Messages

1

20.7 Legacy Series / Re: openVpn client + virtual IPs issue or bug ? help ...

« on: November 14, 2020, 01:46:58 pm »

THE problem is :

if you setup dns with gateway via VPN (System: Settings: General)... AND your vpn provider with a DNS name in openvpn setup : there is a big problem !

vpn.myvpnprov.com ... .can't be resolved, so no tun is up .

For solving that issue i simply put the public ip fo my VPN provider in openvpn conf.

But the GUI always complains with (when trying to save WAN_VPN iface), any way the conf is working , weird  :

The following input errors were detected:

    This interface is referenced by IPv4 VIPs. Please delete those before setting the interface to 'none' configuration.
    This interface is referenced by IPv4 VIPs. Please delete those before setting the interface to 'none' configuration.
    This interface is referenced by IPv4 VIPs. Please delete those before setting the interface to 'none' configuration.

2

20.7 Legacy Series / Re: openVpn client + virtual IPs issue or bug ?

« on: November 14, 2020, 12:27:16 pm »

i decide to reboot firewall ... in order to see if the conf is stable  ...
my openvpn tun don't want to up. 

there is something wrong with:

openvpn + virtual ips !

3

20.7 Legacy Series / openVpn client + virtual IPs issue or bug ? help ...

« on: November 14, 2020, 11:47:11 am »

hum openSense is probably having a BIG bug !!!!

what is the best gateway conf for this conf ? (perhaps my problem is here ?)
 
i have an openVpn client setup , tun is up , ok. (ovpnc2), on WAN iface
VPN-1 UDP    11.11.11.129(gw)   11.11.11.185(ip)    2020-11-14 00:03:44    325 KB    275 KB    up

So i do an assignement of ovpnc2 to virtual iface WAN_VPN (virtual interface in oprder to fully manage incomming and outgoing packets)

then i create 3 virtual ip on "WAN_VPN" using public IPs given by my vpn provider using Interfaces \ Virtual IPs \ settings :

- 11.11.11.101/32 , gw 11.11.11.129
- 11.11.11.102/32 , gw 11.11.11.129
- 11.11.11.103/32 , gw 11.11.11.129

Then i change Upstream gateway to VPN one, same thing for system \ settings \ general

And if i came back to Interface\ WAN_VPN , then simply clic on SAVE :

The following input errors were detected:

    This interface is referenced by IPv4 VIPs. Please delete those before setting the interface to 'none' configuration.
    This interface is referenced by IPv4 VIPs. Please delete those before setting the interface to 'none' configuration.
    This interface is referenced by IPv4 VIPs. Please delete those before setting the interface to 'none' configuration.

(the config seems to work afterall !!)

Where am i  wrong ?

4

20.7 Legacy Series / Re: openVPN issue "connecting , then fatal error" : bug ?

« on: November 14, 2020, 11:39:37 am »

you're right, i will create another post.
for openvpn , it's solved

5

20.7 Legacy Series / Re: openVPN issue "connecting , then fatal error"

« on: November 14, 2020, 12:34:10 am »

Solveed for openvpn ... sorry

6

20.7 Legacy Series / Re: openVPN issue "connecting , then fatal error"

« on: November 13, 2020, 11:32:12 pm »

?

7

20.7 Legacy Series / Re: openVPN issue "connecting , then fatal error"

« on: November 13, 2020, 10:35:48 pm »

i have setup another opnsense firewall same version, hardware etc : i can connect to my vpn provider.
can someone help me please ?

8

20.7 Legacy Series / [SOLVED] openVPN issue "connecting , then fatal error" : bug ?

« on: November 13, 2020, 10:28:07 pm »

is it possible to totaly purge openvpn configuration ?

