Messages

Hallo,
my opnsense (a) has a wireguard peer that is another opnsense (b).
Now I want that any LAN device from opnsense (a) can access a device in the LAN of opnsense (b).
I added the LAN (b) in the Allowed IPs of the wireguard peer in opnsense (a).

So in my opinion the opnsense (a) should now know that packages to (b) should go through the wireguard tunnel, because it is defined in Allowed IPs. But for some reason in the live view the ping was send to the WAN interface.

Do you know what's missing?

Hallo, I made a test with my Opnsense to see if the gateway changes to tier 2 if I reboot the router of tier 1.
Unfortunaly it does not change although the downtime is about 60 seconds (see attatchment).
I configured the WAN failover according to the documentation (https://docs.opnsense.org/manual/how-tos/multiwan.html)

Hallo, ich habe mal meinen Aufbau skizziert in dem Anhang.

Bei dem Server auf den ich zugreifen möchte, handelt es sich um eine Synology, die eine öffentliche IP eingestellt hat, also direkt im Internet hängt. In der Synology Firewall ist eingestellt dass nur ein paar IPs Zugriff haben.

Das funktioniert soweit auch gut, nur kann ich von der einen IP aus die Synology nicht auf dem SMB Port 445 erreichen (telnet schlägt fehl). Die OPNsense von "IP1" sagt es gibt eine entsprechende zugelassene ausgehende Verbindung.

Von der anderen IP ist alles OK. Habt ihr eine Idee was das sein kann? Ich kann es mir nicht erklären...

Hi, I configured an OpenVPN Server on my OPNsense with this HowTo:

https://www.thomas-krenn.com/de/wiki/OPNsense_OpenVPN_f%C3%BCr_Road_Warrior_einrichten

I had to create local users and create unique OpenVPN certificates for each user. That works for this user, but I guess this doesn't work with local domain users.

How should I approch this? Disable certificate Usage?

Edit:
I solved it with an "instance" server and no certificate usage (I use MFA and username / password)

You are probably missing an outbound NAT rule on WAN for source WG0 net.

I have already created a NAT rule (see first screenshot). 0.0.0.0/1, 128.0.0.0/1 don't work as well.

Does it matter that I run the opnsense on a HyperV that runs on a Windows Cloud Server? All used ports are forwarded in Windows Server to the opnsense via Windows "Routing and remote access" (the Windows Server is the gateway).

Edit:
I don't see outgoing traffic in the Live view of the firewall.

Hallo, I run wireguard on an opnsense. I configured the client's allowed IPs with 0.0.0.0/0, ::/0 so the complete traffic goes through the tunnel. When I activate the tunnel, I can access all devices in the wireguard network but a ping to 8.8.8.8 get's a request timeout.

do you have an idea where I should check the configuration in the opnsense (or at the client)?

Wie sieht denn die wireguard client config aus?

wenn da drin steht "allowed ips: 0.0.0.0/0" dann musst du dns über die opnsense machen, würde ich sagen.

Hallo,
ich möchte den RDP Zugriff (Port 33389) auf einen Windows Server über Wireguard (auf der OPnsense) ermöglichen.
die Anfrage kommt in der Opnsense an und wird zur privaten IP des Servers durchgelassen (siehe screenshot). Die Verbindung kommt allerdings nicht zustande, obwohl RDP über die öffentliche IP des Servers funktioniert (mit NAT), also der Port ist am server offen. Testweise Firewall am Server deaktivieren hat auch nichts gebracht. Ein ping der privaten IP bringt keine Rückmeldung, obwohl in der Opnsense die Anfrage ankommt und weitergeleitet wird (genau wie bei RDP).

Habt ihr ne Idee woran es liegen kann?

Edit:
Die private IP des Servers kann von der Opnsense angepingt werden. Opnsense und Server sind beides HyperV VMs.

Yes I could solve it with installing opnsense with zfs.

I think this is caused by the sensei zenarmor plugin. Some months ago I had trouble with the database that was stopped again and again. I then did not correctly uninstall sensei. Reinstall it again later and used mongodb instead of elasticsearch. Maybe that messed up the whole system.

