"
Mir ist gerade eingefallen, dass der Benutzer den ich im Verbindungsstatus gesehen hatte, gar nicht in der Gruppe war, habe mich testweise hinzugefügt und man sieht tatsächlich nur die interne Pool-IP.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
German - Deutsch / Re: System-Aliase für die externe IP von OpenVPN-Benutzern
April 10, 2025, 09:33:28 PM #2
German - Deutsch / Re: System-Aliase für die externe IP von OpenVPN-Benutzern
April 09, 2025, 05:37:43 PM
Ich meine das OpenVPN-Interface in der Firewall, es funktioniert ja in der Praxis mit manuell gepflegten Hosts (öffentliche IPs), nur halt nicht benutzerbasiert über die OpenVPN-Benutzer.
#3
German - Deutsch / Re: System-Aliase für die externe IP von OpenVPN-Benutzern
April 08, 2025, 08:58:00 PM
Ja, erstmal blockiere ich z. B. für OpenVPN per GeoIP alle Länder außer Deutschland. Jetzt will ich alle OpenVPN-Benutzer in der Gruppe "external" zusätzlich über ihre öffentliche IP freigeben. Das funktioniert aber nicht, deshalb müssen mir die Benutzer im Ausland ihre IP mitteilen und ich trage sie manuell ein.
Das könnte ja automatisch und benutzerbasiert passieren, da OPNsense ja die externe IP des OpenVPN-Benutzers bekannt ist, wie man im Dashboard sieht.
Das könnte ja automatisch und benutzerbasiert passieren, da OPNsense ja die externe IP des OpenVPN-Benutzers bekannt ist, wie man im Dashboard sieht.
#4
Virtual private networks / Re: Some confusion with 1:1 OpenVPN migration legacy to Instances
April 02, 2025, 10:16:53 PM
When I look at the tutorial again I see why I did the mistake with the bind address.
https://docs.opnsense.org/manual/how-tos/sslvpn_instance_roadwarrior.html
The bind address is 10.10.8.1 (WAN), which is very similar to the VPN pool network address 10.1.8.0, so I misread that as 10.1.8.1.
By the way there is a mistake in the schema, the road warrior IP shows 10.2.8.2 when it should read 10.0.8.2.
I think I also understand now why there is not a migration assistant because the encryption algorithm (--cipher) is deprecated since server version 2.4.0. It's probably hidden to discourage its use.
If you want to do a 1:1 migration to save distributing the configs to the clients again you have to activate the "advanced mode" in the new instance and change "Auth" and "Data Ciphers" to match the legacy configuration.
Also according to the OpenVPN reference manual the default auth digest algorithm is SHA1 which differs from the old legacy tutorial where it is SHA512, isn't that contradicting the own recommendations from the previous tutorial? Or is "OpenVPN default" in OPNsense an own definition?
https://docs.opnsense.org/manual/how-tos/sslvpn_instance_roadwarrior.html
The bind address is 10.10.8.1 (WAN), which is very similar to the VPN pool network address 10.1.8.0, so I misread that as 10.1.8.1.
By the way there is a mistake in the schema, the road warrior IP shows 10.2.8.2 when it should read 10.0.8.2.
I think I also understand now why there is not a migration assistant because the encryption algorithm (--cipher) is deprecated since server version 2.4.0. It's probably hidden to discourage its use.
If you want to do a 1:1 migration to save distributing the configs to the clients again you have to activate the "advanced mode" in the new instance and change "Auth" and "Data Ciphers" to match the legacy configuration.
Also according to the OpenVPN reference manual the default auth digest algorithm is SHA1 which differs from the old legacy tutorial where it is SHA512, isn't that contradicting the own recommendations from the previous tutorial? Or is "OpenVPN default" in OPNsense an own definition?
#5
Virtual private networks / Re: Some confusion with 1:1 OpenVPN migration legacy to Instances
March 31, 2025, 07:50:37 PM
Yeah, I got that now. But isn't it a step backwards. Before you could provide multiple system aliases like LAN1, WAN2 etc.
Now you can only provide a single IP which is not dynamically updated like the previous system aliases.
Edit: Sorry, I just checked again and the old "Interface" field was just a single-select field, not a multi-select field.
