1
24.7 Production Series / Re: How to remove Ipsec from Health Graphs
« on: November 19, 2024, 03:52:41 pm »
It is annoying enough that it's the first option... let alone on we'd like to get rid of .... No reply?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Web Proxy Filtering and Caching / Re: Error while starting squid
« on: November 09, 2024, 03:08:05 pm »
Same or similar problem:
Segmentation fault
Performing sanity check on squid configuration.
2024/11/09 07:05:36| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2024/11/09 07:05:36| Starting Authentication on port 127.0.0.1:3128
2024/11/09 07:05:36| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2024/11/09 07:05:36| Starting Authentication on port [::1]:3128
2024/11/09 07:05:36| Disabling Authentication on port [::1]:3128 (interception enabled)
2024/11/09 07:05:36| Processing Configuration File: /usr/local/etc/squid/pre-auth/40-snmp.conf (depth 1)
2024/11/09 07:05:36| Processing Configuration File: /usr/local/etc/squid/pre-auth/dummy.conf (depth 1)
2024/11/09 07:05:36| Processing Configuration File: /usr/local/etc/squid/pre-auth/parentproxy.conf (depth 1)
2024/11/09 07:05:36| Processing Configuration File: /usr/local/etc/squid/auth/dummy.conf (depth 1)
2024/11/09 07:05:36| Processing Configuration File: /usr/local/etc/squid/post-auth/dummy.conf (depth 1)
2024/11/09 07:05:36| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP
2024/11/09 07:05:36| Set Current Directory to /var/squid/cache
Segmentation fault
Segmentation fault
Performing sanity check on squid configuration.
2024/11/09 07:05:36| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2024/11/09 07:05:36| Starting Authentication on port 127.0.0.1:3128
2024/11/09 07:05:36| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2024/11/09 07:05:36| Starting Authentication on port [::1]:3128
2024/11/09 07:05:36| Disabling Authentication on port [::1]:3128 (interception enabled)
2024/11/09 07:05:36| Processing Configuration File: /usr/local/etc/squid/pre-auth/40-snmp.conf (depth 1)
2024/11/09 07:05:36| Processing Configuration File: /usr/local/etc/squid/pre-auth/dummy.conf (depth 1)
2024/11/09 07:05:36| Processing Configuration File: /usr/local/etc/squid/pre-auth/parentproxy.conf (depth 1)
2024/11/09 07:05:36| Processing Configuration File: /usr/local/etc/squid/auth/dummy.conf (depth 1)
2024/11/09 07:05:36| Processing Configuration File: /usr/local/etc/squid/post-auth/dummy.conf (depth 1)
2024/11/09 07:05:36| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP
2024/11/09 07:05:36| Set Current Directory to /var/squid/cache
Segmentation fault
3
23.1 Legacy Series / Re: Unable to access some sites but not blocked in firewall
« on: November 16, 2023, 01:57:43 pm »
Did you figure this out? Because I’ve been having the same issue with the latest release. Mostly https web sites, but an unusual set of web sites.
I’m wondering what you did to solve it.
I’m wondering what you did to solve it.
4
Virtual private networks / Re: Route "the other way" through wireguard
« on: November 20, 2022, 07:07:26 pm »
Bump
5
Virtual private networks / Re: Route "the other way" through wireguard
« on: November 17, 2022, 04:14:39 pm »
If you're referring to this one, then yes, those steps were done in the follow on one about setting up a wireguard client, unless you know something I didn't see there:
https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html
I will check the firewall log as Bart, the other person, suggested, on both links.
I found this one which might get me there. I'm going to try it.
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
OK, I tried doing that link, but it is hard to follow with no specific example. Here's my network layout if someone could lend a hand that would be great.
https://imgur.com/YDQNGUg
K
https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html
I will check the firewall log as Bart, the other person, suggested, on both links.
I found this one which might get me there. I'm going to try it.
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
OK, I tried doing that link, but it is hard to follow with no specific example. Here's my network layout if someone could lend a hand that would be great.
https://imgur.com/YDQNGUg
K
6
Virtual private networks / Re: Wireguard not working, followed multiple guides.
« on: November 17, 2022, 03:30:16 pm »
Did you allow access to your DNS through for the IP address range?
7
Virtual private networks / Route "the other way" through wireguard
« on: November 16, 2022, 10:48:43 pm »
I have wireguard working from Europe to the US using a GliNet Slate (Slate AX (GL-AXT1800) https://www.gl-inet.com/products/gl-axt1800/). The IP CIDR address on that side is 192.168.8.0/23. And my Roku on that side (connected through WIFI) properly streams stuff as if it's in the US.
