1
German - Deutsch / Re: Multiwan Failover Setup 2 Dual Stack Anschlüsse
« on: November 19, 2024, 07:19:48 pm »
Hey, hat jemand hierzu schon was gehabt? Bei mir gleiches Problem.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
24.1 Legacy Series / Same config not working on physical machine, sendto error 64 on GW
« on: June 04, 2024, 01:13:16 am »
Ahoy friends, how are you doing? 
I am currently trying to migrate my config to a physical machine due to performance issues with Proxmox. On my physical machine, I am using a lagg0 interface with different VLANs on it. VLAN 2100 is my WAN VLAN.
Everything on the LAN side works fine, but unfortunately, the WAN gateway is down, even though the interface is up and receives an IP from the ISP. However, I can't get the WAN working at all.
Even when I disable WAN monitoring, I am not able to ping remote hosts; it always says that the host is down, as in the case of pinging 8.8.8.8.
What could be wrong here? I haven't been able to figure it out yet. Thanks in advance!
On my VM this exact config works fine.
I am currently trying to migrate my config to a physical machine due to performance issues with Proxmox. On my physical machine, I am using a lagg0 interface with different VLANs on it. VLAN 2100 is my WAN VLAN.
Everything on the LAN side works fine, but unfortunately, the WAN gateway is down, even though the interface is up and receives an IP from the ISP. However, I can't get the WAN working at all.
Even when I disable WAN monitoring, I am not able to ping remote hosts; it always says that the host is down, as in the case of pinging 8.8.8.8.
What could be wrong here? I haven't been able to figure it out yet. Thanks in advance!
On my VM this exact config works fine.
Code: [Select]
root@sin01-edge-opnsense-fw01:~ # ping 7.7.7.7
PING 7.7.7.7 (7.7.7.7): 56 data bytes
ping: sendto: Host is down
ping: sendto: Host is down
^C
--- 7.7.7.7 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
root@sin01-edge-opnsense-fw01:~ # 8.8.8.8
8.8.8.8: Command not found.
root@sin01-edge-opnsense-fw01:~ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down3
Virtual private networks / Help Needed: Troubleshooting IPsec Site-to-Site Tunnel with OPNsense and Forti
« on: April 16, 2024, 04:05:27 pm »
Hello everyone,
I hope you're all doing well. I'm currently working on establishing a site-to-site tunnel using IPsec and IKEv2, and I've run into a bit of a snag that I'm hoping you could help me troubleshoot.
Here’s the setup:
- **Local endpoint:** OPNsense 22.7 appliance
- **Remote endpoint:** FortiGate firewall
- **Routing:** Policy routing implemented
The tunnel is active, and connectivity seems partially established. The remote host can attempt to ping the local endpoint; however, the local endpoint does not respond. Furthermore, when I SSH into the OPNsense appliance, I'm unable to ping both the remote host and my local IPsec interface. Intriguingly, attempts to ping the local IPsec interface are being routed through the default gateway, leading to no responses:
It seems like there might be a routing issue, especially for the local connected interface. Have any of you experienced something similar or have insights on what might be going wrong here? Any suggestions or guidance would be greatly appreciated.
Thank you in advance for your help!
I hope you're all doing well. I'm currently working on establishing a site-to-site tunnel using IPsec and IKEv2, and I've run into a bit of a snag that I'm hoping you could help me troubleshoot.
