Messages

1

22.1 Legacy Series / Re: os-ddclient 1.7 - PHP Error

« on: June 30, 2022, 05:37:33 pm »

What about the other item 'must be accessible only by its owner (fixed)'
Is this something I need to address?

What really concerns me is that ddclient is not presenting itself to my Dynamic DNS service. Updates are not occurring. There are no log entries for this either.

2

22.1 Legacy Series / Re: os-ddclient 1.7 - PHP Error

« on: June 29, 2022, 11:39:15 pm »

ddclient does not work for me. the older legacy work fine for a couple years
I did the update to 1.7_2 which did fix the PHP errors.

Here is what I get now
2022-06-29T14:34:28-07:00   Notice   ddclient[96998]   34730 - [meta sequenceId="4"] WARNING: found neither ipv4 nor ipv6 address   
2022-06-29T14:34:17-07:00   Notice   ddclient[9503]   24521 - [meta sequenceId="3"] WARNING: file /usr/local/etc/ddclient.conf: file /usr/local/etc/ddclient.conf must be accessible only by its owner (fixed).

How to fix?

3

General Discussion / Re: SSH root password not working

« on: June 23, 2022, 08:20:32 pm »

<UPDATE>
I realized I needed the opnsense-shell, so I put it back, and now the root password works. Not sure what changing to /bin/csh did, but it fixed the problem.

4

General Discussion / Re: SSH root password not working

« on: June 23, 2022, 07:59:07 pm »

I use Notepad+. Never had an issue.

5

General Discussion / Re: SSH root password not working

« on: June 23, 2022, 07:08:59 pm »

This is how I edit files in OPNsense. I am not comfortable with the shell editor

6

General Discussion / Re: SSH root password not working

« on: June 23, 2022, 06:57:15 pm »

<SOLVED>
I had to change the Login shell to /bin/csh
What confused me is the production firewall is set to /usr/local/sbin/opnsense-shell and that works

Issue is, how to get it to work OOB. It really should.

7

General Discussion / Re: SSH root password not working

« on: June 23, 2022, 06:38:07 pm »

I just installed a fresh OPNsense install 22.1 and it does the same thing.
How do I get WinSCP to work?

8

General Discussion / Re: SSH root password not working

« on: June 23, 2022, 05:15:00 pm »

Integrated auth is on. I have user added to admins group. The read only privilege has been removed from config.xml. Since I cannot edit files via SFTP, I had to edit the config.xml from the backup and import it into OPNsense.
When I use WinSCP as the root user, I get pic1. When I login as admin user I can read but not write files as in pic2. My production firewall works fine logging in as root, so I know it is a setting somewhere and I matched the settings>administration settings to the test firewall.

When logging in from root, audit log shows this
error: PAM: Authentication error for root from x.x.x.x (IP removed for security reasons)

I tried remotely and on the local network.

9

General Discussion / SSH root password not working

« on: June 23, 2022, 01:43:36 am »

I can log into OPNsense via the console of GUI just fine, but I cannot use that same password in WinSCP. It says 'incorrect password'.
What do I need to do to get SFTP access?

10

22.1 Legacy Series / Multiple Gateway issues

« on: June 17, 2022, 11:35:29 pm »

Didn't receive any help on my Outbound NAT questions so I am taking a different approach to not do a group gateway.
I have a working OPNsense firewall with web and email servers. My goal is to add another WAN for use only by the LAN interface on the firewall.
So what I did was change the LAN gateway to the new WAN service and add the corresponding Outbound NAT. I have connectivity to the new WAN on the LAN now, but now there is no access to the servers on the firewall. Not sure what rules to add to gain access to the servers from the LAN now that both are running on different gateways. The servers run on different interfaces on the same firewall.

I am not trying to do Multi-WAN. Just want the LAN to use it's own gateway.

Can anyone help with this?

11

22.1 Legacy Series / Outbound NAT with dual wan

« on: June 16, 2022, 08:34:36 pm »

I am trying to setup load balancing with two WAN's for my LAN network. I followed the guide, but have issues with connectivity and I think it may be because of the outbound NAT settings. I have Outbound NAT set to manual and have a rule that sets the LAN network to one WAN interface and NAT'ing to a virtual IP on one of the primary WAN interface.

One WAN (primary) has static virtual IP's, the other WAN is DHCP.

Do I need to add another Outbound NAT rule for the DHCP WAN?

The other option is to not use multi-WAN group gateways and put the DHCP WAN as the LAN gateway, but how would The Outbound NAT be configured?

To complicated matters, two computers on the LAN must have some ports accessible on the primary WAN.

12

22.1 Legacy Series / Can't access local websites

« on: May 14, 2022, 12:22:08 am »

I can't access local websites anymore. I know I use to do it, but there have been many updates since then.
Websites are all accessible externally, just not within my local LAN network.
I have NAT 1:1, reflection enabled, and Port Forwards enabled.
Local subnet is 192.168.100.1/24. For example, one webserver is @ 192.168.20.34 and the other 192.168.1.101
Can't use one rule because there are different webservers on different IP's. Can't get to any of them from the local network. All the webservers are on different external IP's via IP alias'es.
All webservers do have a second NIC going to the 192.168.100 subnet so I can access the files. But IIS is not tied to those IP's
Any assistance is helpful. Thanks

13

22.1 Legacy Series / Re: 22.1.6 Update - Cannot access certain websites/services

« on: April 17, 2022, 10:01:30 pm »

Reinstalled OPNsense 22.1.2 and facebook worked. Then updated to 22.1.6. Still works. Maybe a bad install first time. I will slowly reinstate my configuration and see if any steps has issues.

Also seems to respond better now

14

22.1 Legacy Series / Re: 22.1.6 Update - Cannot access certain websites/services

« on: April 17, 2022, 09:26:30 pm »

No unusual firewall blocks in the logs. I tried every Facebook owned sites and none of them open. I haven't found any other site that didn't open. Very strange. What is it that Facebook does differently? I can't even get to them via their IP address. No problem on the other firewall. I even tried a default OPNsense install with nothing else modified.

I can ping facebook with no problem. They must have some handshaking that is not working with OPNsense.

15

22.1 Legacy Series / Re: 22.1.6 Update - Cannot access certain websites/services

« on: April 17, 2022, 08:07:32 pm »

I also notice many sites are not reachable. facebook and instagram are among them. Twitter, Tiktok, and Google work fine. Tried to get to facebook via IP and still not reachable, so not a DNS issue.

By the way I am testing a new box with OPNsense 22.1.6 on a separate internet connection. My production firewall , using v 21.7.8, has no issues getting to these sites.