For Wireguard that device is 172.16.16.4/32, where I have an interface named HomeWireGuard set up under OPNsense. The wireguard server is in the US and is 172.16.16.1/23 with the .4/32 as a peer. The "tunnel address" is 172.16.16.1/23.
I have the client allowing all IPs 0.0.0.0 from Europe to the US and everything is working perfectly or at least, as expected.
What I want now is to allow a device on the US side to connect to the WAN on the European side. What I was thinking is setting up a Roku device on the US side and being able to stream as if I were in the European region. The VPN tunnel should be two-way, right?
I'm thinking I'd have to have the device on the US side have an IP address like 172.16.16.6, but what else do I need to set up in terms of routes, etc.? I looked at trying to go to System: Routes: Configuration, but I don't even see the HomeWireGuard interface there nor wg1. It only has these options on the pull down: Null4 - 127..., Null6 - 127..., and WAN_DHCP- IP.
Any thoughts on how I'd do this? Do I need a new route on the GLiNET side too?
For Wireguard that device is 172.16.16.4/32, where I have an interface named HomeWireGuard set up under OPNsense. The wireguard server is in the US and is 172.16.16.1/23 with the .4/32 as a peer. The "tunnel address" is 172.16.16.1/23.
I have the client allowing all IPs 0.0.0.0 from Europe to the US and everything is working perfectly or at least, as expected.
What I want now is to allow a device on the US side to connect to the WAN on the European side. What I was thinking is setting up a Roku device on the US side and being able to stream as if I were in the European region. The VPN tunnel should be two-way, right?
I'm thinking I'd have to have the device on the US side have an IP address like 172.16.16.6, but what else do I need to set up in terms of routes, etc.? I looked at trying to go to System: Routes: Configuration, but I don't even see the HomeWireGuard interface there nor wg1. It only has these options on the pull down: Null4 - 127..., Null6 - 127..., and WAN_DHCP- IP.
Any thoughts on how I'd do this? Do I need a new route on the GLiNET side too?
8
21.1 Legacy Series / Re: OpenVPN working on Surface Pro - not for Iphone
« on: April 10, 2021, 02:51:07 am »
That worked. I missed that option and didn't know what it did.
Thanks a bunch.
Kurt
Thanks a bunch.
Kurt
9
21.1 Legacy Series / OpenVPN working on Surface Pro - not for Iphone
« on: April 07, 2021, 02:57:04 pm »
Is there a "more" clear set of installation instructions to getting either IPSec or OpenVPN working with an Iphone? I've tried both and can't get either working. My main problem with OpenVPN is key installation/delivery (both the CA and ssl key) to the iphone; which the road warrior doesn't cover well. ANY help or clarifications to the published instructions would be greatly appreciated.
Regards,
Kurt
Regards,
Kurt
10
Intrusion Detection and Prevention / schedule tab for IDS bad behaviour
« on: July 15, 2020, 08:14:56 pm »
OPNsense 20.1.8_1-amd64: The IDS tab brings up an immediate window to set up a cron job, when exiting it, it goes to the alert tab. I cannot actually stay on the schedule tab to view what's scheduled or make changes. What am I doing wrong or is this a bug?
Kurt
Kurt
11
Web Proxy Filtering and Caching / Cache hits
« on: July 12, 2020, 09:02:24 pm »
What's the best way to review how successful the caching proxy server's cache is working? For instance by looking at cache hits?
Kurt
Kurt
12
20.1 Legacy Series / Re: OPNsense 20.1 installation - stuck at USB boot
« on: July 12, 2020, 08:42:36 pm »
You need to use the user "installer," not "root."
13
Hardware and Performance / streaming issues
« on: July 11, 2020, 04:37:55 pm »
I installed 20.1 of OPNSense on a Xeon 4 core with Two NICs (HP ML110). Everything seemed to be working right, but when I try to stream netflix or amazon prime, it will not stream. It's really slow loading an Netflix goes to about 24% buffering and then errors out. Any thoughts on tuning to get better performance, or skipping the firewall entirely for those sites. Set up is as you can imagine:
_____________
| Cable modem|
------------------
|
_____|______
| WAN NIC |
| opnsense |
| LAN NIC |
|___________|
| NAT to my network
Any help would be wonderful... I'm back to using my Netgear router because we cannot stream.
Kurt
_____________
| Cable modem|
------------------
|
_____|______
| WAN NIC |
| opnsense |
| LAN NIC |
|___________|
| NAT to my network
Any help would be wonderful... I'm back to using my Netgear router because we cannot stream.
Kurt
Pages: [1]