OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of My_Network »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - My_Network

Pages: [1] 2
1
24.7 Production Series / RADIUS WITH WINDOWS NPS
« on: November 16, 2024, 03:06:25 am »
Hi,

I’m having an issue setting up RADIUS authentication using Windows Server NPS as the authentication server. I’ve followed all the relevant guides and documentation I could find on the topic, even those meant for pfSense. Despite that, something still seems to be wrong.

The networking side is working as expected—my firewall is communicating correctly with the server. When I use the tester, I get a response from the server that’s somewhat positive. It contains gibberish but includes the correct Class tag reading "admin," which was created and assigned the gui\all page permissions. This was copied from the default "admins" group.

The reason I say it’s only kind of working is that when I try logging in with the user, I get the error: "No page assigned to this user! Click here to log out." However, if I change the Class value in NPS to something other than "admin," the same issue occurs. It’s as if the system isn’t interpreting the Class value correctly.

Does anyone have ideas on what could help resolve this?

Thank you,

Nick

2
Zenarmor (Sensei) / Re: Problem reinstallaling Zenarmour afer factory reset
« on: October 12, 2024, 10:21:52 pm »
Hi Sy,

I tried that. Unfortunatly it did not worked. What eventualy worked is uninstalling the entire plugin and the do
"rm -r /usr/local/zenarmor" in shell. Reinstalled and it worked perfectly.

Thanks for your help.

Nick

3
Zenarmor (Sensei) / Problem reinstallaling Zenarmour afer factory reset
« on: October 12, 2024, 03:41:03 pm »
Hi everyone,

Just did a factory reset to try and resolve an OSPF issue I was having on my Firewall. Anyway, now i'm having an issue reinstallating my zenarmor plugin. It seems to be complaning abount it's database. I'm running 24.7.6. Hope it can be resolved without having to reinstall the entire os altogether. Iv'e attatched the install log of the installation we're somes errors can be found.

Thank you,

Nick

4
24.1 Legacy Series / FRR ospf Multi-instance Support
« on: April 02, 2024, 04:57:54 am »
Hi,

Im tying to figure out, how to activate multi-instance support to OSPF in the FRR pluging. In the documentation of the FRR plugin, it states that I need to mess with the "deamon" file that should be in /etc/frr/daemon, but that directory dosent seams to exit. Maby im not looking at the right place. I was able to add the router ospf "1" to the ospfd.cong files inside of /usr/local/etc/frr, but this makes to GUI freak out by not displaying the changes. Does Opnsense support Multi-instance OSPF?

Thank you,

Nick

5
24.1 Legacy Series / Kea dhcp lease revocation
« on: January 22, 2024, 04:50:24 am »
Hi,

Any way to manually revoke lease? I cant find any way of deleting a lease.

Thank you,

Nic

6
23.1 Legacy Series / Unbound DNS working in conjonction with DHCP server on Microsoft Server 2022
« on: May 31, 2023, 04:57:14 am »
Hi,

I was wondering if it would be possible to make UNBOUND DNS work and take over DNS request if my DHCP server is handle my a DHCP server running on an Microsoft Server 2022 box.

Thank you,

Nicl

7
23.1 Legacy Series / Re: 23.1.7_1 broke my Firewall
« on: May 29, 2023, 06:00:54 pm »
Hi Franco,

Im sorry to bother your again with this issue. But it is not resolved. I tought is was but it's not. It's been kind of working fine using this: "So I activated the "Dynamic gateway policy : This interface does not require an intermediate system to act as a gateway" in the Lan interface. Then, in Gateways, I checked the box to disable the GATEWAY monitoring for this Gateway so the dping would alwas show that interface as active. Left everything the same in my "FAR GATEWAY" single gateway. In my static route I then changed the GATEWAY to network 192.168.12.0/24 to "LAN_GW - inet" and reloaded / rebooted ". But im experimenting hickup and wierd "BUGS" like MS Teams not working but fine on 23.1.6..

Any way, I found out that I can not have My "LAN_GATEWAY" 192.168.15.1 and my "CISCO_WAN" 192.168.12.1 witch is the FAR GATEWAY running at the same time on 23.1.7_3 and 23.1.8 for that mather. For it to work on 23.1.7_3, the LAN_GATEWAY need's to be in "dynamic" for it's IP with "DISABLE GATEWAY MONITORING" turned on. Plus the "LAN_GATEWAY" alson need's to be set as the default gateway of my "CISCO_WAN" static route, witch make zero sence..

