Messages

Hi, I trying diagnose some problems in my network and I try trace route between my router and a specific site, but doesn't matter the source address I choose, the trace route always out from gateway marked as (active).
I have 3 gateways from different ISP, is it a misconfiguration or is as expected?

ISP-2

# /usr/sbin/traceroute -w 2 -n  -m '18' -s '187.49.XXX.XXX'   'google.com'
traceroute to google.com (142.251.129.78) from 187.49.XXX.XXX, 18 hops max, 40 byte packets
1  177.53.XXX.XXX  0.156 ms  0.210 ms  0.143 ms
2  10.101.101.0  2.679 ms  2.375 ms  2.372 ms
3  172.31.23.17  3.140 ms  2.235 ms  2.217 ms
4  172.31.31.253  2.079 ms *  2.182 ms

ISP-3

# /usr/sbin/traceroute -w 2 -n  -m '18' -s '200.232.XXX.XXX'   'google.com'
traceroute to google.com (142.251.129.78) from 200.232.XXX.XXX, 18 hops max, 40 byte packets
1  177.53.XXX.XXX  0.167 ms  0.218 ms  0.154 ms
2  10.101.101.0  3.090 ms  2.414 ms  2.320 ms
3  172.31.23.17  11.007 ms  2.084 ms  2.127 ms
4  172.31.31.253  1.972 ms  1.938 ms  1.986 ms

ISP-(active)

# /usr/sbin/traceroute -w 2 -n  -m '18' -s '177.53.XXX.XXX'   'google.com'
traceroute to google.com (142.251.129.78) from 177.53.XXX.XXX, 18 hops max, 40 byte packets
1  177.53.XXX.XXX  0.262 ms  0.160 ms  0.148 ms
2  10.101.101.0  4.328 ms  2.644 ms  2.315 ms
3  172.31.23.17  2.268 ms  2.227 ms  2.214 ms
4  * 172.31.31.253  2.000 ms *

Thanks for the help

Hi, I just restore a backup configuration and the updates stop working by follow error:

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 21.7.2_1 (amd64/OpenSSL) at Fri Oct  1 07:31:55 -03 2021
Fetching changelog information, please wait... Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
4043429134336:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
fetch: https://pkg.opnsense.org/FreeBSD:12:amd64/21.7/sets/changelog.txz.sig: Authentication error
Updating OPNsense repository catalogue...
Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
1018153291776:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
1018153291776:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
1018153291776:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
1018153291776:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
1018153291776:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
1018153291776:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
pkg: https://mirror.cloudfence.com.br/opnsense/FreeBSD:12:amd64/21.7/latest/meta.txz: Authentication error
repository OPNsense has no meta file, using default settings
Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
1018153291776:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
1018153291776:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3
1018153291776:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
pkg: https://mirror.cloudfence.com.br/opnsense/FreeBSD:12:amd64/21.7/latest/packagesite.txz: Authentication error
Unable to update repository OPNsense
Error updating repositories!
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***

I think is because intermediate certificate was changed and restore backup recover the old one, how can I force the /etc/ssl/cert.pem to be updated by the new one again?

Hi, it seams similar to my https://forum.opnsense.org/index.php?topic=24766.0 , I have two wan and wireguard vpn just accept connections on active gateway, that is tier 1

Hi, I have a opnsense with two ISP,  both have their IP address, but for incomming connections wireguard just works with the active gateway, if ISP1 is active I can connect to wireguard in his IP address, but don't on ISP2
I switch the priority and ISP2 became active, wireguard on ip from ISP1 stops and works on ISP2.

All other services accept connection in both ISP, I miss something?

Thanks for help

Hi, It is possible keep accepting incoming connections when the gateway was switched to offline by latency thresholds?

When the gateway have high latency for me is interesting, that outbound switch to another gateway link, but some services like vpn, https reverse proxy must continue incoming in that gateway, but it stops.

It is possible? There are any solution for my case?

Thanks for advance