Messages

1

General Discussion / Re: OPNsense - Multi-WAN - established VPN connection still using Tier 2 Gateway

« on: August 30, 2023, 10:07:42 pm »

great news upgraded right now to OPNsense 23.7.3-amd64.
i will check and report if the behaviour is better now.
thank you very much!

I would very much welcome this option, as on my side the Tier 2 gateway is limited (100GB / month) and after that, all connections are slowed down to 64kbit/s.
In my case, a short interruption is much better than reaching the monthly limit.

Thank you very much I really appreciate your work!

2

General Discussion / Re: OPNsense - Multi-WAN - established VPN connection still using Tier 2 Gateway

« on: August 30, 2023, 09:50:08 pm »

I'm sorry for that. We run on:

Version:
OPNsense 23.7.2-amd64
FreeBSD 13.2-RELEASE-p2

More details:
Trigger level in gateway group is set to "packet loss"
All other values/options are set to default.

It's a Zero Trust Tunnel by Cloudflare:
https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/install-and-setup/tunnel-guide/remote/

3

General Discussion / OPNsense - Multi-WAN - established VPN connection still using Tier 2 Gateway

« on: August 30, 2023, 09:47:26 pm »

Hi everyone,
I have successfully made an OPNsense - Multi-WAN configuration. **yeahh** Thank you for great documentation.
The tests were also successful, only with established VPN connections I have a strange behavior.

I have 2 gateways in a gateway group

Tier 1 100Mbps
Tier 2 5Mbps

If I boot the OPNsense and all gateways work as expected, the VPN connections are fast and I feel (Reporting -> Traffic) like I'm going through the Tier 1 gateway.
However, if a failure occurs on Tier 1, tier 2 gateway on the gateway group takes over as expected.
Everything as expected so far.

However, if Tier 1 Gateway is available again, the established VPN connection is still using Tier 2 Gateway.
New connections are established via Tier 1.
Is there a way to "force" all also existing connections to use Tier 1 Gateway as well?

Thank you

4

General Discussion / Backup & restore result in a disk failure and reboot loop

« on: September 02, 2020, 11:07:04 pm »

Hi,
i just want to share my experience after my OPNsense failed the second time and i could not restore my xml backup file.
Restoring the xml backup file, result always in a reboot loop caused by a disk failure, but disk is/was 100% good.
Several gray hairs later and spending several hours investigating this issue:
Workaround found: I had to remove these line from the backup xml file. After that, restore was successful. Anyone any idea why this result in a disk failure?

Code: [Select]

    <IDS version="1.0.5">
      <rules/>
      <userDefinedRules/>
      <files>
        <file uuid="5bdd53f6-0552-4a45-a981-78a674e70657">
          <filename>opnsense.uncategorized.rules</filename>
          <filter/>
          <enabled>1</enabled>
        </file>
        <file uuid="837a812c-2eaa-491c-ab91-7f5240ddc4a6">
          <filename>opnsense.test.rules</filename>
          <filter/>
          <enabled>1</enabled>
        </file>
       
... 8< ....

        <file uuid="f76ddd41-0d1c-4171-896b-e1c0ddd4a333">
          <filename>abuse.ch.sslblacklist.rules</filename>
          <filter/>
          <enabled>1</enabled>
        </file>
        <file uuid="578e0b99-0a57-4c0f-865e-5d436a691c8c">
          <filename>abuse.ch.feodotracker.rules</filename>
          <filter/>
          <enabled>1</enabled>
        </file>
      </files>
      <fileTags/>
      <general>
        <enabled>1</enabled>
        <ips>1</ips>
        <promisc>0</promisc>
        <interfaces>opt2,wan,opt3,opt4,lan,opt1</interfaces>
        <homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
        <defaultPacketSize/>
        <UpdateCron>139165dc-593b-49c4-a468-03c9e8975c0e</UpdateCron>
        <AlertLogrotate>D0</AlertLogrotate>
        <AlertSaveLogs>4</AlertSaveLogs>
        <MPMAlgo>ac</MPMAlgo>
        <detect>
          <Profile>medium</Profile>
          <toclient_groups/>
          <toserver_groups/>
        </detect>
        <syslog>0</syslog>
        <syslog_eve>0</syslog_eve>
        <LogPayload>0</LogPayload>
      </general>
    </IDS>




Another workaround was, restore ALL from original xml backup file and restore only section "opnsense additions" from a clean machine xml backup file. But some important sections were missing, so this is a bad workaround.

Hope this helps anyone else running into the same issue.

BR schtebo

5

General Discussion / OPNsense Multi WAN, 2 Interface or 1 Interface?

« on: June 22, 2020, 08:41:37 am »

Hi,
i have one question regarding "OPNsense Multi WAN".
I found some articles/docs and videos. They all use for this scenario 2 Interfaces with 2 different IP networks. For example:
External 1 Network = 192.168.0.0/24
--> LTE Router: 192.168.0.1
--> OPNSense: 192.168.0.200
 
External 2 Network = 192.168.1.0/24
--> DSL Router: 192.168.1.1
--> OPNSense: 192.168.1.200

But is also possible to use only 1 Interface (External)? Like that?

External Network = 192.168.0.0/24
--> LTE Router --> 192.168.0.1
--> DSL Router --> 192.168.0.2
--> OPNSense --> 192.168.0.200



Thank you + BR

6

General Discussion / translate the ip address 8.8.8.8 to 192.168.1.53

« on: November 27, 2019, 08:31:35 am »

Hi,
is it possible to translate the ip address 8.8.8.8 to 192.168.1.53? and how can i do that?
192.168.1.53 is my internal dns-server.
my goal is, that all queries send to 8.8.8.8 will be answered by my own dns-server.
thank you + br
schtebo