Messages

1

24.1 Legacy Series / Re: ACME plugin: can't obtain production certificate using DNS challenge

« on: June 05, 2024, 01:45:11 pm »

I'm having the same issue

   AcmeClient: validation for certificate failed: XXX.XXX.XXX
2024-06-05T14:42:54   opnsense   AcmeClient: domain validation failed (dns01)
2024-06-05T14:42:54   opnsense   /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php: AcmeClient: The shell command returned exit code '2': '/usr/local/sbin/acme.sh --renew --syslog 6 --log-level 1 --server 'letsencrypt' --dns 'dns_cf' --dnssleep '120' --home '/var/etc/acme-client/home' --cert-home '/var/etc/acme-client/cert-home/6244690401b582.96545326' --certpath '/var/etc/acme-client/certs/6244690401b582.96545326/cert.pem' --keypath '/var/etc/acme-client/keys/6244690401b582.96545326/private.key' --capath '/var/etc/acme-client/certs/6244690401b582.96545326/chain.pem' --fullchainpath '/var/etc/acme-client/certs/6244690401b582.96545326/fullchain.pem' --domain 'XXX.XXX.XXX' --days '1' --keylength '4096' --accountconf '/var/etc/acme-client/accounts/624465c1ebd1a0.95366960_prod/account.conf''
2024-06-05T14:42:53   opnsense   AcmeClient: using challenge type: Cloudflare DNS Validation
2024-06-05T14:42:53   opnsense   AcmeClient: account is registered: YYY WEB GUI Cert Accoiunt
2024-06-05T14:42:53   opnsense   AcmeClient: using CA: letsencrypt

2

23.7 Legacy Series / Re: double "block all targeting port 0" Automatically generated rules on the WAN

« on: November 09, 2023, 07:58:52 am »

Thank you!

3

23.7 Legacy Series / double "block all targeting port 0" Automatically generated rules on the WAN

« on: November 09, 2023, 07:41:10 am »

Hi!

I have noticed that there is a double "block all targeting port 0" Automatically generated rules on the WAN interface - OPNsense 23.7.7_3-amd64

   IPv4+6 TCP/UDP   *   *   *   *   *   *   *   block all targeting port 0   
     IPv4+6 TCP/UDP   *   *   *   *   *   *   *   block all targeting port 0

Might be a bug?

4

23.1 Legacy Series / Re: Loss of outgoing connectivity after upgrade from 22.7.11 -> 23.1

« on: March 06, 2023, 11:40:23 am »

do you have custom tunables in your config?

check this https://forum.opnsense.org/index.php?topic=32017.15

5

23.1 Legacy Series / Re: Upgraded to 23.1.r2: no LAN ip after reboot

« on: January 27, 2023, 09:43:55 am »

can confirm - removing dev.igb.X.eee_control solved the problem.

6

Hardware and Performance / Re: PPPoE with separate router/bridge

« on: December 17, 2022, 02:23:56 pm »

Hi there

as there is a PPPoE problem in FreeBSD and it doesn't look like it will be solved in a reasonable timeframe I'm thinking of putting a router/bridge in front of my setup like this:

Code: [Select]

      WAN / Internet
            :
            : FTTH provider
            :
      .----+------------.
      |  PPPoE Router  |  (or Bridge, whatever)
      '-----+-----------'
            |
          WAN
            |
      .-----+------.
      |  OPNsense |
      '-----+------'
            |
          LAN

Internet is provided with PPPoE and VLAN ID.
I have fixed IP's I want to use with opnSense.

Is there any cheap router/Bridge/whatever available to just do this:
"transform" the ISP's signal to use with a regular WAN port of my opnSense router?
If necessary I can also put a fiber converter in front, too.
It may even use one of my public IP's.

Thank you for all hints!

Were you able to find a solution? I'm looking for the same appliance.

7

22.7 Legacy Series / Re: 1000M drops to 100M after a few minutes

« on: December 13, 2022, 07:14:20 pm »

Hi! I think I know what you are talking about. I have apu2 with the very same specs as you.

Just seconds after reboot I run a speed test and can get up to 800Mbps, a couple of minutes later it drops to ~200-300Mbps max.

