Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - kug1977

Pages: [1] 2

German - Deutsch / Re: WLAN+VLAN Bridge Verständnisfrage

« on: December 05, 2018, 12:28:52 pm »

Hallo,

die Schritte sind eigentlich immer:
* VLANs anlegen
* Schnittstellen (Interfaces) für das netzwerkgebundene VLAN erstellen (keine weiteren Einstellungen wie IP Adresse u.ä.)
* Schnittstelle für das WLAN erstellen und ggf. die WLAN pecifischen Einstellungen vornehmen (auch hier keine IP Adressen vergeben)
* eine Bridge erstellen und beide Interfaces (LAN+WAN) hinzufügen
* auf dem Bridge Interface dann die IP spezifischen Einstellungen vornehmen und dafür dann auch DHCP/DHCPv6 anlegen

PF Regeln werden default auf den Member Interfaces angelegt, was ich aber etwas unhandlich fand. Ich filtere ausschließlich für das Bridge Interface, also werden die PF Regeln auch nur dort angelegt. Dafür mussten dann
die unter System > Advanced für net.link.bridge.pfil_member geändert werden.

Viele Grüße,
Kay-Uwe

18.7 Legacy Series / OpenVPN failed to start after reboot

« on: October 24, 2018, 06:48:06 am »

Hi,

due to the PPPoE reconnect issue, I have to restart the OPNsense (v18.7.5_1) on a daily base and I see, that OpenVPN failed to start in these procedure. This is a fresh installation. By the way, I'm able to connect to the OpenVPN Gateway, even if it shows, it's not up. So I guess these is a mismatch between GUI and real world.

These is, how it looks in bash:
root@fw:~ # ps aux | grep openvpn root 13532 0.0 0.2 1085792 6404 - Ss 06:38 0:00.17 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf

Oct 24 06:38:28 openvpn[13532]: Initialization Sequence Completed Oct 24 06:38:28 openvpn[13532]: IFCONFIG POOL: base=10.4.6.2 size=252, ipv6=0 Oct 24 06:38:28 openvpn[13532]: MULTI: multi_init called, r=256 v=256 Oct 24 06:38:28 openvpn[13532]: UDPv4 link remote: [AF_UNSPEC] Oct 24 06:38:28 openvpn[13532]: UDPv4 link local (bound): [AF_INET]89.247.XXX.XX0:1194 Oct 24 06:38:28 openvpn[13532]: Socket Buffers: R=[42080->42080] S=[57344->57344] Oct 24 06:38:28 openvpn[13532]: Could not determine IPv4/IPv6 protocol. Using AF_INET Oct 24 06:38:27 openvpn[13863]: Exiting due to fatal error Oct 24 06:38:27 openvpn[13863]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16) Oct 24 06:38:27 openvpn[13863]: TUN/TAP device ovpns1 exists previously, keep at program end Oct 24 06:38:27 openvpn[13863]: Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication Oct 24 06:38:27 openvpn[13863]: Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication Oct 24 06:38:27 openvpn[13863]: Diffie-Hellman initialized with 4096 bit key Oct 24 06:38:27 openvpn[13863]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Oct 24 06:38:27 openvpn[13863]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want Oct 24 06:38:27 openvpn[13863]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server1.sock Oct 24 06:38:27 openvpn[13532]: /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpns1 1500 1622 10.4.6.1 255.255.255.0 init Oct 24 06:38:27 openvpn[13532]: /sbin/route add -net 10.4.6.0 10.4.6.2 255.255.255.0 Oct 24 06:38:27 openvpn[13532]: /sbin/ifconfig ovpns1 10.4.6.1 10.4.6.2 mtu 1500 netmask 255.255.255.0 up Oct 24 06:38:27 openvpn[13532]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Oct 24 06:38:27 openvpn[13532]: TUN/TAP device /dev/tun1 opened Oct 24 06:38:27 openvpn[13532]: TUN/TAP device ovpns1 exists previously, keep at program end Oct 24 06:38:27 openvpn[13532]: Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication Oct 24 06:38:27 openvpn[13532]: Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication Oct 24 06:38:27 openvpn[13532]: Diffie-Hellman initialized with 4096 bit key Oct 24 06:38:27 openvpn[13532]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Oct 24 06:38:27 openvpn[13532]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want Oct 24 06:38:27 openvpn[13532]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server1.sock Oct 24 06:38:27 openvpn[12925]: library versions: LibreSSL 2.7.4, LZO 2.10 Oct 24 06:38:27 openvpn[12925]: OpenVPN 2.4.6 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 15 2018 Oct 24 06:38:27 openvpn[13058]: library versions: LibreSSL 2.7.4, LZO 2.10 Oct 24 06:38:27 openvpn[13058]: OpenVPN 2.4.6 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 15 2018

