1
24.1 Legacy Series / Re: Route Add via Webgui - Opnsense 24.4.1
« on: June 25, 2024, 08:29:39 am »
Oops, I must have overlooked something, you now have to scroll the frame to see the dropdown menu.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
24.1 Legacy Series / Route Add via Webgui - Opnsense 24.4.1
« on: June 24, 2024, 02:24:43 pm »
Hello everyone,
Are there any known problems with the Business version 24.4.1?
I can't select a gateway for a new route. There is only the GW Null4.
Best Regards
Are there any known problems with the Business version 24.4.1?
I can't select a gateway for a new route. There is only the GW Null4.
Best Regards
3
Virtual private networks / IPSEC NAT VPN
« on: November 29, 2023, 01:04:49 pm »
Hello everyone,
I have the following VPN to configure, how might that work with OpnSense? I've gone through all the instructions on the Internet but can't find a solution.
"By enforcing this policy we avoid the probability of conflicting addresses between trading partners and our own private addressing scheme. To conform with this policy you must configure NAT on your VPN device and hide the private addresses behind public registered addresses. Enter the NAT address, not the private address."
Anyone have an idea how to realize this?
Best regards
I have the following VPN to configure, how might that work with OpnSense? I've gone through all the instructions on the Internet but can't find a solution.
"By enforcing this policy we avoid the probability of conflicting addresses between trading partners and our own private addressing scheme. To conform with this policy you must configure NAT on your VPN device and hide the private addresses behind public registered addresses. Enter the NAT address, not the private address."
Anyone have an idea how to realize this?
Best regards
4
German - Deutsch / Verständnisfrage was den Status Phase2 Time angeht.
« on: February 06, 2023, 08:58:52 am »
Hallo Zusammen,
bei einem aufgebauten IPSec Tunnel steht im Status Zeit.
Was mag diese bedeuten und sind es Sekunden,Minuten oder Stunden?
Beste Grüße
bei einem aufgebauten IPSec Tunnel steht im Status Zeit.
Was mag diese bedeuten und sind es Sekunden,Minuten oder Stunden?
Beste Grüße
5
Virtual private networks / Re: Kind of Failover?
« on: February 01, 2023, 04:47:36 pm »
Tunnel Isolation is the Key.
6
German - Deutsch / Re: IKEv2 Tunnel mit Cisco
« on: February 01, 2023, 04:43:48 pm »Wir hatten das selbe Problem mit einer fortigate als Gegenstelle.
Als Lösung haben wir einfach zwei identische Phase 1 Einträge mit jeweils einem Phase 2 Eintrag angelegt.
Hatten wir auch kurz überlegt, aber dann wieder verworfen, weil nicht ganz so sauber.
Tunnel Isolation soll ja auch bei Fortigate Wunder wirken. (so jedenfalls der Hilfetext bei dem Schalter)
7
German - Deutsch / Re: IKEv2 Tunnel mit Cisco
« on: February 01, 2023, 04:39:11 pm »10.10.1.1/32 zu 192.168.1.1
10.10.1.2/32 zu 192.168.1.2
Ich nehme mal an, das sind wirklich zwei verschiedene Phase2 Einträge.
Schon mal die Option "Tunnel Isolation" in den OPNSense seitigen Phase1 Settings versucht ?
Das hat bei mir schon ähnliche Probleme mit CISCO Gegenstellen beseitigt.
Hallo juere,
vielen Dank für den Tipp, werde das nachher direkt mal ausprobieren, melde mich! :-)
Genau das hat uns aus der Patsche geholfen, vielen dank! :-)
8
German - Deutsch / Re: IKEv2 Tunnel mit Cisco
« on: February 01, 2023, 07:46:55 am »10.10.1.1/32 zu 192.168.1.1
10.10.1.2/32 zu 192.168.1.2
Ich nehme mal an, das sind wirklich zwei verschiedene Phase2 Einträge.
Schon mal die Option "Tunnel Isolation" in den OPNSense seitigen Phase1 Settings versucht ?
Das hat bei mir schon ähnliche Probleme mit CISCO Gegenstellen beseitigt.
