Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - sse450

Pages1 2

General Discussion / Re: Question on pppoe connection

June 24, 2024, 04:14:55 PM

I should have explained better in my first post. Sorry!

GPON ---eth---> Router (in bridge) ---eth---> OPNsense is working with PPPOE credentials enteren in OPNsense.

What I would like to do is:

GPON (ZTE) ---eth---> OPNsense

Tried it. But it doesn't work. Probably, it needs a VLAN configuration as you mentioned. I use VLANs in other settings but no idea about VLAN for this issue.

Do I need input from ISP for configuring VLAN? Or is it something straightforward so that I can do in OPNsense?

Thanks for helping me out.

General Discussion / Re: Question on pppoe connection

June 23, 2024, 06:11:48 AM

But, there is RJ45 LAN port already available on GPON. It is connected to WAN port of the ISP supplied router by an ethernet patch cable. So, I don't think SFP is needed.

Here is a photo from ports side of the GPON. It is a small ZTE thing.

Virtual private networks / Feature request for WireGuard peer creation

June 22, 2024, 03:22:09 PM

The new Peer Generator is fantastic. I love it.

However, once it is saved, there is no way to get the peer connection details. If you miss copying before saving, they are gone.

It would be nice to get the connection file from the peers.

General Discussion / Question on pppoe connection

June 22, 2024, 02:58:22 PM

My ISP installed GPON and a router at home. If I use the router in bridge mode and enter the pppoe credentials in OPNsense, all work fine.

Is there a way to connect GPON directly to the wan interface of opnsense (without the router in bridge mode in between) with the same pppoe credentials in OPNsense? I tried many things to do this. But no way. Cannot get the Internet this way.

Thanks.

General Discussion / Re: WireGuard not working for me

May 25, 2024, 01:44:25 PM

I think I found the problem.

Checked IP of my phone. It is not in the tcpdump log. Probably due to CGNAT. However, even if there is CGNAT, the WG package should arrive at the WAN interface.

I suspected that WG client on my phone might be broken.

I tried to connect opnsense from another network, work LAN. WG client on my work PC connected. While my phone is on work LAN, it connected too. This means WG client on Android is also OK.

However, if my phone is on GSM network (Vodafone), it won't connect. So the problem lies with GSM operator internet network.

Why is that? Do GSM operators block port 51820? Perhaps, I need to change the WG port on OPNsense.

Dear Patrick, I am grateful for all your support and hints. Thank you.

Edit: As soon as I change the default port number, my phone on the GSM network started working OK.

Hey Vodafone, what are you doing? What is your problem with port 51820?

General Discussion / Re: WireGuard not working for me

May 25, 2024, 11:13:21 AM

Quote from: Patrick M. Hausen on May 24, 2024, 03:25:31 PM
Rules look good.

I'd do a tcpdump on WAN to watch if packets from the client arrive at all.

I run tcpdump while WireGuard client on my phone is on and the phone was on GSM network.
Thank you for your support.

Code Select

root@OPNsense:~ # tcpdump -ni pppoe0  port 51820
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pppoe0, link-type NULL (BSD loopback), capture size 262144 bytes
12:07:26.137477 IP xxx.xxx.125.156.32611 > 176.100.43.99.51820: UDP, length 104
12:07:26.138099 IP xxx.xxx.125.156.15678 > 45.134.79.164.51820: UDP, length 104
12:07:47.270672 IP 176.100.43.99.51820 > xxx.xxx.125.156.50000: UDP, length 104
12:07:47.350462 IP 176.100.43.99.51820 > xxx.xxx.125.156.50000: UDP, length 104
12:07:48.503440 IP 176.100.43.99.51820 > xxx.xxx.125.156.50000: UDP, length 104
12:07:51.567716 IP 199.116.118.230.51820 > xxx.xxx.125.156.50000: UDP, length 104
12:07:52.067593 IP xxx.xxx.125.156.33657 > 45.134.79.134.51820: UDP, length 104
12:08:05.209076 IP xxx.xxx.125.156.54695 > 45.134.79.159.51820: UDP, length 104
12:08:05.212933 IP xxx.xxx.125.156.24112 > 45.134.79.144.51820: UDP, length 104
12:08:05.212939 IP xxx.xxx.125.156.33657 > 45.134.79.134.51820: UDP, length 104
12:08:09.185267 IP xxx.xxx.125.156.13597 > 45.134.79.157.51820: Flags [S], seq 1011473637, win 42340, options [mss 1460,sackOK,TS val 2411564351 ecr 0,nop,wscale 9], length 0
12:08:09.213729 IP xxx.xxx.125.156.64473 > 146.70.211.145.51820: UDP, length 104
12:08:10.193015 IP xxx.xxx.125.156.13597 > 45.134.79.157.51820: Flags [S], seq 1011473637, win 42340, options [mss 1460,sackOK,TS val 2411565359 ecr 0,nop,wscale 9], length 0
12:08:12.241380 IP xxx.xxx.125.156.13597 > 45.134.79.157.51820: Flags [S], seq 1011473637, win 42340, options [mss 1460,sackOK,TS val 2411567407 ecr 0,nop,wscale 9], length 0
12:08:12.727806 IP xxx.xxx.125.156.31549 > 45.134.79.132.51820: UDP, length 104
12:08:12.727940 IP xxx.xxx.125.156.31074 > 45.134.79.147.51820: UDP, length 104
12:08:12.728195 IP xxx.xxx.125.156.56893 > 45.134.79.157.51820: UDP, length 104
12:08:16.273197 IP xxx.xxx.125.156.13597 > 45.134.79.157.51820: Flags [S], seq 1011473637, win 42340, options [mss 1460,sackOK,TS val 2411571439 ecr 0,nop,wscale 9], length 0
12:08:19.070671 IP xxx.xxx.125.156.20282 > 45.134.79.167.51820: UDP, length 104
12:08:20.353800 IP 199.116.118.230.51820 > xxx.xxx.125.156.50000: UDP, length 104
12:08:24.465108 IP xxx.xxx.125.156.13597 > 45.134.79.157.51820: Flags [S], seq 1011473637, win 42340, options [mss 1460,sackOK,TS val 2411579631 ecr 0,nop,wscale 9], length 0
12:08:25.228771 IP xxx.xxx.125.156.18230 > 149.22.94.65.51820: UDP, length 104
12:08:30.689220 IP xxx.xxx.125.156.61161 > 149.102.252.46.51820: UDP, length 104
^C
23 packets captured
268461 packets received by filter
0 packets dropped by kernel

