Messages

[/usr/local/etc/rc.syshook.d/start/99-route-fix]

I have this experience on slow switch reconnection. This solved my problem:

add from ssh shell: /usr/local/etc/rc.syshook.d/start/99-route-fix:
(do not forget chmod +x 99-route-fix !!!)

#!/bin/sh
# Wait 10 seconds to ensure the parent interface and VLANs are fully stable
sleep 10
# This is the actual backend script that reloads all routing logic,other as "configctl route reload" or "configctl interface reconfigure" did not help
/usr/local/etc/rc.routing_configure

It seems to be bug on 26.1.4? I thing routes must  be rebuild after initializing of slowest one interface.

I got the same problem, wasted a lot ot of time till I found this recommendation about fixing by disabling

   chrome://flags/#enable-experimental-web-platform-features.

I tried clearing the cache, disabling plugins, etc. It might be interesting to investigate this incidence mechanism a little deeper.w
Error message

   Form submission failed, as the <SELECT> element named '' was implicitly closed by reaching the end of the file

look very crazy. After Google deploys some experimental feature to the common version, maybe the problem reappears?

Hi,

late answer but I hope it helps someone. I just got the same problem as PassionLynx. I found that as default firewall randomizes the source port on passing packets out. On UDP it can break some apps. Typicaly some streaming or VOIP apps. The reason for this is security by obfuscating info about source port app allocation. But bidirectional UDP traffic needs this to keep the "punch hole" automatically open for bidirectional traffic.

I discovered how to solve this problem. You have two options:

1. If you want to keep NAT more secure, you can create a special Outbound NAT rule only for your app, usually it is enough to specify the destination port or server address and 'STATIC' parameter enabled.

2. You can replace the default NAT rule with a manually configured one with the same parameters as the default one with the difference in 'STATIC' parameter.

Before you are able to make this change you must switch to Manual or Hybrid outbound NAT rule generation

If you can not predict the destination or source address or port, you must use option 2. I think that security risk at this case increase is usually minimal.

Hello,

After upgrading from 22.7 to 23.1.3 my IPSEC tunnel link stopped working.
Because VPN link was not critical and I decided to clean up my config so
I installed fresh 23.1 from scratch. and immediately updated to 23.1.4_1.

As the first thing I tried to config IPSEC tunnel by new "Connections (swantcl.conf)"
way. But I missed any doc, (it supposes experienced StrongSwan experts only?),
so I returned to the "legacy - Tunnel settings" way.

But it seems that any setting of legacy tunnel phase1 does not generate config files for
tunnels. /usr/local/etc/ipsec.conf nor stongswanc.conf. does not reflect any GUI config.

In partialy updated OPNsense IPSEC doc there is an announced "feature freeze on tunnels" in future.
But it seems that legacy tunnel related code is removed too soon.

Any tips on what to check? Maybe I missed some critical step on IPSEC building/activation, but log files
have no glue for me..

I have not much experience with IPSEC, but i am fluent in linux/bsd CLI, so I looked at scripts
and logs, tried to start things from cli, etc. But maybe not enough deep to find where is problem.