Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
root@custbnwlnx:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:22:4d:ad:ae:87 brd ff:ff:ff:ff:ff:ff
inet 10.1.1.10/24 brd 10.1.1.255 scope global dynamic eth0
valid_lft 6727sec preferred_lft 6727sec
inet6 2003:a:776:bc01:222:4dff:fead:ae87/64 scope global dynamic mngtmpaddr
valid_lft 86371sec preferred_lft 14371sec
inet6 fe80::222:4dff:fead:ae87/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:22:4d:ad:ae:8b brd ff:ff:ff:ff:ff:ff
altname enp1s0
root@custbnwlnx:~# traceroute -I 10.0.2.107
traceroute to 10.0.2.107 (10.0.2.107), 30 hops max, 60 byte packets
1 custbnr02.mgmt.cust-bonn.de (10.1.1.1) 0.145 ms 0.206 ms 0.191 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 *^C
root@custbnwlnx:~# traceroute -I 10.0.2.1
traceroute to 10.0.2.1 (10.0.2.1), 30 hops max, 60 byte packets
1 custbnr02.mgmt.cust-bonn.de (10.1.1.1) 0.153 ms 0.125 ms 0.152 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 *^C
root@custbnwlnx:~# traceroute -I 100.64.21.2
traceroute to 100.64.21.2 (100.64.21.2), 30 hops max, 60 byte packets
1 custbnr02.mgmt.cust-bonn.de (10.1.1.1) 0.194 ms 0.184 ms 0.168 ms
2 100.64.21.2 (100.64.21.2) 37.502 ms 37.529 ms 37.615 ms
root@custbnwlnx:~#
[root@custbnr02 ~]# netstat -rn -4
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 62.156.244.24 UGS pppoe1
8.8.8.8 62.156.244.24 UGHS pppoe1
9.9.9.9 192.168.2.1 UGHS igb3
10.0.1.0/24 100.64.21.2 UGS ovpns2
10.0.1.1 100.64.21.2 UGHS ovpns2
10.0.2.0/24 100.64.21.2 UGS ovpns2
10.0.3.0/24 100.64.21.2 UGS ovpns2
10.0.4.0/24 100.64.21.2 UGS ovpns2
10.0.5.0/24 100.64.21.2 UGS ovpns2
10.1.1.0/24 link#3 U igb0
10.1.1.1 link#3 UHS lo0
10.1.2.0/24 link#14 U lagg0_vl
10.1.2.1 link#14 UHS lo0
10.1.3.0/24 link#15 U lagg0_vl
10.1.3.1 link#15 UHS lo0
10.1.4.0/24 link#16 U lagg0_vl
10.1.4.1 link#16 UHS lo0
10.1.6.0/24 link#17 U lagg0_vl
10.1.6.1 link#17 UHS lo0
10.1.12.0/24 100.64.22.2 UGS ipsec2
10.1.21.0/24 100.64.21.2 UGS ovpns2
10.1.22.0/24 100.64.22.2 UGS ipsec2
10.1.22.2 100.64.22.2 UGHS ipsec2
10.1.62.0/24 100.64.22.2 UGS ipsec2
62.156.244.24 link#20 UH pppoe1
80.153.119.52 link#20 UHS lo0
100.64.11.0/24 100.64.11.2 UGS ovpns1
100.64.11.1 link#21 UHS lo0
100.64.11.2 link#21 UH ovpns1
100.64.21.0/24 link#22 U ovpns2
100.64.21.1 link#22 UHS lo0
100.64.22.1 link#19 UHS lo0
100.64.22.2 link#19 UHS ipsec2
127.0.0.1 link#8 UH lo0
192.168.2.0/24 link#6 U igb3
192.168.2.201 link#6 UHS lo0
217.237.149.205 62.156.244.24 UGHS pppoe1
217.237.151.51 62.156.244.24 UGHS pppoe1
root@OPNsense:~ # netstat -rn -4
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 62.155.241.226 UGS pppoe0
8.8.8.8 62.155.241.226 UGHS pppoe0
9.9.9.9 192.168.8.1 UGHS igb3
10.0.0.0/24 link#21 U vlan010
10.0.0.1 link#21 UHS lo0
10.0.1.0/24 link#5 U igb4
10.0.1.1 link#5 UHS lo0
10.0.2.0/24 link#20 U vlan01
10.0.2.1 link#20 UHS lo0
10.0.3.0/24 link#22 U vlan02
10.0.3.1 link#22 UHS lo0
10.0.4.0/24 link#23 U vlan03
10.0.4.1 link#23 UHS lo0
10.0.5.0/24 link#24 U vlan04
10.0.5.1 link#24 UHS lo0
10.0.5.253 link#24 UHS lo0
10.0.6.0/24 link#28 U vlan08
10.0.6.1 link#28 UHS lo0
10.0.7.0/24 link#26 U vlan06
10.0.7.1 link#26 UHS lo0
10.1.1.0/24 100.64.21.1 UGS ovpnc2
10.1.2.0/24 100.64.21.1 UGS ovpnc2
10.1.4.0/24 100.64.21.1 UGS ovpnc2
10.1.21.0/24 link#27 U vlan07
10.1.21.1 link#27 UHS lo0
10.1.21.253 link#27 UHS lo0
62.155.241.226 link#30 UHS pppoe0
79.211.9.54 link#30 UHS lo0
100.64.0.0/24 link#33 U wg0
100.64.0.1 link#33 UHS lo0
100.64.0.11 link#33 UHS wg0
