Messages

1

24.1 Legacy Series / Re: Compatibility problem between OPN and CATO Networks?

« on: July 18, 2024, 11:40:32 am »

The problem appear when I try to print from a sites (10.19.x.x) to another sites (10.20.x.x), if I have the opn as the gw it don't work, if I have the cato, works.

The printer is a RICO, and it use LPR, in this specific case on the port 53000.

The OPN is 10.19.0.4,the CATO is 10.19.0.20, the printer is 10.20.2.2, to reach the 10.20.0.0/16 we have a static route on the 10.19.0.4 which remands to 10.19.0.20.

I've tried also an older version of OPN (23.7), but nothing changed, the error still appear.

I'm pretty sure of the stability and reliability of OPNsense, I'm not sure about the rest...

2

24.1 Legacy Series / Re: Compatibility problem between OPN and CATO Networks?

« on: July 18, 2024, 10:14:36 am »

You're right xD, I'd say very few information:

When I  try to print, windows retrieve a generic error, it says "There was a print error", then in the event viewer there are error relative to metadata staging failed from the source DeviceSetupManager, but i'm not sure it's the actual problem.

We've analyzed with wireshark and tcpdump the packets but there is nothing strange, it seems it's all ok!

I know are very few info, but really I've already checked all the opnsense side, and it seems all correct, no packet being dropped/blocked, the static routes to the other sites works as well.

I'm asking hoping someone already had a similar situation, but, if someone else wants more specific information, please ask as a reply and I will give you that info.

Thanks
Fil

3

24.1 Legacy Series / Compatibility problem between OPN and CATO Networks?

« on: July 18, 2024, 09:37:56 am »

Hi guys, we actually use OPN as firewall on many sites of our customer; recently he bought CATO and installed it as main router, and we have a configuration like this:

--LAN------>OPNSENSE----->CATO

Our client have the opnsense as the default gateway, and then (in order to communicate with the other sites) the opn use the CATO as gw for the static routes.

Now, the actual problem is that, if we are in the main LAN (gw opn) and we try to print to another sites (so, HOST-->OPN-->CATO), windows respond with an error, but if we have the CATO as the gw, all works.

Another problem we had when the CATO was the default gw of the LAN: CATO let pass all the traffic which will be treated by the opn, but if an host had the CATO as gw, when he try to surf the internet nothing works, if it changes the gw to the opn all works.

On both case, opn show us green log, nothing wrong, static routes working, rules also...

My question is if someone else had an experience with CATO and OPN, if there are some problem between these two, because we didn't understand if the problem is our or them.

4

23.7 Legacy Series / VPN work only with some version

« on: April 23, 2024, 06:10:32 pm »

Hi all, I've an issue in set-upping a client2site VPN.
This problem occures only in OPNsense 23.7.5 >.

It started when I've tried to connect to the vpn from a windows client with the ovpn client 2.6.10, in this case the connection is restarting in loop.
Then I've switched to the 2.5.10 version, and the connection work.

Following thishttps://forum.opnsense.org/index.php?topic=32458.msg164122#msg164122 I've tried to insert the option providers legacy default, but it didn't work, neither in Windows with the 2.6.10 nor my Linux machine (also with openvpn 2.6.10).

Firstly I thought it was an issue related to the openssl version (the 3. version), but if I try to connect from my OPNsense (23.7.5, openssl 1.1.1w) it continue to restart the connection.

If I try with a older version of OPN (like 22.7.11) or with a PFsense (last version) the connection works without problem, but I can't find a work around to make this connection work with the newer version.

The VPN is a classic SSL/TSL, with a user and pw + a certificate, plus in advanced options "providers legacy default".

I don't have any significative error, just a "Connection reset, restarting

• " in loop.

What I'm asking is if there is a workaround to connect the newer version client to the older server.

Thaks to all.