Messages

1

Virtual private networks / Same User with Multiple Concurrent Sessions - Not Working?

« on: April 08, 2024, 02:29:14 pm »

Hello, I am trying to set up to allow a single user to have multiple concurrent sessions to the same server (reason being is user has multiple devices). When I try to sign in, it boots the other device off. From searching, I see PFSense can support this with a tweak with OpenVPN but I don't see a way to get it to work quickly with OPNSense. Any ideas?

2

Virtual private networks / Re: OpenVPN Not Starting Properly, logged error isn't helpful

« on: January 19, 2024, 02:11:50 am »

I got it working by redoing the IP scheme,

However I still have an issue. I can connect, but only when I bind the IP to the WAN IP (which changes due to ISP) or leave it to bind all interfaces. I created a port forward that forwards the OpenVPN port from the WAN Address to a loopback virtual IP I created of 127.5.5.5, but for some reason it does not function when set up that way. Any ideas?

3

Virtual private networks / Re: OpenVPN Not Starting Properly, logged error isn't helpful

« on: January 18, 2024, 11:23:09 pm »

I increased the verbosity and got a new error inside it.

--local addresses must be distinct from --ifconfig

This doesn't make sense as my local address does not match any ifconfig address. Any ideas? I verified my IP makes sense. I tried 10.115.10.0/24 and 10.115.10.1/24

4

Virtual private networks / OpenVPN Not Starting Properly, logged error isn't helpful

« on: January 11, 2024, 08:47:19 pm »

Hello everyone, I'm getting this error after creating an instance. I saw that someone with PFSense had this error when using custom options but I don't have any of those set. Not sure what's causing it. It happens right after enabling the instance. Any ideas? I basically followed the RoadWarrior VPN Config for client to site.

/usr/local/opnsense/scripts/openvpn/ovpn_service_control.php: The command '/usr/local/sbin/openvpn --config '/var/etc/openvpn/instance-f6bce83c-a5e4-43a4-ae84-ca5c84bda936.conf'' returned exit code '1', the output was ''

I wasn't getting any assistance in the main area so I thought I'd post this here. My Opnsense version is 23.7.7

Edit: Upgraded to 23.7.11 and I still have the same issue.

5

23.7 Legacy Series / OpenVPN Not starting due to error, no useful information in log

« on: January 10, 2024, 03:30:06 am »

Hello everyone, I'm getting this error after creating an instance. I saw that someone with PFSense had this error when using custom options but I don't have any of those set. Not sure what's causing it. It happens right after enabling the instance. Any ideas? I basically followed the RoadWarrior VPN Config for client to site.

/usr/local/opnsense/scripts/openvpn/ovpn_service_control.php: The command '/usr/local/sbin/openvpn --config '/var/etc/openvpn/instance-f6bce83c-a5e4-43a4-ae84-ca5c84bda936.conf'' returned exit code '1', the output was ''

6

Virtual private networks / Firewall rules not applying properly to wireguard

« on: September 07, 2023, 03:47:44 am »

Hello, I am trying to block packets arriving on certain ports from coming in over my wireguard tunnel, and the firewall logs show blocked, but they're still making it through to the destination. Any ideas? It's the first time I've really seen firewall rules not being respected in a way that doesn't make sense.

7

General Discussion / Re: Replying Traffic Not Sent Out Correct Interface

« on: September 07, 2023, 03:38:35 am »

Thank you! That fixed one issue, but sadly on to the next one that doesn't make sense

8

General Discussion / Replying Traffic Not Sent Out Correct Interface

« on: September 06, 2023, 03:26:00 am »

Hello everyone. I have a VPS that exists as a front end with public IPs and has wireguard installed on it. It connects to Opnsense via said wireguard. Packets arriving on the public IP are forwarded to a certain VM. This VM can access the internet over wireguard due to a firewall rule, but when trying to access the server from the outside via ping or HTTPS, Opnsense sends the reply out my WAN interface instead of back over wireguard. I've tried disabling force gateway and reply-to but I haven't had any luck with it, unless I'm not doing something else I need to be doing. Any ideas?

9

23.7 Legacy Series / Opnsense not sending packets to destination?

« on: September 04, 2023, 02:17:38 am »

So this is a strange one to me. I have a VPS that I have multiple public IPs on. It's connected to my local opnsense with wireguard. It's used to expose certain VMs on a subnet to the internet and have a separate way out than my normal LAN. I have succeeded in routing outwards, such as updating the VMs on the network and traceroute shows it takes the correct way out, but things coming in aren't making sense. I've done tons of packet captures. My current situation is this: Pinging the front end VPS IP that is forwarded to a certain VM guest, shows with packet captures, that it makes it through the server and at the very least, to the wireguard interface on Opnsense. It shows in the firewall logs it passed the rule that allows it to come OUT of the proper interface that the VM sits on, however, the VM shows nothing ever reaching it in it's packet capture (tcpdump). Also, nothing shows on the VMs firewall denied log. The opnsense packet capture, however, only shows that the packets arrived on the WAN and Wireguard interface, but never exited the interface on which the VM sits (using HTTPS). When I ping out however, I see the reply come back on the WAN, Wireguard AND the interface on which the VM sits. Any ideas? I've beat my head against this for over 20 hours over the past few weeks and I feel like I'm really close, but not all the way there.

