Messages

1

23.7 Legacy Series / Re: PPPoE over vlan MTU not honored

« on: October 21, 2023, 03:33:50 pm »

Just to confirm, as i'm seeing the github issue closed/fixed, did this fix your problem and did youget this to work again? I'm still having issue (any ping size > 1464 is dropped) but suspect it's my config, can you confirm my settings are correct?

ethernet interface mtu: 1512
vlan interface mtu: not specified
pppoe interface: 1508

Looking on the cli i can see that the vlan interface is assisgned the mtu of 1508 automatically and the pppoe interface lists mtu 1500

Thanks,
Z

2

22.1 Legacy Series / Re: What firewall rule blocks my traffic

« on: June 08, 2022, 03:29:17 pm »

After some more investigation i found the firewall logs did not show entries because the traffic was actually allowed.

I've tried connecting with curl from a machine in the 111.0/24 network, this throws a cryptic error.

[root@controller ~]# curl -vvvv  https://192.168.111.2
* Rebuilt URL to: https://192.168.111.2/
*   Trying 192.168.111.2...
* TCP_NODELAY set
* Connected to 192.168.111.2 (192.168.111.2) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 192.168.111.2:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 192.168.111.2:443

3

22.1 Legacy Series / What firewall rule blocks my traffic

« on: June 08, 2022, 02:32:36 pm »

Hi there,

I have a strange issue to troubleshoot.
I have setup that looks like this:

Provider-Router (wan: x.x.x.x, lan: 192.168.111.1/24) -> Opnsense (wan: 192.168.111.2/24, lan: 192.168.112.0/24)

I know this setup is not ideal but it is something i have to deal with for now.
Some of my clients are connected on the provider-router's wifi and receive a dhcp ip from the 111.0/24 subnet.
I want these clients to be able to connect to the opnsense management interface on the WAN address.

To make this possible i;
- Disabled the block bogon networks setting
- Disabled the block private networks setting
- Created an allow rule on the WAN interface that allows 80/443

I am however still unable to access the management interface.

I was hoping that i was able to monitor whats beeing blocked by navigating to:
Firewall > Log files > Live view

But for whatever reason i dont see the traffic beeing blocked there.

I know for a fact that something on opnsense is blocking my traffic since a "pfctl -d" through the command line magically makes things work as expected.

Can anyone point me in the right direction how i can monitor what's actually dropping my request?

Thanks!
Z