2020-11-13T22:26:14   openvpn[21309]   Exiting due to fatal error
2020-11-13T22:26:14   openvpn[21309]   TCP/UDP: Socket bind failed: Addr to bind has no AF_INET6 record
2020-11-13T22:26:14   openvpn[21309]   Socket Buffers: R=[42080->42080] S=[57344->57344]
2020-11-13T22:26:14   openvpn[21309]   TCP/UDP: Preserving recently used remote address: [AF_INET6]2a00:5881:4000::3:1194
2020-11-13T22:26:14   openvpn[21309]   NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-11-13T22:26:14   openvpn[21309]   WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2020-11-13T22:26:09   openvpn[21309]   Restart pause, 5 second(s)
2020-11-13T22:26:09   openvpn[21309]   SIGUSR1[soft,ping-restart] received, process restarting
2020-11-13T22:26:09   openvpn[21309]   [UNDEF] Inactivity timeout (--ping-restart), restarting
2020-11-13T22:25:13   openvpn[21309]   MANAGEMENT: Client disconnected
2020-11-13T22:25:13   openvpn[21309]   MANAGEMENT: CMD 'state all'
2020-11-13T22:25:13   openvpn[21309]   MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
2020-11-13T22:25:09   openvpn[21309]   MANAGEMENT: Client disconnected
2020-11-13T22:25:09   openvpn[21309]   MANAGEMENT: TCP send error: Broken pipe
2020-11-13T22:25:09   openvpn[21309]   MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
2020-11-13T22:25:09   openvpn[21309]   UDP link remote: [AF_INET]89.234.140.3:1194
2020-11-13T22:25:09   openvpn[21309]   UDP link local (bound): [AF_INET]192.168.1.185:0
2020-11-13T22:25:09   openvpn[21309]   Socket Buffers: R=[42080->42080] S=[57344->57344]
2020-11-13T22:25:09   openvpn[21309]   TCP/UDP: Preserving recently used remote address: [AF_INET]89.234.140.3:1194
2020-11-13T22:25:04   openvpn[21309]   NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-11-13T22:25:04   openvpn[21309]   WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2020-11-13T22:25:04   openvpn[21309]   MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client2.sock
2020-11-13T22:25:04   openvpn[15688]   library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
2020-11-13T22:25:04   openvpn[15688]   OpenVPN 2.4.9 amd64-portbld-freebsd12.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 21 2020
2020-11-13T22:25:04   openvpn[15688]   WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible

Probably vpn provider issue OR issue openvpn : i do a factory reset then re appky the config file ... it's ok

9

20.1 Legacy Series / Re: Stuck at Trying to mount root from ufs:/dev/ufs/OPNsense_Install [ro,noatime]...

« on: May 10, 2020, 12:16:07 am »

I change SATA cable and upgrade BIOS of my mother board (LANNER, FW-7580)

10

20.1 Legacy Series / Re: Stuck at Trying to mount root from ufs:/dev/ufs/OPNsense_Install [ro,noatime]...

« on: May 09, 2020, 09:17:01 pm »

And with pfsense 2.4.5 it  stuck at :

em5: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0xac00-0xac1f mem 0xfe7e0000-0xfe7fffff,0xfe7dc000-0xfe7dffff irq 17 at device 0.0 on pci2

11

20.1 Legacy Series / Re: Live Boot Hanging During Install

« on: May 09, 2020, 07:31:25 pm »

same issue here.

"Trying to mount root from ufs:/dev/ufs/OPNsense_Install [ro,noatime]"
GEOM: new disk ada1

and nothing ....

In verbose

Code: [Select]