Now you can only provide a single IP which is not dynamically updated like the previous system aliases.
Edit: Sorry, I just checked again and the old "Interface" field was just a single-select field, not a multi-select field.
#6
24.7, 24.10 Legacy Series / OPNsense sometimes rebooting instead of shutting down
January 15, 2025, 08:47:21 PM
So every night I shut down my PC, then I shut down OPNsense via a single press on the power button, then I turn of my switched power strips of the PC and my hi-fi system and at last I turn off the PSU switches off my cable router and the OPNsense box.
But once in a blue moon OPNsense doesn't shut down but reboots.
Here are the general logs of two shutdowns, the second one (Jan. 14th) had that behavior, the other one (Jan. 13th) didn't have it.
But the strange thing is there is nothing in the general log between 22:52:39 and 17:16:45 when I heard the boot sound of OPNsense.
A normal shutdown is no more possible then. I then have to do a hard shutdown of the OPNsense box (holding down the power button for some seconds).
So how can I find the issue here? And by the way why is the boot log only starting from the last boot?
But once in a blue moon OPNsense doesn't shut down but reboots.
Here are the general logs of two shutdowns, the second one (Jan. 14th) had that behavior, the other one (Jan. 13th) didn't have it.
Code Select
2025-01-14T16:47:21 Notice kernel Copyright (c) 1992-2023 The FreeBSD Project.
2025-01-14T16:47:21 Notice kernel ---<<BOOT>>---
2025-01-14T16:47:21 Notice syslog-ng syslog-ng starting up; version='4.8.1'
2025-01-13T22:46:46 Notice kernel <118>>>> Invoking stop script 'config'
2025-01-13T22:46:46 Notice syslog-ng syslog-ng shutting down; version='4.8.1'
2025-01-13T22:46:46 Notice kernel <118>>>> Invoking backup script 'rrd'
2025-01-13T22:46:46 Notice kernel <118>>>> Invoking backup script 'netflow'
2025-01-13T22:46:46 Notice kernel <118>>>> Invoking backup script 'duid'
2025-01-13T22:46:46 Notice kernel <118>>>> Invoking backup script 'dhcpleases'
2025-01-13T22:46:46 Notice kernel <118>>>> Invoking backup script 'captiveportal'
2025-01-13T22:46:46 Notice kernel <118>>>> Invoking stop script 'backup'
2025-01-13T22:46:45 Notice kernel <118>Waiting for PIDS: 9752.
2025-01-13T22:46:45 Notice kernel <118>Stopping dnscrypt_proxy.
2025-01-13T22:46:44 Notice kernel <118>>>> Invoking stop script 'freebsd'
2025-01-13T22:46:43 Notice kernel <118>>>> Invoking stop script 'beep'
2025-01-15T17:16:45 Notice kernel Copyright (c) 1992-2023 The FreeBSD Project.
2025-01-15T17:16:45 Notice kernel ---<<BOOT>>---
2025-01-15T17:16:45 Notice syslog-ng syslog-ng starting up; version='4.8.1'
2025-01-14T22:52:39 Notice syslog-ng syslog-ng shutting down; version='4.8.1'
2025-01-14T22:52:39 Notice kernel <118>>>> Invoking stop script 'config'
2025-01-14T22:52:39 Notice kernel <118>>>> Invoking backup script 'rrd'
2025-01-14T22:52:39 Notice kernel <118>>>> Invoking backup script 'netflow'
2025-01-14T22:52:39 Notice kernel <118>>>> Invoking backup script 'duid'
2025-01-14T22:52:39 Notice kernel <118>>>> Invoking backup script 'dhcpleases'
2025-01-14T22:52:38 Notice kernel <118>>>> Invoking backup script 'captiveportal'
2025-01-14T22:52:38 Notice kernel <118>>>> Invoking stop script 'backup'
2025-01-14T22:52:37 Notice kernel <118>Waiting for PIDS: 37745.
2025-01-14T22:52:37 Notice kernel <118>Stopping dnscrypt_proxy.
2025-01-14T22:52:36 Notice kernel <118>>>> Invoking stop script 'freebsd'
2025-01-14T22:52:35 Notice kernel <118>>>> Invoking stop script 'beep'But the strange thing is there is nothing in the general log between 22:52:39 and 17:16:45 when I heard the boot sound of OPNsense.
