Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - m4rtin

Pages: [1] 2 3 4

24.7 Production Series / WAN Failover: Gateway group does not activate tier 2 Gateway

« on: November 03, 2024, 11:38:40 am »

Hallo, I made a test with my Opnsense to see if the gateway changes to tier 2 if I reboot the router of tier 1.
Unfortunaly it does not change although the downtime is about 60 seconds (see attatchment).
I configured the WAN failover according to the documentation (https://docs.opnsense.org/manual/how-tos/multiwan.html)

German - Deutsch / Firewall Verbindung Port 445 nicht möglich

« on: June 27, 2024, 12:02:21 pm »

Hallo, ich habe mal meinen Aufbau skizziert in dem Anhang.

Bei dem Server auf den ich zugreifen möchte, handelt es sich um eine Synology, die eine öffentliche IP eingestellt hat, also direkt im Internet hängt. In der Synology Firewall ist eingestellt dass nur ein paar IPs Zugriff haben.

Das funktioniert soweit auch gut, nur kann ich von der einen IP aus die Synology nicht auf dem SMB Port 445 erreichen (telnet schlägt fehl). Die OPNsense von "IP1" sagt es gibt eine entsprechende zugelassene ausgehende Verbindung.

Von der anderen IP ist alles OK. Habt ihr eine Idee was das sein kann? Ich kann es mir nicht erklären...

Virtual private networks / (solved) OpenVPN Local Domain Authentication

« on: May 14, 2024, 06:00:49 pm »

Hi, I configured an OpenVPN Server on my OPNsense with this HowTo:

https://www.thomas-krenn.com/de/wiki/OPNsense_OpenVPN_f%C3%BCr_Road_Warrior_einrichten

I had to create local users and create unique OpenVPN certificates for each user. That works for this user, but I guess this doesn't work with local domain users.

How should I approch this? Disable certificate Usage?

Edit:
I solved it with an "instance" server and no certificate usage (I use MFA and username / password)

24.1 Legacy Series / Re: Wireguard 0.0.0.0 Routing problem

« on: April 29, 2024, 04:20:25 pm »

Quote from: Patrick M. Hausen on April 29, 2024, 03:42:41 pm

You are probably missing an outbound NAT rule on WAN for source WG0 net.

I have already created a NAT rule (see first screenshot). 0.0.0.0/1, 128.0.0.0/1 don't work as well.

Does it matter that I run the opnsense on a HyperV that runs on a Windows Cloud Server? All used ports are forwarded in Windows Server to the opnsense via Windows "Routing and remote access" (the Windows Server is the gateway).

Edit:
I don't see outgoing traffic in the Live view of the firewall.

24.1 Legacy Series / Wireguard 0.0.0.0 Routing problem

« on: April 29, 2024, 03:20:26 pm »

Hallo, I run wireguard on an opnsense. I configured the client's allowed IPs with 0.0.0.0/0, ::/0 so the complete traffic goes through the tunnel. When I activate the tunnel, I can access all devices in the wireguard network but a ping to 8.8.8.8 get's a request timeout.

do you have an idea where I should check the configuration in the opnsense (or at the client)?

German - Deutsch / Re: Wireguard Probleme (DNS Auflösung, Mullvad)

« on: January 23, 2024, 06:10:11 pm »

Wie sieht denn die wireguard client config aus?

wenn da drin steht "allowed ips: 0.0.0.0/0" dann musst du dns über die opnsense machen, würde ich sagen.

German - Deutsch / Firewallfrage

« on: January 23, 2024, 06:00:59 pm »

Hallo,
ich möchte den RDP Zugriff (Port 33389) auf einen Windows Server über Wireguard (auf der OPnsense) ermöglichen.
die Anfrage kommt in der Opnsense an und wird zur privaten IP des Servers durchgelassen (siehe screenshot). Die Verbindung kommt allerdings nicht zustande, obwohl RDP über die öffentliche IP des Servers funktioniert (mit NAT), also der Port ist am server offen. Testweise Firewall am Server deaktivieren hat auch nichts gebracht. Ein ping der privaten IP bringt keine Rückmeldung, obwohl in der Opnsense die Anfrage ankommt und weitergeleitet wird (genau wie bei RDP).

Habt ihr ne Idee woran es liegen kann?

Edit:
Die private IP des Servers kann von der Opnsense angepingt werden. Opnsense und Server sind beides HyperV VMs.

23.7 Legacy Series / Re: OPNsense runs out of space

« on: December 21, 2023, 12:08:38 pm »

Yes I could solve it with installing opnsense with zfs.

I think this is caused by the sensei zenarmor plugin. Some months ago I had trouble with the database that was stopped again and again. I then did not correctly uninstall sensei. Reinstall it again later and used mongodb instead of elasticsearch. Maybe that messed up the whole system.