Here’s the setup:
- **Local endpoint:** OPNsense 22.7 appliance
- **Remote endpoint:** FortiGate firewall
- **Routing:** Policy routing implemented
The tunnel is active, and connectivity seems partially established. The remote host can attempt to ping the local endpoint; however, the local endpoint does not respond. Furthermore, when I SSH into the OPNsense appliance, I'm unable to ping both the remote host and my local IPsec interface. Intriguingly, attempts to ping the local IPsec interface are being routed through the default gateway, leading to no responses:
Code: [Select]
root@sin01-edge-opnsense-fw01:~ # ping 198.18.192.15
PING 198.18.192.15 (198.18.192.15): 56 data bytes
^C
--- 198.18.192.15 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
root@sin01-edge-opnsense-fw01:~ # ping 198.18.192.16
PING 198.18.192.16 (198.18.192.16): 56 data bytes
^C
--- 198.18.192.16 ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss
root@sin01-edge-opnsense-fw01:~ # traceroute 198.18.192.16
traceroute to 198.18.192.16 (198.18.192.16), 64 hops max, 40 byte packets
1 192.168.178.1 (192.168.178.1) 0.988 ms 1.104 ms 1.498 ms
It seems like there might be a routing issue, especially for the local connected interface. Have any of you experienced something similar or have insights on what might be going wrong here? Any suggestions or guidance would be greatly appreciated.
Thank you in advance for your help!
4
22.7 Legacy Series / Re: Build 22.7.11 from source fails, proper parameters?
« on: September 08, 2023, 02:19:56 pm »
Thank you so much!
Now i have a working build
Thanks!
Now i have a working build
Thanks!Code: [Select]
1+0 records out
4096 bytes transferred in 0.000126 secs (32562207 bytes/sec)
Creating `/usr/obj/usr/tools/config/22.7/OpenSSL:amd64/efiboot.img'
/usr/obj/usr/tools/config/22.7/OpenSSL:amd64/efiboot.img: 4039 sectors in 4039 FAT12 clusters (512 bytes/cluster)
BytesPerSec=512 SecPerClust=1 ResSectors=1 FATs=2 RootDirEnts=512 Sectors=4096 Media=0xf0 FATsecs=12 SecPerTrack=63 Heads=255 HiddenSecs=0
Populating `/usr/obj/usr/tools/config/22.7/OpenSSL:amd64/efiboot.img'
Image `/usr/obj/usr/tools/config/22.7/OpenSSL:amd64/efiboot.img' complete
>>> Building dvd image... -- 0:make -- time-stamp -- Sep/08/23 13:09:44 --
-- 0:make -- time-stamp -- Sep/08/23 13:09:47 --
done
5
22.7 Legacy Series / Re: Build 22.7.11 from source fails, proper parameters?
« on: September 08, 2023, 10:37:51 am »
Thanks a lot already!
One more question Are there any log files or anything else generated by the build process?
Unfortunately the build fails with error 1.
One more question
Are there any log files or anything else generated by the build process?Unfortunately the build fails with error 1.
Code: [Select]
-rw-r--r-- 1 root wheel 805M Sep 8 03:07 packages-22.7.11-OpenSSL-amd64.tar
>>> WARNING: The build provided additional info.
>>> Package list inconsistency for emulators/qemu-guest-agent
>>> Package list inconsistency for net/librdkafka
>>> Package list inconsistency for www/squid
>>> ERROR: The build encountered fatal issues!
>>> Aborted version 1.12.4_4 for sysutils/consul
*** Error code 1
Stop.
make: stopped in /usr/tools
6
22.7 Legacy Series / Re: Build 22.7.11 from source fails, proper parameters?
« on: September 07, 2023, 02:24:54 pm »If your goal is to simply acquire a vanilla 22.7.11 iso, there's a faster way. From my cookbook:Code: [Select]cd /usr
git clone https://github.com/opnsense/tools
cd tools
make update OS=13.1 SRCBRANCH=stable/22.7 PLUGINSBRANCH=stable/22.7 COREBRANCH=stable/22.7 VERSION=22.7.11
make prefetch-base,kernel VERSION=22.7.9
rsync -vaz rsync://mirror.ams1.nl.leaseweb.net/opnsense/FreeBSD:13:amd64/22.7/MINT/22.7.11/OpenSSL /tmp/opnsense
tar -C /tmp/opnsense/OpenSSL -cf /usr/local/opnsense/build/22.7/amd64/sets/packages-22.7.11-OpenSSL-amd64.tar .
make dvd
Shouldn't take too long.
