Unexpected origin timestamp 0xe18a1276.8a261ad6 does not match aorg 0000000000.00000000 from server@184.60.28.49 xmt 0xe18a12a3.fd05ef14
Nov 28 01:12:34 ntpd[6708]: receive: Unexpected origin timestamp 0xe18a0dd4.e9842520 does not match aorg 0000000000.00000000 from server@72.30.35.89 xmt 0xe18a0e02.6fdb8bdd
Nov 28 00:05:40 ntpd[6708]: receive: Unexpected origin timestamp 0xe189fe26.bab19831 does not match aorg 0000000000.00000000 from server@72.30.35.89 xmt 0xe189fe54.2fa70970
Nov 27 21:50:10 ntpd[6708]: receive: Unexpected origin timestamp 0xe189de64.ba34facb does not match aorg 0xe189de92.0088703e from server@72.30.35.89 xmt 0xe189de92.07378714
Nov 27 21:50:10 ntpd[6708]: receive: Unexpected origin timestamp 0xe189de64.ba2e0a90 does not match aorg 0xe189de92.008723d8 from server@108.61.73.244 xmt 0xe189de92.050536dd
Nov 27 20:00:58 ntpd[6708]: receive: Unexpected origin timestamp 0xe189c4cd.0cad8995 does not match aorg 0000000000.00000000 from server@184.60.28.49 xmt 0xe189c4fa.43ef2fcc
Nov 27 19:54:04 ntpd[6708]: receive: Unexpected origin timestamp 0xe189c32e.d28079a9 does not match aorg 0xe189c35c.09dde8c0 from server@184.60.28.49 xmt 0xe189c35c.088b0407
Nov 27 19:39:35 ntpd[6708]: kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized
Nov 27 19:39:35 ntpd[6708]: kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized
Nov 27 19:39:35 ntpd[6708]: Listening on routing socket on fd #27 for interface updates
Nov 27 19:39:35 ntpd[6708]: Listen normally on 6 hn0 [2001:558:600a:c2:68a4:27a9:c44c:5b0f]:123
Nov 27 19:39:35 ntpd[6708]: Listen normally on 5 hn0 73.19.35.19:123
Nov 27 19:39:35 ntpd[6708]: Listen normally on 4 hn0 [fe80::215:5dff:fe01:fd19%5]:123
Nov 27 19:39:35 ntpd[6708]: Listen normally on 3 lo0 127.0.0.1:123
Nov 27 19:39:35 ntpd[6708]: Listen normally on 2 lo0 [::1]:123
Nov 27 19:39:35 ntpd[6708]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Nov 27 19:39:35 ntpd[6708]: Listen and drop on 0 v6wildcard [::]:123
Nov 27 19:39:35 ntpd[6708]: restrict: 'monitor' cannot be disabled while 'limited' is enabled
Nov 27 19:39:35 ntpd[6708]: gps base set to 2019-11-10 (week 2079)
Nov 27 19:39:35 ntpd[6708]: basedate set to 2019-11-08
Nov 27 19:39:35 ntpd[6708]: proto: precision = 0.099 usec (-23)
Nov 27 19:39:35 ntpd[71464]: Command line: /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
Nov 27 19:39:35 ntpd[71464]: ntpd 4.2.8p13@1.3847-o Wed Nov 20 03:44:23 UTC 2019 (1): Starting
Nov 27 19:39:35 ntpd[66154]: 132.163.96.2 local addr 73.19.35.19 -> <null>
Nov 27 19:39:35 ntpd[66154]: 216.239.35.12 local addr 73.19.35.19 -> <null>
Nov 27 19:39:35 ntpd[66154]: 96.245.170.99 local addr 73.19.35.19 -> <null>
Nov 27 19:39:35 ntpd[66154]: 129.250.35.250 local addr 73.19.35.19 -> <null>
Nov 27 19:39:35 ntpd[66154]: 162.159.200.123 local addr 73.19.35.19 -> <null>
Nov 27 19:39:35 ntpd[66154]: 69.89.207.199 local addr 73.19.35.19 -> <null>
Nov 27 19:39:35 ntpd[66154]: ntpd exiting on signal 15 (Terminated)

My OPNsense instance seems to be off by 1 minute. By this I mean that the Dashboard current time reads 1 minute behind my computers and my phone. Normally this wouldn't be a problem, but I have noticed that when I log into OPNsense with my TOTP, I have to wait until the token expires before I can submit or the logon will fail. I've added both Google and NIST NTP servers to the list. Can someone please help me fix this?

Thank you!

I don't know what I'm looking for. Can someone please help?

I'm relatively new to OPNsense. Could you please tell me how to do that?

Okay, so I gave that a try... It is still allowing the traffic to come through.

So... WAN [IN]? I will give that a try.

I try to create rules, but it seems that the rules aren't being used. When I place a rule in Floating if I set the rule to be both in and out, on any interface, on any network, with the source and destination ports set to my port range... It seems to do nothing.

I've followed various guides. But there are a number of things I don't understand. Like do I put all of the rules in the same part of the firewall? Should I use source or destination? Do I use floating or LAN or WAN? There seem to be too many variables.

If you meant with the VPN, I acted according to the following directions modifying the details for the provider: http://chronicgeekage.blogspot.com/2019/02/opnsense-and-pia-private-internet-access.html

Hi folks,

I have a VPN service configured in OPNsense 19.7.4 and I want to use it exclusively for P2P traffic. I have an alias configured for the ports that I want to filter by. I want to block these ports from accessing my default gateway and force them to my second gateway. I want to force all other traffic to use the default gateway. I have been looking through the documentation, but the process to do this is unclear to me. Can anyone help?

Note: Currently, when the VPN is on, all traffic gets blocked (or is passed to the VPN and it's not working). The only way to gain access to the internet is to turn off the VPN. It would seem that OPNsense is trying to pass all traffic through the VPN, but I can't seem to figure out how to fix this. I also can't seem to figure out if I should place the rules in Floating, WAN or LAN.