Now I use zfs and in sensei elasticsearch as database. That works so far.

23.7 Legacy Series / Re: OPNsense runs out of space

« on: December 13, 2023, 11:12:49 am »

Quote from: doktornotor on December 13, 2023, 10:55:40 am

I mean, with ZFS in place with compression enabled, we are not even getting meaningful figures here. Consider:

# man du
Code: [Select]
-A Display the apparent size instead of the disk usage. This can be helpful when operating on compressed volumes or sparse files.
Code: [Select]
# find /var/log/filter -type f -exec du -Ah {} + | sort -h 9.2M /var/log/filter/filter_20231213.log 17M /var/log/filter/filter_20231210.log 23M /var/log/filter/filter_20231204.log 24M /var/log/filter/filter_20231211.log 30M /var/log/filter/filter_20231212.log 58M /var/log/filter/filter_20231206.log 59M /var/log/filter/filter_20231209.log 75M /var/log/filter/filter_20231207.log 92M /var/log/filter/filter_20231208.log 95M /var/log/filter/filter_20231205.log
vs.

Code: [Select]
# find /var/log/filter -type f -exec du -h {} + | sort -h 1.4M /var/log/filter/filter_20231213.log 1.9M /var/log/filter/filter_20231210.log 3.1M /var/log/filter/filter_20231204.log 3.1M /var/log/filter/filter_20231211.log 4.2M /var/log/filter/filter_20231212.log 8.1M /var/log/filter/filter_20231209.log 8.2M /var/log/filter/filter_20231206.log 11M /var/log/filter/filter_20231207.log 13M /var/log/filter/filter_20231205.log 13M /var/log/filter/filter_20231208.log
So, e.g. those firewall log files here you listed, they are actually not half gig, but ~5G per day.

Code: [Select]
547M /var/log/filter/filter_20231129.log 540M /var/log/filter/filter_20231127.log 534M /var/log/filter/filter_20231206.log 532M /var/log/filter/filter_20231128.log 531M /var/log/filter/filter_20231205.log 529M /var/log/filter/filter_20231130.log 522M /var/log/filter/filter_20231207.log 512M /var/log/filter/filter_20231204.log 509M /var/log/filter/filter_20231123.log

It seems to be the same in my opnsense:

Code: [Select]

root@OPNsense:~ # find /var/log/filter -type f -exec du -Ah {} + | sort -h
211M    /var/log/filter/filter_20231213.log
417M    /var/log/filter/filter_20231210.log
418M    /var/log/filter/filter_20231209.log
479M    /var/log/filter/filter_20231208.log
492M    /var/log/filter/filter_20231211.log
498M    /var/log/filter/filter_20231212.log
522M    /var/log/filter/filter_20231207.log
root@OPNsense:~ # find /var/log/filter -type f -exec du -h {} + | sort -h
211M    /var/log/filter/filter_20231213.log
417M    /var/log/filter/filter_20231210.log
418M    /var/log/filter/filter_20231209.log
479M    /var/log/filter/filter_20231208.log
493M    /var/log/filter/filter_20231211.log
498M    /var/log/filter/filter_20231212.log
522M    /var/log/filter/filter_20231207.log

23.7 Legacy Series / Re: OPNsense runs out of space

« on: December 13, 2023, 11:09:18 am »

Quote from: doktornotor on December 13, 2023, 10:23:33 am

At the risk of stating the obvious, did you use some reliable method to check the disk space usage first? Cannot even make sense of where does the graph come from in the original post.

Code: [Select]
# zpool list # df -h
Some more notes:

- Those netflow DBs and logs can eat entire disk space easily. Get some decent storage before enabling it. If unable, disable and reset netflow data.
- You seem to be running the (absolutely horrlble) MongoDB thing on your firewall. For what? Yuck.
- Collecting half gig of firewall logs a day - what's the log retention set to.

Finally: have you ever rebooted the box after deleting those mongdb and whatnot files you mentioned earlier?

Hi!

The graph is from zabbix monitoring. I installed the plugin in the opnsense, so I can monitor the space. I attached the used space.

Code: [Select]

root@OPNsense:~ # zpool list
no pools available
root@OPNsense:~ # df -h
Filesystem                  Size    Used   Avail Capacity  Mounted on
/dev/gpt/rootfs             115G     80G     26G    76%    /
devfs                       1.0K    1.0K      0B   100%    /dev
/dev/gpt/efifs              256M    1.7M    254M     1%    /boot/efi
devfs                       1.0K    1.0K      0B   100%    /var/dhcpd/dev
/dev/md43                    48M     24K     44M     0%    /usr/local/zenarmor/output/active/temp
devfs                       1.0K    1.0K      0B   100%    /var/unbound/dev
/usr/local/lib/python3.9    115G     80G     26G    76%    /var/unbound/usr/local/lib/python3.9

The MongoDB is from the sensei plugin. In the meantime I deleted sensei and reinstalled it. I keep its data for 2 days.

