OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of greY »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - greY

Pages: [1]
1
24.7 Production Series / Traffic source on S2S VPN tunnel
« on: August 21, 2024, 02:50:08 pm »
hey

I see some packets are being blocked coming from a S2S wireguard tunnel to the OPNSENSE. On the other side (also OPNSENSE) I don's see any device that is talking on that port.

Does anybody have an idea how to investigate that?

Topology is:
OPNSENSE1 <---S2S WG-->OPNSENSE2

thx

2
General Discussion / Static Routing vs Firewall based
« on: May 31, 2024, 02:11:29 pm »
Hi

is there a general difference in using static routes configuration vs configuring routes using FW rules and pointing them to the right gateway?

I did some tests and both works, I see more flexibility in using FW rules. Would like to ask if there is a general case when static routes should be used?

thx

3
Intrusion Detection and Prevention / [resolved] Suricata stopped working after updating to 22.10 BE
« on: October 31, 2022, 11:44:41 am »
Hi

the service stopped working after updating to 22.10 business edition. This is what I can see in the logs, tried to activate on different interfaces, all the same issue.
Any ideas?

Code: [Select]
2022-10-31T11:39:31 Error suricata [107141] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:ix0/R failed: Cannot allocate memory
2022-10-31T11:39:02 Error suricata [107014] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb5^ failed: Cannot allocate memory
2022-10-31T11:38:35 Error suricata [106896] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb5^ failed: Cannot allocate memory
2022-10-31T11:38:08 Error suricata [106796] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb5^ failed: Cannot allocate memory
2022-10-31T11:12:50 Error suricata [101682] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb6^ failed: Cannot allocate memory
2022-10-31T11:10:00 Error suricata [100664] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igb6^ failed: Cannot allocate memory
greY

4
Zenarmor (Sensei) / Adding trunk interface breaks vlan routing
« on: October 22, 2022, 08:41:53 pm »
Hi,
looks like adding the trunk interface to the protected interfaces breaks the routing between VLANs.
Can anybody confirm?

Adding single VLANs seems to be OK, but then not able to protect the LAN...

Deployment mode: Routed Mode (L3 Mode, Reporting + Blocking) with native netmap driver
Engine Version: 1.11.5 View Release Notes Version History
UI Version: 22.9.22
Database Version: 1.11.22092202
OPNsense 22.7.6-amd64

HW offload is default/disabled


greY

5
22.7 Legacy Series / Activation issue
« on: October 14, 2022, 12:26:25 pm »
Hi
trying to activate business edition from the community edition (22.7.5).
Seems it has an issue getting the right packages

I attached a few screenshots of the configuration, any ideas how to fix it?
Would like to avoid a fresh install of BE if possible.

greY

6
Zenarmor (Sensei) / VLAN DHCP not working
« on: March 12, 2021, 09:58:35 pm »
Hi

my setup is:
- LAN with 3 VLANS (10, 11 and 1010)
- DHCP relay, forwarding do an MS DHCP service
- Sensei 1.8

If sensei is configured for the parent LAN interface, all VLANs will not get IPs over DHCP. If sensei is configured for all VLANS (but LAN), DHCP for all interfaces is working as expected.

Does anybody have an idea what is going on there?

br
greY

7
General Discussion / Firewall Rule
« on: February 15, 2021, 10:36:23 pm »
Hi

hope, somebody can help to understand or to fix a FW rule issue between LAN and a VLAN.
I have a screenshot attached, with a blocked packet due to a "default deny rule".
At the same time there is a "Default allow LAN to any rule" ;) ... 

Any ideas what's the issue could be? I'm on OPNsense 21.1.1-amd64

thx
greY



8
General Discussion / [solved] route issue on connections over site 2 site vpn
« on: February 12, 2019, 10:16:40 pm »
Hi
I have users connected over a IPSEC site to site VPN. They cannot access web sites behind haproxy (reverse proxy).

I see passing connections in the firewall logs but nothing in the haproxy logs (only local requests). It seems like a kind of issue with routing from requests coming over IPSEC...

Any ideas how to fix / check this?