100.64.0.12 link#33 UHS wg0
100.64.0.13 link#33 UHS wg0
100.64.2.0/24 100.64.2.2 UGS ovpns1
100.64.2.1 link#31 UHS lo0
100.64.2.2 link#31 UH ovpns1
100.64.21.0/24 link#32 U ovpnc2
100.64.21.2 link#32 UHS lo0
127.0.0.1 link#15 UH lo0
192.168.3.0/24 link#25 U vlan05
192.168.3.1 link#25 UHS lo0
192.168.3.253 link#25 UHS lo0
192.168.8.0/24 link#4 U igb3
192.168.8.113 link#4 UHS lo0
217.237.150.115 62.155.241.226 UGHS pppoe0
217.237.151.205 62.155.241.226 UGHS pppoe0
root@DebianDesktop:~# traceroute -I 10.0.2.1
traceroute to 10.0.2.1 (10.0.2.1), 30 hops max, 60 byte packets
1 _gateway (10.0.2.1) 1.604 ms 2.039 ms 1.850 ms
root@DebianDesktop:~# traceroute -I 100.64.21.2
traceroute to 100.64.21.2 (100.64.21.2), 30 hops max, 60 byte packets
1 100.64.21.2 (100.64.21.2) 3.704 ms 3.897 ms 3.520 ms
root@DebianDesktop:~# traceroute -I 100.64.21.1
traceroute to 100.64.21.1 (100.64.21.1), 30 hops max, 60 byte packets
1 _gateway (10.0.2.1) 1.801 ms 1.636 ms 1.551 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 *^C
root@DebianDesktop:~# traceroute -I 10.1.1.10
traceroute to 10.1.1.10 (10.1.1.10), 30 hops max, 60 byte packets
1 _gateway (10.0.2.1) 2.118 ms 1.968 ms 2.519 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 *^C
<28>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79318 - [meta sequenceId="59"] WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79318 - [meta sequenceId="60"] Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79318 - [meta sequenceId="61"] OpenVPN 2.6.4 amd64-portbld-freebsd13.1 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD]
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79318 - [meta sequenceId="62"] library versions: OpenSSL 1.1.1u 30 May 2023, LZO 2.10
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="63"] MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client2.sock
<28>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="64"] WARNING: using --pull/--client and --ifconfig together is probably not what you want
<28>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="65"] WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
<28>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="66"] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="67"] TCP/UDP: Preserving recently used remote address: [AF_INET]80.153.119.52:1195
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="68"] Socket Buffers: R=[42080->42080] S=[57344->57344]
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="69"] UDPv4 link local: (not bound)
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="70"] UDPv4 link remote: [AF_INET]80.153.119.52:1195
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="71"] TLS: Initial packet from [AF_INET]80.153.119.52:1195 (via [AF_INET]79.211.9.54%), sid=972d6a49 18637ba7
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="72"] VERIFY OK: depth=2, C=DE, ST=NRW, L=Bonn, O=##Organisation##, OU=cust XCA, CN=custRootCA, emailAddress=edv@cust-domain.de
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="73"] VERIFY OK: depth=1, C=DE, ST=NRW, L=Bonn, O=##Organisation##, OU=cust XCA, CN=custVpnCA, emailAddress=edv@cust-domain.de
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="74"] VERIFY OK: depth=0, C=DE, ST=NRW, L=Bonn, O=##Organisation##, emailAddress=edv@cust-domain.de, CN=custbnr02-s2s
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="75"] Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="76"] [custbnr02-s2s] Peer Connection Initiated with [AF_INET]80.153.119.52:1195 (via [AF_INET]79.211.9.54%)
