Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - lebidochon

Pages1
#1
23.1 Legacy Series / Re: Target/logging to WAN
July 20, 2023, 05:01:03 PM
My question wasn't clear, I'll rephrase it.

Remote Target/logging

PC syslogX (192.168.x.x)-> LAN1 ->Opnsense ->WAN....internet
Opnsense perfectly sends the logs (TCP4 and TCP4TLS) to the syslogX PC.

... -> LAN1 ->Opnsense ->WAN....internet -> PC syslogX (84.5.x.x)
Opnsense does not send logs (TCP4 and TCP4TLS) to the syslogX PC

Test outside Opnsense :
PC Y (192.168.200.x)->... internet ... -> PC syslogX (84.5.x.x)
PC Y perfectly sends the logs (TCP4 and TCP4TLS) to PC syslogX.


Question :
Remote Target/Logging does not send logs to an internet ip ?
Remote Target/Logging sends logs to an ip only from an Opnsense LAN?

The opnsense documentation says nothing about this.

Thanks.
#2
23.1 Legacy Series / Target/logging to WAN
July 20, 2023, 11:31:53 AM
Hello,

OPNsense 23.1.11-amd64

Target/logging :
I want send log (opnsense) to server syslog.
If the server syslog is in LAN of Opnsense (TCP4/TCP4TLS) is OK.
If the server syslog is out of Opnsense (TCP4/TCP4TLS) is NOT OK.

My ip internet is IPV4.

Opnsense don't send log to WAN ? only LAN ?
Sorry for my english ...
Thank.
#3
22.7 Legacy Series / Re: Insight and log files
August 04, 2022, 04:30:28 PM
Hello ,

I tried to download the firewall logs. This error message appears:

Fatal error: Allowed memory size of 1073741824 bytes exhausted (tried to allocate 4096 bytes) in /usr/local/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/LogController.php on line 106

Is there a parameter to increase the memory size for files?
Thanks in advance ...
#4
22.7 Legacy Series / Insight and log files
August 04, 2022, 03:59:12 PM
Hello,

OPNsense 22.7_4-amd64
Intel(R) Xeon(R) D-2146NT CPU @ 2.30GHz (8 cores, 16 threads)
ram: 16 gigabytes
ssd: 100 gigabytes

Problem solved :
flowd_aggregate: off, I erased all files... now it's ok.

I have to keep my log data (ip and vpn) for a year.

1)Question 1:
NetFlow: Collect NetFlow data on this firewall for use with Insight. Note that the local cache only holds the latest 100 MB of data.
My data greatly exceeds 100 MB ... how to increase this size?

2)Question 2:
SYSTEM->SETTINGS->LOGGING->Preserve logs (Days)=720
My logs will be kept for 720 days... whatever the size of the file?
Does this parameter apply to DHCP / OPENVPN / FIREWALL logs?
After 720 days what happens to the log files?
Is the download limited in maximum size?

Thanks in advance ...
#5
20.7 Legacy Series / Re: Openvpn : Redirect Gateway [SOLVED]
November 21, 2020, 10:48:03 PM
Quote from: lebidochon on November 21, 2020, 10:45:56 PM
Update OPNsense 20.7.4-amd64 to OPNsense 20.7.5-amd64

The Redirect Gateway option checked, unchecked now works normally.

Recap:
Redirect Gateway not checked
My pc users have Opnsense bandwidth for SAMBA, and their own bandwidth for surfing the internet.

Windows 10 PC with openvpn community 2.4.7... OK
Linux PC Debian 10 (GNOME) with openvpn 2.4.7-1 ... .. you must check "only use this connection for resources on this network" in the IPV4 menu ... OK

Info:
On windows, if an OPENVPN server has the Redirect Gateway option checked and you want to force the use of the internet with the bandwidth of the PC and use the bandwidth on the OPENVPN server for resources.... add "pull-filter ignore redirect-gateway" in the client's xxxx.opvn file.

Sorry for my English ... I am French.
Thanks for your help.
#6
20.7 Legacy Series / [SOLVED]Openvpn : Redirect Gateway
November 21, 2020, 10:45:56 PM
Update OPNsense 20.7.4-amd64 to OPNsense 20.7.5-amd64

The Redirect Gateway option checked, unchecked now works normally.

Recap:
Redirect Gateway not checked
My pc users have Opnsense bandwidth for SAMBA, and their own bandwidth for surfing the internet.

Windows 10 PC with openvpn community 2.4.7... OK
Linux PC Debian 10 (GNOME) with openvpn 2.4.7-1 ... .. you must check "only use this connection for resources on this network" in the IPV4 menu ... OK

Info:
On windows, if an OPENVPN server has the Redirect Gateway option checked and you want to force the use of the internet with the bandwidth of the PC and use the bandwidth on the OPENVPN server for resources.... add "pull-filter ignore redirect-gateway" in the client's xxxx.opvn file.

Sorry for my English ... I am French.
Thanks for your help.
#7
20.7 Legacy Series / Re: Openvpn : Redirect Gateway
November 20, 2020, 09:36:37 PM
Test on PC with Debian 10 (Gnome) and Windows 10
with openvpn community (2.4.7).
#8
20.7 Legacy Series / Re: Openvpn : Redirect Gateway
November 20, 2020, 09:05:10 PM
Hi, I made an example to make sure I understood how Redirect Gateway works.
If I follow the example, currently if I uncheck Redirect Gateway (with restart of the server, and export of the client), I have the current config:
WAN (public IP): 82.X.Y.Z
LAN: 192.168.240.0/24 (gateway: 192.168.240.1)
Local IP: 192.168.240.5

which is not good, because the pc is browsing the internet with IP 82.X.Y.Z as the IP and using the Opnsense bandwidth.