9
Web Proxy Filtering and Caching / [solved] Haproxy configuration
« on: January 17, 2019, 08:10:38 pm »
hi guys
does here anybody has configured multiple servers behind haproxy (reverse proxy)?
I have the issue that only the last configured rule is being applied - but to all host names. It is also owerwriting all requests.

10
18.7 Legacy Series / haproxy + let's encrypt with multiple backends
« on: January 14, 2019, 09:56:12 pm »
Hi guys
does anybody here have haproxy with let's encrypt up and running with more than one backend?

I have the issue that only the last configured destination is working, all others will get the wrong certificate (that one from the last configured backend)...

also opened on github: https://github.com/opnsense/plugins/issues/1124

11
German - Deutsch / [gelöst]IPSec Site to Site VPN mit USG nicht beständig
« on: December 27, 2018, 09:03:40 pm »
Hallo,

ich habe ein IPSec S2S VPN zwischen einem Unifi USG (WAN yy.yy.yy.yy) und OPNSnese 18.7.9 (WAN xx.xx.xx.xx) - die Verbindung wir initial aufgebaut und es funktioniert soweit wie erwartet.

Problem scheint zu sein, dass eine Re-Authentication nicht funktioniert. Hat jemand etwas vergleichbares am laufen oder hat einen Hinweis?

