OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of jsnell »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - jsnell

Pages: [1]
1
23.1 Legacy Series / Re: Kernel panic in Hetzner VM after upgrading
« on: April 12, 2023, 01:33:34 pm »
Thanks for the suggestion, but this doesn't appear to be the issue in our case. I did investigate further, and this crash seems to be related to a regression in IPv6. If I disable IPv6 on the WAN interface then the server appears stable after the upgrade.

2
23.1 Legacy Series / Kernel panic in Hetzner VM after upgrading
« on: April 11, 2023, 09:57:19 pm »
We run OPNsense in Hetzner's virtual servers and if they upgraded beyond 23.1_6 they seem to kernel panic shortly after startup. They work for long enough that the web GUI can be accessed and logged into, but they then panic shortly afterwards. I have attached a screenshot of the panic message from the serial console.

If the machine is restored from the snapshot taken before upgrading, then it continues to work as normal. Also, we have multiple OPNsense VMs, and this seems to affect all of them.

3
Virtual private networks / Routing between VPNs on different interfaces
« on: October 20, 2022, 03:08:36 pm »
We have an IPSec VPN established on WAN which is intended to route traffic between our local network and a number of public IP addresses on the remote side. This is already in place using a standard site-to-site configuration with installed policies, and is connecting successfully. However, as the servers on our LAN side are in a datacentre where routing definitions across the private network are outside of our control, we cannot route these public IP addresses over the LAN directly. Instead I had the idea to establish a LAN-side IPSec VPN to connect between the hosts on our private network, like so:

Internal Server ==> IPSec over LAN ==> OPNSense ==> IPSec over WAN ==> Remote Gateway ==> Remote Public IP

However, while both connections appear to be operational, I see that traffic is being dropped by the Default deny/state violation rule. I can add rules to pass the traffic regardless, and I see that if I mtr the remote public IP then the following appear in the firewall logs as green entries:

IPsec      2022-10-20T13:02:32   <OPNsense WAN IP>   <Remote IP>   icmp      
IPsec      2022-10-20T13:02:32   <Internal Server IP>   <Remote IP>   icmp

However, no traffic is able to cross the two VPNs. I am assuming this is because doing this bypasses the usual NAT functionality of IPSec, or something to that effect. How do I correctly link things up between the two VPNs?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2