Messages

The same problem. After updating the DNS, requests are no longer processed.

OrgA (Right):
The FW icon is OPN, right?
 With 3 interfaces?
* WAN - 192.168.0.254/24
* LAN - 172.17.32.1/21
* KSPD_A - 10.62.65.254/24

Yes. this is an OPNsense.

The WAN is used to access the Internet. KSPD is a secure network with no Internet access. To access both networks from the same computer, I use a LAN with prescribed access to services via System: Routes

interface

OrgB (Left) has one interface KSPD_B - 10.62.70.254/24
Clarity was be improved if interfaces had different names in both orgs... We're looking at screens and it's not obvious which side they belong too.

coordinator

And then there's a machine in OrgA that's dual homed (on LAN & KSPD)???

I tried to register 172.17.39.13/21 and 10.62.65.13/24 on the same interface so that 10.65.70.59 would gain access to the server.

What we are seeing as blocked in the recent log is a obviously respond packet from 10.62.65.13. This means, that the request packet obviously didn't pass OPNsense.
So possibly it went directly from the KSPD to 10.62.65.13. But this machine used OPNsene as default gateway and hence sens packets destined to the other building to it.

Your network diagram shows that the KSPD has als an IP in 10.62.65.0/24. Naturally it sends packets destined to 10.62.65.13 directly to the device, but not to OPNsense.

Disabled the second interface on the server, which was directly connected to 10.62.65.0/24. Only Lan 172.17.39.13/21 remained + additionally registered 10.62.65.13 on the card.


Another log

I started DHCP on KSPD and got this log

log

Now incoming traffic from IP 10.62.70.59/24 has completely disappeared, there is only outgoing traffic.

this is the only thing that is recorded in the

log

I'll try to fix the network now

Organization A KSPD
gateway 10.62.65.254

Organization B KSPD
gateway 10.62.65.254

lan gateway 172.17.32.1


Both organizations use a coordinator to communicate with each other via the KSPD channel.

Yes, I use natting the traffic so that the lan united one network.

I did as you said, but opnsense still blocks the connection.

KSPD
log

Please tell me what rule and on what interface should there be so that 10.62.70.0/24 can interact with all other networks?

Yes, I need to be able to connect from 10.62.70.10/24 to 10.62.65.0/24, and even better, I need the 172.17.32.0/21 network to also be able to interact with these networks.

There is an organization network, everything works properly. The organization built another building. The networks are united using a secure channel (KSPD). The problem arose in that from the address 10.62.65.13 you can easily connect to 10.62.70.59, but on the contrary, opnsense blocks the connection. For the third day I cannot understand what this is connected with. Please help me solve the problem.

network diagram

lan

KSPD

log

After switching to 25.1.6_4, the host names in Reporting: Traffic stopped being displayed. Previously, the developers implemented this moment. Can you tell me what could be the reason?

Realization

The solution to the authorization problem is solved here

https://github.com/opnsense/core/commit/413f49c3ef68c0269a7163410b01a19c7a2fa4b5#diff-a83c0e9291cd5f0655cbd690b0bfaaef4b91db4ca9e04a4f36520ec2777d29c9

I have installed updates, but there are a lot of errors in the log. Can someone remind me of the command to reinstall all packages?

I tried running Dnsmasq DNS, it still doesn't work. Unbound DNS changed the checkboxes in the main settings, the only thing I added was static host.