LOG - OPNSense
Code: [Select]
Dec 27 18:22:14 charon: 14[NET] <con1|1> sending packet: from xx.xx.xx.xx[4500] to yy.yy.yy.yy[4500] (76 bytes)
Dec 27 18:22:14 charon: 14[ENC] <con1|1> generating CREATE_CHILD_SA response 1 [ N(NO_PROP) ]
Dec 27 18:22:14 charon: 14[IKE] <con1|1> failed to establish CHILD_SA, keeping IKE_SA
Dec 27 18:22:14 charon: 14[IKE] <con1|1> no acceptable proposal found
Dec 27 18:22:14 charon: 14[CFG] <con1|1> configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:BLOWFISH_CBC_256/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:BLOWFISH_CBC_192/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:BLOWFISH_CBC_128/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
Dec 27 18:22:14 charon: 14[CFG] <con1|1> received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Dec 27 18:22:14 charon: 14[ENC] <con1|1> parsed CREATE_CHILD_SA request 1 [ SA No TSi TSr ]
Dec 27 18:22:14 charon: 14[NET] <con1|1> received packet: from yy.yy.yy.yy[4500] to xx.xx.xx.xx[4500] (236 bytes)
Dec 27 18:22:14 charon: 14[JOB] CHILD_SA ESP/0xca7a7672/xx.xx.xx.xx not found for rekey
Dec 27 18:22:13 charon: 14[JOB] CHILD_SA ESP/0xca7a7672/xx.xx.xx.xx not found for rekey
Dec 27 18:22:02 charon: 12[IKE] <con1|1> failed to establish CHILD_SA, keeping IKE_SA
Dec 27 18:22:02 charon: 12[IKE] <con1|1> received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Dec 27 18:22:02 charon: 12[ENC] <con1|1> parsed CREATE_CHILD_SA response 225 [ N(NO_PROP) ]
Dec 27 18:22:02 charon: 12[NET] <con1|1> received packet: from yy.yy.yy.yy[4500] to xx.xx.xx.xx[4500] (76 bytes)
Dec 27 18:22:02 charon: 12[NET] <con1|1> sending packet: from xx.xx.xx.xx[4500] to yy.yy.yy.yy[4500] (588 bytes)
Dec 27 18:22:02 charon: 12[ENC] <con1|1> generating CREATE_CHILD_SA request 225 [ N(ESP_TFC_PAD_N) SA No KE TSi TSr ]
Dec 27 18:22:02 charon: 12[IKE] <con1|1> establishing CHILD_SA con1{223}
Dec 27 18:22:02 charon: 12[ENC] <con1|1> parsed INFORMATIONAL response 224 [ ]
Dec 27 18:22:02 charon: 12[NET] <con1|1> received packet: from yy.yy.yy.yy[4500] to xx.xx.xx.xx[4500] (76 bytes)
Dec 27 18:22:01 charon: 12[NET] <con1|1> sending packet: from xx.xx.xx.xx[4500] to yy.yy.yy.yy[4500] (76 bytes)
Dec 27 18:22:01 charon: 12[ENC] <con1|1> generating INFORMATIONAL request 224 [ ]
Dec 27 18:22:01 charon: 12[KNL] <con1|1> unable to delete SAD entry with SPI c62702d8: No such process (3)
Dec 27 18:22:01 charon: 12[KNL] <con1|1> unable to delete SAD entry with SPI ca7a7672: No such process (3)
Dec 27 18:22:01 charon: 12[IKE] <con1|1> CHILD_SA closed
Dec 27 18:22:01 charon: 12[IKE] <con1|1> received DELETE for ESP CHILD_SA with SPI c62702d8
Dec 27 18:22:01 charon: 12[ENC] <con1|1> parsed INFORMATIONAL response 223 [ D ]
Dec 27 18:22:01 charon: 12[NET] <con1|1> received packet: from yy.yy.yy.yy[4500] to xx.xx.xx.xx[4500] (76 bytes)
Dec 27 18:22:01 charon: 12[KNL] creating delete job for CHILD_SA ESP/0xc62702d8/yy.yy.yy.yy
Dec 27 18:22:01 charon: 12[NET] <con1|1> sending packet: from xx.xx.xx.xx[4500] to yy.yy.yy.yy[4500] (76 bytes)
Dec 27 18:22:01 charon: 12[ENC] <con1|1> generating INFORMATIONAL request 223 [ D ]
Dec 27 18:22:01 charon: 12[IKE] <con1|1> scheduling CHILD_SA recreate after hard expire
Dec 27 18:22:01 charon: 12[IKE] <con1|1> sending DELETE for ESP CHILD_SA with SPI ca7a7672
Dec 27 18:22:01 charon: 12[IKE] <con1|1> closing expired CHILD_SA con1{1} with SPIs ca7a7672_i c62702d8_o and TS 10.0.0.0/24 === 10.0.10.0/24
Dec 27 18:22:01 charon: 07[KNL] creating delete job for CHILD_SA ESP/0xca7a7672/xx.xx.xx.xx
Dec 27 18:22:00 charon: 07[IKE] <con1|1> CHILD_SA rekeying failed, trying again in 14 seconds
Dec 27 18:22:00 charon: 07[IKE] <con1|1> failed to establish CHILD_SA, keeping IKE_SA
Dec 27 18:22:00 charon: 07[IKE] <con1|1> received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Dec 27 18:22:00 charon: 07[ENC] <con1|1> parsed CREATE_CHILD_SA response 222 [ N(NO_PROP) ]
Dec 27 18:22:00 charon: 07[NET] <con1|1> received packet: from yy.yy.yy.yy[4500] to xx.xx.xx.xx[4500] (76 bytes)
Dec 27 18:21:59 charon: 07[NET] <con1|1> sending packet: from xx.xx.xx.xx[4500] to yy.yy.yy.yy[4500] (604 bytes)
Dec 27 18:21:59 charon: 07[ENC] <con1|1> generating CREATE_CHILD_SA request 222 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No KE TSi TSr ]
Dec 27 18:21:59 charon: 07[IKE] <con1|1> establishing CHILD_SA con1{222} reqid 1