10

Tutorials and FAQs / Re: Tutorial 2023/05: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: July 01, 2023, 05:38:38 am »

Is nslookup on a local PC returning the proper IPs?

Just a headsup for everyone posting here. The author updated the post with the following:

No More Free Support

Due to the increasing number of support requests I've been receiving, both directly in the topic and via DM, I regret to inform that I can no longer provide free assistance. Balancing my real job and personal life has become extremely challenging. While I genuinely want to help everyone resolve their issues to get things up and running smoothly, I find it difficult to allocate the necessary time without sacrificing my personal commitments.

In addition, it has come to my attention that some individuals seeking help are not thoroughly reading the provided tutorial or lack the fundamental knowledge of networking. This has been a recurring issue and has made the support process increasingly frustrating.

I sincerely appreciate your interest in my expertise and if you would like to receive my assistance, I am more than happy to provide you with the details via DM.

Thank you for your understanding in this matter,
TheHellSite

But perhaps someone else have a solution to my problem. I have HAProxy up and running for a few months, was working fine. In may i added local domains map file for a site. Now i deleted the map file and removed all the local domain map file rules etc. But now my public domains aren't available from my internal network anymore (they work from external access).

Ive gone through the setup and everything seems fine, and i havent changed anything in the domain override in Unbound.

https://ibb.co/vkGLPGF

Any suggestions where the confligt might be located? What else block internal access to my public domains?

11

23.1 Legacy Series / Re: Unable to escalate with sudo as user

« on: May 08, 2023, 04:08:50 am »

I kept troubleshooting and if anyone sees this and doesn't want to beat their head against a wall as much as I have, go to System -> Settings ->  Administration and make sure Sudo isn't disallowed and set the allowed groups. I set mine to ask password and wheel. If anyone thinks this is against best practices, let me know!
su still doesn't work though, it just told me sorry, possibly because when I tried root was disabled but I was happy with it working with my user.

12

23.1 Legacy Series / Unable to escalate with sudo as user

« on: May 08, 2023, 04:02:19 am »

Hello,
Here's the long story: I'm working on my firewall and it's redlining almost 100% usage constantly. I'm trying to log into terminal and see what's going on. ps -a only shows two processes so I figured it's because I'm not running as root or SU. So I try sudo ps -a, it asks for my password, I enter and it says I'm not in the sudoers file. Don't know what's going on as I am a member of the admins and wheel group. I tried getting to the sudoers file by escalating with sudo root but my password for root doesn't work. I've reset it multiple times, made sure root is enabled (but root login in System > Adminstration > Root login is disabled, it says log in as another user and switch to root, which is what I'm trying to do). I'm not having any luck here working towards figuring out why my processor is maxing out almost all the time. Not sure if it makes a difference, but my normal user is using TOTP. OPNsense version is 23.17_3-amd64. Firewall is a Protectli F4WB

13

General Discussion / Trying to login as admin and sudo is failing

« on: January 20, 2022, 06:30:56 am »

Hey everyone, I'm trying to SSH in and configure the repositories, but it was also an exercise in learning SSH keys. I set one up with Puttygen and got that working, got my user set up in the right groups and I can login with an SSH key. I then try sudo -s /usr/local/etc/rc.inital to get to the menu used by root upon login, and it says I am not a member of the sudoers file despite being a part of the admin and wheel group. Any idea what's going on? If I try su instead of sudo, it just says sorry.  Any ideas?

14

General Discussion / Issue with VPN accessing WAN and LAN

« on: July 12, 2020, 09:36:56 pm »

Hello everyone, so I'm pretty new to OPNsense but I managed to set up a VPN using TOTP based authentication. I have it set to redirect all traffic.
You can ping the firewalls LAN IP and you can ping the VPNs default gateway IP but you can't access WAN or LAN devices. First idea I thought was firewall rules, but it turns out, the firewall log is picking up nothing from the VPN IP of the device I'm using, not even the successful pings, let alone any failures crossing into the WAN or LAN Zones. Any idea what's going on? This is using OpenVPN, topology disabled, and there is an advanced command to push a route that sets LAN subnet to be accessed using the LAN default gateway.