Edit: retention days are set to: 7

23.7 Legacy Series / Re: OPNsense runs out of space

« on: December 13, 2023, 09:22:47 am »

That's basically the same:

Code: [Select]

 40M    /usr/local/etc/suricata/rules/rules.sqlite
 42M    /usr/local/datastore/mongodb/mongod.log
 43M    /usr/local/lib/python3.9/site-packages/duckdb.cpython-39.so
 43M    /var/log/suricata/eve.json
 43M    /var/unbound/usr/local/lib/python3.9/site-packages/duckdb.cpython-39.so
 47M    /usr/local/bin/mongod
 55M    /usr/bin/ld.lld
 56M    /usr/local/zenarmor/bin/ipdrstreamer
 58M    /var/netflow/interface_000030.sqlite
 64M    /usr/local/zenarmor/db/GeoIP/GeoLite2-City.mmdb
 79M    /var/netflow/dst_port_003600.sqlite
 81M    /usr/bin/c++
 83M    /usr/bin/lldb
 92M    /var/log/suricata/eve.json.2
100M    /usr/local/datastore/mongodb/journal/WiredTigerLog.0000000001
100M    /usr/local/datastore/mongodb/journal/WiredTigerPreplog.0000000001
100M    /usr/local/datastore/mongodb/journal/WiredTigerPreplog.0000000002
102M    /var/log/suricata/eve.json.3
103M    /var/log/suricata/eve.json.1
108M    /var/log/suricata/eve.json.0
112M    /var/netflow/dst_port_086400.sqlite
130M    /var/netflow/dst_port_000300.sqlite
164M    /var/log/filter/filter_20231213.log
264M    /var/netflow/src_addr_086400.sqlite
417M    /var/log/filter/filter_20231210.log
418M    /var/log/filter/filter_20231209.log
447M    /var/netflow/src_addr_details_086400.sqlite
479M    /var/log/filter/filter_20231208.log
493M    /var/log/filter/filter_20231211.log
498M    /var/log/filter/filter_20231212.log
522M    /var/log/filter/filter_20231207.log
2.0G    /usr/swap0
 13G    /var/log/flowd.log

23.7 Legacy Series / Re: OPNsense runs out of space

« on: December 12, 2023, 04:15:28 pm »

I now changed the preserve days to 7, but still 83 GB seemes to be in use (dashboard).

But the command only outputs 29 GB in /:

Code: [Select]

root@OPNsense:/var/log # du -ah / | sort -rh | head -n 20
 29G    /
 25G    /var
 23G    /var/log
 13G    /var/log/flowd.log
9.3G    /var/log/filter
4.2G    /usr
2.0G    /usr/swap0
1.7G    /usr/local
1.1G    /var/netflow
666M    /var/log/suricata
607M    /usr/local/lib
547M    /var/log/filter/filter_20231129.log
540M    /var/log/filter/filter_20231127.log
534M    /var/log/filter/filter_20231206.log
532M    /var/log/filter/filter_20231128.log
531M    /var/log/filter/filter_20231205.log
529M    /var/log/filter/filter_20231130.log
522M    /var/log/filter/filter_20231207.log
512M    /var/log/filter/filter_20231204.log
509M    /var/log/filter/filter_20231123.log

Do you know where the other 54 GB may hide?

23.7 Legacy Series / Re: OPNsense runs out of space

« on: November 23, 2023, 12:11:06 pm »

Thanks for the hint! I found an unues mongodb and some logfiles. In total about 20 GB. Now there are still 60 GB used if I look on the webinterface or 20 GB if I look in the shell, but I can live with that as long as it doesn't get more.

23.7 Legacy Series / OPNsense runs out of space

« on: November 22, 2023, 07:02:23 pm »

Hi,

my OPNsense runs out of space since about September. I don't know what exactly I changed but since then the free space declines about 16 G in 2 weeks (see screenshot).

I one removed some log files but it didn't fully solve the problem.

Code: [Select]

du -sh doesn't seem to show all files (see screnshots).

Do you have any idea?

German - Deutsch / Re: DMZ: Kein Zugriff von LAN auf DMZ

« on: September 22, 2023, 02:38:41 pm »

Ja ich hätte 6 zur Auswahl, aber ich habe keine Überschneidungen mit Ports, oder gibt es da einen Sicherheitsgewinn?

Pages: [1] 2 3 4