Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - zyx360

#1
Just to confirm, as i'm seeing the github issue closed/fixed, did this fix your problem and did youget this to work again? I'm still having issue (any ping size > 1464 is dropped) but suspect it's my config, can you confirm my settings are correct?

ethernet interface mtu: 1512
vlan interface mtu: not specified
pppoe interface: 1508

Looking on the cli i can see that the vlan interface is assisgned the mtu of 1508 automatically and the pppoe interface lists mtu 1500

Thanks,
Z
#2
After some more investigation i found the firewall logs did not show entries because the traffic was actually allowed.

I've tried connecting with curl from a machine in the 111.0/24 network, this throws a cryptic error.

[root@controller ~]# curl -vvvv  https://192.168.111.2
* Rebuilt URL to: https://192.168.111.2/
*   Trying 192.168.111.2...
* TCP_NODELAY set
* Connected to 192.168.111.2 (192.168.111.2) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 192.168.111.2:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 192.168.111.2:443


#3
Hi there,

I have a strange issue to troubleshoot.
I have setup that looks like this:

Provider-Router (wan: x.x.x.x, lan: 192.168.111.1/24) -> Opnsense (wan: 192.168.111.2/24, lan: 192.168.112.0/24)

I know this setup is not ideal but it is something i have to deal with for now.
Some of my clients are connected on the provider-router's wifi and receive a dhcp ip from the 111.0/24 subnet.
I want these clients to be able to connect to the opnsense management interface on the WAN address.

To make this possible i;
- Disabled the block bogon networks setting
- Disabled the block private networks setting
- Created an allow rule on the WAN interface that allows 80/443

I am however still unable to access the management interface.

I was hoping that i was able to monitor whats beeing blocked by navigating to:
Firewall > Log files > Live view

But for whatever reason i dont see the traffic beeing blocked there.

I know for a fact that something on opnsense is blocking my traffic since a "pfctl -d" through the command line magically makes things work as expected.

Can anyone point me in the right direction how i can monitor what's actually dropping my request?

Thanks!
Z