1
23.1 Legacy Series / Re: No send syslog to graylog server
« on: March 11, 2023, 03:21:33 pm »
I answer to myself, rebooting OPNsense solved the problem...
THANKS
THANKS
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
23.1 Legacy Series / [SOLVED] No send syslog to graylog server
« on: March 11, 2023, 03:14:31 pm »
Good morning,
I'm trying to send syslog messages from opnsense to a graylog server.
Unfortunately, it doesn't work and I don't understand why.
My opnsense config:
If I do a command line test from opnsense:
The entry is present in graylog:
I have the impression that opnsense does not send anything to graylog.
I tried TCP and UDP but there is no difference.
Here are the syslog statistics:
You have an idea ?
THANKS
I'm trying to send syslog messages from opnsense to a graylog server.
Unfortunately, it doesn't work and I don't understand why.
My opnsense config:
If I do a command line test from opnsense:
Code: [Select]
echo 'TEST' | nc 192.168.1.103 1514The entry is present in graylog:
I have the impression that opnsense does not send anything to graylog.
I tried TCP and UDP but there is no difference.
Here are the syslog statistics:
You have an idea ?
THANKS
3
Virtual private networks / Restart OpenVPN client service configuration automatically
« on: January 15, 2023, 11:52:35 am »
Hi,
I have two OpenVPN clients on my OpenSense machine whose server config I don't manage.
Unfortunately from time to time, the two clients can be in the same IP range and this gives me problems for the routing, here is an illustration of the problem:
In this case, in the "VPN: OpenVPN: Connection Status" menu, I restart the service until the vpn server gives me another ip address:
Once done, everything works and no more problems:
But how do you do this automatically? On the OpenVPN client side, there is a command/option that can ban an IP?
Thanks for your help
I have two OpenVPN clients on my OpenSense machine whose server config I don't manage.
Unfortunately from time to time, the two clients can be in the same IP range and this gives me problems for the routing, here is an illustration of the problem:
In this case, in the "VPN: OpenVPN: Connection Status" menu, I restart the service until the vpn server gives me another ip address:
Once done, everything works and no more problems:
But how do you do this automatically? On the OpenVPN client side, there is a command/option that can ban an IP?
Thanks for your help
4
21.7 Legacy Series / VLAN routing no longer works on reboot
« on: January 16, 2022, 12:22:10 pm »
Hello everyone,
I am having a problem with a VLAN. I was inspired by (the excellent) tutorial:
https://nguvu.org/pfsense/pfsense-baseline-setup/
I have a client VPN (NordVPN) and I want to create a VLAN that distributes this VPN to machines on my LAN.
The VPN works correctly on the contrary the VLAN works but if I restart or make any backup of the interface it no longer works.
My steps to create the VLAN:
Starting :
I create a VLAN with an ID of 10:
I assign an interface to this VLAN:
I create an Outbound rule that routes traffic to the NordVPN interface (connected OpenVPN interface)
I activate the DCHP:
I authorize all traffic in IPV4 (we will see later to refine the rights):
End:
Everything works fine as long as I don't restart OPNSense for example but if i restart OPNSense, a pc on the vlan no internet work (dchp, addressing works).
I have the impression when I do a capture of the packets that the requests come out fine but on the return OPNSense no longer routes them.
Any help or advice is welcome,
Thank you in advance,
I am having a problem with a VLAN. I was inspired by (the excellent) tutorial:
https://nguvu.org/pfsense/pfsense-baseline-setup/
I have a client VPN (NordVPN) and I want to create a VLAN that distributes this VPN to machines on my LAN.
The VPN works correctly on the contrary the VLAN works but if I restart or make any backup of the interface it no longer works.
My steps to create the VLAN:
Starting :
I create a VLAN with an ID of 10:
I assign an interface to this VLAN:
I create an Outbound rule that routes traffic to the NordVPN interface (connected OpenVPN interface)
I activate the DCHP:
I authorize all traffic in IPV4 (we will see later to refine the rights):
End:
Everything works fine as long as I don't restart OPNSense for example but if i restart OPNSense, a pc on the vlan no internet work (dchp, addressing works).
I have the impression when I do a capture of the packets that the requests come out fine but on the return OPNSense no longer routes them.