Now I use zfs and in sensei elasticsearch as database. That works so far.

[So, e.g. those firewall log files here you listed, they are actually not half gig, but ~5G per day.]

I mean, with ZFS in place with compression enabled, we are not even getting meaningful figures here. Consider:

# man du

Code Select Expand


     -A      Display the apparent size instead of the disk usage.  This can be
             helpful when operating on compressed volumes or sparse files.


Code Select Expand


# find /var/log/filter -type f -exec du -Ah {} + | sort -h
9.2M    /var/log/filter/filter_20231213.log
17M    /var/log/filter/filter_20231210.log
23M    /var/log/filter/filter_20231204.log
24M    /var/log/filter/filter_20231211.log
30M    /var/log/filter/filter_20231212.log
58M    /var/log/filter/filter_20231206.log
59M    /var/log/filter/filter_20231209.log
75M    /var/log/filter/filter_20231207.log
92M    /var/log/filter/filter_20231208.log
95M    /var/log/filter/filter_20231205.log


vs.

Code Select Expand


# find /var/log/filter -type f -exec du -h {} + | sort -h
1.4M    /var/log/filter/filter_20231213.log
1.9M    /var/log/filter/filter_20231210.log
3.1M    /var/log/filter/filter_20231204.log
3.1M    /var/log/filter/filter_20231211.log
4.2M    /var/log/filter/filter_20231212.log
8.1M    /var/log/filter/filter_20231209.log
8.2M    /var/log/filter/filter_20231206.log
11M    /var/log/filter/filter_20231207.log
13M    /var/log/filter/filter_20231205.log
13M    /var/log/filter/filter_20231208.log


So, e.g. those firewall log files here you listed, they are actually not half gig, but ~5G per day. :o

Code Select Expand


547M    /var/log/filter/filter_20231129.log
540M    /var/log/filter/filter_20231127.log
534M    /var/log/filter/filter_20231206.log
532M    /var/log/filter/filter_20231128.log
531M    /var/log/filter/filter_20231205.log
529M    /var/log/filter/filter_20231130.log
522M    /var/log/filter/filter_20231207.log
512M    /var/log/filter/filter_20231204.log
509M    /var/log/filter/filter_20231123.log


It seems to be the same in my opnsense:

Code Select Expand

root@OPNsense:~ # find /var/log/filter -type f -exec du -Ah {} + | sort -h
211M    /var/log/filter/filter_20231213.log
417M    /var/log/filter/filter_20231210.log
418M    /var/log/filter/filter_20231209.log
479M    /var/log/filter/filter_20231208.log
492M    /var/log/filter/filter_20231211.log
498M    /var/log/filter/filter_20231212.log
522M    /var/log/filter/filter_20231207.log
root@OPNsense:~ # find /var/log/filter -type f -exec du -h {} + | sort -h
211M    /var/log/filter/filter_20231213.log
417M    /var/log/filter/filter_20231210.log
418M    /var/log/filter/filter_20231209.log
479M    /var/log/filter/filter_20231208.log
493M    /var/log/filter/filter_20231211.log
498M    /var/log/filter/filter_20231212.log
522M    /var/log/filter/filter_20231207.log


At the risk of stating the obvious, did you use some reliable method to check the disk space usage first? Cannot even make sense of where does the graph come from in the original post.

Code Select Expand


# zpool list
# df -h

Some more notes:

- Those netflow DBs and logs can eat entire disk space easily. Get some decent storage before enabling it. If unable, disable and reset netflow data.
- You seem to be running the (absolutely horrlble) MongoDB thing on your firewall. For what? Yuck.
- Collecting half gig of firewall logs a day - what's the log retention set to.

Finally: have you ever rebooted the box after deleting those mongdb and whatnot files you mentioned earlier?

Hi!

The graph is from zabbix monitoring. I installed the plugin in the opnsense, so I can monitor the space. I attached the used space.

