Messages

1

24.1 Legacy Series / Lets Encrypt firewall rule

« on: June 01, 2024, 11:44:07 pm »

I am not sure what to make of this.

I have had lets encrypt certs for a while now. Most of them were obtained before I set up OPNSense so I was still behind a fortigate. I went to add one to my reverse proxy server and it keeps failing the challenge. I can access the site without issues, on port 80, but for some reason, I see in the firewall logs that the requests to port 80 from the lets encrypt servers are being blocked.

Has anyone else had something similar?

2

24.1 Legacy Series / Re: New Player, Screwed Up Somewhere

« on: March 17, 2024, 01:26:52 am »

Sure as, I booted into the cli on my HP 1950 10Gig switch and I found a slew of errors. It wasn't collisions though, it was port flap. Not 100% sure that the issue is resolved but I am sure that wasn't helping. Not sure how that cable became damaged either, I didnt touch anything south of the firewall sans the uplink for the core switch. Either way, time will tell.

And to think I maintain networks for a living and didn't think to check the drop. . .

3

24.1 Legacy Series / New Player, Screwed Up Somewhere

« on: March 16, 2024, 06:40:47 am »

To be up front: I am new to OPNSense, as will likely be made evident by this post. I am guessing I screwed something up somewhere but I can't seem to find any leads as to where that might be.

After a good deal of research and a long RTFM session, I moved from a Fortigate 200D to an install of OPNSense running on an HP ProLiant DL20. As far as the CPU goes, this should be a decent upgrade so I am increasingly puzzled by my terribly inconsistent speeds and ping/jitter in some areas.

Usually, when this kind of thing happens on a Fortigate, I pop into the super admin account and start running debugs on the traffic pipes but I am not sure how to do that on OPNSense and I guess the terms are wildly different  here because I can't find much useful info.

The pertinent info:
*My download speeds are somewhat serviceable. I will take 800 out of 1000 in the rural midwest all day long.
*My upload speeds are incredibly unstable. Sometimes I see as high as 1.3gbps and other times its as low as 200mbps.
*NMAP says most ports I have trouble with are filtered, but not blocked.
*I serve several game servers out of my homelab that might be the cause sometimes but certainly aren't the only cause as I had the whole lab powered down and still saw issues. Also, the connection to these game servers from the other side of the firewall is rock solid.
*The issues are mostly to do with Steam Games. I have consulted the various forums for these games and attempted to open the recommended ports but in most cases they still show filtered in NMAP. I know (or think I know) I can at least make inbound rules correctly as my game servers are having no known issues with traffic.

Al in all, I am just out of troubleshooting ideas. I assume I just did something stupid but I don't know what I don't know here so I figure I should reach out for assistance before I end up breaking something or opening myself up to a novel attack surface.

I will be happy to share config if that might help narrow this down a bit.