OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of R1mSG »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - R1mSG

Pages: [1]
1
23.7 Legacy Series / Re: OpenVPN - High Availability Synchronize - Client Specific overrides
« on: October 04, 2023, 04:07:01 pm »
Hey,

sorry for the late feedback.

It seems to work again in the meantime.
I tested it with several firewalls and it worked with all of them without any problems.
Why it didn't work with all of them bevor, I can't say.

About the "<openvpn-csc>" entries.
Yes, they are no longer included in the config.xml files.
But I rather assume that these were replaced in the last updates by "<Overwrite uuid" entries.
At least in old backups I can find the "<openvpn-csc>" entries in any case.
But I have not deep dived into the whole thing.

Greetings,
R1mSG

2
23.7 Legacy Series / OpenVPN - High Availability Synchronize - Client Specific overrides
« on: September 18, 2023, 11:56:37 am »
Hey,


after the Client Specific overrides were changed in the last updates, I noticed that they are not synchronized via High Availability Synchronize at all.

The options under System: High Availability: Settings are all set.
Is this the way it should be?
I could not find anything about this anywhere.


Greetings,
R1mSG

3
General Discussion / Re: CLI Update gets stuck with Nothing to do.
« on: November 29, 2022, 04:48:42 pm »
btw, solution was.

The default mode of "opnsense-update" was changed to "opnsense-update -bkp" last year.

See also:
https://github.com/opnsense/core/issues/6128

4
General Discussion / Questions about HA Misconfigurations
« on: November 29, 2022, 04:42:29 pm »
Hi,

i have two questions regarding HA setup configurations.

1) I have two Carp IPs on one interface /29.
So far no problem, the "problem" is, one IP is /30, the other one is /29.
Can this cause problems with a HA setup?

2.) Question two, why the question 1. only arises, pfsense has a nice "Troubleshooting High Availability" page with  "Common Misconfigurations".
Do these misconfigurations all apply to OPNsense as well?

The OPNsense wiki does not have such a list, I could not identify the question from 1.) as a problem, if it is a problem at all.

https://docs.netgate.com/pfsense/en/latest/troubleshooting/high-availability.html


Regards,

R1mSG

5
General Discussion / Re: CLI Update gets stuck with Nothing to do.
« on: October 28, 2022, 12:53:17 pm »
sorry, my question was misleading.
I am talking about updating via the terminal, not the GUI, the GUI works without problems.

The goal is to update minor/patches via CLI using the "opnsense-update" command.

6
General Discussion / CLI Update gets stuck with Nothing to do.
« on: October 28, 2022, 10:08:36 am »
Hey,

i have the problem that when I run an opnsense-update, I get a "Nothing to do." response.

If I run "/usr/local/opnsense/scripts/firmware/check.sh" or a pkg dry-run, it finds the updates (The GUI also shows updates).

The problem here seems to be a popup (every few updates this appears) in the GUI, as soon as I check for new updates and close this popup, the opnsense-update command works again.

You can solve the problem by running "pkg upgrade -y".
But here the question would be, if this command can lead to problems, because there is an extra official opnsense command "opnsense-update" for this, i would actually prefer to use the official command.

Is there a solution for this, or is it safe to update the Firewall via "pkg upgrade -y"?

7
21.7 Legacy Series / [21.7.8] - CLI update question
« on: May 02, 2022, 10:26:11 am »
Hey,

how can I check for updates via the CLI?
I would need the same function as under System: Firmware: "Check for Updates".

I have already tried with the following commands:
/usr/local/opnsense/scripts/firmware/launcher.sh check
/usr/local/opnsense/scripts/firmware/check.sh

The problem is that the new update 21.1 is not found at the end.
Somehow it only works via the WEB GUI.

---

OPNsense 21.7.8-amd64
FreeBSD 12.1-RELEASE-p22-HBSD
OpenSSL 1.1.1m 14 Dec 2021

8
22.1 Legacy Series / [22.1.2_1] - HA/Carp question - Dmesg log
« on: March 17, 2022, 11:08:09 am »
Hey,

i wanted to investigate a HA/Carp problem, but I noticed in the dmesg.today logs that even with working firewalls, where I know of no problems, there are a lot of "state changed to" messages.

Is this a normal behavior for HA setups? (see attachment)

No hardware changes or updates were made during this time. Therefore the link state change should not come from that.

---

Hardware:
OPNsense 22.1.2_1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021

9
22.1 Legacy Series / [22.1.1_3] - ssh/scp Problems
« on: February 22, 2022, 03:59:01 pm »
Hey,

we have three firewalls here that are connected to each other with a VLAN. Each firewall has a MultiWAN configuration. One firewall is the main firewall. The two secondary firewalls have as default gateway the VLAN to the "master" firewall and as fallback connection a normal internet connection via a FritzBox.

Since the update to 22.1.1_3 we have problems with ssh connections to this two firewalls. But if we use the main firewall as jumphost, this problems does not exist.

These problems look like this:
When trying to download a file via scp (over the FritzBox WAN) from the "two" firewalls, the download stops in the middle. But uploading files to the firewall via scp works.
Likewise, if you connect via SSH and want to output a larger file with cat/tail, the connection breaks. Open via vim/less or even tcpdump output works without aborts.

Outputs of ssh/scp:
SCP:
   YYY:~# scp root@XXX:/conf/config.xml .
   config.xml                                                                                     
                                                                                   
   0%    0     0.0KB/s   --:-- ETAConnection to XXX closed by remote
   host. lost connection
   
SCP -vvv:
   debug3: send packet: type 1
   debug1: channel 0: free: client-session, nchannels 1
   debug3: channel 0: status: The following connections are open:
     #0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)

   debug1: fd 0 clearing O_NONBLOCK
   debug1: fd 1 clearing O_NONBLOCK
   Connection to XXX closed by remote host.
   Transferred: sent 2844, received 19476 bytes, in 0.2 seconds
   Bytes per second: sent 11404.7, received 78100.9
   debug1: Exit status -1

SSH -vvv:
   debug1: channel 0: free: client-session, nchannels 1
   debug3: channel 0: status: The following connections are open:
     #0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)

   Connection to XXX closed by remote host.
   Connection to XXX closed.
   Transferred: sent 3492, received 13244 bytes, in 6.7 seconds
   Bytes per second: sent 519.7, received 1971.0
   debug1: Exit status -1
   

We dont know if this could be a Problem with our MultiWAN configuration or anything else.

Is this problem known, or does anyone know something similar and can help us out here?


---

Hardware:
OPNsense 22.1.1_3-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2