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="77"] TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="78"] TLS: tls_multi_process: initial untrusted session promoted to trusted
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="79"] PUSH: Received control message: 'PUSH_REPLY,route 10.1.1.0 255.255.255.0,route 10.1.2.0 255.255.255.0,route 10.1.4.0 255.255.255.0,tun-ipv6,route-gateway 100.64.21.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fd00:1:21::1000/64 fd00:1:21::1,ifconfig 100.64.21.2 255.255.255.0,peer-id 0,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="80"] OPTIONS IMPORT: --ifconfig/up options modified
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="81"] OPTIONS IMPORT: route options modified
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="82"] OPTIONS IMPORT: route-related options modified
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="83"] OPTIONS IMPORT: tun-mtu set to 1500
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="84"] ROUTE_GATEWAY 62.155.241.226/255.255.255.255 IFACE=pppoe0 HWADDR=00:00:00:00:00:00
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="85"] TUN/TAP device ovpnc2 exists previously, keep at program end
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="86"] TUN/TAP device /dev/tun2 opened
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="87"] /sbin/ifconfig ovpnc2 100.64.21.2/24 mtu 1500 up
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="88"] /sbin/ifconfig ovpnc2 inet6 fd00:1:21::1000/64 mtu 1500 up
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="89"] /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpnc2 1500 0 100.64.21.2 255.255.255.0 init
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="90"] /sbin/route add -net 10.1.1.0 100.64.21.1 255.255.255.0
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="91"] /sbin/route add -net 10.1.2.0 100.64.21.1 255.255.255.0
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="92"] /sbin/route add -net 10.1.4.0 100.64.21.1 255.255.255.0
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="93"] /sbin/route add -net 10.1.1.0 100.64.21.1 255.255.255.0
<28>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="94"] ERROR: FreeBSD route add command failed: external program exited with error status: 1
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="95"] /sbin/route add -net 10.1.2.0 100.64.21.1 255.255.255.0
<28>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="96"] ERROR: FreeBSD route add command failed: external program exited with error status: 1
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="97"] /sbin/route add -net 10.1.4.0 100.64.21.1 255.255.255.0
<28>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="98"] ERROR: FreeBSD route add command failed: external program exited with error status: 1
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="99"] Initialization Sequence Completed
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="100"] Data Channel: cipher 'AES-256-GCM', peer-id: 0, compression: 'lz4v2'
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="101"] Timers: ping 10, ping-restart 60
<29>1 2023-07-22T07:04:11+02:00 OPNsense.opn.edvnet-uk.com openvpn_client2 79338 - [meta sequenceId="102"] Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
WAN WAN WAN WAN
: : : :
: LTE : DSL-Provider : LTE : DSL-Provider
: : : :
.---+---. .--+--. .---+---. .--+--.