kbd0 at atkbd0
kbd0: atkbd0, generic (0), config:0x0, flags:0x1f0000
ioapic0: routing intpin 1 (ISA IRQ 1) to lapic 1 vector 64
atkbd0: [GIANT-LOCKED]
random: harvesting attach, 8 bytes (4 bits) from atkbd0
psm0: unable to allocate IRQ
random: harvesting attach, 8 bytes (4 bits) from atkbdc0
pcib0: allocated type 4 (0x3f0-0x3f5) for rid 0 of fdc0
pcib0: allocated type 4 (0x3f7-0x3f7) for rid 1 of fdc0
fdc0 failed to probe at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
isa_probe_children: probing PnP devices
est0: <Enhanced SpeedStep Frequency Control> on cpu0
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 61a4c2106004c21
device_attach: est0 attach returned 6
est1: <Enhanced SpeedStep Frequency Control> on cpu1
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 61a4c2106004c21
device_attach: est1 attach returned 6
Device configuration finished.
procfs registered
lapic: Divisor 2, Frequency 99752039 Hz
Timecounters tick every 1.000 msec
vlan: initialized, using hash tables with chaining
lo0: bpf attached
enc0: bpf attached
IPsec: Initialized Security Association Processing.
tcp_init: net.inet.tcp.tcbhashsize auto tuned to 16384
pflog0: bpf attached
pfsync0: bpf attached
hptnr: no controller detected.
hptrr: no controller detected.
hpt27xx: no controller detected.
ugen0.1: <Intel UHCI root HUB> at usbus0
ugen4.1: <Intel EHCI root HUB> at usbus4
uhub0: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
uhub1: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus4
ugen1.1: <Intel UHCI root HUB> at usbus1
ugen3.1: <Intel UHCI root HUB> at usbus3
uhub2: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus1
ata0: reset tp1 mask=03 ostat0=50 ostat1=00
uhub3: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus3
ugen2.1: <Intel UHCI root HUB> at usbus2
uhub4: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2
ata0: stat0=0x50 err=0x01 lsb=0x00 msb=0x00
ata0: stat1=0x00 err=0x00 lsb=0x00 msb=0x00
ata0: reset tp2 stat0=50 stat1=00 devices=0x1
ata0: DMA limited to UDMA33, controller found non-ATA66 cable
uhub0: 2 ports with 2 removable, self powered
random: harvesting attach, 8 bytes (4 bits) from uhub0
uhub2: 2 ports with 2 removable, self powered
random: harvesting attach, 8 bytes (4 bits) from uhub2
uhub3: 2 ports with 2 removable, self powered
random: harvesting attach, 8 bytes (4 bits) from uhub3
uhub4: 2 ports with 2 removable, self powered
random: harvesting attach, 8 bytes (4 bits) from uhub4
ata2: SATA reset: ports status=0x04
ata2: p0: SATA connect timeout status=00000000
ata2: p1: SATA connect time=0ms status=00000123
ata2: reset tp1 mask=03 ostat0=7f ostat1=50
ata2: stat0=0x7f err=0x00 lsb=0xff msb=0xff
ata2: stat1=0x50 err=0x01 lsb=0x00 msb=0x00
ata2: reset tp2 stat0=7f stat1=50 devices=0x2
ata3: SATA reset: ports status=0x00
ata3: p0: SATA connect timeout status=00000000
ata3: p1: SATA connect timeout status=00000000
uhub1: 8 ports with 8 removable, self powered
random: harvesting attach, 8 bytes (4 bits) from uhub1
pass0 at ata0 bus 0 scbus0 target 0 lun 0
pass0: <CF CARD Ver7.04> ATA-5 device
pass0: Serial Number 5B6A13EB0
pass0: 33.300MB/s transfers (UDMA2, PIO 512bytes)
pass1 at ata2 bus 0 scbus1 target 1 lun 0
pass1: <TOSHIBA MK1655GSX FG011C> ATA8-ACS SATA 2.x device
pass1: Serial Number 69LBF40GS
pass1: 300.000MB/s transfers (SATA 2.x, UDMA5, PIO 8192bytes)
ada0 at ata0 bus 0 scbus0 target 0 lun 0
GEOM: new disk ada0
ada0: <CF CARD Ver7.04> ATA-5 device
ada0: Serial Number 5B6A13EB0
ada0: 33.300MB/s transfers (UDMA2, PIO 512bytes)
ada0: 3811MB (7806960 512 byte sectors)
ada1 at ata2 bus 0 scbus1 target 1 lun 0
ada1: <TOSHIBA MK1655GSX FG011C> ATA8-ACS SATA 2.x device
ada1: Serial Number 69LBF40GS
ada1: 300.000MB/s transfers (SATA 2.x, UDMA5, PIO 8192bytes)
ada1: 152627MB (312581808 512 byte sectors)
Trying to mount root from ufs:/dev/ufs/OPNsense_Install [ro,noatime]...
GEOM: new disk ada1


12

20.1 Legacy Series / Stuck at Trying to mount root from ufs:/dev/ufs/OPNsense_Install [ro,noatime]...

« on: May 09, 2020, 07:26:35 pm »

Hello,

when i'm trying to install i am stuck on this message :
"Trying to mount root from ufs:/dev/ufs/OPNsense_Install [ro,noatime]..."

When ussing this image  :
sudo dd  if=OPNsense-20.1-OpenSSL-serial-amd64.img of=/dev/sdf bs=16k

if i deconnect my SATA Disk (target of my future install) : live opnsense si working  (on 4GB CF Card)

13

20.1 Legacy Series / Re: i'm trying to go with ipv6 with opnsense between ISP modem and LAN ... not ok ..

« on: March 02, 2020, 07:29:04 pm »

finally  get it wprking buit DHCPv only give ip not dns or gw parameter !

14

20.1 Legacy Series / Re: i'm trying to go with ipv6 with opnsense between ISP modem and LAN ... not ok ..

« on: March 01, 2020, 08:59:03 pm »

if i do a factory reset, then let default config ....
LAN computer with IPV6 ONLy can't connect to internet (for sure local link is working ...) ... (ipv4 can !)

15

20.1 Legacy Series / i'm trying to go with ipv6 with opnsense between ISP modem and LAN ... not ok ..

« on: March 01, 2020, 06:37:12 pm »

it's seems that opnsense default install block multicast traffic on lan ... why ?

(ffe80:: xxxxxx           f02::16            ip            Default deny rule ...)