What I'm looking to do is:
WAN (public IP): 92.Z.Z.Z
LAN: 192.168.43.0/24 (gateway: 192.168.43.1)
Local IP: 192.168.43.10
A route 192.168.250.0/24 is added to be able to reach the SAMBA server 192.168.250.10
The pc browses the internet with 92.Z.Z.Z as the IP but does not use the Opnsense bandwidth (except for SAMBA 192.168.250.10).

Whether I check or uncheck Redirect Gateway, the user pc config is not what I am looking for.

I have the impression that Redirect Gateway unchecked is not supported ...
#9
20.7 Legacy Series / Re: Openvpn : Redirect Gateway
November 20, 2020, 08:31:14 PM
Oops ... no
Openvpn server with Redirect Gateway ticked works fine.
But that's not what I want to do.
I want to uncheck Redirect Gateway so that user PCs use their bandwidth to surf the internet and use opnsense bandwidth only to go to the SAMBA server.

If I uncheck Redirect Gateway... Internet surfing always goes through Opnsense.
#10
20.7 Legacy Series / Re: Openvpn : Redirect Gateway
November 20, 2020, 08:08:51 PM
By activating / deactivating Redirect Gateway, the (remote) user pc always goes through opnsense... to surf the internet.

I must not have fully understood the Redirect Gateway feature.

On Opnsense:
WAN (public ip): 82.X.Y.Z
LAN: 192.168.250.0/24 (SAMBA server: 192.168.250.10)
OPENVPN: 192.168.240.0/24 (gateway: 192.168.240.1)

User PC (Windows 10) before VPN connection:
WAN (public IP): 92.Z.Z.Z
LAN: 192.168.43.0/24 (gateway: 192.168.43.1)
Local IP: 192.168.43.10
The pc is browsing the internet with 92.Z.Z.Z as the IP

If Redirect Gateway is checked and IPv4 Local Network is empty: all traffic goes through opnsense.

After connecting to the VPN the user pc becomes:
WAN (public IP): 82.X.Y.Z
LAN: 192.168.240.0/24 (gateway: 192.168.240.1)
Local IP: 192.168.240.5
The pc browses the internet with the IP 82.X.Y.Z and uses the bandwidth of Opnsense.

If Redirect Gateway is not checked and IPv4 Local Network 192.168.250.0/24: only 192.168.250.0/24 goes through opnsense.

After connecting to the VPN the user pc becomes:
WAN (public IP): 92.Z.Z.Z
LAN: 192.168.43.0/24 (gateway: 192.168.43.1)
Local IP: 192.168.43.10
A route 192.168.250.0/24 is added to be able to reach the SAMBA server 192.168.250.10
The pc browses the internet with 92.Z.Z.Z as the IP but does not use the Opnsense bandwidth (except for SAMBA 192.168.250.10).

Where is the error?

#11
20.7 Legacy Series / Re: Openvpn : Redirect Gateway
November 19, 2020, 09:54:51 PM
Saut   Nom d'hôte   Adresse IP   Temps 1
1   192.168.240.1   192.168.240.1   60.983
1   192.168.240.1   192.168.240.1   55.860
2   192.168.50.254   192.168.50.254   94.286 ....WAN (FAI) opensense
3   194.149.169.53   194.149.169.53   50.739
6   be2151.agr21.par04.atlas.cogentco.com   154.54.61.34   354.005
7   tata.par04.atlas.cogentco.com   130.117.15.70   126.481
#12
20.7 Legacy Series / Re: Openvpn : Redirect Gateway
November 19, 2020, 09:39:05 PM
I deactivated Redirect Gateway and restarted the server, re export a client and install it on his workstation. His public internet ip is that of Opnsense and not his.

IPv4 Tunnel Network: 192.168.240.0/24

LAN: 192.168.250.0/24
#13
20.7 Legacy Series / [SOLVED] Openvpn : Redirect Gateway
November 19, 2020, 09:09:45 PM
Good evening,

I am a former IPCOP, then IPFIRE, then now OPNsense 20.7.4-amd64

I configured Opnsense ... a pleasure .... everything works perfectly.

Problem:
I have configured an OPENVPN server with clients .... it's ok everything is working perfectly.

My remote users can access my servers (SAMBA) and they can access the internet via Opnsense.

What I'm trying to configure is that my users access the servers via OPENVPN ... but that their internet browsing is done through their ISPs and not from Opnsense while keeping their VPN connections open.

I therefore deactivate / activate Redirect Gateway on the Openvpn server .... but their gateway is still that of Opensense.

Is there a special config to do what I want?

Thanks in advance.

PS:Sorry for my english .... i am french.
#14
French - Français / Openvpn : Redirect Gateway
November 19, 2020, 09:00:57 PM
Bonsoir,

Je suis un ancien de IPCOP, puis IPFIRE, puis maintenant de OPNsense 20.7.4-amd64

J'ai configure Opnsense ... un plaisir .... tout fonctionne parfaitement.

Probleme :
J'ai configure un serveur OPENVPN avec des clients .... c'est ok tout fonctionne parfaitement.

Mes utilisateurs distant accedent bien a mes serveurs (SAMBA) et ils ont acces à internet via Opnsense.

Ce que j'essaye de configurer , c'est que mes utilisateurs accedent aux serveurs via OPENVPN ... mais que leurs navigations internet se fassent via leurs FAIs et non depuis Opnsense en gardant leurs connexions VPN ouverte.

J'ai donc desactive/active  Redirect Gateway sur le serveur Openvpn .... mais leur passerelle est toujours celle de Opensense.

Y a t il un config speciale pour faire ce que je souhaite ?

Merci par avance.
Pages1