"
Solved. Thanks again Franco for the speed!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
17.1 Legacy Series / Re: OpenVPN in 17.1.4
March 29, 2017, 07:49:40 PM
wow, that was quick! Thanks Franco, I will try and report.
#3
17.1 Legacy Series / [SOLVED] OpenVPN in 17.1.4
March 29, 2017, 07:41:13 PM
Hi Franco,
It seems that the tunnelblick xor patch was not integrated in openvpn in 17.1.4
I saw in the changelog that there was a patch consolidation for openvpn. Any chance to have this back?
It seems that the tunnelblick xor patch was not integrated in openvpn in 17.1.4
I saw in the changelog that there was a patch consolidation for openvpn. Any chance to have this back?
#4
15.1 Legacy Series / Re: [SOLVED] OpenVPN xor patch
November 23, 2015, 10:23:17 AM
Thanks to you Franco for submitting the patch :)
#5
15.7 Legacy Series / OpenVPN gateway issue
September 07, 2015, 06:07:32 AM
Hi,
I've found a strange problem with OpenVPN.
I've setup OpenVPN as a client on OPNsense.
If I keep the field "IPv4 Remote Network/s" empty, the OPNsense web interface will report the wrong ipv4 gateway for the interface ovpncX
In "Status > Interface" and "Status > Gateway" the gateway IP displayed is the Network mask (for example 255.255.255.0).
In console, using ifconfig I can see the interface gateway is correct and I can ping the remote gateway.
The issue is that apinger use the value found in the web interface to measure the availability, using the option to ping the gateway result in the ovpncX interface always down.
If I input anything in the field "IPv4 Remote Network/s" then the gateway is displayed correctly. I use this as a workaround at the moment i just input 4.4.4.4/32 in remote network and the gateway is displayed correctly.
I haven't been able to pinpoint the root cause yet but it seems the issue is in the way OPNsense get the gateway IP from OpenVPN after the connection is established.
I couldn't check the status for IPv6 as the VPN server i've used does not implement it.
Let me know if you need me to run some test.
I've found a strange problem with OpenVPN.
I've setup OpenVPN as a client on OPNsense.
If I keep the field "IPv4 Remote Network/s" empty, the OPNsense web interface will report the wrong ipv4 gateway for the interface ovpncX
In "Status > Interface" and "Status > Gateway" the gateway IP displayed is the Network mask (for example 255.255.255.0).
In console, using ifconfig I can see the interface gateway is correct and I can ping the remote gateway.
The issue is that apinger use the value found in the web interface to measure the availability, using the option to ping the gateway result in the ovpncX interface always down.
If I input anything in the field "IPv4 Remote Network/s" then the gateway is displayed correctly. I use this as a workaround at the moment i just input 4.4.4.4/32 in remote network and the gateway is displayed correctly.
I haven't been able to pinpoint the root cause yet but it seems the issue is in the way OPNsense get the gateway IP from OpenVPN after the connection is established.
I couldn't check the status for IPv6 as the VPN server i've used does not implement it.
Let me know if you need me to run some test.
#6
15.7 Legacy Series / Re: site-to-site OpenVPN Help
September 02, 2015, 06:12:56 AM
I know what is UPNP, I just don't understand what is the link with the issue of establishing the openvpn connection.
Don't forget, rou LAN should remain in 10.20.30.0/24
Your OpenVPN link should use the 10.250.0.0/30 or any other /30 subnet that is not in your LAN subnet
Keep in mind that this is only working if you use TAP interface.
Don't forget, rou LAN should remain in 10.20.30.0/24
Your OpenVPN link should use the 10.250.0.0/30 or any other /30 subnet that is not in your LAN subnet
Keep in mind that this is only working if you use TAP interface.
#7
15.7 Legacy Series / Re: site-to-site OpenVPN Help
September 02, 2015, 04:08:48 AM
The LAN IP of both OPNsense should be in this subnet but not the OpenVPN interface. For example you can use 10.250.0.0/30 with 10.250.0.1 on your Vultr OPNsense and 10.250.0.2 on your home.
