Messages

Just one more thing to add.
So I already changed some port forwards to the new interface I made for the pppoe connection. Which also worked fine.

But after deleting the new interface and pointing the pppoe to WAN, I noticed those port forwards where pointing to nothing.
I thought changing them back to WAN and WAN address would be enough. But they still didnt work.
Then I noticed the rules for those port forwards I changed, where also gone.
I didnt immediately see a way to quickly make a new rule for them. So I just cloned those port forwards and deleted the original ones.
This automatically made new rules.

Thanks!

Thanks for the confirmation. I assigned it to WAN and deleted the extra interface. At first it didnt work. Internet would not start.
I put it back to how it did work with the extra interface. Then I noticed the new interface was disabled by default. Only after manually enabling it internet would work.
So I tried again assigning it to WAN and deleting the extra created interface. And then disabling / re-enabling WAN. After that the pppoe worked like normal on WAN.

Thanks!

Hi all!


We recently got a new home internet provider. So we went from a simple dhcp on WAN. To a PPPOE connection.
I followed this tutorial: https://docs.opnsense.org/manual/how-tos/pppoe_isp_setup.html
But we have no VLAN, and the tutorial is a bit focussed on it. So I was a bit confused. Everything works fine. No problem. Speed is very close to promised and no heavy cpu draw. i3-7100.

But I am just wondering if this is the way it should be set up, with the new interface;ONE next to WAN and LAN.
Or if I should have just assigned WAN to the new PPPOE device.
Cause I had to change my port forwards to point to ONE as well now.

Thanks!

Ah yes, I meant the user certificate. as it also expired. I use otp.

I made new certificates.. Not noticing the authority was also expired. ;)
So I did everything twice. I guess I wont forget anymore now.

My VPN works like before again.
Thanks!

So I got home.
SSLVPN Server Certificate has indeed epired.
It was only valid for a year. User certificate is also almost expired.

I set it up myself, I guess a year ago, using a guide.
I am still learning about what I actually did and how it affects everything. I never did this before.

As I read, there is no simple renewal option. I just have to remake the certificate. And the user.
Is that right?

I am sorry I dont have more info at the moment. I am on holiday. Thats the whole reason I was using the vpn ;)

And does anyone happen to know the standard expiration date? I thought it was 10 years?

Hi all.


I have been using openvpn for quite some time now without problems. Since last Thursday though, i get this error on all clients.
Peer certificate verification failure.
Nothing changed on server. Maybe client got updated?
Was there some change in certification rules or so? Can it be expired?
Anyone have an idea?

Thanks!

Well to start with just a few IP would be fine.

But I cant seem to let it show anything else than wan or lan. Not specified to IP.

Hi all.


Is there a way to monitor live how much data an IP moves in and out.
And to check the live speeds that IP is using?
And to see this in some graphs over some timeperiod?

Thanks!

Ok. I am obviously not as well trained in this kind of stuff as you. And I can only say it in simple terms.
So forget my rant.

But just tell me this.
1. Doesnt it sound logical to expect the phones/pcs on the lan to behave the same as for instance phones outside off the lan? They both have access to the same internet. and both only have to open a link on the internet with a port. I would think it being a link to my own lan would be unimportant here.
I feel it shouldnt matter if this is on my internet or 4g internet. Internet seems internet.  and link seems link.
You get my drift?

2. Why does ipcop or ipfire or any other router i have ever used, never had this 'issue'?
If this is because it automatically does nat reflection, then ok.
But for me, logically, this is weird. ;)

I turned on: firewall / nat / advanced
Reflection for port forwards    
It didnt help.

Then I also turned on:
Automatic outbound NAT for Reflection    
Now my external ip:port directs to my server from lan too.

Thanks for the patience btw ;)

I have been reading about Nat reflection.
But this is a solution for a problem that shouldnt exist.

I dont want it to redirect to lan IP.
I just want the router to let me load the stupid external website. Even though this is actually a server on my own lan.
Who is this router to tell me I should use the internal IP instead of the external.

External IP should just lead me to exactly that. The external IP.
Not to the router opnsense admin page.

That is the problem here.

I used this
https://forum.opnsense.org/index.php?topic=8783.0
- name: A short friendly name for the IP address you're aliasing. I'll call it "media-server"
- type: Host(s)
- Aliases: Input 192.168.1.200

- Interface: WAN
- TCP/IP Version: IPv4
- Protocol: TCP

Under Source > Advanced:

- Source / Invert: Unchecked
- Source: Any
- Source Port Range: any to any

- Destination / Invert: Unchecked
- Destination: WAN address
- Destination Port range: (other) 3200 to (other) 3200

- Redirect target IP: Alias "media-server"
- Redirect target Port: (other) 3100

And the port forwards work fine.
My server and all its different services and ports are accessible from anywhere outside of the Lan through my domain name:port.
Just not on the lan. On the lan I can only reach them through internal IP: port.
Domain name: port will go to page unknown. Domain name: NO port, will lead to opnsense router admin page.

Yes.. i wasnt very clear.
I was new to opnsense and after setup i found port forwards not working and external ip leading to router.
This confused me and i just didnt have the time to check what is what.
Yesterday night i had some time time to test and set up again. Cause who does not do this on christmas night, right? :)

So from an external ip it does not go to router and port forwards work fine.
But from internal ips, i cannot reach my server over external ip. Because the external ip keeps leading me to the router. Or when i use ports, it just doesnt find anything.

This is very annoying, since i use my external ip through my domain a lot on the phones, to reach my server. And i dont want to keep switching between using the internal and external ip to connect to my server.
As i use 4g next to the wifi a lot, i just always use external ip through domain to connect to server.

Is there an option i missed to turn this off easily?
I just want to be able to reach my server over external ip from my lan. Instead of being lead to the router.

Thanks!

Thanks!

I was too quick with joy. It still lets the webgui exposed under wan ip.
I reinstalled and it did this immediately.
Its unusable like this.
What could there be wrong?

I read people having issues with latest version 21.7.6. Were 1 person solved his issues by reverting to 21.7.5.
So i tried that, and all my port forwards suddenly worked.
Also it does not link to opnsense with external ip.

So maybe there is something wrong with 21.7.6?

Thanks!