Messages

Success!!!

Screenshot of interfaces.

The attached log is from after cycling the VPN interface off/on. I have Internet after the cycling and the VPN status says connected with VPN in/out traffic numbers increasing.

Maybe someone can make sense of the attached VPN log file. It was captured after a reboot.

I had no Internet access after the reboot. I had to cycle off/on the VPN interface to regain Internet access.

I thought maybe this issue was due to the initialization order on of the interfaces on boot but they appear to be correct in a backup XML file:


</system>
  <interfaces>
    <lo0>
      <internal_dynamic>1</internal_dynamic>
      <descr>Loopback</descr>
      <enable>1</enable>
      <if>lo0</if>
      <ipaddr>127.0.0.1</ipaddr>
      <ipaddrv6>::1</ipaddrv6>
      <subnet>8</subnet>
      <subnetv6>128</subnetv6>
      <type>none</type>
      <virtual>1</virtual>
    </lo0>
    <lan>
      <if>em1</if>
      <descr/>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>192.168.10.1</ipaddr>
      <subnet>24</subnet>
    </lan>
    <wan>
      <if>em0</if>
      <descr/>
      <enable>1</enable>
      <spoofmac/>
      <blockpriv>1</blockpriv>
      <blockbogons>1</blockbogons>
      <ipaddr>dhcp</ipaddr>
      <dhcphostname/>
      <alias-address/>
      <alias-subnet>32</alias-subnet>
      <dhcprejectfrom/>
      <adv_dhcp_pt_timeout/>
      <adv_dhcp_pt_retry/>
      <adv_dhcp_pt_select_timeout/>
      <adv_dhcp_pt_reboot/>
      <adv_dhcp_pt_backoff_cutoff/>
      <adv_dhcp_pt_initial_interval/>
      <adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
      <adv_dhcp_send_options/>
      <adv_dhcp_request_options/>
      <adv_dhcp_required_options/>
      <adv_dhcp_option_modifiers/>
      <adv_dhcp_config_advanced/>
      <adv_dhcp_config_file_override/>
      <adv_dhcp_config_file_override_path/>
    </wan>
    <opt1>
      <if>wg0</if>
      <descr>BLAHVPN</descr>
      <enable>1</enable>
      <lock>1</lock>
      <spoofmac/>
    </opt1>
    <wireguard>
      <internal_dynamic>1</internal_dynamic>
      <descr>WireGuard (Group)</descr>
      <if>wireguard</if>
      <virtual>1</virtual>
      <enable>1</enable>
      <type>group</type>
      <networks/>
    </wireguard>
    <openvpn>
      <internal_dynamic>1</internal_dynamic>
      <enable>1</enable>
      <if>openvpn</if>
      <descr>OpenVPN</descr>
      <type>group</type>
      <virtual>1</virtual>
      <networks/>
    </openvpn>
    <opt2>
      <if>ovpnc1</if>
      <descr>NORDVPN</descr>
      <enable>1</enable>
      <spoofmac/>
    </opt2>
  </interfaces>

After a reboot of OPNsense 23.1.7_3-amd64 running a NordVPN using OpenVPN, my Internet is not functional. It appears that my DNS is not working because I can ping 8.8.8.8 but not www.google.com. Internet access returns if I restart the NordVPN interface.

Any suggestions?

"DoD/NSS/DIB and their stakeholders"

That applied to me just a couple of years ago. I got out of it because my employee did not want to deal with the BS every time he went onsite and we did not want to deal with the security measures. It could all happen again and we would not be prepared.

I will ask again: Is no one hungry? I have the money.

[Where are the independents that want to make some money?]

Where are the independents that want to make some money?

They are all too busy thinking about work/life balance. Get off of your arses and do something hard and meaningful.

I included all you mention in the email to Deciso and all I got was a coolie cutter reply.

Is no one hungry? I spent years helping people and companies to get the job done. I have made a fortune in the process. Now I am looking for someone like me from 40 years ago.

[Where are the independents that want to make some money?]

Where are the independents that want to make some money?

They are all too busy thinking about work/life balance. Get off of your arses and do something hard and meaningful.

Sorry, no can do.


The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network.

CISA encourages network architects, defenders, and administrators to review NSA's Network Infrastructure Security Guidance as well as CISA's recently published Layering Network Security Through Segmentation infographic for assistance in hardening networks against cyber threats.


https://media.defense.gov/2022/Mar/01/2002947139/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDANCE_20220301.PDF

Very likely, yes.

Where are the independents that want to make some money?

Yes, I spoke with Deciso but did not get a warm feeling about their personal investment in my needs. I was concerned that it would be a runaround of "Sorry, that's not included in your two hours of service for $326.

Is there a list of paid assistance resources? I would like to hire someone to finish the firewall rules, Unbound recursive DNS w/blocklists, VPN to some provider such as PIA, ClamAV etc. etc. etc.

In other words, is there a reputable IT person interested in assisting a small business / personal user?