Messages

besides editing it manually?

Editing is the only way.

But that piece of configuration doesn't hurt, does it?

It maybe doesn't hurt, but it blows up the conf.xml and that is not neccessary.
IMHO the config-file should only have data inside, that is used.

Hi,

today a played a bit around with squid (installing pluging os-squid, configuring etc.) and after the tests went fine i removed squid (deleted firwall rules, disabled proxy, removed plugin).
I had a look at the config-file (diff latest backup before playing with squid with /conf/config.xml) nad the were leftovers in <opnsense><proxy>...</proxy></opnsense>

How can i put the config-file in the state before installig squid besides editing it manually?

I set up a wireguard-server on my opnsense with access to the LAN for clients.
What is very strage, is, that the wireguard-client can ping (and access) some of LAN-clients and other not.
The opnsense can ping all of the clients in the LAN.
Also a traceroute from the wireguard-client is strange.
A traceroute from the wireguard to the opnsenses LAN-Address doesn't work, a ping does.
A trace route from the wireguard-client to a pingable LAN-IP shows stars iin the first hop.

pings from opnsense (192.168.101.100):

Code Select Expand

root@OPNsenseNew:/conf # ping -c 3 192.168.101.100
PING 192.168.101.100 (192.168.101.100): 56 data bytes
64 bytes from 192.168.101.100: icmp_seq=0 ttl=64 time=0.074 ms
64 bytes from 192.168.101.100: icmp_seq=1 ttl=64 time=0.110 ms
64 bytes from 192.168.101.100: icmp_seq=2 ttl=64 time=0.116 ms

--- 192.168.101.100 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.074/0.100/0.116/0.019 ms
root@OPNsenseNew:/conf # ping -c 3 192.168.101.56
PING 192.168.101.56 (192.168.101.56): 56 data bytes
64 bytes from 192.168.101.56: icmp_seq=0 ttl=64 time=0.550 ms
64 bytes from 192.168.101.56: icmp_seq=1 ttl=64 time=0.514 ms
64 bytes from 192.168.101.56: icmp_seq=2 ttl=64 time=0.218 ms

--- 192.168.101.56 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.218/0.427/0.550/0.149 ms
root@OPNsenseNew:/conf # ping -c 3 192.168.101.200
PING 192.168.101.200 (192.168.101.200): 56 data bytes
64 bytes from 192.168.101.200: icmp_seq=0 ttl=64 time=0.285 ms
64 bytes from 192.168.101.200: icmp_seq=1 ttl=64 time=0.278 ms
64 bytes from 192.168.101.200: icmp_seq=2 ttl=64 time=0.235 ms

--- 192.168.101.200 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.235/0.266/0.285/0.022 ms

ping from wireguard client:

Code Select Expand

root@debiantesting:~# ping -c 3 192.168.101.100
PING 192.168.101.100 (192.168.101.100) 56(84) bytes of data.
64 bytes from 192.168.101.100: icmp_seq=1 ttl=64 time=24.9 ms
64 bytes from 192.168.101.100: icmp_seq=2 ttl=64 time=22.5 ms
64 bytes from 192.168.101.100: icmp_seq=3 ttl=64 time=22.2 ms

--- 192.168.101.100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 22.245/23.221/24.925/1.208 ms
root@debiantesting:~# ping -c 3 192.168.101.56
PING 192.168.101.56 (192.168.101.56) 56(84) bytes of data.
64 bytes from 192.168.101.56: icmp_seq=1 ttl=63 time=20.6 ms
64 bytes from 192.168.101.56: icmp_seq=2 ttl=63 time=23.9 ms
64 bytes from 192.168.101.56: icmp_seq=3 ttl=63 time=21.1 ms

--- 192.168.101.56 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 20.589/21.883/23.932/1.465 ms
root@debiantesting:~# ping -c 3 192.168.101.200
PING 192.168.101.200 (192.168.101.200) 56(84) bytes of data.

--- 192.168.101.200 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2056ms

traceroute from wireguard-client:

Code Select Expand

root@debiantesting:~# traceroute -n 192.168.101.100
traceroute to 192.168.101.100 (192.168.101.100), 30 hops max, 60 byte packets
1  * * *
2  * * *
3  * * *
4  * * *
5  * * *
6  * * *
7  * * *
8  * * *
9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
root@debiantesting:~# traceroute -n 192.168.101.56
traceroute to 192.168.101.56 (192.168.101.56), 30 hops max, 60 byte packets
1  * * *
2  192.168.101.56  26.109 ms  26.078 ms  26.020 ms


It is working now after i set a NAT outbound rule, what i really dont understand. There should be no NAT neccessary.

i've setup a openVPN-connection with opnsense as clients.
opnsense can ping the openVPN-servers ip and also clients in the openVPN-servers network.
But clients of opnsense cannot, it seems, that there is some problem with the routing for the clients.

opnsense routing (netstat -rn):

Code Select Expand

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.102.1      UGS      vtnet1
10.8.0.0/24        10.8.0.13          UGS      ovpnc1
10.8.0.1           10.8.0.13          UGHS     ovpnc1
10.8.0.13          link#7             UH       ovpnc1
10.8.0.14          link#7             UHS         lo0
127.0.0.1          link#3             UH          lo0
192.168.101.0/24   link#1             U        vtnet0
192.168.101.143    link#1             UHS         lo0
192.168.102.0/24   link#2             U        vtnet1
192.168.102.3      link#2             UHS         lo0
192.168.178.0/24   10.8.0.13          UGS      ovpnc1


ping on opnsense:

Code Select Expand

# ping -c 3 10.8.0.1
PING 10.8.0.1 (10.8.0.1): 56 data bytes
64 bytes from 10.8.0.1: icmp_seq=0 ttl=64 time=15.191 ms
64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=21.636 ms
64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=13.167 ms

--- 10.8.0.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 13.167/16.665/21.636/3.611 ms
# ping -c 3 192.168.178.1
PING 192.168.178.1 (192.168.178.1): 56 data bytes
64 bytes from 192.168.178.1: icmp_seq=0 ttl=63 time=13.184 ms
64 bytes from 192.168.178.1: icmp_seq=1 ttl=63 time=13.986 ms
64 bytes from 192.168.178.1: icmp_seq=2 ttl=63 time=20.955 ms

--- 192.168.178.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 13.184/16.041/20.955/3.489 ms


Routing client (192.168.101.143 ist opnSense):

Code Select Expand

~# route -n
Kernel-IP-Routentabelle
Ziel            Router          Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.101.143 0.0.0.0         UG    0      0        0 eth0
192.168.101.0   0.0.0.0         255.255.255.0   U     100    0        0 eth0

ping on client:

Code Select Expand

# ping -c 3 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.

--- 10.8.0.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2055ms
ping -c 3 192.168.178.1
PING 192.168.178.1 (192.168.178.1) 56(84) bytes of data.

--- 192.168.178.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2047ms
trace on client:

Code Select Expand

# traceroute -n 10.8.0.1
traceroute to 10.8.0.1 (10.8.0.1), 30 hops max, 60 byte packets
1  192.168.101.143  0.305 ms  0.268 ms  0.253 ms
2  * * *
3  * * *
4  * * *
5  * * *
6  * * *
7  * * *
8  * * *
9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *