Messages

1

23.7 Legacy Series / Isolating which process is performing DNS queries

« on: October 20, 2023, 04:03:45 pm »

I recently upgraded my OPNsense firewall to the latest version and now I'm seeing millions of DNS requests for cisco.com in Adguard which is running directly on OPNsense. I ran a packet capture and I'm only seeing the DNS queries on my Wan interface and nothing on my internal interfaces. Any help would be greatly appreciated.

2

High availability / Re: CARP with DHCP on WAN

« on: September 25, 2021, 04:01:13 am »

It actually sounds like you are doing what I am after. How are you achieving that? For instance, just in basic testing on my BACKUP, if I run 'ifconfig vtnet0 down' all interfaces go down and 'ifconfig vtnet0 up' brings all interfaces up. It's bizarre.

I run CARP on all interfaces except for WAN. The WAN interface on each firewall is just configured like "normal" with DHCP.

So the gateway for clients is the CARP LAN IP, and outbound traffic goes out via the WAN of the current CARP master.

I just setup a second OPNsense firewall in my VMware 7 environment. When I have the WAN interface active on the secondary firewall with the same DHCP lease as my primary firewall I experience packet loss across the WAN interface.

I do not have CARP on my WAN interface. It's configured like "normal" as you described with DHCP.

3

21.7 Legacy Series / Intrusion Detection slow speeds after a few minutes

« on: September 21, 2021, 11:20:35 am »

I'm having an issue when I enable Intrusion Detection with IPS mode (all hardware offloading is disabled) enabled. I get full gigabit line speed then after a few minutes, speed drops down to 120-130~ megabits. Restarting the service allows me to download at full speed then the speed drops back down as before.

I've tried all Pattern matching options without any change. Not sure what else to try.

4

21.7 Legacy Series / System Log showing error: kex_exchange_identification: Connection closed by

« on: September 07, 2021, 03:37:23 am »

I'm trying to track down why my system log is being flooded with "error: kex_exchange_identification: Connection closed by remote host" followed by "Connection closed by 10.10.0.79 port *random port number*" every 15 minutes.

10.10.0.79 is the Lan IP address of the OPNSense system.

Not sure if there is any correlation, but I am seeing similar "error: kex_exchange_identification: Connection closed by remote host" errors on my TrueNas server every 15 minutes as well.

5

21.1 Legacy Series / Re: Unable to establish more than one Wireguard vpn tunnel

« on: May 21, 2021, 07:37:11 pm »

I changed the local configuration for the second tunnel to 51821 and the connection is established now. Traffic doesn't seem to be going across it. I'm I am routing certain hosts part of the same /24 out separate tunnels will that not work? I have 0.0.0.0/0 as part of my allowed ip's for both tunnels.

6

21.1 Legacy Series / Unable to establish more than one Wireguard vpn tunnel

« on: May 20, 2021, 03:41:01 pm »

I am having an issue where I can't establish more than one Wireguard vpn tunnel at once. I can bring one tunnel down and the other up and it works fine.