"
Thanks for the suggestion, but this doesn't appear to be the issue in our case. I did investigate further, and this crash seems to be related to a regression in IPv6. If I disable IPv6 on the WAN interface then the server appears stable after the upgrade.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
23.1 Legacy Series / Kernel panic in Hetzner VM after upgrading
April 11, 2023, 09:57:19 PM
We run OPNsense in Hetzner's virtual servers and if they upgraded beyond 23.1_6 they seem to kernel panic shortly after startup. They work for long enough that the web GUI can be accessed and logged into, but they then panic shortly afterwards. I have attached a screenshot of the panic message from the serial console.
If the machine is restored from the snapshot taken before upgrading, then it continues to work as normal. Also, we have multiple OPNsense VMs, and this seems to affect all of them.
If the machine is restored from the snapshot taken before upgrading, then it continues to work as normal. Also, we have multiple OPNsense VMs, and this seems to affect all of them.
#3
Virtual private networks / Routing between VPNs on different interfaces
October 20, 2022, 03:08:36 PM
We have an IPSec VPN established on WAN which is intended to route traffic between our local network and a number of public IP addresses on the remote side. This is already in place using a standard site-to-site configuration with installed policies, and is connecting successfully. However, as the servers on our LAN side are in a datacentre where routing definitions across the private network are outside of our control, we cannot route these public IP addresses over the LAN directly. Instead I had the idea to establish a LAN-side IPSec VPN to connect between the hosts on our private network, like so:
Internal Server ==> IPSec over LAN ==> OPNSense ==> IPSec over WAN ==> Remote Gateway ==> Remote Public IP
However, while both connections appear to be operational, I see that traffic is being dropped by the Default deny/state violation rule. I can add rules to pass the traffic regardless, and I see that if I mtr the remote public IP then the following appear in the firewall logs as green entries:
IPsec 2022-10-20T13:02:32 <OPNsense WAN IP> <Remote IP> icmp
IPsec 2022-10-20T13:02:32 <Internal Server IP> <Remote IP> icmp
However, no traffic is able to cross the two VPNs. I am assuming this is because doing this bypasses the usual NAT functionality of IPSec, or something to that effect. How do I correctly link things up between the two VPNs?
Internal Server ==> IPSec over LAN ==> OPNSense ==> IPSec over WAN ==> Remote Gateway ==> Remote Public IP
However, while both connections appear to be operational, I see that traffic is being dropped by the Default deny/state violation rule. I can add rules to pass the traffic regardless, and I see that if I mtr the remote public IP then the following appear in the firewall logs as green entries:
IPsec 2022-10-20T13:02:32 <OPNsense WAN IP> <Remote IP> icmp
IPsec 2022-10-20T13:02:32 <Internal Server IP> <Remote IP> icmp
However, no traffic is able to cross the two VPNs. I am assuming this is because doing this bypasses the usual NAT functionality of IPSec, or something to that effect. How do I correctly link things up between the two VPNs?
Pages1
