Messages

I've had Opnsense running fine for several months, connecting via PPPOE. Today, however, connectivity issues - very slow, with many websites not loading. TBH I thought it was a broadband issue, but swapping for my old Ubiquiti router has fixed it.

Tried rebooting etc, no joy. It's like some kind of TCP Clamping issue in its effect.

Any ideas or advice?

A reboot fixes the Zerotier issue. Is this Windows? (sorry) ::)

I really do! But everything just keeps blocking it.

Take for instance Zerotier, which I had set up and working beautifully. Walk away for half an hour, and it's gone!

I realise I should probably be asking for assistance in that matter, but that has been my experience with pretty much everything - IPSEC with Strongswan, even PPPoE.

Sorry to sound negative.

Thanks for your help. I'm not sure what was preventing it from working but it's suddenly sprung into life!

Ah that's interesting, thanks - same provider as well! Do you have the WAN interface set with "IPv4 configuration type: PPPoE"? I'm wondering if there are other ways of doing it. Any chance you can share some screenshots of your PPPoE / WAN config? :)

I think I might have identified a possible bug.

Switched broadband provider, and with the new username, the PPPoE interface stays disabled. Now, the new username is:

xxxxxxx@dslnet

As you can see there is no . in the domain name. Now, if I (incorrectly) change the username to:

xxxxxxx@dslnet.uk

Then the interface enables. But, as the username is now incorrect, it doesn't work. So my guess is that opnsense only works with usernames that appear to be a standard FQDN, and not the virtual domain names in use by my new ISP.

Who can advise on this predicament?! I've had to switch to a nasty old router just to get things working, so I've lost all the good stuff :(

Ok so one issue sorted - I had to uncheck "install policy", then the phase 2 policy stopped taking the traffic down!

The issue remaining is that the "Local IP" in VPN status is showing up as the dynamically assigned IP on the PPPoE interface. Here, there is an additional static /29 assigned by the Internet provider.

I have manually added one of the static IPs as an IP Alias to the WAN interface, but it could also go in Interfaces/PointToPoint/Devices/PPPoE - which is correct?

Yes that .234 address is the remote endpoint for the VPN. Not sure why it's saying it's conflicting?

Any ideas?

Attached. Interestingly the ipsec.log is filling up with a *lot* of nulls. I had to chop a load out just to get it under the max attachment size.

No, and I've tried all sorts of different addresses on the tunnel to see if that made a difference, but no...

Phase 1

One of the things I've noticed, JIC it's relevant, is that the console shows the local endpoint IP for the tunnel as the IP that is dynamically assigned to the PPPoE connection, whereas it should be one of the static IP addresses I have added to the interface (and defined in phase1)

By live addresses what do you mean exactly? These are the IP addresses for the tunnel surely, so are arbitrary? I used the same addresses as in the example

New to Opnsense, so could be me, but seems very odd behaviour

Creating a route-based IPSEC VPN as per https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route.html

As soon as  I create the phase 2 policy, just as described, everything stops networking wise. Can't even ping the Opnsense server.

So I go onto console, 'configctl ipsec stop' - everything comes back. And all is fine if I disable the phase 2 policy, and then restart ipsec.

I can't see anything in the phase 2 policy that would affect it like that. What could be happening? Have updated to the latest firmware.