Rollback to 23.1.6 form 23.1.8 and everything is working 100% again.  :o

Thank you,

Nick

8
23.1 Legacy Series / Re: 23.1.7_1 broke my Firewall
« on: May 17, 2023, 11:40:47 pm »
Hi Franco,

I think you were right in the end. I had a configuration error. So here what I did to get thing working again. So I activated the "Dynamic gateway policy : This interface does not require an intermediate system to act as a gateway" in the Lan interface. Then, in Gateways, I checked the box to disable the GATEWAY monitoring for this Gateway so the dping would alwas show that interface as active. Left everything the same in my "FAR GATEWAY" single gateway. In my static route I then changed the GATEWAY to network 192.168.12.0/24 to "LAN_GW - inet" and reloaded / rebooted and it all started to work again like before. Cant explain why it does do, was looking foward for you input on this?

Please accept my appologies,

Nic

9
23.1 Legacy Series / Re: 23.1.7_1 broke my Firewall
« on: May 17, 2023, 02:00:04 pm »
Hi Franco,

Im sorry I was out of line. On a previous post you asked to show us our routing table before and after the upgrade. On 23.1.7_3 does not contain what 23.1.6 does.  :o In 23.1.6 you can clearly see that 192.168.12.0/24 is the gateway for my network.

Nic

10
23.1 Legacy Series / Re: 23.1.7_1 broke my Firewall
« on: May 17, 2023, 12:54:37 pm »
Hi Franco,

I kind of politely disagre that the new code in src/etc/inc/filter.inc and  /usr/local/sbin/pluginct dont have any impact on routing desision because as soon as we upgrade to the new firmware it fails to reach 192.168.12.0/24 that is perfecly reachable on 23.1.6 via my static route and to make the matter worse we are seeing error messages that are only present in the new code. On another note, I never had to make Virtual IP's to make my setup work.

Regards,

Nic


11
23.1 Legacy Series / Re: 23.1.7_1 broke my Firewall
« on: May 17, 2023, 12:43:23 am »
Hi Franco,

Here is an output of the asked LOG with all proposed patch:


