Messages

1

23.1 Legacy Series / Re: Multi WAN Dpinger needs restarting after gateway outage Workaround

« on: November 14, 2023, 11:01:43 pm »

Same problem on 23.7.8.
I have 4 Gateways (FTTH, FTTC, FWA, SAT) and Starlink is the only one presenting this problem.

2

23.1 Legacy Series / OPNsense 23.1.1_2 - Suricata stops after startup

« on: March 04, 2023, 01:30:21 pm »

Hello everyone,

I'm running OPNsense 23.1.1_2-amd64 and trying to setup ET Pro Telemetry edition in Intrusion Prevention.

OPNsense is a VM on a Proxmox host, wich has a WAN pass-trough port and then share other ports for local VLANs (it's a home network, so energy saving is the main purpose).

I've downloaded definitions (both ET and built-in) and started service with this options flagged:
- Enabled
- IPS Mode (tried off with the same results)
- Promiscuous Mode (tried off with the same results)

Suricata start:

Code: [Select]

[100174] <Notice> -- This is Suricata version 6.0.9 RELEASE running in SYSTEM modeThen throw out 6 error on configuration of various network protocols: sip, rfb, mqtt, rdp, http, http2.

Code: [Select]

[100174] <Warning> -- [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol [b]*[/b] enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.
I've checked on another working setup and I got the same error, even if suricata is working.

Have you any idea?

Thank you,

3

22.1 Legacy Series / Re: OPNsense on Proxmox Freezing Every Few Nights

« on: February 10, 2023, 10:22:13 am »

I'm running OPNSense (last version) on Proxmox without this problem, at home on a PowerEdge T20 (Xeon E3 1271 v3, 32GB, SSD) and at Work on a PowerEdge T440 (Xeon Silver 4110 x2, 256GB, 15k SCSI HDDs), also on another site in a PC (i5 6500, 16GB, SSD).
I think it could be hardware related? In my home setup, the T20, I have an Intel dual SFP+ for LAN and an Intel quad Gigabit for WAN(s),  no GPU, 1xSSD and the host is running 4 VMs and 3 CT with RAM constantly near 90% (I'm actually on ZFS, planning to switch back to ext4 to free up some RAM).

4

22.1 Legacy Series / Re: [SOLVED] os-ddclient with No-Ip not finding an IP

« on: February 10, 2023, 10:09:29 am »

The same for me: DuckDNS is working while No-IP was not.
Switched to custom and now is everything ok:

Code: [Select]

Protocol: DynDns2
Server: dynupdate.no-ip.com
Username: <My No-IP Username>
Password: <My No-IP Password>
Wildcard: NOT Checked
Hostname: <The hostname i want to update>
Check IP Method: Interface
Check IP Timeout: 10
Force SSL: CHECKED
Interface to Monitor: <FTTH PPPoE Interface, in my case>

5

22.7 Legacy Series / Re: [SOLVED] PHP Error on Crash Reporter after 27.7.7 upgrade.

« on: November 17, 2022, 02:55:38 pm »

Thank you so much, i searched a lot but didn't found out anything.

Marked as solved.

6

22.7 Legacy Series / [SOLVED] PHP Error on Crash Reporter after 27.7.7 upgrade.

« on: November 09, 2022, 02:00:03 pm »

Hello guys,

After upgrading to 22.7.7 i noted an error on the crash reporter:

Code: [Select]

User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0
FreeBSD 13.1-RELEASE-p3 stable/22.7-n250262-83840459d88 SMP amd64
OPNsense 22.7.7_1 391f1de80
Plugins os-dyndns-1.27_3 os-smart-2.2 os-theme-cicada-1.29 os-wireguard-1.13 os-wol-2.4_1
Time Wed, 09 Nov 2022 12:34:56 +0100
OpenSSL 1.1.1s  1 Nov 2022
Python 3.9.15
PHP 8.0.25

PHP Errors:

