Messages

1

18.7 Legacy Series / Re: Port Forwarding with Plex not working.

« on: September 13, 2018, 06:07:40 pm »

I'm trying to allow plex to access outside my home network, but it says it can't connect.

Plex is running in a docker container in `network_mode: host`, so no docker subnet.

I have a NAT rule :

Source port: 32400
Source IP: any
Destination port: 32400
Destination host: 10.0.1.11
Redirect target port: 32400
Redirect target IP: 10.0.1.11

But when I try to allow plex access outside my network, it fails to connect.

I am using the uPNP plugin in OPNsense and tell Plex to to talk to uPNP. this allows for rotating/randomized external ports.

2

18.7 Legacy Series / Re: separate VLAN for VPN

« on: September 13, 2018, 06:04:39 pm »

thanks - I will have a look at the logs...

3

18.7 Legacy Series / separate VLAN for VPN

« on: September 12, 2018, 04:35:08 am »

Hello,

I have the following setup working quite well:

VLAN 10 traffic is using default gateway
VLAN 20 traffic is going over VPN gateway (OpenVPN client interface)

What doesn't appear to work is to have one VLAN20 traffic rule to ANY with VPN gateway. External traffic via the VPN interface works fine, but LAN traffic doesn't get through as soon as I use a non-default gateway.

So, right now I have two rules for VLAN 20:
1. from VLAN 20 to local subnets via default gateway
2. from VLAN 20 to ANY via VPN gateway

For all local traffic, the first rule applies and if not non-local traffic, rule 2 sends it out via the correct gateway.

Now, I don't understand why local traffic gets blocked if I just have a simple VLAN 20 to ANY rule with VPN gateway. Something must change if the gateway is not the default one.

Any thoughts?

Thanks!

4

17.1 Legacy Series / Re: Upgrade from 16.7.14: Firewall rules doesn't works as before

« on: February 04, 2017, 10:58:34 pm »

Franco,

I can report the same issue:

I have one regular WAN gateway and another gateway (WAN-VPN) that's connected to an OpenVPN Client. VLAN 20 traffic is specifically routed through the WAN-VPN gateway, at least it used to be. In 16.7.14 it works fine, in 17.1 VLAN 20 traffic goes out the default gateway although the WAN-VPN gateway is specified.

No other changes were made. I took a snapshot of my OPNsense VM right before upgrading to 17.1. The issue disappears when I revert back to the snapshot.

Hope this helps

5

16.7 Legacy Series / Google Backup issue

« on: October 12, 2016, 03:58:38 am »

Hi

I've been using Google Drive Backup for a while. I've recently re-installed OPNsense and noticed a weird behavior. Configuration backup works and the config file is written into Google Drive and shows up in the folder.

However, when I look at the file, it appears encrypted. I've already tried creating a new P12 key and tried to upload it to OPNsense. After the file is uploaded, it shows P12 key (not loaded)... So not sure it takes it.

What could be wrong?

Thanks

6

16.7 Legacy Series / Re: 16.7 packages?

« on: August 30, 2016, 12:25:50 am »

I just need the bwm-ng and vnstat as program installed without GUI.

They run with a script in the background every 5 seconds to update the rackmount LCD stats (Down/Up Speed , OnPeak/OffPeak usage).

Have you tried lcdproc? I've had a rackmount LCD in passthrough mode a while ago and it worked with one of the lcdproc drivers. There's no plugin for lcdproc, but I have a FreeBSD 10.3 VM build environment and compiled lcdproc there. I just copied the files over to my opnsense machine and it worked beautifully.

7

16.7 Legacy Series / Re: OpenVPn (client) and gateway

« on: August 13, 2016, 03:15:30 pm »

I noticed the same.

8

16.7 Legacy Series / Re: Funky Gateway behaviour

« on: August 10, 2016, 02:33:42 am »

Nevermind. I noticed that I hadn't checked "Skip rules when gateway is down". The VPN interface/connection doesn't initialize fast enough on boot so gateway is marked as down and the next one was used before I fixed it.

Still have the issue of having to restart the OpenVPN client on the firewall once after boot to bring up the gateway

9

16.7 Legacy Series / Funky Gateway behaviour

« on: August 09, 2016, 06:12:03 pm »

Hello,

I have one regular WAN gateway and one OpenVPN gateway (WAN_VPN) that is connected to an OpenVPN client on the firewall. Further, I have a VLAN 20 interface. Then, the rules are such that VLAN 20 can only use the WAN_VPN interface.

Here's the funky part: When I reboot the OPNsense, the machines on VLAN20 go through WAN, not WAN_VPN. However, if I save any settings on the firewall, regardless of whether I changed something or not, suddenly the VLAN 20 machines will go through WAN_VPN as they should. ?!

I've turned off all rules in VLAN20 and the machines won't get out as they should. However, if I turn a rule just directing any VLAN 20 traffic out the WAN_VPN gateway and reboot, the same funky behaviour happens.

Default gateway switching is turned off (not ticked).

Any thoughts?