WANLTE | LTE | Modems | DSL | WAN WANLTE | LTE | Modems | DSL | WAN
'---+---' '--+--' '---+---' '--+--'
| | | |
Ethernet | | PPPoE Ethernet | | PPPoE
| | | |
.----+----. | .----+----. |
| Router1 | Router | | Router1 | Router |
'----+----' | '----+----' |
192.168.8.1/24 | | 192.168.2.1/24 | |
| .----------. | | .----------. |
+------| OPNsense |------+ +------| OPNsense |------+
192.168.8.113/24 '----+-----' 192.168.2.201/24 '----+-----'
| |
+-------------------------------+ +---------------------------+
| OpenVPN Server | 100.64.2.0/24 Road Warrior 100.64.11.0/24 | OpenVPN Server 1 |
LAN | 10.0.1.1/24 OpenVPN Client | 100.64.21.2/24 Site2Site 100.64.21.1/24 | OpenVPN Server 2 LAN | 10.1.1.1/24
LAN | 10.0.2.1/24 LAN | 10.1.2.1/24
LAN | 10.0.3.1/24 LAN | 10.1.3.1/24
LAN | 10.0.4.1/24 LAN | 10.1.4.1/24
LAN | 10.0.5.1/24 |
LAN | 10.0.6.1/24 |
LAN | 10.0.7.1/24 |
LAN | 10.1.21.1/24 |
| |
.-----+------. .-----+------.
| LAN-Switch | | LAN-Switch |
'-----+------' '-----+------'
| |
...-----+-----... ...-----+-----...
(Clients/Servers) (Clients/Servers)
| |
+------- Linux PC1 10.0.2.107/24 +---------- Linux PC2 10.1.1.10/24
<29>1 2023-07-21T10:57:49+02:00 OPNsense.opn.mydomain.com openvpn_client2 208 - [meta sequenceId="12"] TUN/TAP device ovpnc2 exists previously, keep at program end
<29>1 2023-07-21T10:57:49+02:00 OPNsense.opn.mydomain.com openvpn_client2 208 - [meta sequenceId="13"] TUN/TAP device /dev/tun2 opened
<29>1 2023-07-21T10:57:49+02:00 OPNsense.opn.mydomain.com openvpn_client2 208 - [meta sequenceId="14"] /sbin/ifconfig ovpnc2 100.64.21.2/24 mtu 1500 up
<29>1 2023-07-21T10:57:49+02:00 OPNsense.opn.mydomain.com openvpn_client2 208 - [meta sequenceId="15"] /sbin/ifconfig ovpnc2 inet6 fd00:1:21::1000/64 mtu 1500 up
<29>1 2023-07-21T10:57:49+02:00 OPNsense.opn.mydomain.com openvpn_client2 208 - [meta sequenceId="16"] /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpnc2 1500 0 100.64.21.2 255.255.255.0 init
<28>1 2023-07-21T10:57:50+02:00 OPNsense.opn.mydomain.com openvpn_client2 208 - [meta sequenceId="17"] ERROR: FreeBSD route add command failed: external program exited with error status: 1
<28>1 2023-07-21T10:57:50+02:00 OPNsense.opn.mydomain.com openvpn_client2 208 - [meta sequenceId="18"] ERROR: FreeBSD route add command failed: external program exited with error status: 1
<28>1 2023-07-21T10:57:50+02:00 OPNsense.opn.mydomain.com openvpn_client2 208 - [meta sequenceId="19"] ERROR: FreeBSD route add command failed: external program exited with error status: 1
<29>1 2023-07-21T10:57:50+02:00 OPNsense.opn.mydomain.com openvpn_client2 208 - [meta sequenceId="20"] Initialization Sequence Completed
root@OPNsense:~ # netstat -4 -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 62.155.241.226 UGS pppoe0
8.8.8.8 62.155.241.226 UGHS pppoe0
9.9.9.9 192.168.8.1 UGHS igb3
10.0.0.0/24 link#21 U vlan010
10.0.0.1 link#21 UHS lo0
10.0.1.0/24 link#5 U igb4
10.0.1.1 link#5 UHS lo0
10.0.2.0/24 link#20 U vlan01
10.0.2.1 link#20 UHS lo0
10.0.3.0/24 link#22 U vlan02
10.0.3.1 link#22 UHS lo0
10.0.4.0/24 link#23 U vlan03
10.0.4.1 link#23 UHS lo0
10.0.5.0/24 link#24 U vlan04
10.0.5.1 link#24 UHS lo0
10.0.5.253 link#24 UHS lo0
10.0.6.0/24 link#28 U vlan08
10.0.6.1 link#28 UHS lo0