[09-Nov-2022 12:29:54 Europe/Rome] TypeError: array_merge(): Argument #1 must be of type array, null given in /usr/local/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/GeneralController.php:93
Stack trace:
#0 /usr/local/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/GeneralController.php(93): array_merge(NULL, Array)
#1 [internal function]: OPNsense\Wireguard\Api\GeneralController->getStatusAction()
#2 [internal function]: Phalcon\Dispatcher\AbstractDispatcher->callActionMethod(Object(OPNsense\Wireguard\Api\GeneralController), 'getStatusAction', Array)
#3 [internal function]: Phalcon\Dispatcher\AbstractDispatcher->dispatch()
#4 /usr/local/opnsense/www/api.php(24): Phalcon\Mvc\Application->handle('/api/wireguard/...')
#5 {main}
[09-Nov-2022 12:30:18 Europe/Rome] TypeError: array_merge(): Argument #1 must be of type array, null given in /usr/local/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/GeneralController.php:93
Stack trace:
#0 /usr/local/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/GeneralController.php(93): array_merge(NULL, Array)
#1 [internal function]: OPNsense\Wireguard\Api\GeneralController->getStatusAction()
#2 [internal function]: Phalcon\Dispatcher\AbstractDispatcher->callActionMethod(Object(OPNsense\Wireguard\Api\GeneralController), 'getStatusAction', Array)
#3 [internal function]: Phalcon\Dispatcher\AbstractDispatcher->dispatch()
#4 /usr/local/opnsense/www/api.php(24): Phalcon\Mvc\Application->handle('/api/wireguard/...')
#5 {main}
I noticed that removing the wireguard dashboard plugin solve the problem, so it might be related

7

22.1 Legacy Series / Re: os-ddclient

« on: July 23, 2022, 02:42:28 pm »

Hello everyone,

I'm a os-dyndns and NoIP user: never had issued.

Now I'm trying to move to os-ddclient but I can't find a way to make it work.

Any suggestion?

Thank you,

8

Italian - Italiano / Re: VPN Wireguard & Linux (Ubuntu)

« on: July 23, 2022, 01:53:27 pm »

Ciao!

Non ho ancora fatto chiarezza, ma dopo una serie infinita di bestemmie mi sono accorto che client diversi di Wireguard (es. quello per Windows e quello per Ubuntu) accettano diverse serie di allowed-ips.

Di solito li cambio finché trovo una combinazione funzionante. Se metti solo la subnet del gateway di solito funziona sempre, poi da lì allarghi.

9

Virtual private networks / [SOLVED] Route Wireguard to a secondary Gateway.

« on: July 23, 2022, 01:45:19 pm »

Hi guys,

I have two router: a Unifi UDM-PRO and an old Watchguard appliance converted to OPNsense.

The UDM-PRO is linked to a low-latency connection, which I use for my devices, and has a backup link from OPNsense.

OPN sense is linked to an higher-speed connection, and is used for guest devices. It has a backup link which goes on UDM-PRO LAN.

Now, I have a Wireguard server on the OPNsense machine, which I wanna use to connect remotely to devices on UDM-PRO network (and sub-networks).

I can access the OPNsense networks and I set up firewall wireguard rule to access everything. Also, I set up static routes for the UDM-PRO networks to the UDM-PRO gateway but I still can't access anything on its network.

Where I'm wrong?

Thank you

-------- SOLUTION ------------

1 - Created a firewall alias to group all the networks

2 - Firewall Rules that allow traffic to the alias-networks

3 - Static routes to route that networks to the right gateway

4 - NAT Outbound mode to hybrid mode and create a rule to nat that networks from wireguard interfaces to the right gateway.

10

21.1 Legacy Series / Re: Failed, signature invalid

« on: April 03, 2021, 12:39:21 am »

Hi,

I have different OPNsense installations, on two of these i had this probleme some months ago and reinstalled from scratch.

One of that two now is representing the problem, there's nothing but the ISP connection, and the two firewalls are under two different ISPs.

Any idea on how to solve?

11

20.7 Legacy Series / 20.7.4 - Port Forwarding issues

« on: November 06, 2020, 01:03:33 am »

Hi all

I'm trying to set up some port forwarding rules for multiple devices inside my network (1 Asterisk PBX, 2 VPN servers, 2 other servers and a PC which run CoD Warzone, that requires some ports to be exposed on the www).

I had a try following this guide and other tips found on the web, but nothing seems to work.

My test setup is a Fujitsu TX120 S3 with an E3-1260L, 8GB, 120GB SSD dedicaded to OPNsense.
2x Draytek Vigor 120 on the onboard NICs (ADSL via PPPoE)
2x Gigabit SFP: 1 to the existing router and 1 for the new networks (6 VLANs)

I've made several tests with different settings on port forwarding and firewall rules, but it's stil not working.

Thank you in advance!

Davide