Any help or advice is welcome,
Thank you in advance,
5
21.7 Legacy Series / Re: openvpn client + server
« on: January 08, 2022, 10:47:31 am »
Hello everyone,
I have tried to assign virtual interfaces for the server and client but it does not work. While I had a config where it worked.
Worse, so as not to spend too much time, I installed Wireguard telling myself that I connect by VPN with wireguard for home automation and with the openVPN client for the machines on the lan that need NordVPN and that ... . does not work.
Either alone works but if I run both at the same time Wireguard doesn't work anymore ...
It is to understand nothing!
I have tried to assign virtual interfaces for the server and client but it does not work. While I had a config where it worked.
Worse, so as not to spend too much time, I installed Wireguard telling myself that I connect by VPN with wireguard for home automation and with the openVPN client for the machines on the lan that need NordVPN and that ... . does not work.
Either alone works but if I run both at the same time Wireguard doesn't work anymore ...
It is to understand nothing!
6
21.7 Legacy Series / openvpn client + server
« on: December 15, 2021, 06:28:07 pm »
Hello everyone,
I wanted to know if there are any people using the openvpn client and the openvpn server.
I would eventually like to set up a specific vlan with a client vpn and on another vlan access to my home automation via openvpn server.
At the moment I just can't seem to get both to work.
If I stop the client, the server is working correctly and I can connect with my phone for example.
On the other hand if I activate the VPN customer service (I am at NordVPN) then impossible to connect with my phone.
The log file indicates this error:
I specify that the WAN does not pass via the vpn client (nordvpn).
Thank you
I wanted to know if there are any people using the openvpn client and the openvpn server.
I would eventually like to set up a specific vlan with a client vpn and on another vlan access to my home automation via openvpn server.
At the moment I just can't seem to get both to work.
If I stop the client, the server is working correctly and I can connect with my phone for example.
On the other hand if I activate the VPN customer service (I am at NordVPN) then impossible to connect with my phone.
The log file indicates this error:
Code: [Select]
Server VPN (nok):
2021-12-15T18:14:25 openvpn[43478] XX.XX.XX.XX:49605 TLS Error: incoming packet authentication failed from [AF_INET]XX.XX.XX.XX:49605
2021-12-15T18:14:25 openvpn[43478] XX.XX.XX.XX:49605 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1639588468) 2021-12-15 18:14:28 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2021-12-15T18:14:24 openvpn[43478] XX.XX.XX.XX:49605 TLS Error: incoming packet authentication failed from [AF_INET]XX.XX.XX.XX:49605
2021-12-15T18:14:24 openvpn[43478] XX.XX.XX.XX:49605 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1639588468) 2021-12-15 18:14:28 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Client VPN (ok):
2021-12-15T18:12:28 openvpn[79666] Initialization Sequence CompletedI specify that the WAN does not pass via the vpn client (nordvpn).
Thank you
7
French - Français / Re: problème pour configurer les passerrelles/routes
« on: September 16, 2021, 06:48:02 pm »
Bonjour,
Je ne suis pas pro du OPNSense mais je ne pense pas qu'il y a un souci dans OPNSense. Plutôt un problème de config à mon sens.
Est-ce que tu peux faire un schéma réseau ? Je pense que cela peut aider car perso je pige pas bien l'architecture.
Aussi, tu vois tes requettes dans les logs du/des firewall si par exemple tu lances un ping depuis une de tes machines dans les VLANS vers internet ?
Je ne suis pas pro du OPNSense mais je ne pense pas qu'il y a un souci dans OPNSense. Plutôt un problème de config à mon sens.
Est-ce que tu peux faire un schéma réseau ? Je pense que cela peut aider car perso je pige pas bien l'architecture.
Aussi, tu vois tes requettes dans les logs du/des firewall si par exemple tu lances un ping depuis une de tes machines dans les VLANS vers internet ?
8
21.7 Legacy Series / Re: Mutli-wan with dual-lan does not work
« on: September 16, 2021, 06:32:31 pm »
Thank you for your answers.
I hadn't paid attention to staying within the RFC1918 standard.
So I changed the addresses to 192.167.0 .. to 192.168.120 with the hope that it works but no ..
I haven't seen anything from LAN_Test despite the firewall logs which seem to be working:
On the other hand, if I do a ping test from OPNsense from the LAN_Test interface, everything is fine:
With this problem I'm going crazy.
I hadn't paid attention to staying within the RFC1918 standard.