Dec 27 18:21:58 charon: 12[IKE] <con1|1> CHILD_SA rekeying failed, trying again in 15 seconds
Dec 27 18:21:58 charon: 12[IKE] <con1|1> failed to establish CHILD_SA, keeping IKE_SA
Dec 27 18:21:58 charon: 12[IKE] <con1|1> received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Dec 27 18:21:58 charon: 12[ENC] <con1|1> parsed CREATE_CHILD_SA response 221 [ N(NO_PROP) ]
Dec 27 18:21:58 charon: 12[NET] <con1|1> received packet: from yy.yy.yy.yy[4500] to xx.xx.xx.xx[4500] (76 bytes)
Dec 27 18:21:58 charon: 12[NET] <con1|1> sending packet: from xx.xx.xx.xx[4500] to yy.yy.yy.yy[4500] (604 bytes)
Dec 27 18:21:58 charon: 12[ENC] <con1|1> generating CREATE_CHILD_SA request 221 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No KE TSi TSr ]
Dec 27 18:21:58 charon: 12[IKE] <con1|1> establishing CHILD_SA con1{221} reqid 1
LOG USG:
Code: [Select]
Dec 27 18:01:17 04[KNL] creating delete job for ESP CHILD_SA with SPI c2691399 and reqid {9}
Dec 27 18:01:18 14[KNL] creating acquire job for policy 10.0.10.248/32[udp/53190] === 10.0.0.1/32[udp/domain] with reqid {9}
Dec 27 18:01:18 09[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:04:03 03[KNL] creating delete job for ESP CHILD_SA with SPI c54b5f4e and reqid {9}
Dec 27 18:04:07 07[KNL] creating acquire job for policy 10.0.10.248/32[udp/53190] === 10.0.0.1/32[udp/domain] with reqid {9}
Dec 27 18:04:07 06[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:06:52 06[KNL] creating delete job for ESP CHILD_SA with SPI c7b48a1a and reqid {9}
Dec 27 18:06:58 13[KNL] creating acquire job for policy 10.0.10.35/32[udp/57351] === 10.0.0.2/32[udp/ldap] with reqid {9}
Dec 27 18:06:58 05[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:09:43 16[KNL] creating delete job for ESP CHILD_SA with SPI ca2da94e and reqid {9}
Dec 27 18:09:46 14[KNL] creating acquire job for policy 10.0.10.247/32[udp/43198] === 10.0.0.1/32[udp/domain] with reqid {9}
Dec 27 18:09:46 03[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:12:31 03[KNL] creating delete job for ESP CHILD_SA with SPI c17c60b9 and reqid {9}
Dec 27 18:12:34 01[KNL] creating acquire job for policy 10.0.10.10/32[udp/ntp] === 10.0.0.2/32[udp/ntp] with reqid {9}
Dec 27 18:12:34 07[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:15:19 04[KNL] creating delete job for ESP CHILD_SA with SPI c18b1a25 and reqid {9}
Dec 27 18:15:21 09[KNL] creating acquire job for policy 10.0.10.10/32[tcp/53470] === 10.0.0.10/32[tcp/webmin] with reqid {9}
Dec 27 18:15:21 14[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:18:06 14[KNL] creating delete job for ESP CHILD_SA with SPI cf80d564 and reqid {9}
Dec 27 18:18:06 03[KNL] creating acquire job for policy 10.0.10.36/32[udp/65109] === 10.0.0.4/32[udp/domain] with reqid {9}
Dec 27 18:18:06 07[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:20:51 06[KNL] creating delete job for ESP CHILD_SA with SPI caf65c20 and reqid {9}
Dec 27 18:20:57 13[KNL] creating acquire job for policy 10.0.10.2/32[tcp/63902] === 10.0.0.2/32[tcp/loc-srv] with reqid {9}
Dec 27 18:20:57 05[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:23:42 16[KNL] creating delete job for ESP CHILD_SA with SPI cb037b0d and reqid {9}
Dec 27 18:23:43 14[KNL] creating acquire job for policy 10.0.10.2/32[tcp/63918] === 10.0.0.2/32[tcp/ldap] with reqid {9}
Dec 27 18:23:43 11[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:26:28 14[KNL] creating delete job for ESP CHILD_SA with SPI c752c11f and reqid {9}
Dec 27 18:26:30 07[KNL] creating acquire job for policy 10.0.10.2/32[tcp/63932] === 10.0.0.2/32[tcp/loc-srv] with reqid {9}
Dec 27 18:26:30 01[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:29:15 13[KNL] creating delete job for ESP CHILD_SA with SPI c322f689 and reqid {9}
Dec 27 18:29:17 16[KNL] creating acquire job for policy 10.0.10.35/32[udp/61295] === 10.0.0.4/32[udp/domain] with reqid {9}
Dec 27 18:29:17 16[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:32:02 04[KNL] creating delete job for ESP CHILD_SA with SPI cf7ba97e and reqid {9}
Dec 27 18:32:04 09[KNL] creating acquire job for policy 10.0.10.249/32[udp/42332] === 10.0.0.1/32[udp/domain] with reqid {9}
Dec 27 18:32:04 11[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:34:49 16[KNL] creating delete job for ESP CHILD_SA with SPI c17d055c and reqid {9}
Dec 27 18:34:55 14[KNL] creating acquire job for policy 10.0.10.36/32[udp/62771] === 10.0.0.4/32[udp/domain] with reqid {9}
