Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - max

Pages1
#1
19.1 Legacy Series / Re: Sudden and unexplained connection interruptions (state flushes?)
February 11, 2019, 09:39:25 PM
I believe this might be related to another issue, as WAN connections for some seem to be dropped every 10-20 minutes:
https://forum.opnsense.org/index.php?topic=11573.0

There is also an issue with an active discussion at github:
https://github.com/opnsense/core/issues/3197
#2
19.1 Legacy Series / Re: OpenVPN strange issue (Service not running according to messages, but it works)
February 11, 2019, 12:18:32 PM
Same issue here on: 19.1.1
Code Select

FreeBSD 11.2-RELEASE-p8-HBSD  31af16db12b(stable/19.1)  amd64 1102000


The OpenVPN deamon is running, but the GUI shows the following error in /status_openvpn.php :
Code Select

Common Name Real Address Virtual Address Connected Since
[error] Unable to contact daemon Service not running?


When checking for the PID of my first OpenVPN server I get: 25894
Code Select

# ps awx | egrep "openvpn.*server1\.conf"
25894  -  Ss       0:10.37 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf


When checking, which PID is recorded for my first OpenVPN server I find it to be: 42752
Code Select

# cat /var/run/openvpn_server1.pid
42752


So it seems that the PID doesn't get recorded in the PID file correctly under:
Code Select

/var/run/openvpn_server1.pid


Also, when checking the OpenVPN log file (/var/log/openvpn.log), I see that the OpenVPN daemon exits frequently.
Code Select

Feb 11 11:59:51 openvpn[42752]: Exiting due to fatal error
Feb 11 11:59:51 openvpn[42752]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
Feb 11 11:59:51 openvpn[42752]: TUN/TAP device ovpns1 exists previously, keep at program end
...
Feb 11 11:59:51 openvpn[99057]: library versions: LibreSSL 2.7.5, LZO 2.10
Feb 11 11:59:51 openvpn[99057]: OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jan 28 2019




EDIT:
Removed the counting of openvpn crashes, as it was wrongly counted since last reboot.
#3
18.1 Legacy Series / Re: 18.1.12 suricata crash
July 25, 2018, 04:10:36 PM
Quote from: rjb4526 on July 25, 2018, 02:36:10 AM
After updating to 18.1.13 I am now experiencing the same issue with memory usage growing until Suricata crashes, then going back to normal.  This only seems to occur if the abuse.ch\urlhaus rule set is enabled.  Disabling it again seems to have stopped the issue for now.

I can confirm the issue on several apu2c4 based systems on OPNsense 18.1.12 and 18.1.13.

As stated by rjb4526, the only workaround that prevents Suricata from crashing currently is to disable abuse.ch/URLhaus.

Some more background:

  • Reinstalling Suricata didn't help.
  • New downloads of all the rules didn't help.
  • Issue is present on OPNsense 18.1.12 and 18.1.13.
  • Suricata crashes with both Hyperscan and Aho-Corasick pattern matcher.
  • The apu2c4 board contains an AMD GX-412TC CPU and 4 GB DRAM (which supports SSSE3)

#4
16.7 Legacy Series / Re: [SOLVED] Update 16.7.10 -> 11 thermal sensors (amdtemp)
December 15, 2016, 12:25:20 PM
Hi Franco,

thanks a lot for for the quick fix. I can confirm this fix works on Intel and AMD platforms, no reboot required.

As you suggested, clicking "save from the System: Settings: Misc page" after applying the hot fix works just fine.

Best
Max
#5
16.7 Legacy Series / Re: Update 16.7.10 -> 11 thermal sensors (amdtemp)
December 15, 2016, 01:19:54 AM
Same issue on Intel hardware (Dell servers).

Couldn't look into this in detail, yet. But from a first glimpse it is the same problem here: the kernel module is not loaded on boot.
#6
German - Deutsch / Re: Telekom VoIP hinter Opnsense
October 11, 2016, 11:55:28 AM
Hi Eruainur,

habe hier gerade ein ähnliches Thema mit Telekom VOIP und einer FritzBox hinter einer OPNsense Firewall.

Der hier bei sighunter [1] beschriebene Ansatz scheint vielversprechend zu sein, obwohl nicht alle für Telekom VOIP spezifizierten Ports [2] verwendet werden. Habe das selber noch nicht testen können, detailliertes Feedback dazu wie es dann funktioniert hat ist sehr willkommen.

Im Wesentlichen müssen wohl folgende Einstellungen vorgenommen werden:


  • Port Forwards (incoming) für Telekom VOIP (SIP) einrichten unter: Firewall --> NAT --> "Port Forward"
  • Firewall Rule(s) für Port Forwards (incoming) einrichten unter: Firewall --> Rules
  • "Manual outbound NAT" (outgoing) und entsprechenden outbound NAT Regel(n) einrichten und in der Regelliste nach oben verscheiben unter: Firewall --> NAT --> Outbound
  • Reset Firewall State unter: Firewall --> Diagnostics --> "States Reset"

Eine allgemeine Beschreibung zur Konfiguration von NAT für eine VOIP-Anlage befindet sich hier [3].

Best
Max


References
[1] sighunter - VoIP von der Telekom mit Fritzbox hinter pfSense: https://sighunter.wordpress.com/2014/08/24/voip-mit-fritzbox-hinter-pfsense/
[2] Telekom - Telekom VOIP Firewall Portfreischaltungen: https://www.telekom.de/hilfe/festnetz-internet-tv/ip-basierter-anschluss/einstellungen-fuer-die-ip-telefonie-mit-anderen-clients
[3] PFSense - PBX VoIP NAT How-to: https://doc.pfsense.org/index.php/PBX_VoIP_NAT_How-to
#7
16.7 Legacy Series / Re: IPSec Roadwarrior - access to the internet
October 11, 2016, 10:37:20 AM
Hi Rasmus,

I noticed similar behavour recently when using the "DNS Forwarder". Could it be that simply DNS is not working for you when connecting via VPN?

Enabling "Strict Interface Binding" including localhost for the "DNS Forwarder" worked for me:


  • Go to: Services -> "DNS Forwarder"
  • At "Interfaces" select: localhost + (e.g.) LAN + OPTIONAL_OTHER_INTERFACES
  • Try to reconnect your VPN client

Hope that works for you.

Best
Max
Pages1