So I changed the addresses to 192.167.0 .. to 192.168.120 with the hope that it works but no ..
I haven't seen anything from LAN_Test despite the firewall logs which seem to be working:
On the other hand, if I do a ping test from OPNsense from the LAN_Test interface, everything is fine:
Code: [Select]
# /sbin/ping -S '192.168.120.1' -c '3' '1.1.1.1'
PING 1.1.1.1 (1.1.1.1) from 192.168.120.1: 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=55 time=31.780 ms
64 bytes from 1.1.1.1: icmp_seq=1 ttl=55 time=34.224 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=55 time=34.950 ms
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 31.780/33.651/34.950/1.356 msWith this problem I'm going crazy.
9
21.7 Legacy Series / Re: Mutli-wan with dual-lan does not work
« on: September 15, 2021, 10:20:55 pm »
Thank you for the answer.
From the gateways, everything seems OK to me. LAN_Test is using my GW_MULTI_WAN gateway well.
Here is the config of the singles gateway :
Groups:
For the dual-wan which works well on the LAN, I followed the official tutorial:
https://docs.opnsense.org/manual/how-tos/multiwan.html
From the gateways, everything seems OK to me. LAN_Test is using my GW_MULTI_WAN gateway well.
Here is the config of the singles gateway :
Groups:
For the dual-wan which works well on the LAN, I followed the official tutorial:
https://docs.opnsense.org/manual/how-tos/multiwan.html
10
21.7 Legacy Series / Mutli-wan with dual-lan does not work
« on: September 15, 2021, 08:46:10 pm »
Hello everyone,
I have some difficulties with OPNSense on a multi-wan and dual-lan architecture.
Here is a diagram of the network (obviously I'm as good with paint as OPNSense
):
My LAN network works perfectly, on the contrary LAN_Test not.
I have no internet connection from LAN_Test, and even a simple ping request does not work from a PC on the LAN_Test network to 1.1.1.1 for example.
However, I can clearly see the request in the firewall logs. And this request comes out well:
If I try to ping from LAN_Test to another opnsense, I can see the imcp request arriving on the target opnsense.
I have the impression that it is at the "return" that there is a problem with routing.
Here are my NAT rules:
Outbound:
If you have advice or an idea, I am interested. Thank you
I have some difficulties with OPNSense on a multi-wan and dual-lan architecture.
Here is a diagram of the network (obviously I'm as good with paint as OPNSense
):My LAN network works perfectly, on the contrary LAN_Test not.
I have no internet connection from LAN_Test, and even a simple ping request does not work from a PC on the LAN_Test network to 1.1.1.1 for example.
However, I can clearly see the request in the firewall logs. And this request comes out well:
If I try to ping from LAN_Test to another opnsense, I can see the imcp request arriving on the target opnsense.
I have the impression that it is at the "return" that there is a problem with routing.
Here are my NAT rules:
Outbound:
If you have advice or an idea, I am interested. Thank you
11
21.7 Legacy Series / [SOLVED] No web interface access plugin Ntopng
« on: August 31, 2021, 10:40:38 pm »
Hello everyone,
I cannot access the web interface (192.168.1.1:3000) of the Ntopng plugin. I've tried os-ntopng (1.2_1) or even os-ntopng-enterprise (5.1.210831) but neither works.
For the "standard" os-ntopng (1.2_1) version:
I have this config:
And for the DB redis:
The ntopng log:
The log system says:
I don't understand, everything seems to be working and yet unable to access the web interface.
The firewall does not block the request on port 3000.
Do I have to create a specific rule?
I am in multi-wan according to this config (https://docs.opnsense.org/manual/how-tos/multiwan.html), I wonder if this is not the problem.
Version opnsense :
Thanks for any help
EDIT:
I finally found and had the same problem as in the following question:
https://www.roj.fr/wp-content/uploads/2021/08/exeption.png
I had to make an exception as follows:
I cannot access the web interface (192.168.1.1:3000) of the Ntopng plugin. I've tried os-ntopng (1.2_1) or even os-ntopng-enterprise (5.1.210831) but neither works.