Hallo juere,
vielen Dank für den Tipp, werde das nachher direkt mal ausprobieren, melde mich! :-)
9
German - Deutsch / IKEv2 Tunnel mit Cisco
« on: January 31, 2023, 01:50:24 pm »
Ich habe folgendes Phänomen mit einem IKEv2 Tunnel zu einer Cisco.
zwei IPs in Phase 2, wenn ich dann eine IP anpinge, geht kein Traffic zu der anderen mehr.
ungefähr so :
10.10.1.1/32 zu 192.168.1.1
10.10.1.2/32 zu 192.168.1.2
ping von 192.168.1.1 auf 10.10.1.1 funktioniert, dann aber nicht mehr der Ping von 192.168.1.2 auf 10.10.1.2.
erst nach einem neuaufbau des Tunnels funktioniert der Ping von 192.168.1.2 auf 10.10.1.2 wieder, bis Traffic über die 192.168.1.1 geht, dann funktiniert nur noch 192.168.1.1.
scheint wie eine art Failover zu sein, aber bei VPN?
Hatte dieses Problem hier schon jemand?
zwei IPs in Phase 2, wenn ich dann eine IP anpinge, geht kein Traffic zu der anderen mehr.
ungefähr so :
10.10.1.1/32 zu 192.168.1.1
10.10.1.2/32 zu 192.168.1.2
ping von 192.168.1.1 auf 10.10.1.1 funktioniert, dann aber nicht mehr der Ping von 192.168.1.2 auf 10.10.1.2.
erst nach einem neuaufbau des Tunnels funktioniert der Ping von 192.168.1.2 auf 10.10.1.2 wieder, bis Traffic über die 192.168.1.1 geht, dann funktiniert nur noch 192.168.1.1.
scheint wie eine art Failover zu sein, aber bei VPN?
Hatte dieses Problem hier schon jemand?
10
Virtual private networks / Kind of Failover?
« on: January 31, 2023, 01:48:41 pm »
Hi All,
I have the following phenomenon with an IKEv2 tunnel to a Cisco.
Two IPs in phase 2, then when I ping one IP, no traffic goes to the other.
something like this :
10.10.1.1/32 to 192.168.1.1
10.10.1.2/32 to 192.168.1.2
ping from 192.168.1.1 to 10.10.1.1 works, but then not ping from 192.168.1.2 to 10.10.1.2.
only after recreate the tunnel the ping from 192.168.1.2 to 10.10.1.2 works again, until traffic goes through 192.168.1.1, then only 192.168.1.1 works.
seems like some kind of failover, but with VPN?
Has anyone here had this problem?
I have the following phenomenon with an IKEv2 tunnel to a Cisco.
Two IPs in phase 2, then when I ping one IP, no traffic goes to the other.
something like this :
10.10.1.1/32 to 192.168.1.1
10.10.1.2/32 to 192.168.1.2
ping from 192.168.1.1 to 10.10.1.1 works, but then not ping from 192.168.1.2 to 10.10.1.2.
only after recreate the tunnel the ping from 192.168.1.2 to 10.10.1.2 works again, until traffic goes through 192.168.1.1, then only 192.168.1.1 works.
seems like some kind of failover, but with VPN?
Has anyone here had this problem?
11
Virtual private networks / Re: IPSec Mobile to IPSec S2S
« on: September 28, 2022, 09:08:23 am »
ok, it was me, i overlooked that you also need a phase 2 for the mobile client for these vpn networks.
So it's done...
So it's done...
12
Virtual private networks / IPSec Mobile to IPSec S2S
« on: September 27, 2022, 10:58:33 am »
Hello all,
I have the following problem/question.
i have ipsec for mobile users and also a ipsec side to side vpn.
everything works fine, but now when i want to access the remote ipsec network from the mobile client, it doesn't work. at the remote site (a lancom router) the packet doesn't arrive. The opnsense says packet transmitted (IPsec internal host to host).
what could be missing here or where could the error be?
I am grateful for any advice.
I have the following problem/question.
i have ipsec for mobile users and also a ipsec side to side vpn.
everything works fine, but now when i want to access the remote ipsec network from the mobile client, it doesn't work. at the remote site (a lancom router) the packet doesn't arrive. The opnsense says packet transmitted (IPsec internal host to host).
what could be missing here or where could the error be?