<13>1 2023-05-16T18:34:57-04:00 OPNsense.localdomain opnsense 63457 - [meta sequenceId="3"] /usr/local/sbin/pluginctl: ROUTING: entering configure using defaults
<13>1 2023-05-16T18:34:57-04:00 OPNsense.localdomain opnsense 63457 - [meta sequenceId="4"] /usr/local/sbin/pluginctl: ROUTING: configuring inet default gateway on wan
<13>1 2023-05-16T18:34:57-04:00 OPNsense.localdomain opnsense 63457 - [meta sequenceId="5"] /usr/local/sbin/pluginctl: ROUTING: keeping current inet default gateway 'xxxxx'
<13>1 2023-05-16T18:34:59-04:00 OPNsense.localdomain opnsense 89022 - [meta sequenceId="9"] /usr/local/etc/rc.routing_configure: ROUTING: entering configure using defaults
<13>1 2023-05-16T18:34:59-04:00 OPNsense.localdomain opnsense 89022 - [meta sequenceId="10"] /usr/local/etc/rc.routing_configure: ROUTING: configuring inet default gateway on wan
<13>1 2023-05-16T18:34:59-04:00 OPNsense.localdomain opnsense 89022 - [meta sequenceId="11"] /usr/local/etc/rc.routing_configure: ROUTING: keeping current inet default gateway 'xx.xx.xx.xx'
<13>1 2023-05-16T18:38:12-04:00 OPNsense.localdomain opnsense 93565 - [meta sequenceId="3"] /usr/local/sbin/pluginctl: ROUTING: entering configure using defaults
<13>1 2023-05-16T18:38:12-04:00 OPNsense.localdomain opnsense 93565 - [meta sequenceId="4"] /usr/local/sbin/pluginctl: ROUTING: configuring inet default gateway on wan
<13>1 2023-05-16T18:38:12-04:00 OPNsense.localdomain opnsense 93565 - [meta sequenceId="5"] /usr/local/sbin/pluginctl: ROUTING: keeping current inet default gateway 'xx.xx.xx.xx'
<13>1 2023-05-16T18:38:14-04:00 OPNsense.localdomain opnsense 54979 - [meta sequenceId="9"] /usr/local/etc/rc.routing_configure: ROUTING: entering configure using defaults
<13>1 2023-05-16T18:38:14-04:00 OPNsense.localdomain opnsense 54979 - [meta sequenceId="10"] /usr/local/etc/rc.routing_configure: ROUTING: configuring inet default gateway on wan
<13>1 2023-05-16T18:38:14-04:00 OPNsense.localdomain opnsense 54979 - [meta sequenceId="11"] /usr/local/etc/rc.routing_configure: ROUTING: keeping current inet default gateway 'xx.xx.xx.xx'
<13>1 2023-05-16T18:38:50-04:00 OPNsense.localdomain opnsense 27513 - [meta sequenceId="12"] /usr/local/sbin/pluginctl: ROUTING: entering configure using defaults
<13>1 2023-05-16T18:38:50-04:00 OPNsense.localdomain opnsense 27513 - [meta sequenceId="13"] /usr/local/sbin/pluginctl: ROUTING: configuring inet default gateway on wan
<13>1 2023-05-16T18:38:50-04:00 OPNsense.localdomain opnsense 27513 - [meta sequenceId="14"] /usr/local/sbin/pluginctl: ROUTING: keeping current inet default gateway 'xx.xx.xx.xx'
<13>1 2023-05-16T18:38:52-04:00 OPNsense.localdomain opnsense 48269 - [meta sequenceId="18"] /usr/local/etc/rc.routing_configure: ROUTING: entering configure using defaults
<13>1 2023-05-16T18:38:52-04:00 OPNsense.localdomain opnsense 48269 - [meta sequenceId="19"] /usr/local/etc/rc.routing_configure: ROUTING: configuring inet default gateway on wan
<13>1 2023-05-16T18:38:52-04:00 OPNsense.localdomain opnsense 48269 - [meta sequenceId="20"] /usr/local/etc/rc.routing_configure: ROUTING: keeping current inet default gateway 'xx.xx.xx.xx'
<13>1 2023-05-16T18:38:53-04:00 OPNsense.localdomain opnsense 68645 - [meta sequenceId="21"] /usr/local/etc/rc.routing_configure: ROUTING: entering configure using defaults
<13>1 2023-05-16T18:38:53-04:00 OPNsense.localdomain opnsense 68645 - [meta sequenceId="22"] /usr/local/etc/rc.routing_configure: ROUTING: configuring inet default gateway on wan
<13>1 2023-05-16T18:38:53-04:00 OPNsense.localdomain opnsense 68645 - [meta sequenceId="23"] /usr/local/etc/rc.routing_configure: ROUTING: keeping current inet default gateway 'xx.xx.xx.xx'
<13>1 2023-05-16T18:39:01-04:00 OPNsense.localdomain opnsense 56798 - [meta sequenceId="25"] /usr/local/sbin/pluginctl: ROUTING: entering configure using defaults
<13>1 2023-05-16T18:39:01-04:00 OPNsense.localdomain opnsense 56798 - [meta sequenceId="26"] /usr/local/sbin/pluginctl: ROUTING: configuring inet default gateway on wan
<13>1 2023-05-16T18:39:01-04:00 OPNsense.localdomain opnsense 56798 - [meta sequenceId="27"] /usr/local/sbin/pluginctl: ROUTING: keeping current inet default gateway 'xx.xx.xx.xx'
<13>1 2023-05-16T18:39:03-04:00 OPNsense.localdomain opnsense 76629 - [meta sequenceId="31"] /usr/local/etc/rc.routing_configure: ROUTING: entering configure using defaults
<13>1 2023-05-16T18:39:03-04:00 OPNsense.localdomain opnsense 76629 - [meta sequenceId="32"] /usr/local/etc/rc.routing_configure: ROUTING: configuring inet default gateway on wan
<13>1 2023-05-16T18:39:03-04:00 OPNsense.localdomain opnsense 76629 - [meta sequenceId="33"] /usr/local/etc/rc.routing_configure: ROUTING: keeping current inet default gateway 'xx.xx.xx.xx'


My "FAR GATEWAY" is still not working on 27.1.7_3..