For the "standard" os-ntopng (1.2_1) version:
I have this config:
And for the DB redis:
The ntopng log:
Code: [Select]
31/Aug/2021 22:14:29 [main.cpp:379] Logging onto /var/db/ntopng/ntopng.log
31/Aug/2021 22:14:29 [main.cpp:382] Working directory: /var/db/ntopng
31/Aug/2021 22:14:29 [main.cpp:384] Scripts/HTML pages directory: /usr/local/share/ntopng
31/Aug/2021 22:14:29 [Ntop.cpp:440] Welcome to ntopng amd64 v.3.4.0 - (C) 1998-20 ntop.org
31/Aug/2021 22:14:29 [Ntop.cpp:841] Adding 192.168.1.1/32 as IPv4 interface address for igb0
31/Aug/2021 22:14:29 [Ntop.cpp:850] Adding 192.168.1.0/24 as IPv4 local network for igb0
31/Aug/2021 22:14:29 [Ntop.cpp:872] Adding fe80::20d:b9ff:fe5a:65a8/128 as IPv6 interface address for igb0
31/Aug/2021 22:14:29 [Ntop.cpp:882] Adding fe80::20d:b9ff:fe5a:65a8/64 as IPv6 local network for igb0
31/Aug/2021 22:14:29 [PeriodicActivities.cpp:107] Started periodic activities loop...
31/Aug/2021 22:14:31 [startup.lua:50] Processing startup.lua: please hold on...
31/Aug/2021 22:14:31 [startup.lua:144] [lists_utils.lua:758] Refreshing category lists...
31/Aug/2021 22:14:32 [startup.lua:144] [lists_utils.lua:696] Category Lists (695 hosts, 3023 IPs, 100 JA3) loaded in 1 sec
31/Aug/2021 22:14:32 [startup.lua:218] Startup completed: ntopng is now operational
31/Aug/2021 22:14:32 [PeriodicActivities.cpp:168] Each periodic activity script will use 2 threads
31/Aug/2021 22:14:32 [NetworkInterface.cpp:2749] Started packet polling on interface igb0 [id: 0]...The log system says:
Code: [Select]
Aug 31 22:14:29 OPNsense ntopng[51464]: [Utils.cpp:3611] WARNING: ntopng has not been compiled with libcap-dev
Aug 31 22:14:29 OPNsense ntopng[51464]: [Utils.cpp:3612] WARNING: Network discovery and other privileged activities will failI don't understand, everything seems to be working and yet unable to access the web interface.
The firewall does not block the request on port 3000.
Do I have to create a specific rule?
I am in multi-wan according to this config (https://docs.opnsense.org/manual/how-tos/multiwan.html), I wonder if this is not the problem.
Version opnsense :
Code: [Select]
OPNsense 21.7.1-amd64
FreeBSD 12.1-RELEASE-p19-HBSD
OpenSSL 1.1.1k 25 Mar 2021Thanks for any help
EDIT:
I finally found and had the same problem as in the following question:
https://www.roj.fr/wp-content/uploads/2021/08/exeption.png
I had to make an exception as follows:
12
21.1 Legacy Series / NAT outbound automatic difference with manual
« on: June 07, 2021, 09:29:41 pm »
Hello,
I am new to the OPNSense environment and I do not understand a small problem.
On my (virtual) server, OPNSense has a WAN interface.
When the NAT Outbound rules are on "Automatic": I have this config:
In this case everything works correctly except OPNSense itself (but not the machines on the LAN) has no WAN / internet (no ping - eg 1.1.1.1 => 100% lost).
And conversely when I set the rules myself like this:
It is the opposite, I can no longer connect to remote on OPNSense or a machine on the LAN but OPNSense can go on the internet (for example to update the firmware or ping 1.1.1.1 => ok)
And the hybdrid mod doesn't work better.
I don't understand the difference between the two options.
Do you have an idea?
Thanks in advance
I am new to the OPNSense environment and I do not understand a small problem.
On my (virtual) server, OPNSense has a WAN interface.
When the NAT Outbound rules are on "Automatic": I have this config:
In this case everything works correctly except OPNSense itself (but not the machines on the LAN) has no WAN / internet (no ping - eg 1.1.1.1 => 100% lost).
And conversely when I set the rules myself like this:
It is the opposite, I can no longer connect to remote on OPNSense or a machine on the LAN but OPNSense can go on the internet (for example to update the firmware or ping 1.1.1.1 => ok)
And the hybdrid mod doesn't work better.
I don't understand the difference between the two options.
Do you have an idea?
Thanks in advance
Pages: [1]