Dec 27 18:34:55 07[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:37:40 05[KNL] creating delete job for ESP CHILD_SA with SPI c7f33e28 and reqid {9}
Dec 27 18:37:42 09[KNL] creating acquire job for policy 10.0.10.2/32[tcp/63971] === 10.0.0.2/32[tcp/loc-srv] with reqid {9}
Dec 27 18:37:42 13[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:40:27 13[KNL] creating delete job for ESP CHILD_SA with SPI c005197d and reqid {9}
Dec 27 18:40:28 11[KNL] creating acquire job for policy 10.0.10.35/32[udp/50850] === 10.0.0.4/32[udp/domain] with reqid {9}
Dec 27 18:40:28 03[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:43:13 01[KNL] creating delete job for ESP CHILD_SA with SPI c5d2257e and reqid {9}
Dec 27 18:43:13 15[KNL] creating acquire job for policy 10.0.10.10/32[tcp/44374] === 10.0.0.10/32[tcp/webmin] with reqid {9}
Dec 27 18:43:13 06[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:45:58 14[KNL] creating delete job for ESP CHILD_SA with SPI cf48c9d0 and reqid {9}
Dec 27 18:46:10 05[KNL] creating acquire job for policy 10.0.10.10/32[tcp/45756] === 10.0.0.10/32[tcp/webmin] with reqid {9}
Dec 27 18:46:10 13[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:48:55 14[KNL] creating delete job for ESP CHILD_SA with SPI c03f73ae and reqid {9}
Dec 27 18:48:56 04[KNL] creating acquire job for policy 10.0.10.2/32[tcp/64015] === 10.0.0.2/32[tcp/loc-srv] with reqid {9}
Dec 27 18:48:56 05[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:51:41 16[KNL] creating delete job for ESP CHILD_SA with SPI c512e977 and reqid {9}
Dec 27 18:52:19 07[KNL] creating acquire job for policy 10.0.10.247/32[udp/43198] === 10.0.0.1/32[udp/domain] with reqid {9}
Dec 27 18:52:19 06[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:55:04 15[KNL] creating delete job for ESP CHILD_SA with SPI c70209a6 and reqid {9}
Dec 27 18:55:07 05[KNL] creating acquire job for policy 10.0.10.10/32[tcp/52598] === 10.0.0.10/32[tcp/webmin] with reqid {9}
Dec 27 18:55:07 09[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 18:55:40 01[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> deleting IKE_SA peer-xx.xx.xx.xx-tunnel-0[3] between yy.yy.yy.yy[yy.yy.yy.yy]...xx.xx.xx.xx[xx.xx.xx.xx]
Dec 27 18:55:40 01[IKE] <peer-xx.xx.xx.xx-tunnel-0|3> IKE_SA deleted
Dec 27 18:55:42 06[IKE] <4> xx.xx.xx.xx is initiating an IKE_SA
Dec 27 18:55:42 07[IKE] <peer-xx.xx.xx.xx-tunnel-0|4> IKE_SA peer-xx.xx.xx.xx-tunnel-0[4] established between yy.yy.yy.yy[yy.yy.yy.yy]...xx.xx.xx.xx[xx.xx.xx.xx]
Dec 27 18:55:42 07[IKE] <peer-xx.xx.xx.xx-tunnel-0|4> CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9} established with SPIs c62702d8_i ca7a7672_o and TS 10.0.10.0/24 === 10.0.0.0/24
Dec 27 18:57:52 03[KNL] creating delete job for ESP CHILD_SA with SPI cf4db89e and reqid {9}
Dec 27 19:25:44 16[IKE] <peer-xx.xx.xx.xx-tunnel-0|4> closing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9} with SPIs c62702d8_i (649276 bytes) ca7a7672_o (10290589 bytes) and TS 10.0.10.0/24 === 10.0.0.0/24
Dec 27 19:25:56 04[KNL] creating acquire job for policy 10.0.10.249/32[udp/42332] === 10.0.0.1/32[udp/domain] with reqid {9}
Dec 27 19:25:56 09[IKE] <peer-xx.xx.xx.xx-tunnel-0|4> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 19:28:41 13[KNL] creating delete job for ESP CHILD_SA with SPI c83837e9 and reqid {9}
Dec 27 19:28:55 05[KNL] creating acquire job for policy 10.0.10.247/32[udp/43198] === 10.0.0.1/32[udp/domain] with reqid {9}
Dec 27 19:28:55 01[IKE] <peer-xx.xx.xx.xx-tunnel-0|4> establishing CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9}
Dec 27 19:28:59 11[IKE] <peer-xx.xx.xx.xx-tunnel-0|4> deleting IKE_SA peer-xx.xx.xx.xx-tunnel-0[4] between yy.yy.yy.yy[yy.yy.yy.yy]...xx.xx.xx.xx[xx.xx.xx.xx]
Dec 27 19:28:59 11[IKE] <peer-xx.xx.xx.xx-tunnel-0|4> IKE_SA deleted
Dec 27 19:29:01 06[IKE] <5> xx.xx.xx.xx is initiating an IKE_SA
Dec 27 19:29:01 14[IKE] <peer-xx.xx.xx.xx-tunnel-0|5> IKE_SA peer-xx.xx.xx.xx-tunnel-0[5] established between yy.yy.yy.yy[yy.yy.yy.yy]...xx.xx.xx.xx[xx.xx.xx.xx]
Dec 27 19:29:01 14[IKE] <peer-xx.xx.xx.xx-tunnel-0|5> CHILD_SA peer-xx.xx.xx.xx-tunnel-2{9} established with SPIs c5c0811a_i c0da16a2_o and TS 10.0.10.0/24 === 10.0.0.0/24
Die Verbindung funktioniert wieder für einge Minuten, wenn der VPN Server an der OPNSense neu gestartet wird.