As you use TAP interface you should configure the IP on both side like this
in your Vultr OpenVPN : ifconfig 10.250.0.1 255.255.255.252
in your home OpenVPN : ifconfig 10.250.0.2 255.255.255.252
if you could post a bit more information on the IP used on your setup it will be easier to help.
I don't understand what you mean by this "Would UPNP still work for automatic inbound NAT?"
As you use TAP interface you should configure the IP on both side like this
in your Vultr OpenVPN : ifconfig 10.250.0.1 255.255.255.252
in your home OpenVPN : ifconfig 10.250.0.2 255.255.255.252
if you could post a bit more information on the IP used on your setup it will be easier to help.
I don't understand what you mean by this "Would UPNP still work for automatic inbound NAT?"
#8
15.7 Legacy Series / Re: site-to-site OpenVPN Help
September 01, 2015, 09:29:29 AM
Hi Arthur,
If I understand correctly, your need would be to basically use the Vultr OPNsense as your internet gateway for both the other VM in Vultr and your home network, your OPNsense at home simply beeing a transparent bridge.
If you got issue turning on the VPN service I would suspect some IP/routing issue.
What is the IP/subnet you use on the LAN and the OpenVPN interface? are you sure there's no overlap?
If I understand correctly, your need would be to basically use the Vultr OPNsense as your internet gateway for both the other VM in Vultr and your home network, your OPNsense at home simply beeing a transparent bridge.
If you got issue turning on the VPN service I would suspect some IP/routing issue.
What is the IP/subnet you use on the LAN and the OpenVPN interface? are you sure there's no overlap?
#11
15.7 Legacy Series / Re: unbound issue
August 25, 2015, 05:26:18 PM
Still the same unfortunately.
warning: too many file descriptors requested. The builtinmini-event cannot handle more than 1024. Config for less fds or compile with libevent
warning: too many file descriptors requested. The builtinmini-event cannot handle more than 1024. Config for less fds or compile with libevent
#12
15.7 Legacy Series / Re: unbound issue
August 24, 2015, 08:55:58 AM
Thanks, I will report as soon as I get 15.7.10
#13
15.7 Legacy Series / Re: unbound issue
August 19, 2015, 06:04:05 PM
Hi, sorry it seems to be a duplicate from a report in the deutsch section, and there's a github ticket also:
https://github.com/opnsense/core/issues/244
I'm not sure which unbound is used in opnsense but in the freebsd handbook 28.7.2, they do not recommend using the base unbound and recommend usage of unbound from the port collection. Not sure if this the issue is related here.
https://www.freebsd.org/doc/handbook/network-dns.html
https://github.com/opnsense/core/issues/244
I'm not sure which unbound is used in opnsense but in the freebsd handbook 28.7.2, they do not recommend using the base unbound and recommend usage of unbound from the port collection. Not sure if this the issue is related here.
https://www.freebsd.org/doc/handbook/network-dns.html
#14
15.7 Legacy Series / [SOLVED] unbound issue
August 18, 2015, 05:11:12 PM
Hi,
not sure in which categorie I should post this one but I have found that unbound is generating an error every time I restart it :
warning: too many file descriptors requested. The builtinmini-event cannot handle more than 1024. Config for less fds or compile with libevent.
It's not a blocking issue as it's been working fine at the moment.
not sure in which categorie I should post this one but I have found that unbound is generating an error every time I restart it :
warning: too many file descriptors requested. The builtinmini-event cannot handle more than 1024. Config for less fds or compile with libevent.
It's not a blocking issue as it's been working fine at the moment.
#15
15.1 Legacy Series / Re: [SOLVED] OpenVPN xor patch
May 08, 2015, 11:30:16 AM
Hello Franco,
that's great, I also agree with the usage of the tunnelblick patch instead, I wasn't aware of the buffer overflow issue before today.
I'm quite new to BSD so I wasn't sure on how to make a PR to have it in the upstream, thanks for this also.
that's great, I also agree with the usage of the tunnelblick patch instead, I wasn't aware of the buffer overflow issue before today.
I'm quite new to BSD so I wasn't sure on how to make a PR to have it in the upstream, thanks for this also.
