Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - trunet

Pages1
#1
22.7 Legacy Series / Firewall errors after upgrade to 22.7
August 23, 2022, 11:54:03 AM
I upgraded from 22.1 to 22.7 and after firewall was back, it showed the red dot on top right with 2 errors:

Code Select
2022-08-19T11:39:09 Error firewall There were error(s) loading the rules: no IP address found for puppet
2022-08-19T11:39:09 Error firewall /usr/local/etc/rc.bootup: The command '/sbin/pfctl -f /tmp/rules.debug.old' returned exit code '1', the output was 'pfctl: /tmp/rules.debug.old: No such file or directory pfctl: cannot open the main config file!: No such file or directory pfctl: Syntax error in config file: pf rules not loaded'

However I have the puppet alias with an IP there just fine:
Code Select
puppet Host(s) 192.168.x.x 1

My firewall is working perfectly per tests I performed. Any idea on how to fix this or troubleshoot further?
#2
Virtual private networks / Wireguard Port Forwarding not working
June 21, 2021, 01:59:59 PM
Hello everybody,

Following advise on https://github.com/opnsense/core/issues/4389 I'm creating this thread here. I still think it's a bug on opnsense and/or wireguard implementation, but anyway, here it is.

I'm unable to make port forward working on opnsense. I tried without wireguard-kmod before and saw people saying that it should work with it, so I went ahead installed and rebooted, but still nothing. Both with kmod and without the behaviour is exactly the same. If I just change the VPN_XX to use OpenVPN tunnel, it works fine.

My setup is as follow.
- WAN = WAN / ix1_vlan34
- WireGuard tunnel = VPN_XX / wg1
- LAN = LAN_VPN_XX / ix0_vlan24
- Server running on LAN = 192.168.24.51

I have a port forwarding NAT like this:
- VPN_XX   TCP/UDP   *   *   *   10000   192.168.24.51     10000

Firewall rule on LAN_VPN_XX with VPN_XX gateway:
IPv4 *   LAN_VPN_XX net   *   *   *   VPN_XX   *

Wireguard VPN is configured and it works fine, I can curl and everything. Just port forwarding doesn't work.

OpnSense wg1 tcpdump:

Code Select
13:12:46.987457 IP [REDACTED_PUBLIC_IP].46256 > 10.13.128.89.10000: Flags [S], seq 3380801657, win 29200, options [mss 1380,sackOK,TS val 3306454498 ecr 0,nop,wscale 7], length 0


OpnSense ix1_vlan34 tcpdump (my WAN interface):

Code Select
13:12:46.987713 IP 10.13.128.89.10000 > [REDACTED_PUBLIC_IP].46256: Flags [S.], seq 3870681174, ack 3380801658, win 65160, options [mss 1460,sackOK,TS val 3841074193 ecr 3306454498,nop,wscale 7], length 0
13:12:46.987814 IP 10.13.128.89.10000 > [REDACTED_PUBLIC_IP].46256: Flags [S.], seq 3870681174, ack 3380801658, win 65160, options [mss 1460,sackOK,TS val 3841074193 ecr 3306454498,nop,wscale 7], length 0
...... more TCP SYN/ACK retries

Any idea?
Pages1