A normal shutdown is no more possible then. I then have to do a hard shutdown of the OPNsense box (holding down the power button for some seconds).
So how can I find the issue here? And by the way why is the boot log only starting from the last boot?
#7
24.7, 24.10 Legacy Series / Re: Traffic Graph in Lobby Strange Behaviour
December 13, 2024, 06:11:57 PM
Thanks, after updating my OPNsense I noticed this bug too. My clock was running 22 seconds in advance. Was fixed after updating the time.
Anybody else noticed weird behaviour of Windows 11 23H2 after the KB5048685 update?
After the login screen I get a black screen for some seconds and the loading of the taskbar is very delayed.
Also high CPU from "Service host DCOM server process launcher" and wsappx. I locked my Windows 11 to 23H2 because of all the AI crap in 24H2 like Copilot and Recall but maybe I have to switch to FreeBSD sooner than I planned. :)
Anybody else noticed weird behaviour of Windows 11 23H2 after the KB5048685 update?
After the login screen I get a black screen for some seconds and the loading of the taskbar is very delayed.
Also high CPU from "Service host DCOM server process launcher" and wsappx. I locked my Windows 11 to 23H2 because of all the AI crap in 24H2 like Copilot and Recall but maybe I have to switch to FreeBSD sooner than I planned. :)
#8
Hardware and Performance / Re: Issue with SFP-GE-BX Connection on OPNsense Firewall
December 12, 2024, 07:03:18 PMQuote from: mxm_marcin on July 08, 2024, 12:34:29 PMThe installed transceiver supports 1 Gbps, while the motherboard supports 10 Gbps. Could this be a problem?
Yes, that could be the problem, see here: https://www.reddit.com/r/PFSENSE/comments/t317nv/no_link_on_sfps_with_supermicro_server_ubiquiti/
#9
General Discussion / Re: High inblock packet count on passive LAN interfaces
November 20, 2024, 06:57:45 PM
Ah, thank you, that makes sense, maybe I should RTFM, I thought 'm' was for mega, i.e. millions. ;D
That would have been in the realm of a 100 GBit/s NIC.
That would have been in the realm of a 100 GBit/s NIC.
#10
24.7, 24.10 Legacy Series / Re: os-smart detects wrong device
September 26, 2024, 06:24:11 PM
The plugin also has to be updated for the new dashboard, it can't be selected in the widgets list.
#11
German - Deutsch / Re: Plötzlicher Neustart bei opnsense-code
August 02, 2024, 07:38:13 PM
Wie alt sind denn deine gebrauchten Fujitsu FUTROs? Die Datenblätter die ich finde sind von 2017. War der Arbeitsspeicher den du probiert hattest neu oder auch gebraucht? Neueste Firmware drauf (V4.6.5.4 - R1.16.0 (13.08.2018))?
#12
Hardware and Performance / Re: ONT 82599ES GPON-ONU-34-20BI
April 09, 2024, 09:16:47 PM
Did you try the tunable
as mentioned in this thread?
https://forums.freebsd.org/threads/intel-sfp-card-not-compatible.85348/#post-569703
You can also add it via GUI.
Code Select
hw.ix.unsupported_sfp=1as mentioned in this thread?
https://forums.freebsd.org/threads/intel-sfp-card-not-compatible.85348/#post-569703
You can also add it via GUI.
#13
Hardware and Performance / Re: Realtek 2.5 Nic. Im a complete NOOB.
April 09, 2024, 08:57:49 PM
You would have to download the package and transfer it to your OPNsense via a USB stick or similar because you also won't have internet to download the package locally.
https://forum.opnsense.org/index.php?topic=35915.msg174791#msg174791
https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/Latest/
https://forum.opnsense.org/index.php?topic=35915.msg174791#msg174791
https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/Latest/
#14
Hardware and Performance / Re: Stuck in "Administer Secure Boot" DEC4020
February 15, 2024, 09:36:35 PM
What happens if you enable Secure Boot and reboot?
#15
Hardware and Performance / Re: High CPU-load caused by two sqlite3-processes
February 11, 2024, 12:12:14 PM
Is "Intel Virtualization Technology" (VT-x) activated in the X99 BIOS?