The service button stays red and any restart try fails with these logs:

Oct 24 06:45:57 openvpn[50915]: Exiting due to fatal error Oct 24 06:45:57 openvpn[50915]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16) Oct 24 06:45:57 openvpn[50915]: TUN/TAP device ovpns1 exists previously, keep at program end Oct 24 06:45:57 openvpn[50915]: Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication Oct 24 06:45:57 openvpn[50915]: Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication Oct 24 06:45:57 openvpn[50915]: Diffie-Hellman initialized with 4096 bit key Oct 24 06:45:57 openvpn[50915]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Oct 24 06:45:57 openvpn[50915]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want Oct 24 06:45:57 openvpn[50915]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server1.sock Oct 24 06:45:57 openvpn[50391]: library versions: LibreSSL 2.7.4, LZO 2.10 Oct 24 06:45:57 openvpn[50391]: OpenVPN 2.4.6 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 15 2018

I see no difference in behaviour between OpenSSL and LibreSSL installs. Only way to get a match between GUI and bash, is killing the running OpenVPN process and start by hand.

Kind regards,
kug1977

18.1 Legacy Series / Re: IPSec with Dynamic IP

« on: June 28, 2018, 10:27:58 pm »

I have setup such a scenario here. The WAN address is bound to a DynDNS name and updating on any change of WAN IP. The tunnel is using the name for Phase 1 and a shared secret. But it should work with a certificate too.

18.1 Legacy Series / Re: 18.1.5 IPv6 bogons invalid after update

« on: March 27, 2018, 10:52:40 am »

Hi,

following these steps, I have now a working WAN connection, but I see in the system logs:

opnsense: /usr/local/etc/rc.filter_configure: New alert found: There were error(s) loading the rules: /tmp/rules.debug:16: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [16]: table <bogonsv6> persist file "/usr/local/etc/bogonsv6"

while the bogonsv6 table is filled and the /usr/local/etc/bogonsv6 is recreated / filled with # last updated 1522126201 (Tue Mar 27 04:50:01 2018 GMT) content.

It's a bit strange.

Kind regards,
kug1977

18.1 Legacy Series / Re: Suddenly lost web traffic and some inbound NATs stopped

« on: March 27, 2018, 10:01:42 am »

Hi, are you on OPNsense 18.1.5 too?

18.1 Legacy Series / Re: PPPoE reconnect loop

« on: February 15, 2018, 11:45:36 am »

Hi,

>Do you guys have IPS enabled?
No, not enabled.

>Btw, if you disconnect the WAN network cable and reconnect after a few seconds, is the PPPoE working again?
No, it needs a restart after.

Setup is:
Deutsche Telekom VDSL 50
Draytek Vigor 130 in PPPoE path-through /bridge mode
APU1D with OPNsense 18.1.2 on eth0

Kind regards,
Kay-Uwe

18.1 Legacy Series / Re: PPPoE reconnect loop

« on: February 11, 2018, 03:17:11 pm »

Hi,

I'm on OPNsense 18.1.2 and I'm facing the same problem. Solution so far is the cron reboot every day.