Log message:

2023-05-16T18:39:01-04:00
opnsense   /usr/local/sbin/pluginctl: Chose to bind CISCO_WAN on 192.168.15.1 since we could not find a proper match.


Reverting back to 23.1.6

Nic


12
23.1 Legacy Series / Re: 23.1.7_1 broke my Firewall
« on: May 16, 2023, 12:45:23 am »
Hi Franco,

I think I found what causing our issues with "FAR GATEWAYS". By removing this from src/etc/inc/filter.inc. I think you broke the ability to reach or find any other static route that point to where that gateway is. Would explain the issue that Gazd25 is having also.

            }
            $default_gw = $fw->getGateways()->getDefaultGW($down_gateways, $ipprotocol);
            if ($default_gw !== null && !empty($default_gw['gateway'])) {
                system_default_route($default_gw['gateway'], $default_gw['if'], isset($default_gw['fargw']));
            }

And then this bit of code also prevents FAR GATEWAYS that are "DOWN" from being a canditate to be gateways.

    foreach (['inet', 'inet6'] as $ipproto) {
        /* determine default gateway without considering monitor status */
        $gateway = $gateways->getDefaultGW([], $ipproto);
        $logproto = $ipproto == 'inet' ? 'IPv4' : 'IPv6';
        if ($gateway != null) {
            log_msg("ROUTING: {$logproto} default gateway set to {$gateway['interface']}", LOG_INFO);
            if ((empty($interface) || $interface == $gateway['interface']) && !empty($gateway['gateway'])) {
                log_msg("ROUTING: setting {$logproto} default route to {$gateway['gateway']}");
                system_default_route($gateway['gateway'], $gateway['interface'], isset($gateway['fargw']));
            } else {
                log_msg("ROUTING: skipping {$logproto} default route");


Thank you,

Nic




13
23.1 Legacy Series / Re: 23.1.7_1 broke my Firewall
« on: May 15, 2023, 02:40:31 am »
Good evening Gazd25,

Look like we have the exact same issue! In my config file there is no duplicate gateway's, iv'e looked and looked again. The issue is really regarding routing to ''far gateway's'' that's not working anymore in 23.1.7_3, but in 23.1.6 it works fine. Do you have static routes that points to that specific gateway? In my environnement I have 5 static routes that point to vlan's on my cisco router downstream with it's WAN interface. Hoping to get this sorted out. Would be more that happy to share more details if needed.

Regard  :o

Nic

14
23.1 Legacy Series / Re: 23.1.7_1 broke my Firewall
« on: May 14, 2023, 04:45:37 pm »
Hi Franco,

So after further investigation, it seem's that i dont have the same issue. There is no duplicate gateways. But the issue seems to be with: /usr/local/etc # cat rc.routing_configure. In 23.1.7_3 this script changes and seem to interfere somehow with ''FAR GATEWAYS'' that dont have physical interface.

Im out of ideas here.

Nic

15
23.1 Legacy Series / Re: 23.1.7_1 broke my Firewall
« on: May 12, 2023, 11:11:13 pm »
Hi Franco,

Finally was abe to get something out of opnsense-log | grep refusing. Dont know if this give you any clues on what could me my issue? Oh and intresting fact, just after the upgrade to 23.1.7_3, the issue arise only if I reload the "routing" service out of any other services!

<11>1 2023-05-12T16:43:28-04:00 OPNsense.localdomain opnsense 98415 - [meta sequenceId="92"] /usr/local/etc/rc.routing_configure: ROUTING: refusing to set inet gateway on addressless lan

Other intresting general log entry:

<13>1 2023-05-12T16:31:59-04:00 OPNsense.localdomain opnsense 74858 - [meta sequenceId="124"] /usr/local/etc/rc.linkup: Chose to bind CISCO_WAN_INT on 192.168.15.1 since we could not find a proper match.

Look like 192.168.12.0/24 is not being consired at all! 

+

If we look on the log of onw of Struppi awnsers! We see the same error but with the WAN interface:
- opnsense-badcase.log: this is the full log after the update and reboot (23.1.7_3)

<11>1 2023-05-10T12:33:04+02:00 OPNsense.dimo.nil opnsense 8359 - [meta sequenceId="32"] /usr/local/etc/rc.routing_configure: ROUTING: refusing to set inet gateway on addressless wan


Thank you,

Nic

Pages: [1] 2
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2