"
thanks for the link, I think that post answered my question pretty well. cheers
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
General Discussion / business edition vs community
December 14, 2023, 07:28:42 PM
Hi everyone, just curious for OPNSense, does business edition has additional changes on top of community?
i.e. the latest buesiness 23.10.1 released is based on OPNsense 23.7.9 community.
So doess this mean if I only update OPNSense community following the business releases I will get equivalent of business editional stability? ;D
thanks
i.e. the latest buesiness 23.10.1 released is based on OPNsense 23.7.9 community.
So doess this mean if I only update OPNSense community following the business releases I will get equivalent of business editional stability? ;D
thanks
#3
23.7 Legacy Series / Roadwarriors IKEv2 EAP-MSCHAPv2 setup
December 11, 2023, 09:00:13 AM
so finally had time to follow the guild https://docs.opnsense.org/manual/how-tos/ipsec-swanctl-rw-ikev2-eap-mschapv2.html to move my legacy tunnel to the new connections
was able to get my windows11 up and running in no time
however, there is a step missing in the doc causing the native Android VPN client to not working (which is why the guide only mention about using StrongSwan on Android? ::))
no error log on the OpnSense side, on Android it terminated connection with error
so obvious just need to fix this by enable Send certificate to always in the general setting, however this step is missing
https://docs.opnsense.org/manual/how-tos/ipsec-swanctl-rw-ikev2-eap-mschapv2.html#vpn-ipsec-connections
I don't see how I can update the doc, so if someone can help updating this section to help future user it will be great
was able to get my windows11 up and running in no time
however, there is a step missing in the doc causing the native Android VPN client to not working (which is why the guide only mention about using StrongSwan on Android? ::))
no error log on the OpnSense side, on Android it terminated connection with error
Code Select
setting state=FAILED, reason=The remote/server failed to provide a end certificateso obvious just need to fix this by enable Send certificate to always in the general setting, however this step is missing
https://docs.opnsense.org/manual/how-tos/ipsec-swanctl-rw-ikev2-eap-mschapv2.html#vpn-ipsec-connections
I don't see how I can update the doc, so if someone can help updating this section to help future user it will be great
#4
23.7 Legacy Series / Re: IPSec tunnel settings to connections manual migration
July 31, 2023, 08:42:01 PMQuote from: franco on July 31, 2023, 08:35:18 PM
We're collecting improvements for connections here https://github.com/opnsense/core/issues/6279 and I expect movement on this as soon as people try to migrate their setups... which is about now..
FWIW, the tunnel settings are going to be there for another year for sure, but now we'd rather only improve the connections bits.
Cheers,
Franco
any possibility to update the road warriors wiki? If you want people to migrate now that would be the first step....
#5
23.7 Legacy Series / IPSec tunnel settings to connections manual migration
July 31, 2023, 08:09:41 PM
from the 23.7 release note I see
and I see 0 documentation anywhere (not just official wiki, but the entire internet) about how to setup road warriors with the new connections GUI.
The old one is at https://docs.opnsense.org/manual/how-tos/ipsec-rw.html, detailed example at https://docs.opnsense.org/manual/how-tos/ipsec-rw-srv-mschapv2.html
can OPNSense at least have the doc updated with new examples before kill the old UI? This is very surprising...
QuoteIPsec "tunnel settings" GUI is now deprecated and manual migration to the "connections" GUI is recommended. An appropriate EoL announcement will be made next year.
and I see 0 documentation anywhere (not just official wiki, but the entire internet) about how to setup road warriors with the new connections GUI.
The old one is at https://docs.opnsense.org/manual/how-tos/ipsec-rw.html, detailed example at https://docs.opnsense.org/manual/how-tos/ipsec-rw-srv-mschapv2.html
can OPNSense at least have the doc updated with new examples before kill the old UI? This is very surprising...
#6
23.1 Legacy Series / Re: Ethernet detached event for wan(re1)
February 23, 2023, 12:11:47 AM
I do find in the audit log
anyone knows how I can install previous version of realtek-re-kmod upgraded: 197.00?
Code Select
<13>1 2023-02-20T00:37:17-08:00 OPNsense.localdomain pkg-static 25081 - [meta sequenceId="40"] realtek-re-kmod upgraded: 197.00 -> 198.00
anyone knows how I can install previous version of realtek-re-kmod upgraded: 197.00?