Kind regards,
Kay-Uwe

18.1 Legacy Series / WAN re-negotiation fails on daily forced separation

« on: February 03, 2018, 04:32:43 pm »

Hi,

I've an APU1 board for OPNsense 18.1.1 and on port 0 works a Vigor 130 as VDSL modem. The Interface is configured as IPv4 / PPPoE and IPv6 / DHCPv6. I have enabled "Block private networks" and "Block bogon networks". Only username and password is set.

On a restart, the WAN come up and work probably. But it will not survive the daily forced separation and stay in interface overview than with status "up", but no network is working. It need a restart to work again. It stopped working after the upgrade to 17.7.11. 17.7.10 was working fine.

I can see in the logs at this time the following entries in /var/log/ppps.log. What is different between re-negotiation and restart is the entry Feb 3 15:35:31 fw2 ppp: caught fatal signal TERM.

Any idea, why the re-negotiation is failing?

Kind regards,
Kay-Uwe

17.7 Legacy Series / Re: WAN Failure / Doesn't renegotiate 17.7

« on: February 03, 2018, 03:53:58 pm »

Hi,

moving back to 10.7.10 and WAN renegotiate is working again. But it stay broken on 17.7.11, 17.7.12 and 18.1. As I'm on 18.1 now, I will open a new ticket there.

Thanks,
Kay-Uwe

17.7 Legacy Series / Re: WAN Failure / Doesn't renegotiate 17.7

« on: January 30, 2018, 12:00:57 am »

Hi,

which version have you installed, 17.7.12? Have seen these too. ou can try to downgrade to 17.7.10 and see, if these solves the resync.

# opnsense-revert -r 17.7.10 opnsense

Kind regards,
Kay-Uwe

17.7 Legacy Series / Re: 17.7.11 and 17.7.12 doesn't reconnect on PPPoE IP renewal

« on: January 26, 2018, 10:00:16 am »

Hi Franco,

you're right, I was on opnsense-devel ... switched back to opnsense and revert to 17.7.10. I will test, how it will handle the renewal today and report.

Kind regards,
Kay-Uwe

17.7 Legacy Series / Re: 17.7.11 and 17.7.12 doesn't reconnect on PPPoE IP renewal

« on: January 25, 2018, 01:32:43 pm »

both commands are not working:
# opnsense-revert -r 17.7.10 opnsense
Package 'opnsense' is not installed

so it seems to be something is broken.

17.7 Legacy Series / Re: 17.7.11 and 17.7.12 doesn't reconnect on PPPoE IP renewal

« on: January 25, 2018, 01:18:59 pm »

Hi,

I've missed the 17.7.10 so the upgrade was 17.7.9 to 17.7.11 and since than I have issues with PPPoE. I was hoping the upgrade to 17.7.12 solve the issue. Upgrade to 18.1.r2 failed because of libreSSL. So I can't test 18.1.

Kind regards,
Kay-Uwe

17.7 Legacy Series / Re: 17.7.11 and 17.7.12 doesn't reconnect on PPPoE IP renewal

« on: January 25, 2018, 12:46:47 pm »

sorry. my fault. Of course it's 17.7.x.

17.7 Legacy Series / 17.7.11 and 17.7.12 doesn't reconnect on PPPoE IP renewal

« on: January 25, 2018, 10:37:46 am »

Hi,

since 17.7.11 I have the issue, that the daily IP renewal on the ADSL connection breaks online of OPNsense. The router will loose the IPv4 and IPv6 connection all 24h and it will get a new connection. I can see the connection goes online for 15sec and loose the connection again. An new IP get online after some seconds and the connection will be lost again. I can online break the cycle by restarting.

17.7.12 doesn't solve the issue. There is not so much installed next to default setup. I only have DynDNS package installed. Next to PPPoE I have a HE tunnel for IPv6. I see no error messages in the system log, that help me to understand the issue. It looks a bit like the issue we had some time ago with loosing PPPoE and going into a cycle.

Kind regards,
Kay-Uwe

Pages: [1] 2