Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - svenny

Pages: [1] 2

General Discussion / netstat-nat for OPNsense

« on: November 30, 2022, 12:10:27 pm »

Hi all,

is there something similar to the Linux netstat-nat command in OPNsense? It would be very handy for me.

Thank you in advance.

Cheers.

22.1 Legacy Series / Re: [Solved] No Outbound NAT rules after upgrading to OPNsense 22.1.5

« on: April 11, 2022, 06:19:36 pm »

Perfect! Many thanks Franco.

Cheers

22.1 Legacy Series / Re: No Outbound NAT rules after upgrading to OPNsense 22.1.5

« on: April 09, 2022, 12:25:26 am »

I don't know why, but the following firewall rule was preventing other rules from loading:

Code: [Select]

pass in quick on pppoe2 route-to ( pppoe2 <provider_gateway_ip> ) reply-to ( pppoe2 <provider_gateway_ip> ) inet proto icmp from $My_static_IP to {(pppoe2)} keep state label "0107958196d99255f51b8d5dc140fd65"

This firewall rules was intended to permit ping to the gateway IP from outside.

I was able to find the problem with the following command:

Code: [Select]

root@OPNsense:~ # pfctl -n -f /tmp/rules.debug
/tmp/rules.debug:171: syntax error

After removing this rule from the firewall the rules for "Outbound NAT" of the PPPoE gateway have been restored correctly.

Cheers

22.1 Legacy Series / Re: No Outbound NAT rules after upgrading to OPNsense 22.1.5

« on: April 08, 2022, 10:31:16 pm »

I would like to add these instructions to pf.conf manually, but I'm not able to find this file:

Code: [Select]

nat on pppoe2 inet from (em0:network) to any port = isakmp -> (pppoe2:0) static-port
nat on pppoe2 inet from (lo0:network) to any port = isakmp -> (pppoe2:0) static-port
nat on pppoe2 inet from 127.0.0.0/8 to any port = isakmp -> (pppoe2:0) static-port
nat on pppoe2 inet from 10.10.0.0/24 to any port = isakmp -> (pppoe2:0) static-port
nat on pppoe2 inet from (em0:network) to any -> (pppoe2:0) port 1024:65535
nat on pppoe2 inet from (lo0:network) to any -> (pppoe2:0) port 1024:65535
nat on pppoe2 inet from 127.0.0.0/8 to any -> (pppoe2:0) port 1024:65535
nat on pppoe2 inet from 10.10.0.0/24 to any -> (pppoe2:0) port 1024:65535

Don't know why they're not loaded automatically. The difference between this and the other gateway, for which these rules are loaded, is that this link is a PPPoE one...

Thank you for your help.

Cheers

22.1 Legacy Series / [Solved] No Outbound NAT rules after upgrading to OPNsense 22.1.5

« on: April 08, 2022, 03:45:09 pm »

Hi all,

after upgrading to 22.1.5 I'm not anymore able to surf the web from LAN. The problem seems to be the lack of Outbound NAT rules for WAN interfaces (I'm using Multi-WAN, but for single WAN the problem is the same).

In the page "Firewall: NAT: Outbound" (I'm using "Automatic outbound NAT") I can see all the rules, but the output of the command "pfctl -sn" shows nothing in regards. In another OPNsense installation, where I did not upgrade to 22.1.5, I can see these rules launching the same command ( "pfctl -sn" ) from shell.

Is there a way to add these rules manually from the command line, so I can state that this is the problem?

Many thanks in advance.

Cheers

General Discussion / Re: WAN Balancing Not working

« on: December 14, 2021, 06:54:40 pm »

Hi, I had the same issue and disabling "Firewall->Settings->Advanced->Multi-WAN->Sticky connections" solved the problem. No issues with HTTPS sites.

Cheers,
Svenny

21.7 Legacy Series / Re: usb_modeswitch Huawei E3372 not working

« on: November 29, 2021, 05:57:02 pm »

Your USB dongle could have 2 modes of switching depending on the firmware version: one is stick mode and the other is Hilink mode. With the first mode you have got a modem, with the second mode you have got a virtual ethernet device.

The following link describes it better:

https://jtanx.github.io/2018/12/28/huawei-e8372h-a5-v11-notes/

Cheers,
Svenny

21.7 Legacy Series / Re: MultiWAN Load Balancer with mixed types of gateways (RFC1918+PPPoE)

« on: November 23, 2021, 04:40:26 pm »

Thanks for your advices. I disabled "Sticky connections" and now I have load balancing working. Some kind of speedtest is doubling my bandwidth speed while others show only one link, but I think it depends on the speedtest page.