#7
23.1 Legacy Series / Ethernet detached event for wan(re1)
February 22, 2023, 09:16:02 PM
Hello there,
I think ever since I updated to 23.1, I started to experience "Ethernet detached event for wan(re1)" event everyday (probably at WAN dhcp renew?)
I don't think this was an issue previously on the 22.7 release that I updated from
I have attached the log file from today and we can see at 5:38am
this causes me lose ipv4 connection temporarily(automatic recover) and ipv6 until I manual reboot radvd service
I am 100% sure that this does not happen before since I have logs from early of the month and I do not see this behavior
I do have os-realtek-re (installed) so not sure if this is related? I recall during 23.1 updated os-realtek-re got a new version? but I dont know how to check
please let me know how I can furture look into this, thanks a lot
I think ever since I updated to 23.1, I started to experience "Ethernet detached event for wan(re1)" event everyday (probably at WAN dhcp renew?)
I don't think this was an issue previously on the 22.7 release that I updated from
I have attached the log file from today and we can see at 5:38am
Code Select
<13>1 2023-02-22T05:37:16-08:00 OPNsense.localdomain opnsense 20835 - [meta sequenceId="1"] /usr/local/etc/rc.linkup: DEVD: Ethernet detached event for wan(re1)
<13>1 2023-02-22T05:37:16-08:00 OPNsense.localdomain opnsense 20835 - [meta sequenceId="2"] /usr/local/etc/rc.linkup: plugins_configure dhcp (,inet6,Array)
<13>1 2023-02-22T05:37:16-08:00 OPNsense.localdomain opnsense 20835 - [meta sequenceId="3"] /usr/local/etc/rc.linkup: plugins_configure dhcp (execute task : dhcpd_dhcp_configure(,inet6,Array))
<27>1 2023-02-22T05:37:16-08:00 OPNsense.localdomain dhclient 62124 - [meta sequenceId="4"] connection closed
this causes me lose ipv4 connection temporarily(automatic recover) and ipv6 until I manual reboot radvd service
I am 100% sure that this does not happen before since I have logs from early of the month and I do not see this behavior
I do have os-realtek-re (installed) so not sure if this is related? I recall during 23.1 updated os-realtek-re got a new version? but I dont know how to check
please let me know how I can furture look into this, thanks a lot
#8
General Discussion / Re: help with WAN IPv6 setup
April 02, 2022, 12:36:29 PM
Thanks a lot for the link.
So eventually IPv6 starts to work on my opnsense box without any config change, probably waited for like 20-30 minutes maybe?
I am curious if there is a way for opnsense to skip the wait (aka do not wait RA) so every reboot it will get v6 working right away
So eventually IPv6 starts to work on my opnsense box without any config change, probably waited for like 20-30 minutes maybe?
I am curious if there is a way for opnsense to skip the wait (aka do not wait RA) so every reboot it will get v6 working right away
#9
General Discussion / help with WAN IPv6 setup
April 02, 2022, 08:49:01 AM
Hello everyone,
I am trying to migrate my baremetal box from pfsense to opnsense, but it looks like I cannot get my IPv6 working
Before for pfsense installation I followed the tutorial here https://www.zacharyschneider.ca/2020/12/pfsense-ipv6-telus/ and was having my IPv6 working just fine.
But it looks like in the opnsense world "Do not wait for RA" got removed for whatever reason.
Does anyone know whats the equivalent in opnsense for this option right now?
All my LANs are just showing as track6 and none of them has v6 address assigned and none of my device can get v6 address through SLAAC
Also the "Do not allow PD release" option is not at the same location as pfsense, but I think the equivalent is at Interfaces -> Settings -> IPv6 DHCP -> Prevent release?
Thanks in advance
I am trying to migrate my baremetal box from pfsense to opnsense, but it looks like I cannot get my IPv6 working
Before for pfsense installation I followed the tutorial here https://www.zacharyschneider.ca/2020/12/pfsense-ipv6-telus/ and was having my IPv6 working just fine.
But it looks like in the opnsense world "Do not wait for RA" got removed for whatever reason.
Does anyone know whats the equivalent in opnsense for this option right now?
All my LANs are just showing as track6 and none of them has v6 address assigned and none of my device can get v6 address through SLAAC
Also the "Do not allow PD release" option is not at the same location as pfsense, but I think the equivalent is at Interfaces -> Settings -> IPv6 DHCP -> Prevent release?
Thanks in advance
Pages1