10.0.7.0/24 link#26 U vlan06
10.0.7.1 link#26 UHS lo0
10.1.1.0/24 100.64.21.1 UGS ovpnc2
10.1.2.0/24 100.64.21.1 UGS ovpnc2
10.1.4.0/24 100.64.21.1 UGS ovpnc2
10.1.21.0/24 link#27 U vlan07
10.1.21.1 link#27 UHS lo0
10.1.21.253 link#27 UHS lo0
62.155.241.226 link#30 UHS pppoe0
79.211.9.54 link#30 UHS lo0
100.64.0.0/24 link#33 U wg0
100.64.0.1 link#33 UHS lo0
100.64.0.11 link#33 UHS wg0
100.64.0.12 link#33 UHS wg0
100.64.0.13 link#33 UHS wg0
100.64.2.0/24 100.64.2.2 UGS ovpns1
100.64.2.1 link#31 UHS lo0
100.64.2.2 link#31 UH ovpns1
100.64.21.0/24 link#32 U ovpnc2
100.64.21.2 link#32 UHS lo0
127.0.0.1 link#15 UH lo0
192.168.3.0/24 link#25 U vlan05
192.168.3.1 link#25 UHS lo0
192.168.3.253 link#25 UHS lo0
192.168.8.0/24 link#4 U igb3
192.168.8.113 link#4 UHS lo0
217.237.150.115 62.155.241.226 UGHS pppoe0
217.237.151.205 62.155.241.226 UGHS pppoe0
root@OPNsense:~ # zpool attach zroot ada0p4 ada1p4
root@OPNsense:~ # zpool status
pool: zroot
state: ONLINE
status: One or more devices is currently being resilvered. The pool will
continue to function, possibly in a degraded state.
action: Wait for the resilver to complete.
scan: resilver in progress since Sat Feb 18 10:37:03 2023
6.74G scanned at 363M/s, 1.13G issued at 60.9M/s, 6.74G total
1.20G resilvered, 16.77% done, 00:01:34 to go
config:
NAME STATE READ WRITE CKSUM
zroot ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
ada0p4 ONLINE 0 0 0
ada1p4 ONLINE 0 0 0 (resilvering)
errors: No known data errors
root@OPNsense:~ # zpool status
pool: zroot
state: ONLINE
scan: resilvered 6.98G in 00:01:52 with 0 errors on Sat Feb 18 10:38:55 2023
config:
NAME STATE READ WRITE CKSUM
zroot ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
ada0p4 ONLINE 0 0 0
ada1p4 ONLINE 0 0 0
errors: No known data errors
root@OPNsense:~ # dd if=/dev/ada0p1 of=/dev/ada1p1
532480+0 records in
532480+0 records out
272629760 bytes transferred in 97.602079 secs (2793278 bytes/sec)
root@OPNsense:~ # dd if=/dev/ada0p2 of=/dev/ada1p2
1024+0 records in
1024+0 records out
524288 bytes transferred in 0.065542 secs (7999318 bytes/sec)
root@OPNsense:~ # zpool status
pool: zroot
state: ONLINE
scan: resilvered 6.98G in 00:01:52 with 0 errors on Sat Feb 18 10:38:55 2023
config:
NAME STATE READ WRITE CKSUM
zroot ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
ada0p4 ONLINE 0 0 0
ada1p4 ONLINE 0 0 0
errors: No known data errors
root@OPNsense:~ # gpart show
=> 40 468862048 ada0 GPT (224G)
40 532480 1 efi (260M)
532520 1024 2 freebsd-boot (512K)
533544 984 - free - (492K)
534528 16777216 3 freebsd-swap (8.0G)
17311744 451549184 4 freebsd-zfs (215G)
468860928 1160 - free - (580K)
=> 40 488397088 ada1 GPT (233G)
40 532480 1 efi (260M)
532520 1024 2 freebsd-boot (512K)
533544 984 - free - (492K)
534528 16777216 3 freebsd-swap (8.0G)
17311744 451549184 4 freebsd-zfs (215G)
468860928 19536200 - free - (9.3G)
. Aber ohne angeschlossene Tastatur startet die OPNsense direkt durch.root@OPNsense:~ # zpool status
pool: zroot
state: ONLINE
config:
NAME STATE READ WRITE CKSUM
zroot ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
ada0p4 ONLINE 0 0 0
ada1p4 ONLINE 0 0 0
errors: No known data errors
Finally got it working by following the link you sentGreat to hear.