General Discussion / Re: WireGuard not working for me

May 24, 2024, 03:22:37 PM

Quote from: Patrick M. Hausen on May 22, 2024, 09:49:33 AM
What do your firewall rules on WAN look like? You did create a rule to allow the WG traffic to pass?

May I have your advise?

General Discussion / Re: WireGuard not working for me

May 22, 2024, 11:37:34 AM

Outbound NAT and Normalization

General Discussion / Re: WireGuard not working for me

May 22, 2024, 11:13:24 AM

Attached.

#10

General Discussion / WireGuard not working for me

May 22, 2024, 09:40:55 AM

My version of OPNsense is 24.1.7_4.

I tried almost all the how-to's under the Sun including OPNsense's own WireGuard Road Warrior Setup. Followed all the instruction to the point. But, no way. It won't work.

Is there a bug with WireGuard implementation? If yes, it is OK with me as I will devote my time to other tasks.

Problem is WG client cannot handshake. It sends data but receives nothing from OPNsense WG instance. It looks like OPNsense doesn't send any data outside to WG client. If WG client (phone) joins the local network, handshake happens.

LAN IP : 192.168.2.0/24
OPNsense: 192.168.2.1
WG Tunnel: 10.10.100.1/24
Client: 10.10.100.2/32
Allowed IPs: 0.0.0.0/0,::/0
Public IP is static.

Attached is the relevant screenshots: 'VPN | WireGuard | Status' and Android Phone WG Client config.

I would appreciate any help.

#11

General Discussion / Re: A question from a newbie

May 21, 2024, 05:00:21 PM

Thank you. Will work on it.

#12

General Discussion / Re: pkg-static: Not enough space

May 21, 2024, 04:58:33 PM

Thank you.

#13

General Discussion / Re: pkg-static: Not enough space

May 21, 2024, 04:22:41 PM

Unfortunately, I can't stop it. :-\ I checked all the options re logging.

I can see them in Firewall | Log files | Plain View | Informational. It is flooding.

Could you please be so kind and direct this helpless newbie to the right switch? I believe it should be related WAN/PPPOE. But, couldn't find.

Edit: Unchecked all loggings and disabled debugging in Firewall | Settings | Advanced fixed the problem. Thank you.

#14

General Discussion / Re: pkg-static: Not enough space

May 21, 2024, 02:24:25 PM

I was able to open one of the filter logs. It is full of these lines:

Code Select

<134>1 2024-05-21T00:00:00+00:00 OPNsense.localdomain filterlog 49948 - [meta sequenceId="22"] 4,,,02f4bab031b57d1e30553ce08e0ec131,pppoe0,match,block,in,4,0x0,,250,2577,0,none,1,icmp,84,101.44.223.5,212.xxx.xxx.156,datalength=64

#15

General Discussion / Re: pkg-static: Not enough space

May 21, 2024, 02:05:42 PM

Code Select

root@OPNsense:/ # du -skx * | sort -rn
11650353	var
2326812	usr
179801	boot
14600	lib
8164	sbin
3580	etc
3244	conf
1980	bin
188	tmp
160	libexec
40	root
8	COPYRIGHT
4	rescue
4	proc
4	net
4	mnt
4	media
4	home
4	entropy
4	dev
0	sys

Code Select

root@OPNsense:/var # du -skx * | sort -rn
11609980	log
36344	db
5236	backups
505	unbound
116	run
112	etc
69	dhcpd
64	cache
36	lib
28	spool
16	cron
12	audit
12	at
8	tmp
8	crash
4	yp
4	rwho
4	preserve
4	netflow
4	msgs
4	mail
4	heimdal
4	games
4	empty
4	authpf
4	account

Code Select

root@OPNsense:/var/log # du -skx * | sort -rn
11603556	filter
7008	installer.log
544	configd
536	system
384	audit
332	dhcpd
136	resolver
128	ntpd
84	ppps
16	lighttpd
12	wireguard
12	routing
12	dmesg.yesterday
12	dmesg.today
8	firewall
8	boot.log
4	utx.log
4	utx.lastlogin
4	userlog
4	suricata
4	setuid.today
4	pf.yesterday
4	pf.today
4	ntp
4	mount.today

Code Select

root@OPNsense:/var/log/filter # du -skx * | sort -rn
5810144	filter_20240520.log
3138240	filter_20240519.log
2658240	filter_20240521.log
0	latest.log

Today is the 3rd day following OPNsense installation. How come I have so big filter logs?
What should I do? Delete all filter_* ? How can I limit on log size?

Thank you for your support.

Pages1 2