Code Select Expand

root@OPNsense:~ # zpool list
no pools available
root@OPNsense:~ # df -h
Filesystem                  Size    Used   Avail Capacity  Mounted on
/dev/gpt/rootfs             115G     80G     26G    76%    /
devfs                       1.0K    1.0K      0B   100%    /dev
/dev/gpt/efifs              256M    1.7M    254M     1%    /boot/efi
devfs                       1.0K    1.0K      0B   100%    /var/dhcpd/dev
/dev/md43                    48M     24K     44M     0%    /usr/local/zenarmor/output/active/temp
devfs                       1.0K    1.0K      0B   100%    /var/unbound/dev
/usr/local/lib/python3.9    115G     80G     26G    76%    /var/unbound/usr/local/lib/python3.9


The MongoDB is from the sensei plugin. In the meantime I deleted sensei and reinstalled it. I keep its data for 2 days.

Edit: retention days are set to: 7

That's basically the same:

Code Select Expand

40M    /usr/local/etc/suricata/rules/rules.sqlite
42M    /usr/local/datastore/mongodb/mongod.log
43M    /usr/local/lib/python3.9/site-packages/duckdb.cpython-39.so
43M    /var/log/suricata/eve.json
43M    /var/unbound/usr/local/lib/python3.9/site-packages/duckdb.cpython-39.so
47M    /usr/local/bin/mongod
55M    /usr/bin/ld.lld
56M    /usr/local/zenarmor/bin/ipdrstreamer
58M    /var/netflow/interface_000030.sqlite
64M    /usr/local/zenarmor/db/GeoIP/GeoLite2-City.mmdb
79M    /var/netflow/dst_port_003600.sqlite
81M    /usr/bin/c++
83M    /usr/bin/lldb
92M    /var/log/suricata/eve.json.2
100M    /usr/local/datastore/mongodb/journal/WiredTigerLog.0000000001
100M    /usr/local/datastore/mongodb/journal/WiredTigerPreplog.0000000001
100M    /usr/local/datastore/mongodb/journal/WiredTigerPreplog.0000000002
102M    /var/log/suricata/eve.json.3
103M    /var/log/suricata/eve.json.1
108M    /var/log/suricata/eve.json.0
112M    /var/netflow/dst_port_086400.sqlite
130M    /var/netflow/dst_port_000300.sqlite
164M    /var/log/filter/filter_20231213.log
264M    /var/netflow/src_addr_086400.sqlite
417M    /var/log/filter/filter_20231210.log
418M    /var/log/filter/filter_20231209.log
447M    /var/netflow/src_addr_details_086400.sqlite
479M    /var/log/filter/filter_20231208.log
493M    /var/log/filter/filter_20231211.log
498M    /var/log/filter/filter_20231212.log
522M    /var/log/filter/filter_20231207.log
2.0G    /usr/swap0
13G    /var/log/flowd.log


I now changed the preserve days to 7, but still 83 GB seemes to be in use (dashboard).

But the command only outputs 29 GB in /:

Code Select Expand

root@OPNsense:/var/log # du -ah / | sort -rh | head -n 20
29G    /
25G    /var
23G    /var/log
13G    /var/log/flowd.log
9.3G    /var/log/filter
4.2G    /usr
2.0G    /usr/swap0
1.7G    /usr/local
1.1G    /var/netflow
666M    /var/log/suricata
607M    /usr/local/lib
547M    /var/log/filter/filter_20231129.log
540M    /var/log/filter/filter_20231127.log
534M    /var/log/filter/filter_20231206.log
532M    /var/log/filter/filter_20231128.log
531M    /var/log/filter/filter_20231205.log
529M    /var/log/filter/filter_20231130.log
522M    /var/log/filter/filter_20231207.log
512M    /var/log/filter/filter_20231204.log
509M    /var/log/filter/filter_20231123.log


Do you know where the other 54 GB may hide?   :D

Thanks for the hint! I found an unues mongodb and some logfiles. In total about 20 GB. Now there are still 60 GB used if I look on the webinterface or 20 GB if I look in the shell, but I can live with that as long as it doesn't get more.

Hi,

my OPNsense runs out of space since about September. I don't know what exactly I changed but since then the free space declines about 16 G in 2 weeks (see screenshot).

I one removed some log files but it didn't fully solve the problem.

Code Select Expand

du -sh doesn't seem to show all files (see screnshots).

Do you have any idea?