Cheers
Maurice
Thanks a lot!
Yes that's what i wanted to achive, i'd like to build a simple Vanilla image for VMs as well as ARM.
One more question, which system did you use to build? I've used FreeBSD 13.1 now, but unfortunately the proper 'pkg' version is not available anymore for 13.1, so the one for 13.2 is being installed instead which leads to the following error.
Asked in the FreeBSD IRC for help, but they simply said 'FreeBSD 13.1 is EOL, don't use it'
Thanks in advance!
Code: [Select]
>>> Running build step: ports
>>> Passing arguments: (none)
Installed pkg version '1.19' does not match required version '1.18'
*** Error code 1
Stop.
make: stopped in /usr/tools
7
22.7 Legacy Series / Build 22.7.11 from source fails, proper parameters?
« on: September 06, 2023, 08:29:01 pm »
Hello everyone! I hope you're all doing well. I've been using OPNsense for a while now and have several systems set up in my home environment. To conduct some further testing, I decided to build the 22.7.11 release from scratch on a FreeBSD 13.1 machine. I followed these steps to clone the git repository and initiate the build process:
However, I encountered an issue during the build process, which led to a failure after approximately 12 hours of building. The error message I received is as follows:
I'm wondering what might be causing this issue, and if there are any specific commands or additional parameters I need to provide in order to successfully build a DVD image for the 22.7.11 release. Thank you in advance for your assistance!
Somehow 23.7.x packages are in between, something seems to be mixed.
Code: [Select]
git clone --depth 1 --branch 22.7.11 https://github.com/opnsense/tools
env ROOTDIR=/tmp/opnsense TOOLSBRANCH=22.7.11 OS=13.1 make update
env ROOTDIR=/tmp/opnsense TOOLSBRANCH=22.7.11 OS=13.1 make dvdHowever, I encountered an issue during the build process, which led to a failure after approximately 12 hours of building. The error message I received is as follows:
Code: [Select]
Number of packages to be removed: 11
The operation will free 109 MiB.
[1/11] Deinstalling squid-5.9...
[1/11] Deleting files for squid-5.9: 100%
==> You should manually remove the "squid" user.
==> You should manually remove the "squid" group
[2/11] Deinstalling krb5-1.21.2...
[2/11] Deleting files for krb5-1.21.2: 100%
[3/11] Deinstalling openldap24-client-2.4.59_4...
[3/11] Deleting files for openldap24-client-2.4.59_4: 100%
[4/11] Deinstalling cyrus-sasl-2.1.28...
[4/11] Deleting files for cyrus-sasl-2.1.28: 100%
To delete Cyrus user permanently, use 'pw userdel cyrus'
To delete Cyrus group permanently, use 'pw groupdel cyrus'
[5/11] Deinstalling gmake-4.3_2...
[5/11] Deleting files for gmake-4.3_2: 100%
[6/11] Deinstalling readline-8.2.1...
[6/11] Deleting files for readline-8.2.1: 100%
[7/11] Deinstalling gettext-runtime-0.22_1...
[7/11] Deleting files for gettext-runtime-0.22_1: 100%
[8/11] Deinstalling pkg-1.19.2...
[8/11] Deleting files for pkg-1.19.2: 100%
[9/11] Deinstalling indexinfo-0.3.1...
[9/11] Deleting files for indexinfo-0.3.1: 100%
[10/11] Deinstalling openssl-1.1.1v,1...
[10/11] Deleting files for openssl-1.1.1v,1: 100%
[11/11] Deinstalling perl5-5.32.1_4...