One thing I didn't do was to untick block private networks as I thought that was a bad ideaCorrect. This is only for internal lab without public ip addresses.
Also I had to import my CA to my remote user otherwise I got a user error when trying to connect to vpnYes. The computer of the remote user want to identify the vpn certificate and for this you have to trust your VPN-CA manually by importing the ca certificate.
root@mainofficerouter:~ # netstat -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 62.156.244.25 UGS pppoe1
8.8.8.8 62.156.244.25 UGHS pppoe1
9.9.9.9 192.168.2.1 UGHS igb3
10.0.1.0/24 100.64.21.2 UGS ipsec1
10.0.2.0/24 100.64.21.2 UGS ipsec1
10.0.5.0/24 100.64.21.2 UGS ipsec1
10.1.1.0/24 link#3 U igb0
10.1.1.1 link#3 UHS lo0
10.1.2.0/24 link#12 U lagg0_vl
10.1.2.1 link#12 UHS lo0
10.1.3.0/24 link#13 U lagg0_vl
10.1.3.1 link#13 UHS lo0
10.1.4.0/24 link#14 U lagg0_vl
10.1.4.1 link#14 UHS lo0
10.1.6.0/24 link#15 U lagg0_vl
10.1.6.1 link#15 UHS lo0
10.1.12.0/24 100.64.22.2 UGS ipsec2
10.1.21.0/24 100.64.21.2 UGS ipsec1
10.1.21.253 100.64.21.2 UGHS ipsec1
10.1.22.0/24 100.64.22.2 UGS ipsec2
10.1.22.2 100.64.22.2 UGHS ipsec2
10.1.62.0/24 100.64.22.2 UGS ipsec2
62.156.244.25 link#20 UH pppoe1
80.153.119.52 link#20 UHS lo0
100.64.11.0/24 100.64.11.2 UGS ovpns1
100.64.11.1 link#18 UHS lo0
100.64.11.2 link#18 UH ovpns1
100.64.21.1 link#21 UHS lo0
100.64.21.2 ipsec1 UHS ipsec1
100.64.22.1 link#19 UHS lo0
100.64.22.2 ipsec2 UHS ipsec2
127.0.0.1 link#8 UH lo0
192.168.2.0/24 link#6 U igb3
192.168.2.1 3c:ec:ef:89:35:87 UHS igb3
192.168.2.201 link#6 UHS lo0
217.237.149.205 62.156.244.25 UGHS pppoe1
217.237.151.51 62.156.244.25 UGHS pppoe1
Internet6:
Destination Gateway Flags Netif Expire
default fe80::200:ff:fe00:0%pppoe1 UG pppoe1
::1 link#8 UH lo0
2003:a:77f:f6bc::/64 link#20 U pppoe1
2003:a:77f:f6bc:42a6:b7ff:fe3c:f8cd link#20 UHS lo0
fe80::%ixl1/64 link#2 U ixl1
fe80::42a6:b7ff:fe3c:f8cd%ixl1 link#2 UHS lo0
fe80::%igb0/64 link#3 U igb0
fe80::3eec:efff:fe89:3584%igb0 link#3 UHS lo0
fe80::%igb2/64 link#5 U igb2
fe80::3eec:efff:fe89:3586%igb2 link#5 UHS lo0
fe80::%igb3/64 link#6 U igb3
fe80::3eec:efff:fe89:3587%igb3 link#6 UHS lo0
fe80::%lo0/64 link#8 U lo0
fe80::1%lo0 link#8 UHS lo0
fe80::%lagg0/64 link#11 U lagg0
