Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - spyware-avoidance

Pages: [1]

Virtual private networks / Re: Wireguard handshake

« on: July 15, 2022, 06:45:30 pm »

I have been experiencing the same thing. The issue is that mine works once in a while, for example, if I make a change in OPNsense, and then go back and restore settings (to undo the change), then WireGuard works from external network. Then after a while it will not work no matter what.
I'm new to OPNsense, so I have done steps in the documentation several times, and WireGuard just works randomly, and it doesn't work more often than it does work.
This is an issue I have been experiencing since I started using OPNsense, so something is probably wrong with the server itself, or the way configuration are applied. I have other services running, so I suppose the firewall rules work, because I do not have any issues with those.
I was just about to hook up a darn RaspberryPi to the router and just do a NAT port forward, because I can't seem to figure out what is going on with Wireguard in OPNsense.
Edit: rebooting OPNsense does not make a difference, only if I revert a change under the system menu, and even then it only lasts for a while before it stops working again.

General Discussion / Re: Dual WAN Setup

« on: June 07, 2022, 12:16:00 am »

Do the IP blocks on the WAN side overlap with any IPs on the LAN side? if they do then you do have an IP conflict, if not, then probably you should not have any IP conflicts.

I'm going to go through the same thing in a day or so... I have always had a public IP on my WAN, but I'm going to get a second line from another ISP installed, so maybe I'll be struggling the same thing (if their documentation is complete at least).

If you notice anything or find anything with this setup, please share.

General Discussion / Re: CrowdSec IP Blocklist

« on: June 07, 2022, 12:04:31 am »

Hello

So CrowdSec is basically a bit like the good old fail2ban with extensible and modular sources? is that it or I'm misunderstanding something?
I would just not open the WebUI to internet at all. Is this to protect against attempts coming from the LAN side or the management interface?

General Discussion / Re: Challenges of a Beginner/Hobbyist/Home User

« on: June 06, 2022, 11:55:51 pm »

Quote from: andrewoliv on June 06, 2022, 09:34:16 pm

http://cinsscore.com/list/ci-badguys.txt
http://cslist.domain.tld/list.txt

not sure what "domain.tld" mean here (I understand the terms domain and top level domain but not sure how to apply them to this url. is "list.txt" a real file or just an example?

Hello. The "domain.tld" means simply to supply your own URL to an http server (as you already know tld=top level domain = .com, .ca, .tv, .net, etc...). It looks like you have to supply your own text file from an HTTP server. This is just an example of what you need to implement yourself.
Where is this document you are looking at? If it is available publicly I can read and give you more specific answer.

General Discussion / Re: Challenges of a Beginner/Hobbyist/Home User

« on: June 06, 2022, 11:48:29 pm »

Quote from: andrewoliv on June 06, 2022, 01:01:10 pm

...
I started to write one based on my own experience, however, I dont believe I have the expertise to do so...

I have been doing enterprise IT for over 20 years and I have been teaching for a couple of years now, and I always feel like I lack the expertise to write something. I know networking really well (I teach the stuff), but I'm struggling to get started with OPNsense because this is just one system out of (literally) hundreds of systems I use. I am expert in 100 things, but right now I'm a noob when it comes to OPNsense. You probably know way more than me about OPNsense right now.

Just write something, and if it is wrong, or incomplete allow others to chip in and add and fix stuff (something like a public Wiki). Eventually it will be something with content.

General Discussion / Re: ADSL PPPoE reliability issues, ISP blames OPNsense

« on: June 06, 2022, 11:33:01 pm »

I think I may have solved the problem. I had applied a few settings that I reversed and the issue seems to be gone since it has been stable for more than 12hrs now.

I had attempted to enable multi-threaded processing and power management for the system, and that coincided with the line going bad. After the line was fixed by the ISP, the stability issue remained until I reversed these changes.

I did not come up with these settings myself. I have a machine very similar to a "Procteli" (except mine has Intel NICs and a 10th Gen i5) and this was their recommended optimization for PPPoE found here:
https://protectli.com/kb/pppoe-and-opnsense/

Under System > settings > Miscellaneous
Removed checkmark for "Use PowerD" (disabled the setting)

Under System > Settings > Tunables
removed tunable "net.isr.dispatch" (differred) and "net.isr.maxthreads" ( 8 ).

I do not know why or how this will cause interface timeout (which is the only suspect I have from the logs) when the power was set to HiAdaptive, and later was changed to Maximum. I do not know enough about what the tumbles do or if they will also cause problem, I just don't want to mess with the network and cause outages again.

I am getting a second internet service being brought to my site since internet availability has become somewhat mission-critical for us. The second ISP is using cable, and I sure hope that I will not screw up another thing when trying to set up Dual-WAN and driving myself crazy.

Edit: Unfortunately fiber to home and even traditional phone line and cable internet coverage are very spotty in the place I live. 400m from where I live they have fiber, but it has been 10 years and will not bring new fiber 400 m towards us. I don't think it will ever happen, because the two monopolies here have all the power to do whatever they want... so I am stuck with what we can get here for whatever they charge for it.

General Discussion / Re: How to shutdown automatically when UPS gets empty?

« on: June 05, 2022, 08:26:52 pm »

Hello, sorry if it sounds a bit of a noob question. I do set my VMs, NAS, and other systems to shutdown when power is out, but usually not my (dumb) switch, Wifi AP, and routers. I usually still have internet even if power is out for as long as my UPS(s) batteries last.
I think OPNsense is an embedded install, and I assume it runs mostly from memory. Is there actually any risk of potential problems if OPNsense is not shutdown properly?

General Discussion / ADSL PPPoE reliability issues, ISP blames OPNsense

« on: June 05, 2022, 08:19:21 pm »

I have just started using OPNsense for about a month or so, but last week my ADSL connection died due to problems with the line. Yesterday a technician visited the site and seems to have fixed the obvious line issues.

However the PPPoE connection dies once every few hours, and my internet goes offline. ISP blames the OPNsense and is unable to troubleshoot the issue on its own. They are trying to push me to dismantle my network and switch to using their modem and Wifi, and McAfee "business protection" whatever garbage they want to force down my throat.

It is also important to note that OPNsense has been working fine without any reliability issues for a couple of weeks before the line phone line died. I don't believe that the disconnection issue is due to OPNsense, although I may have possibly misconfigured something (again, I'm new to OPNsense and not completely familiar with the system yet), and we are just seeing issues now.

I have been trying to extract as much debug logs on the PPPoE connection to figure out what the system observes that is causing the disconnection, and for the most part I can't really make heads from tails of this.

I have attached the logs. Is there anyone who would be willing to provide a second set of eyes and can possibly explain what may be going on please?

Pages: [1]