[11/11] Deleting files for perl5-5.32.1_4: 100%
Creating repository in /usr/obj/tmp/opnsense/tools/config/22.7/OpenSSL:amd64/.pkg-new/: 100%
Packing files for repository: 100%
>>> Removing packages set
>>> Creating package mirror set for 23.7.3_60-OpenSSL-amd64... done
-rw-r--r-- 1 root wheel 858M Sep 6 12:32 packages-23.7.3_60-OpenSSL-amd64.tar
>>> ERROR: The build encountered fatal issues!
>>> Aborted version 1.12a for sysutils/cciss_vol_status
>>> Aborted version 7.26.0 for sysutils/puppet7
*** Error code 1
Stop.
make: stopped in /tmp/opnsense/toolsI'm wondering what might be causing this issue, and if there are any specific commands or additional parameters I need to provide in order to successfully build a DVD image for the 22.7.11 release. Thank you in advance for your assistance!
Somehow 23.7.x packages are in between, something seems to be mixed.
8
23.1 Legacy Series / Re: Slow one way iperf3 inter vlan routing
« on: August 28, 2023, 09:07:49 pm »
Were you able to solve this issue? I'm having the same problem.
9
22.7 Legacy Series / FRR broken, setsockopt_so_recvbuf
« on: January 30, 2023, 11:00:40 am »
Hey friends how are you doing.
I'm trying to use FRR in order to use OSPF. Unfortunately the frr plugin is throwing errors, also during install i already got this message on both machines.
These are the messages i see.
I've found this thread, but it's quite old and unfortunately didn't apply in my case.
https://forum.opnsense.org/index.php?topic=26857.0
Is there something broken with the FRR package? Thanks in advance!
I'm trying to use FRR in order to use OSPF. Unfortunately the frr plugin is throwing errors, also during install i already got this message on both machines.
These are the messages i see.
Code: [Select]
[EC 100663299] setsockopt_so_recvbuf: fd 13: SO_RCVBUF set to 2097152 (requested 8388608)
[EC 100663299] setsockopt_so_sendbuf: fd 13: SO_SNDBUF set to 2097152 (requested 8388608)I've found this thread, but it's quite old and unfortunately didn't apply in my case.
https://forum.opnsense.org/index.php?topic=26857.0
Is there something broken with the FRR package? Thanks in advance!
10
22.7 Legacy Series / Traffic being dropped occasionally during inter-VLAN routing
« on: January 29, 2023, 02:27:49 pm »
Hey friends, how are you doing.
I have migrated my network from using OpenWrt to OPNsense and i am extremely satisfied.
Unfortunatly i am encountering some weird behaviour.
I have got a bunch of servers, accessible through my management VLAN 110 in 172.20.32.0/19.
My trusted LAN network is in VLAN 3 in 192.168.3.0/24.
Now the interesting part. A lot of times now, when i establish SSH connections from one of my PCs in 192.168.3.0/24, to one of my servers in 172.20.32.0/19 the connection is dropped after some random amount of time. It occurs very frequently, and after a bunch of seconds.
Some example, of SSH connection going down, while being logged into my TrueNAS machine.
Whenever a connection dies to any of my servers its aborted with closed by remote host message.
Even SSH ZFS replications on TrueNAS, to a different subnet, loose their SSH connection the same way.
When SSHing inside of one subnet, so not going through the OPNsense appliance it works flawlessly.
Also another example. When trying to iperf3 to a different subnet, there is simply starvation. No traffic at all. Going through the directly connected subnet it works fine.
What is wrong here? Did anyone encounter some similar behaviour before?
Thanks in advance!
I have migrated my network from using OpenWrt to OPNsense and i am extremely satisfied.
Unfortunatly i am encountering some weird behaviour.
I have got a bunch of servers, accessible through my management VLAN 110 in 172.20.32.0/19.
My trusted LAN network is in VLAN 3 in 192.168.3.0/24.
Now the interesting part. A lot of times now, when i establish SSH connections from one of my PCs in 192.168.3.0/24, to one of my servers in 172.20.32.0/19 the connection is dropped after some random amount of time. It occurs very frequently, and after a bunch of seconds.