10

16.1 Legacy Series / Re: Routing apple Bonjour

« on: July 25, 2016, 08:08:17 pm »

Hi Guys,
i managed to get this fxed.
let me explain what happens,
i have created a group of the productions LAN and VLANS.
i've traced the Airprint package using wireshark and figured out there was deny rule.
so checked the firewall rules and found out that the Productions interface doesn't have a Allow Any to Any, just on each interface.
Because on Pfsense it does Works and OPNSENSE not, so i compared the configuration and i noticed the different between the setup of Pfsense and Opnsense is the group of the Interfaces.
after i created any to any rules on the productions interface printers shows up on the iPads/iPhone.
even the bonjour services is working now.
i dont know if it does works out of the box or mdns-rep package does the job.

so to sum up :

it's working now thank you guys for your support. and no 5353    UDP is open or NAT to the printer
i am ready to provide any log/informatie needed to help you guys understand the idea behind.

when creating a group of interfaces, does the rules on the interface side apply as first than the group firewall rules ?

Glad you got this running. i think mdns-repeater does the trick as even with any to any rules, broadcast packets get dropped.

11

16.7 Legacy Series / Re: Initial observations

« on: July 24, 2016, 05:33:50 pm »

We could fix this with a small startup script in the meantime if you like as I see that we won't be able to fix that in time for 16.7 anymore.

The initialisation order is correct in the code: lagg, vlan, openvpn so I think it could be a timing issue.


Cheers,
Franco

Hmm, I think you might be right. lagg might need a moment to connect (dynamic LACP). That could explain why there isn't an issue without lagg. Let's try the startup script.

Many thanks!

12

16.1 Legacy Series / Re: Routing apple Bonjour

« on: July 24, 2016, 05:04:29 pm »

I think we night to solve the problem of not detecting the AirPrint printers first. Regardless of your firewall settings, the iPads on the other VLANs should be able to see them via mdns-responder. The might have issues connecting, but they should detect them.

An alternative to mdns-responder would be to use say a Raspberry Pi running avahi. You could connect the RPi to your switch and create a tagged trunk line from that port to the RPi. The RPi can be configured to be VLAN aware. Then configure avahi to run in reflector mode, specify the VLAN interfaces and Bob's your uncle. That's what I had running before moving to a VM.

It's easy.

If you can provide me the way of doing this, I'll appreciate it really .
Monday I'll ask the user about the printer using the mens-responder, if this is still not working we can try your PI and avahi.
I am sure the Anahi is working fine with the pfsense
Can you advise how to install avahi and configure it on the OPNsense ?
I'll be great full on having this fixed for our customer.

there's a pkg for pfsense but on OPNsense you need to build it from source from the ports. Avahi needs a build environment and a lot of dependencies and is rather difficult to build if you don't do this all the time.

for the RPi:

1. get a Raspberry Pi B+ 1, 2 or 3
2. Install Raspian as per www.raspberrypi.org, use the raspbian-lite image
3. Create a trunk port on your network switch with LAN and all VLANs that need mDNS
4. Connect your RPi to that port
5. SSH into your PI (default setting is dhcp so you should be able to find the IP in your DHCP server listing}
6. Update and upgrade: sudo apt update & sudo apt upgrade
7. Install vlan and avahi: sudo apt install vlan avahi-daemon
8. edit /etc/network/interfaces:
auto lo
iface lo inet loopback

auto eth0
allow-hotplug eth0
iface eth0 inet dhcp
        post-up ifup eth0.XX [add one line per VLAN, XX is the VLAN ID]

iface eth0.XX net dhcp [add one line per VLAN]
9. edit the following lines in /etc/etc/avahi/avahi-daemon.conf:

uncomment and edit:
allow-interfaces=eth0,eth0.XX [add all interfaces here, separated by ",")

enable-reflector=yes

10. reboot: sudo reboot

Should work.

13

16.1 Legacy Series / Re: Routing apple Bonjour

« on: July 24, 2016, 04:41:14 pm »

Any to any is not really a setup I expect on VLANs.. why using them at all?
Anyway, did you check if you can see any mDNS offers on those VLANs? You can use Bonjour Browser or Wireshark.

I agree, but there are situations where this makes sense. In my case, for example, I have a VLAN that uses a openVPN client on the firewall and as such a different gateway. It still can talk to my other VLANs.

14

16.7 Legacy Series / Re: Initial observations

« on: July 24, 2016, 03:07:40 am »

Damn! I just noticed that I had lagg turned off yesterday when I restarted the firewall and the OpenVPN client worked. Today, I turned lagg back on and now the issue is back:

After a reboot, the OpenVPN client gets its IP from my VPN service provider and it all looks fine, but devices on the VLAN that's connected to that interface can't reach WAN addresses. Inter VLAN etc works fine. As soon as I restart the OpenVPN client, it works immediately. All VLANs use the lagg lan interface as their host.

So, the issue is still there, but it seems only when on lagg

15

16.7 Legacy Series / [SOLVED] Repository Problem

« on: July 24, 2016, 02:56:33 am »

Clicked to check for updates. Says "Repository Problem"