VG

12
17.7 Legacy Series / No internet connection after upgrade
« on: August 02, 2017, 10:01:28 pm »
Hi guys!
after upgrade from 17.1.11 to 17.7 no internet connection is possible.

-WAN interface is online and gets an IP over DHCP
-WAN DHCP gateway is also shown as online

But still no connection is possible (no ping, no dns lookup possible)

Do you have any ideas where to check for the issue?

Alex

13
17.1 Legacy Series / [SOLVED] S2S OpenVPN - Firewall issues
« on: March 09, 2017, 10:06:35 pm »
Hi folks,
I have a site 2 site vpn between two OPNSENSE boxes. The connection itself is up and running.  My issue is that I cannot access each site from the other.

The server side configured firewall is like this


The firewall monitoring (server) is still showing some blocks


I don't understand this behaviour. What's wrong here?

br,Alex

--> fixed it by disabling IPV6 and allowing "Dynamic IPs" on Server

14
16.1 Legacy Series / One Time Password issue (?)
« on: June 12, 2016, 07:58:23 pm »
I'm following this guide to configure a two-factor authentication
https://docs.opnsense.org/manual/how-tos/two_factor.html

After it I'm going to System >> Access >> Tester and always get an "Authentication failed." message.

Can anybody confirm that two factor authentication is working? I'm using this app https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2


15
16.1 Legacy Series / [SOVED] No DNS Resolution
« on: March 29, 2016, 03:19:40 pm »
Hi
I'm on OPNSense 16.1.8. Before this issue I tried to switch between the DNS Forwarder and DNS Resolver.
THe DNS Lookup is now only working from the OPNSense box itself. From the connected PC's Im able to ping IP addresses from Internet but unable to open any sites.
I already tried the factory reset als well ... with no success.

Thx for any hints to fix/troubleshoot this.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2