I am grateful for any advice.
13
Zenarmor (Sensei) / Re: Can´t connect to MongoDB
« on: August 19, 2022, 02:34:12 pm »
Hi Sy,
unfortunately already done, without success...
unfortunately already done, without success...
14
Zenarmor (Sensei) / Can´t connect to MongoDB
« on: August 19, 2022, 10:18:35 am »
Hello All,
I have the following problem when testing Zenamor on an Opnsense firewall.
Somehow I can't connect to the local database.
here are a few log extracts.
service mongod status
mongod is running as pid 74804.
netstat -an | grep 27017
tcp4 0 326 127.0.0.1.1329 127.0.0.1.27017 FIN_WAIT_1
tcp4 0 348 127.0.0.1.1328 127.0.0.1.27017 ESTABLISHED
tcp4 0 0 127.0.0.1.27017 . LISTEN
fffff80004c4da00 stream 0 0 fffff801a9e275b8 0 0 0 /tmp/mongodb-27017.sock
[socket timeout calling hello on 'localhost:27017']OPNsense\Sensei\SenseiMongoDB::executeQuery::Exception::No suitable servers found (`serverSelectionTryOnce` set): [socket timeout calling hello on 'localhost:27017'][2022-08-19T09:41:02+02:00][INFO] [45553][D:19.37] https://health.sunnyvalley.io/client_report.php could sended.
mongo --host localhost
MongoDB shell version v4.0.28
connecting to: mongodb://localhost:27017/?gssapiServiceName=mongodb
2022-08-19T10:12:22.781+0200 I NETWORK [js] DBClientConnection failed to receive message from localhost:27017 - HostUnreachable: Connection reset by peer
2022-08-19T10:12:22.782+0200 E QUERY [js] Error: network error while attempting to run command 'isMaster' on host 'localhost:27017' :
connect@src/mongo/shell/mongo.js:356:17
@(connect):2:6
__cxa_thread_call_dtors: dtr 0x802f4e230 from unloaded dso, skipping
exception: connect failed
In the livelogs of the firewall nothing is rejected on port 27017.
Zenamor listens to the Laninterface, but the Webgui is bound to a vLan on the same.
Anyone have an idea where I could look for the problem?
i despair...;-)
I have the following problem when testing Zenamor on an Opnsense firewall.
Somehow I can't connect to the local database.
here are a few log extracts.
service mongod status
mongod is running as pid 74804.
netstat -an | grep 27017
tcp4 0 326 127.0.0.1.1329 127.0.0.1.27017 FIN_WAIT_1
tcp4 0 348 127.0.0.1.1328 127.0.0.1.27017 ESTABLISHED
tcp4 0 0 127.0.0.1.27017 . LISTEN
fffff80004c4da00 stream 0 0 fffff801a9e275b8 0 0 0 /tmp/mongodb-27017.sock
[socket timeout calling hello on 'localhost:27017']OPNsense\Sensei\SenseiMongoDB::executeQuery::Exception::No suitable servers found (`serverSelectionTryOnce` set): [socket timeout calling hello on 'localhost:27017'][2022-08-19T09:41:02+02:00][INFO] [45553][D:19.37] https://health.sunnyvalley.io/client_report.php could sended.
mongo --host localhost
MongoDB shell version v4.0.28
connecting to: mongodb://localhost:27017/?gssapiServiceName=mongodb
2022-08-19T10:12:22.781+0200 I NETWORK [js] DBClientConnection failed to receive message from localhost:27017 - HostUnreachable: Connection reset by peer
2022-08-19T10:12:22.782+0200 E QUERY [js] Error: network error while attempting to run command 'isMaster' on host 'localhost:27017' :
connect@src/mongo/shell/mongo.js:356:17
@(connect):2:6
__cxa_thread_call_dtors: dtr 0x802f4e230 from unloaded dso, skipping
exception: connect failed
In the livelogs of the firewall nothing is rejected on port 27017.
Zenamor listens to the Laninterface, but the Webgui is bound to a vLan on the same.
Anyone have an idea where I could look for the problem?
i despair...;-)
Pages: [1]