Messages

I detest having to click 5 or 6 times (or more) to see the lease I'm interested in.  Can I turn off paging or at least set the number to something reasonable like 50?
Thanks
Jim

Never mind, I found it.

I was following the instructions at https://www.zenarmor.com/docs/network-security-tutorials/how-to-install-openvpn-with-mfa-in-opnsense, skipping the mfa config when I encountered this statement:
Navigate to the Firewall > Rules > OpenVPN in your OPNsense web UI.

I only have 4 options and OpenVPN isn't among them.  What do I do next?  Is there a better tutorial?  I'm not a complete beginner but there are definitely gaps in my understanding of OPNsense.

Compared to many of the consumer routers I've had, the OPNsense firewall is the most difficult to administer.  Probably because it is more complex. 

Thanks,
Jim.

I lost an Ethernet port on my F2B.  I had a spare so I downloaded the latest backup configuration to a thumb drive and started a fresh install of OPNSense on the new hardware.  I connected my laptop to the LAN port thinking I wanted to be sure it was working so I wouldn't PO my wife when the network stopped running.  The laptop is running Linux.  I've rebooted both systems a number of times but I can't seem to get the router to issue an address.  I checked the config and the lan is configured as igb0 with an IP address of 192.168.2.1 /24.  The range for DHCP is 192.168.2.100 - 192.168.2.201 and is enabled.  Something strange is that I find no mention of the wan nor of igb1 device.  The only entries in the xml file in the interfaces section are lan and lo0.  Same for the saved config from the original system.

Should I just start over from scratch.  I hate to do that since I have so many static IPs and other changes.

Thanks.
Jim

It has magically started to work.   Before

Code Select Expand

wl@MSI:~$ ping 192.168.2.21
PING 192.168.2.21 (192.168.2.21) 56(84) bytes of data.
From 192.168.2.41 icmp_seq=1 Destination Host Unreachable
From 192.168.2.41 icmp_seq=2 Destination Host Unreachable
From 192.168.2.41 icmp_seq=3 Destination Host Unreachable


After, 1 hour later

Code Select Expand

ping 192.168.2.21
PING 192.168.2.21 (192.168.2.21) 56(84) bytes of data.
64 bytes from 192.168.2.21: icmp_seq=1 ttl=255 time=2.41 ms
64 bytes from 192.168.2.21: icmp_seq=2 ttl=255 time=1.46 ms
64 bytes from 192.168.2.21: icmp_seq=3 ttl=255 time=1.76 ms
^C


Here's a bit more information.  I have the following network devices.  The 16 port switch is a Prosafe GS116E, the 8 port switch is a Netgear GS308.  There is also a TPLink mesh T-1300 an Aircube and a Netgear WAC-104, Access Point. 

The router connects to the AP, the AP then connects to the Prosafe switch and to the  Aircube via a long Ethernet cable.  The GS308 is located across the basement and is also plugged into the Prosafe.  The only strange thing I see about this network is that the Prosafe doesn't appear on the network anywhere.  I don't know how to manage the Prosafe switch.  I guess I have to do it off network.

I have an OPNsense router that is connected to a 16 port managed switch.  While it is "managed" I haven't done any configuration changes to it.  One of the ports on the switch is connected to a second 8 port switch.  Everything is on 192.168.2.0/24 network.  The machines that are hard wired to the 8 port switch cannot connect to any wireless device (the one's I've tested).  The error is "Destination not reachable" even though they are on the same network.  While I can't say for sure, it might be related to a recent router update.  I don't recall ever attempting to connect to a wireless device from those hosts before, so I might be barking up the wrong tree.

What might be going on here?  All hardwired devices seem to be able to communicate with other hardwired devices but I've not tested all the permutations.  The devices on the 16 port switch have no issues with wireless devices.
Thanks for any help.
Jim.

Ah, thanks for the power cycle tip.  I'll see if I can figure out what you mean about assigning interfaces from the console.

Great stuff, thanks again.
Jim

I think I'll just drown myself.  Somehow I flipped the lan/wan ports during install.   

I guess I'll see if there is a way to correct it via the gui, otherwise I'll just do a reinstall.  I'm getting really good at installing OPNsense.  :)

Thanks for the help and sorry for the bother.
Jim

If I understand you correctly, that's what I have.  A monitor, keyboard and mouse connected to the router and a laptop connected via an ethernet cable.  After installing the OPNsense I was able to connect to the gui at 192.168.1.1 without a problem.  I received an ip address of 192.168.1.100.  After restoration no joy.  No indication of anything going on at the console.  I did look at the firewall log and it was empty.  No chance of two devices.  Just one ethernet cable between the laptop nic and the lan port on the router. 

Is there some sort of log I can access from the console that might give me a bit more information?

The hardware is  the identical model number.  I suppose that the manufacturer could have made changes but somehow I doubt it.  By the way, I don't have the WAN port connected to anything right now.  I wanted to see if I could get the configuration nailed down first.  To connect the router to the internet would involve taking down the temporary router, wiring in the new hardware and a call to xfinity to have them reset the modem.  For some reason each time I install a new router, they have to reset the modem to get the router to connect to the modem.

When you said disable the firewall, I thought that it would then allow the laptop to get an ip address.  It still doesn't.  I logged in as root, did the lpctl -d, rebooted the laptop and it's still trying to get an ip address.  So I started over by reinstalling OPNsense, restoring the backup, logged in as root, disabled the firewall and it's still not working.

I have no idea how to fix a firewall configuration from the command line, if that's what has to be done.

Thanks,
Jim.

I've made some progress.  I booted the system up with a Linux stick since I know Linux far better than bsd.  I figured out how to mount the ufs file system and copied the /conf/backup files to another usb stick.  I then installed OPNsense on the new hardware using the same img file (I think) that I used to build the bad one.  I got it up and running with minimal configuration, logged into the web interface on 192.168.1.1, did a restore using the latest backup file from the usb stick and it rebooted automatically as it said it would.  I rebooted the laptop and it can't obtain an IP address.  It's trying but it never succeeds.  The console output indicates the lan is operational on 192.168.2/24 which is what it was under the old hardware so I know the configuration was changed.

Any help here would be appreciated.  I don't really want to go through and reconfigure from scratch.  Way too many things need to change and I probably can't remember what they are.  I really want the restoration of the backup to work.

Thanks,
Jim.

I need to get the configuration to new hardware.  What file(s) need to be copied to the new system?  I read something about /conf file but it was confusing.  I am logged in with a keyboard/mouse and monitor as root.  I plan on copying the file(s) to a usb stick unless there is a better way.  I thought about swapping the lan/wan ports but I don't know how.

Hardware is Protectli Vault FW2B
Thanks.
Jim

Thanks, everyone.  It's working now.
Jim

I've continued on and tried some other things.  I've discovered an automatic rule "Default deny rule" which I'm guessing is responsible for the problem.  So here's what my Port Forwarding looks like:
https://paste.pics/3b37bf6959da5ef01ac540bf8df28bdb

And here's the WAN rules that were generated automatically:

https://paste.pics/12cd60b6820973c1183d7160872e902f
Ignore the port 5060 stuff.  I was able to open those ports for SIP access.
I also couldn't figure out how to upload an image.  It just gave me a couple of img brackets.

This is    the log entry:
https://paste.pics/dab65912e8a1236d719cedf1e4f8c152

Why is the automatically generated rule being fired?