fe80::42a6:b7ff:fe3c:f8cc%lagg0 link#11 UHS lo0
fe80::%lagg0_vlan1120/64 link#12 U lagg0_vl
fe80::42a6:b7ff:fe3c:f8cc%lagg0_vlan1120 link#12 UHS lo0
fe80::%lagg0_vlan1130/64 link#13 U lagg0_vl
fe80::42a6:b7ff:fe3c:f8cc%lagg0_vlan1130 link#13 UHS lo0
fe80::%lagg0_vlan1140/64 link#14 U lagg0_vl
fe80::42a6:b7ff:fe3c:f8cc%lagg0_vlan1140 link#14 UHS lo0
fe80::%lagg0_vlan1160/64 link#15 U lagg0_vl
fe80::42a6:b7ff:fe3c:f8cc%lagg0_vlan1160 link#15 UHS lo0
fe80::%igb2_vlan7/64 link#16 U igb2_vla
fe80::3eec:efff:fe89:3586%igb2_vlan7 link#16 UHS lo0
fe80::%ixl1_vlan7/64 link#17 U ixl1_vla
fe80::42a6:b7ff:fe3c:f8cd%ixl1_vlan7 link#17 UHS lo0
fe80::42a6:b7ff:fe3c:f8cd%ovpns1 link#18 UHS lo0
fe80::%ipsec2/64 link#19 U ipsec2
fe80::42a6:b7ff:fe3c:f8cd%ipsec2 link#19 UHS lo0
fe80::%pppoe1/64 link#20 U pppoe1
fe80::3eec:efff:fe89:3584%pppoe1 link#20 UHS lo0
fe80::42a6:b7ff:fe3c:f8cd%pppoe1 link#20 UHS lo0
fe80::%ipsec1/64 link#21 U ipsec1
fe80::42a6:b7ff:fe3c:f8cd%ipsec1 link#21 UHS lo0
root@homeoffice2router:~ # netstat -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 62.155.241.177 UGS pppoe0
8.8.8.8 62.155.241.177 UGHS pppoe0
10.1.1.0/24 100.64.22.1 UGS ipsec1
10.1.2.0/24 100.64.22.1 UGS ipsec1
10.1.2.2 100.64.22.1 UGHS ipsec1
10.1.12.0/24 link#2 U igb1
10.1.12.1 link#2 UHS lo0
10.1.22.0/24 link#12 U igb1_vla
10.1.22.1 link#12 UHS lo0
10.1.32.0/24 link#13 U igb1_vla
10.1.32.1 link#13 UHS lo0
10.1.62.0/24 link#14 U igb1_vla
10.1.62.1 link#14 UHS lo0
62.155.241.177 link#17 UH pppoe0
79.207.107.190 link#17 UHS lo0
100.64.12.0/24 100.64.12.2 UGS ovpns1
100.64.12.1 link#16 UHS lo0
100.64.12.2 link#16 UH ovpns1
100.64.22.1 ipsec1 UHS ipsec1
100.64.22.2 link#18 UHS lo0
127.0.0.1 link#8 UH lo0
217.237.150.115 62.155.241.177 UGHS pppoe0
217.237.151.205 62.155.241.177 UGHS pppoe0
Internet6:
Destination Gateway Flags Netif Expire
default fe80::231:46ff:fe06:6f83%pppoe0 UG pppoe0
::1 link#8 UH lo0
2001:4860:4860::8888 fe80::231:46ff:fe06:6f83%pppoe0 UGHS pppoe0
2003:e2:af2f:3801::/64 link#2 U igb1
2003:e2:af2f:3801:de58:bcff:fee0:38cb link#2 UHS lo0
2003:e2:af2f:3802::/64 link#12 U igb1_vla
2003:e2:af2f:3802:de58:bcff:fee0:38cb link#12 UHS lo0
2003:e2:af2f:3803::/64 link#13 U igb1_vla
2003:e2:af2f:3803:de58:bcff:fee0:38cb link#13 UHS lo0
2003:e2:af2f:3806::/64 link#14 U igb1_vla
