OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of guyp2k »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - guyp2k

Pages: [1] 2 3
1
24.7 Production Series / Re: IPsec issues with 24.7.2
« on: August 29, 2024, 12:47:35 pm »
Quote from: allan on August 29, 2024, 01:49:43 am
Quote from: guyp2k on August 28, 2024, 06:27:42 pm
Finally reaching out for some help after following this thread and applying both patches Franco released the other day, and I am still struggling with IPSEC tunnels dropping. I am terminating between a Sonicwall 2650 and OPNSense, prior to 24.7.2 no issues, now having issues w/ P2 dropping. Below is the issue I think and I have validated that proposals match:

2024-08-28T10:25:58-05:00   Informational   charon   06[IKE] no acceptable proposal found   
2024-08-28T10:25:58-05:00   Informational   charon   06[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ, ESP:AES_GCM_16_256/MODP_2048/NO_EXT_SEQ   
2024-08-28T10:25:58-05:00   Informational   charon   06[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ   
2024-08-28T10:25:58-05:00   Informational   charon   06[ENC] parsed CREATE_CHILD_SA request 31 [ SA No TSi TSr ]

The Sonicwall does not have PFS enabled. This is confirmed by the missing MODP_2048 in received proposals. You should pick "default" for your ESP.

Thank You, I enabled PFS on the SW and all is good.

2
24.7 Production Series / Re: IPsec issues with 24.7.2
« on: August 28, 2024, 06:27:42 pm »
Finally reaching out for some help after following this thread and applying both patches Franco released the other day, and I am still struggling with IPSEC tunnels dropping. I am terminating between a Sonicwall 2650 and OPNSense, prior to 24.7.2 no issues, now having issues w/ P2 dropping. Below is the issue I think and I have validated that proposals match:

2024-08-28T10:25:58-05:00   Informational   charon   06[IKE] no acceptable proposal found   
2024-08-28T10:25:58-05:00   Informational   charon   06[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ, ESP:AES_GCM_16_256/MODP_2048/NO_EXT_SEQ   
2024-08-28T10:25:58-05:00   Informational   charon   06[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ   
2024-08-28T10:25:58-05:00   Informational   charon   06[ENC] parsed CREATE_CHILD_SA request 31 [ SA No TSi TSr ]

If I restart the IPSEC service, the tunnel will come up and stay up for an hour or less and then I see P2 disconnected.

OPNSense WAN FW Rules, see attachments.

Here what I have selected in OPNSense and SonicWall, see attachment.










3
24.7 Production Series / Re: 24.7.2 dropped WAN Rules for VPN
« on: August 26, 2024, 04:02:16 am »
Spent the entire weekend redoing the IPSEC tunnels, manually adding in the WAN rules and thought that had addressed the issue, nope just received a call they are down. Rolling back until this is resolved.

Tempted to adding another GW as someone suggested.

4
24.7 Production Series / Re: IPsec issues with 24.7.2
« on: August 23, 2024, 05:10:18 pm »
To address this issue I enabled DPD:


5
24.7 Production Series / Re: IPsec issues with 24.7.2
« on: August 23, 2024, 03:51:31 pm »
+1 for me as well after upgrading, IPSEC tunnels drop after a short period of time, service restart addresses the issue. Just a a FYI, if you need logs, glad to provide.

Thanks

6
General Discussion / Re: UDP Broadcast Relay
« on: December 03, 2022, 09:56:36 pm »
Quote from: PigeonEgo on January 31, 2022, 04:50:22 am
Quote from: guyp2k on December 30, 2021, 12:26:43 am
Curious if anyone has had any success w/ Logitech Harmony Hubs? If so, would you mind sharing some specifics.

ROON and SONOS is working fine, but have been unable to setup the Logitech HUBs across VLANs.

NM, think it's working now, had to use multicast of 224.0.0.1 and port 5224.

Thanks

Can you share what your entry is to get Roon working? I have read on Roon forums that it needs port 9003, but that doesn't seem sufficient. I have Airplay and Sonos working, but not Roon.

Yes, added 9003 to UDPBR, selected interfaces/networks, and created a FW rule to allow my ROON server to talk to the other networks. That's about it and was a minimul effort.

7
General Discussion / Re: UDP Broadcast Relay
« on: December 30, 2021, 12:26:43 am »
Curious if anyone has had any success w/ Logitech Harmony Hubs? If so, would you mind sharing some specifics.

ROON and SONOS is working fine, but have been unable to setup the Logitech HUBs across VLANs.

NM, think it's working now, had to use multicast of 224.0.0.1 and port 5224.

Thanks

8
21.7 Legacy Series / Re: 21.7 Boot hang at “Configuring VLAN interfaces...” with imported 21.1 config
« on: August 02, 2021, 03:25:27 pm »
Please disregard, read a few posts back and I'm good.

9
21.7 Legacy Series / Re: 21.7 Boot hang at “Configuring VLAN interfaces...” with imported 21.1 config
« on: July 31, 2021, 01:24:30 am »
Is the following OK to upgrade?


10
Virtual private networks / OPNsensePIAWireguard Script Safe?
« on: June 24, 2021, 04:29:35 pm »
Curious if anyone has implemented the following:

https://github.com/FingerlessGlov3s/OPNsensePIAWireguard

I wanted to make sure that it is safe and nothing to be concerned with. I have implemented in OPNSENSE and no issues, looked at script (looks fine to me) however, given my limited knowledge thought I would aske here for feedbck.

Thanks

11
General Discussion / Re: UDP Broadcast Relay
« on: September 24, 2020, 01:10:50 am »
Have this working w/ Sonos app and Roon endpoints, now I am working on the Spotify app. Anyone have any specifics for Spotify?

I read where Spotify uses TCP 4070, but that was unsuccessful.

Installed mDNS repeater and that addressed the issue w/ Spotify and other devices on other VLANs.

@marjohn56, will your plugin do mDNS?


Thanks

12
General Discussion / Re: UDP Broadcast Relay
« on: September 22, 2020, 12:20:00 am »
Thanks for the reply and that is straight-forward and works fine. where I am confused is specific to the plugin, obviously when you have that FW rule enabled you can communicate across networks and I was under the impression that the plugin would take care of not having to create FW rules.

I'm sorry, but call me confused, which is not difficult...

TIA

13
General Discussion / Re: UDP Broadcast Relay
« on: September 21, 2020, 10:41:09 pm »
Not having much success, but here is the FW rule I setup, see attached.



Any feedback would be appreciated. One question, if you setup a FW rule to pass traffic between the 2 networks wouldn't that defeat the purpose of this plugin?

Thanks

14
General Discussion / Re: UDP Broadcast Relay
« on: September 21, 2020, 07:48:51 pm »
I assume I am going to have to setup a firewall rule based on the log beow:

filterlog[12364]   16,,,0,igb1,match,block,in,4,0x0,,1,15941,0,DF,17,udp,129,172.16.20.1,239.255.255.250,48581,1900,109

Trying to access my Sonos that sits in my IOT VLAN (20) from the my LAN. I have a FW rule that allows access to VLAN20 (IOT), but the VLAN20(IOT) does not have access to my LAN network. I assume I am on the right track here?

Thanks

15
20.7 Legacy Series / Re: GeoIP-Alias error after updating to 20.7.2
« on: September 13, 2020, 03:05:12 pm »
I had the same issue and the following change under "firewall-settings-advanced-Firewall Maximum Table Entries, increased to 800000 resolved the issue.

Pages: [1] 2 3
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2