Messages

Hi,

the latest version of this story (that lasted 2 years for me) is that PROTON VPN implemented silently a DDOS protection and has a very low threshold about the ping signals(any ping signal).
Once the protection kickin, it reject your request of handhake (in the beginning I thought it was some kind of block from my side)

Therefore:
- I passed from 3 to 2 vpn connections in parallel;
- set the gateway ping signal to 60 seconds for the first vpn;
- removed the gateway ping for the second one;
- removed the keepalive signal (pay attention that "0" i sont accepted, you have to leave the box empty) for both.

In this condition I solved the problem. The second vpn can become stale, but when it is used it immediately return online.
Do not contact them to ask what is the threshold of the ping signal beccause they refuse to share such information.

Solved -> https://forum.opnsense.org/index.php?topic=45457.0

Looking in the log of unbound, it was notified an error about a specific hostname....I found I entered that with a " " (space) instead to use an underscore ....

Activating  "Register DHCP Static Mappings", now everything seems to work.

Thank you Cedrik for your time.

uh...complicated, I should take my time to carefully read through it.

On unbound i tried to flag the "Register DHCP Static Mappings" as it seems to be what I need, but once I restart the opnsense, unbound does not start because of an error.

If I correctly understand, it could be this https://github.com/opnsense/core/issues/7237

Hi, here an example:

C:\Users\DD>nslookup 192.168.1.155
Server:  OPNsense.localdomain
Address:  192.168.2.1

*** OPNsense.localdomain non è in grado di trovare 192.168.1.155: Non-existent domain

Correct, I am using unbound dns. The other parameters are already as you mentioned: the external dns system is managed through Unboud and the override setting is disabled.

But still I am seeing just the IPs in the column of the hostnames (both source and destination one).

Have you tried to use trace route instead of ping?

Hi,

there is a way to see the host names specified in the KEA dhcp reservations (internal subnets) inside the firewall live view log?

In the live view page, activating " Lookup hostnames", I see two times the IP address (for internal IPs) and the domain for the external IPs.

Thanks

Ok, I thought so...but just in case there would be the chance to exclude domains or it is just not possible?
Thanks

Hello,
I tried to search for an answer but wasn't able to find, but for sure this was already discussed.
How I can exclude domains from a firewall alias? "!" works fine with ip addresses and subnets, but not with domains.

I tried like this !youtube.com , should i use some additional character?

What I am doing wrong?
Thanks

I create here /usr/local/opnsense/service/conf/actions.d  the file actions_VPN_GW_CZ_routes.conf

inside there is this

[trace]
command:traceroute -s 192.168.2.1 10.2.2.1
parameters:
type:script
message:automatic traceroute to VPN CZ gateway
description:automatic traceroute to VPN CZ gateway

I reset the service using
service configd restart

I can see the new line in the CRON drop down menu

But if I try to run
configctl VPN_GW_CZ_routes trace

It returns
Action not allowed or missing

What I am doing wrong?
thanks

yes

yes sorry, i just pasted the example from freebsd page

the command would be something like traceroute -g 192.168.2.1 172.16.7.1 (where both these addresses are from internal subnets)

A is a gateway and B is an IP.

Maybe I found a suitable possible example:

traceroute -g 10.3.0.5 128.182.0.0

would this work considering 10.3.0.5 the gateway and the 128.128.0.0 the ip?

thanks

Hi Franco, yes I understad the guide (I already used it) but I do not know how to properly populate the .conf file with the command that perform the traceroute from A to B.

Thanks

Hi , I want to create a job following this https://docs.opnsense.org/development/backend/configd.html
that periodically perform a trace-route from internal gateway A to internal ip B

can you help me understand how to fill the .conf file for this ?

Thanks