Messages

1

General Discussion / Sudden performance / blocking issues

« on: March 09, 2021, 10:43:39 pm »

I've had Opnsense running fine for several months, connecting via PPPOE. Today, however, connectivity issues - very slow, with many websites not loading. TBH I thought it was a broadband issue, but swapping for my old Ubiquiti router has fixed it.

Tried rebooting etc, no joy. It's like some kind of TCP Clamping issue in its effect.

Any ideas or advice?

2

20.7 Legacy Series / Re: I want to love OPNsense

« on: November 13, 2020, 01:55:32 am »

A reboot fixes the Zerotier issue. Is this Windows? (sorry)

3

20.7 Legacy Series / I want to love OPNsense

« on: November 13, 2020, 01:41:10 am »

I really do! But everything just keeps blocking it.

Take for instance Zerotier, which I had set up and working beautifully. Walk away for half an hour, and it's gone!

I realise I should probably be asking for assistance in that matter, but that has been my experience with pretty much everything - IPSEC with Strongswan, even PPPoE.

Sorry to sound negative.

4

20.7 Legacy Series / Re: Not accepting PPPoE username

« on: November 11, 2020, 09:50:11 pm »

Thanks for your help. I'm not sure what was preventing it from working but it's suddenly sprung into life!

5

20.7 Legacy Series / Re: Not accepting PPPoE username

« on: November 11, 2020, 02:12:10 pm »

Ah that's interesting, thanks - same provider as well! Do you have the WAN interface set with "IPv4 configuration type: PPPoE"? I'm wondering if there are other ways of doing it. Any chance you can share some screenshots of your PPPoE / WAN config?

6

20.7 Legacy Series / Not accepting PPPoE username

« on: November 10, 2020, 06:20:53 pm »

I think I might have identified a possible bug.

Switched broadband provider, and with the new username, the PPPoE interface stays disabled. Now, the new username is:

xxxxxxx@dslnet

As you can see there is no . in the domain name. Now, if I (incorrectly) change the username to:

xxxxxxx@dslnet.uk

Then the interface enables. But, as the username is now incorrect, it doesn't work. So my guess is that opnsense only works with usernames that appear to be a standard FQDN, and not the virtual domain names in use by my new ISP.

Who can advise on this predicament?! I've had to switch to a nasty old router just to get things working, so I've lost all the good stuff

7

20.7 Legacy Series / Re: IPSEC breaks networking

« on: November 05, 2020, 05:25:46 pm »

Ok so one issue sorted - I had to uncheck "install policy", then the phase 2 policy stopped taking the traffic down!

The issue remaining is that the "Local IP" in VPN status is showing up as the dynamically assigned IP on the PPPoE interface. Here, there is an additional static /29 assigned by the Internet provider.

I have manually added one of the static IPs as an IP Alias to the WAN interface, but it could also go in Interfaces/PointToPoint/Devices/PPPoE - which is correct?

8

20.7 Legacy Series / Re: IPSEC breaks networking

« on: November 05, 2020, 04:11:48 pm »

Yes that .234 address is the remote endpoint for the VPN. Not sure why it's saying it's conflicting?

9

20.7 Legacy Series / Re: IPSEC breaks networking

« on: November 05, 2020, 03:09:16 pm »

Any ideas?

10

20.7 Legacy Series / Re: IPSEC breaks networking

« on: November 04, 2020, 03:00:39 pm »

Attached. Interestingly the ipsec.log is filling up with a *lot* of nulls. I had to chop a load out just to get it under the max attachment size.

11

20.7 Legacy Series / Re: IPSEC breaks networking

« on: November 04, 2020, 01:24:20 pm »

No, and I've tried all sorts of different addresses on the tunnel to see if that made a difference, but no...

12

20.7 Legacy Series / Re: IPSEC breaks networking

« on: November 03, 2020, 10:23:09 pm »

Phase 1

13

20.7 Legacy Series / Re: IPSEC breaks networking

« on: November 03, 2020, 10:17:38 pm »

One of the things I've noticed, JIC it's relevant, is that the console shows the local endpoint IP for the tunnel as the IP that is dynamically assigned to the PPPoE connection, whereas it should be one of the static IP addresses I have added to the interface (and defined in phase1)

14

20.7 Legacy Series / Re: IPSEC breaks networking

« on: November 03, 2020, 10:15:07 pm »

By live addresses what do you mean exactly? These are the IP addresses for the tunnel surely, so are arbitrary? I used the same addresses as in the example

15

20.7 Legacy Series / IPSEC breaks networking

« on: November 03, 2020, 10:01:30 pm »

New to Opnsense, so could be me, but seems very odd behaviour

Creating a route-based IPSEC VPN as per https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route.html

As soon as  I create the phase 2 policy, just as described, everything stops networking wise. Can't even ping the Opnsense server.

So I go onto console, 'configctl ipsec stop' - everything comes back. And all is fine if I disable the phase 2 policy, and then restart ipsec.

I can't see anything in the phase 2 policy that would affect it like that. What could be happening? Have updated to the latest firmware.