Some example, of SSH connection going down, while being logged into my TrueNAS machine.
Code: [Select]
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
root@truenas[~]# debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: channel 0: free: client-session, nchannels 1
Connection to 172.20.32.5 closed by remote host.
Connection to 172.20.32.5 closed.
Transferred: sent 2992, received 47976 bytes, in 94.1 seconds
Bytes per second: sent 31.8, received 510.1
debug1: Exit status -1Whenever a connection dies to any of my servers its aborted with closed by remote host message.
Even SSH ZFS replications on TrueNAS, to a different subnet, loose their SSH connection the same way.
When SSHing inside of one subnet, so not going through the OPNsense appliance it works flawlessly.
Also another example. When trying to iperf3 to a different subnet, there is simply starvation. No traffic at all. Going through the directly connected subnet it works fine.
Code: [Select]
chairman@fedora:~$ iperf3 -c 192.168.200.5
Connecting to host 192.168.200.5, port 5201
[ 5] local 192.168.3.22 port 50422 connected to 192.168.200.5 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 386 KBytes 3.16 Mbits/sec 2 1.41 KBytes
[ 5] 1.00-2.00 sec 0.00 Bytes 0.00 bits/sec 1 1.41 KBytes
[ 5] 2.00-3.00 sec 0.00 Bytes 0.00 bits/sec 0 1.41 KBytes
[ 5] 3.00-4.00 sec 0.00 Bytes 0.00 bits/sec 1 1.41 KBytes
[ 5] 4.00-5.00 sec 0.00 Bytes 0.00 bits/sec 0 1.41 KBytes
[ 5] 5.00-6.00 sec 0.00 Bytes 0.00 bits/sec 0 1.41 KBytes
[ 5] 6.00-7.00 sec 0.00 Bytes 0.00 bits/sec 1 1.41 KBytes
[ 5] 7.00-8.00 sec 0.00 Bytes 0.00 bits/sec 0 1.41 KBytes
[ 5] 8.00-9.00 sec 0.00 Bytes 0.00 bits/sec 0 1.41 KBytes
[ 5] 9.00-10.00 sec 0.00 Bytes 0.00 bits/sec 0 1.41 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 386 KBytes 316 Kbits/sec 5 sender
[ 5] 0.00-10.00 sec 65.0 KBytes 53.3 Kbits/sec receiver
iperf Done.Code: [Select]
chairman@fedora:~$ iperf3 -c 192.168.3.5
Connecting to host 192.168.3.5, port 5201
[ 5] local 192.168.3.22 port 41500 connected to 192.168.3.5 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 113 MBytes 946 Mbits/sec 12 153 KBytes
[ 5] 1.00-2.00 sec 111 MBytes 933 Mbits/sec 9 158 KBytes
[ 5] 2.00-3.00 sec 112 MBytes 939 Mbits/sec 6 212 KBytes
[ 5] 3.00-4.00 sec 111 MBytes 933 Mbits/sec 11 96.2 KBytes
[ 5] 4.00-5.00 sec 111 MBytes 933 Mbits/sec 12 204 KBytes
[ 5] 5.00-6.00 sec 111 MBytes 932 Mbits/sec 9 136 KBytes
[ 5] 6.00-7.00 sec 112 MBytes 940 Mbits/sec 10 161 KBytes
[ 5] 7.00-8.00 sec 111 MBytes 932 Mbits/sec 11 168 KBytes
[ 5] 8.00-9.00 sec 111 MBytes 932 Mbits/sec 13 171 KBytes
[ 5] 9.00-10.00 sec 111 MBytes 933 Mbits/sec 9 184 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 1.09 GBytes 936 Mbits/sec 102 sender
[ 5] 0.00-10.00 sec 1.09 GBytes 934 Mbits/sec receiver
iperf Done.What is wrong here? Did anyone encounter some similar behaviour before?
Thanks in advance!
Pages: [1]