I understood that if I disable the Shaper, which was helpful when I had a VSDL connection, the speed stays in the 800Mbps range.

      Server: Active Cloud - XXXXXXXXXX
         ISP: XXXXXXXXX
Idle Latency:     3.95 ms   (jitter: 0.19ms, low: 3.81ms, high: 4.10ms)
    Download:   816.02 Mbps (data used: 1.2 GB)
                 10.18 ms   (jitter: 9.49ms, low: 3.70ms, high: 235.02ms)
      Upload:    84.49 Mbps (data used: 100.5 MB)
                 27.24 ms   (jitter: 6.91ms, low: 5.67ms, high: 88.46ms)
 Packet Loss:     0.0%

suggest checking if this is your case.

Have a nice day!

8

22.7 Legacy Series / Re: Block private networks - blocks 100.75.* network

« on: December 09, 2022, 11:00:52 am »

Thanks, didn't notice that

9

22.7 Legacy Series / Block private networks - blocks 100.75.* network

« on: December 09, 2022, 10:44:14 am »

Hi!

My OPNsense is blocking connections from address 100.75.* with labeling "block private networks from WAN"  while "Block private networks" is checked under the WAN interface.

though help for this option states: "When set, this option blocks traffic from IP addresses that are reserved for private networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as loopback addresses (127/8) and Carrier-grade NAT addresses (100.64/10). This option should only be set for WAN interfaces that use the public IP address space."

I will appreciate any help.

Thanks in advance

10

22.7 Legacy Series / While creating Shaper rules, is selecting the WAN interface enough?

« on: October 29, 2022, 10:50:52 am »

Hi!

While creating Shaper rules, is selecting the WAN interface enough, or shall I also choose WG0 (Wireguard) as Interface 2? I want to share all outgoing traffic.

Thanks in advance!

11

22.1 Legacy Series / [SOLVED] after changing ISP no incoming IPv4 connections - IPV6 works fine

« on: May 05, 2022, 08:50:05 pm »

Hi friends!

I had the following working IPv4/IPv6 OPNsense setup: VDSL2 router configured as bridge -> PPPoE -> OPNsense

Two days ago I moved to a new ISP, got credentials, set them under the WAN interface, and thought that everything is fine. All clients have an internet connection with both protocols... until I noticed that there are zero incoming IPv4 connections. Tried to connect to my network from outside with an IPv4 public address and it failed with no evident logging under Firewall-> Live View (I have all possible logs enabled under System->Settings->Logging).

Connecting with the IPv6 public address works fine.

Did some investigating and I see only a single thing that changed: with the new ISP, my IP address is 100.88.xx.xx/32  while with the previous ISP it was equal to the public IP.

I have tried disabling “Block private networks” and “Block bogon networks”, but still don’t see anything.

Will appreciate any help!

Thanks in advance

12

22.1 Legacy Series / Re: incorrect MTU upon WAN(pppoe) interface reload from INTERFACES: OVERVIEW

« on: May 05, 2022, 08:23:39 pm »

Thanks!

I'm not aware of any hardware MTU limiting.

My setup is a VDSL2 router in bridge mode -> OPNsense.

13

22.1 Legacy Series / incorrect MTU upon WAN(pppoe) interface reload from INTERFACES: OVERVIEW

« on: May 05, 2022, 07:49:53 pm »

Hi All!

I have set MTU on the WAN interface to 1460 (Calculated PPP MTU: 1452).

Upon router reboot the MTU has the correct value:

sudo ifconfig
pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1452
        description: WAN

But if I initiate "reload" from INTERFACES: OVERVIEW the MTU resets to 1460

sudo ifconfig
pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1460

Can it be a defect?

Thanks in advance!

14

22.1 Legacy Series / Re: is wireguard-kmod supported under Opnsense 22.1?

« on: February 15, 2022, 12:00:12 pm »

Stupid me, I forgot that I performed a fresh install.. Sorry for the time waste.

Thanks a lot!

15

22.1 Legacy Series / is wireguard-kmod supported under Opnsense 22.1?

« on: February 15, 2022, 11:53:26 am »

Hi!

I have upgraded to Opnsense 22.1.

Shall I install wireguard-kmod? I was using it before the upgrade.

Thanks in advance