Messages

Hallo,

ich habe auf der Opensense neben dem laufenden OpenVPNServer eine Instance angelegt. Die Instance läuft.
Der OpenVPNServer hat folgende Regel:

IPv4 *    10.10.10.0/24    *    192.168.1.0/24    *    *    *       Allow VPN Traffic

Es war unmöglich folgende Regel für die Instance anzulegen:

IPv4 *    10.10.9.0/24    *    192.168.1.0/24    *    *    *       Allow Instance Traffic

Ich bekam bei Single host or Network immer die Fehlermeldung: No results matched
Egal ob Source oder Destination.

Nächte später per Zufall die Lösung gefunden: die vorhandene Regel clonen, dann konnte ich sie anpassen.
Jetzt läuft alles.
Somit kann ich jetzt schleichend auf die Instancen migrieren.

VG

After playing with a test environment I will conclude that this wouldn't work.
Both Opensense worked in single mode but together only one system is usable.
I found out that the reason was the gateway address used in LAN. The gateway showed to one of the Opensense. So a ping via vpn through this system got an answer, a ping through the other system got no answer. After changing the gateway adress to the other Opensense the function changed to the other system. I set two gateway addresses in the LAN but without any result - Windows decided by itself which gateway-address will be used.
Is there a way to get both systems working?

Hi,
all adjustments are equal but the IP-addresses. Routing tables also. There is one thing that is very strange:
I login via VPN on the old Opensense. I can reach all systems in the LAN behind the Opensense but the new firewall. A ping with 192.168.1.253 gets no answer.
I will build a testenvironment at home with the same constellation. I'm very curious about it.

I have one Opensense that works fine:
192.168.1.254 (Lan)
OPNsense 23.7.10_1-amd64
FreeBSD 13.2-RELEASE-p7
OpenSSL 1.1.1w
Rdp works fine.

For migration I installed a second Opensense parallel to the first one with the latest updates:
192.168.1.253 (Lan)
OPNsense 24.1.5_2-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13

I'm able to connect both via VPN from outside, also I'm able to connect the webgui. The configuration match, very often checked but I'm not able to ping a system in then Lan via VPN from outside with the new opensense (253) - see attachment, a simplified network diagram. So it is impossible to connect any PC in the Lan via Rdp.
I become desperate with the updated system so I fear to update all other Opensense systems.
Is there something important to know about the version 24?

Since the update to OPNsense 24.1.1-amd64 it is not possible to get a vpn connection.
I renewed all certificates but without success. I checked all settings but I even get the message:

TLS Error: TLS key negotiation failed to occur within 60 seconds

My backup opensense with OPNsense 23.7.10_1-amd64 works fine.

Is this perhabs a known problem?

When starting wol on the dashboard I get no message like starting wol from the service menu bar.
In addition the online/offline indicator is not up-to-date so you are not sure if the system is waked up or not.
Is there a way to refresh the indicator in shorter time intervalls?

Hello,
I created the vpn-server exact after the docomention of Road-Warrior but I'm not able to select an Encryption algorithm or an Auth Digest Algorithm.
In contrast to another Firewall I have a new feature: DH Parameters Length
What's going wrong?

Thanks a lot in advance,
Roger

One night later :-)
I did an update and it works again