I had some problems with VoIP, so I forced it on a specific gateway and now it works well.

I'm wordering if I could have problems with OpenVPN disabling "Sticky connections" in global settings... It seems to be working nicely till now.

Cheers,
Svenny

21.7 Legacy Series / Re: MultiWAN Load Balancer with mixed types of gateways (RFC1918+PPPoE)

« on: November 22, 2021, 03:34:35 pm »

Forgot to say that the gateways work perfectly using policy based routing.

Cheers,
Svenny

21.7 Legacy Series / MultiWAN Load Balancer with mixed types of gateways (RFC1918+PPPoE)

« on: November 20, 2021, 08:07:54 pm »

Hi all,

I am experiencing connection problems trying to get load balancing between 2 gateways: 1 PPPoE and 1 RCF1918.

These are my gateways:

Name      Interface    Protocol    Priority      Gateway    Monitor IP
PPPOEGW (active)    PPPINT    IPv4    253 (upstream)    1.2.3.4      1.1.1.1
RFC1918GW      RFCINT    IPv4    255 (upstream)    192.168.8.1    8.8.8.8

This is my group of gateways:

Group Name WANGWGROUP

Gateway      Tier
PPPOEGW 1
RFC1918GW 1

Trigger Level Member down

Sticky connections are enabled under "Firewall->Settings->Advanced" and I've got the rule for DNS on LAN tab as the first rule.

In "System->Settings->General" I have got this:

DNS Server
1.1.1.1 PPPOEGW
8.8.8.8 RFC1918GW

and this:

Gateway switching    Allow default gateway switching (enabled)

Then I have set the Gateway field to WANGWGROUP for the rule "Default allow LAN to any rule".

Now when I navigate the web I'm experiencing strange issues: sometimes it works, sometimes it timeouts...

Is there anything I'm missing with this setup? How could I troubleshoot this problem?

Versions:

OPNsense 21.7.5-amd64
FreeBSD 12.1-RELEASE-p21-HBSD
OpenSSL 1.1.1l 24 Aug 2021

Thank you in advance.

Cheers,
Svenny

General Discussion / Re: Automatically generated rules

« on: November 11, 2021, 04:39:09 pm »

Really simple answer: the DHCP was not enabled on VLAN20!

Cheers,
Svenny

General Discussion / Automatically generated rules

« on: November 10, 2021, 07:30:42 pm »

Hi all,

I've got an OPNsense installation with 2 VLAN (VLAN10 and VLAN20), and I've noted under "Firewall: Rules: VLAN10" there are 3 "Automatically generated rules" but I cannot see the same under "Firewall: Rules: VLAN20".

So I would kindly ask how these rules are assigned to interfaces under firewall?

Thank you in advance.

Cheers,
Svenny

21.7 Legacy Series / Re: Dynamic DNS on multiWAN

« on: September 20, 2021, 12:13:49 am »

I've found the solution: in Interface -> My_Interface -> IPv4 Upstream Gateway option I have to choose the right gateway and not "Auto-detect". Now Dynamic DNS works for the second gateway too!

Cheers,
Svenny

21.7 Legacy Series / [SOLVED]Dynamic DNS on multiWAN

« on: August 24, 2021, 04:48:18 pm »

Hi all, I'm trying to set Dynamic DNS (FreeDNS service) with a multiWAN (2 gateways) installation but I always receive the IP of the default gateway as an answer to DNS queries. For Dynamic DNS configuration I've choosen the right "Interface to monitor" for each interface.

I read the following post where the problem had already been highlighted in the past:

https://forum.opnsense.org/index.php?topic=5692.0

I tested some command on the shell with curl which return the same IP address:

Code: [Select]

root@OPNsense:~ # curl --interface pppoe0 ifconfig.me
1.2.3.4
root@OPNsense:~ # curl --interface re1 ifconfig.me
1.2.3.4

Is there a way to resolve this issue?

Many thanks in advance.

Cheers,
Svenny

21.1 Legacy Series / [SOLVED] After upgrading to 21.1.7_1 DynDNS for freeDNS stops working

« on: July 01, 2021, 05:03:37 pm »

You're right, I did not search the forum, sorry.

Problem solved. Thank you.

Cheers,
Svenny

Pages: [1] 2