2003:e2:af2f:3806:de58:bcff:fee0:38cb link#14 UHS lo0
2003:e2:afff:2f85::/64 link#17 U pppoe0
2003:e2:afff:2f85:de58:bcff:fee0:38ca link#17 UHS lo0
fe80::%igb1/64 link#2 U igb1
fe80::de58:bcff:fee0:38cb%igb1 link#2 UHS lo0
fe80::%igb5/64 link#6 U igb5
fe80::de58:bcff:fee0:38cf%igb5 link#6 UHS lo0
fe80::%lo0/64 link#8 U lo0
fe80::1%lo0 link#8 UHS lo0
fe80::%lagg0/64 link#11 U lagg0
fe80::de58:bcff:fee0:38cc%lagg0 link#11 UHS lo0
fe80::%igb1_vlan1122/64 link#12 U igb1_vla
fe80::de58:bcff:fee0:38cb%igb1_vlan1122 link#12 UHS lo0
fe80::%igb1_vlan1132/64 link#13 U igb1_vla
fe80::de58:bcff:fee0:38cb%igb1_vlan1132 link#13 UHS lo0
fe80::%igb1_vlan1162/64 link#14 U igb1_vla
fe80::de58:bcff:fee0:38cb%igb1_vlan1162 link#14 UHS lo0
fe80::%igb5_vlan7/64 link#15 U igb5_vla
fe80::de58:bcff:fee0:38cf%igb5_vlan7 link#15 UHS lo0
fe80::de58:bcff:fee0:38ca%ovpns1 link#16 UHS lo0
fe80::%pppoe0/64 link#17 U pppoe0
fe80::de58:bcff:fee0:38ca%pppoe0 link#17 UHS lo0
fe80::de58:bcff:fee0:38cb%pppoe0 link#17 UHS lo0
fe80::%ipsec1/64 link#18 U ipsec1
fe80::de58:bcff:fee0:38ca%ipsec1 link#18 UHS lo0
###ifconfig
ipsec1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1400
tunnel inet 80.153.119.52 --> 91.5.102.162
inet6 fe80::42a6:b7ff:fe3c:f8cd%ipsec1 prefixlen 64 scopeid 0x15
inet 100.64.21.1 --> 100.64.21.2 netmask 0xfffffffc
groups: ipsec
reqid: 1
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
ipsec2: flags=8011<UP,POINTOPOINT,MULTICAST> metric 0 mtu 1400
inet 100.64.22.1 --> 100.64.22.2 netmask 0xfffffffc
inet6 fe80::42a6:b7ff:fe3c:f8cd%ipsec2 prefixlen 64 tentative scopeid 0x13
groups: ipsec
reqid: 2
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
### Ping Homeoffice 1
root@mainofficerouter:~ # ping 100.64.21.2
PING 100.64.21.2 (100.64.21.2): 56 data bytes
64 bytes from 100.64.21.2: icmp_seq=0 ttl=64 time=40.066 ms
64 bytes from 100.64.21.2: icmp_seq=1 ttl=64 time=40.157 ms
^C
--- 100.64.21.2 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 40.066/40.112/40.157/0.046 ms
### Ping Homeoffice 2
root@mainofficerouter:~ # ping 100.64.22.2
PING 100.64.22.2 (100.64.22.2): 56 data bytes
ping: sendto: Network is down
ping: sendto: Network is down
ping: sendto: Network is down
^C
--- 100.64.22.2 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
