Topics

1

General Discussion / Generate alarms on packet loss/gateway change and log them

« on: April 15, 2024, 11:02:58 am »

Hi,
I have some OPNsense with dual wan and I need to check quality of internet connections.
Obviously OPNsense change gateway automatically on packet loss or line down.
I need to receive an alarm when a line goes down or there is packet loss.
I would like also to have a centralized log for problems.
I am trying several monitoring solutions but all focus on monitoring cpu/mem usage or ethernet traffic and no one focus on gateway data.
Have you some suggestions?
Thanks,
Mario

2

24.1 Legacy Series / Set static ip in openvpn (no more custom parameters in CSO)

« on: February 07, 2024, 09:44:20 am »

Hi,
I have an openvpn where I fixed each client ip using CSO and putting ifconfig-push in the custom field.
Now custom field is no more but I badly need this feature: I need that clients always reconnecto with same ip!
How can I do it?
This is a serious showstopper for me and no I cannot change vpn type.
Thanks,
Mario

3

23.7 Legacy Series / Openvpn routes are applied only if I restarts it manually

« on: November 18, 2023, 09:32:44 am »

Hi,
I have several OPNSense "clients" that are linked to an OPNSense "server" using OpenVPN.
In each OPNSense I add also a zerotier vpn for service.
In one OPNSense, probably after adding zerotier, but I am not sure, the OpenVPN now fails adding routes.
At boot or if the OpenVPN restarts due to networki problems -> it does not add routes.
So I manually restart and correct routes appear!
I need to solve this problem can someone help me?

Thanks,
Mario

4

General Discussion / Rebuild failed disk

« on: April 19, 2023, 08:22:48 pm »

Hi,
I have an opnsense installation with two disks and zfs raid.
One disk broke and I am not able to rebuild it.
It has four partitions (I am using uefi).
I have tried to rebuild partitions following other forum threads but the disks still not boot, probably because boot sector is missing.
Have you a detailed guide to rebuild? It seems very important to me because you do raid because disks break, and when they do you need to replace them quickly.
Proxmox, for example, has built a script that rebuilds the disk structure when you replace a disk.
Thanks in advance for any help.
Mario

5

Virtual private networks / CSO Ignored in openvpn (again?)

« on: November 30, 2022, 05:51:44 pm »

Hi,
I have an opnsense (latest version), with three openvpn servers on it.
All servers are working and I can ping opnsense and all clients.
On second and third openvpn I have configured several CSO with additional routes.
In the second vpn the CSO are working perfectly and, infact, I see in the folder /var/etc/openvpn-csc/2 I see all cso currently active.
The folder /var/etc/openvpn-csc/3 is always empty and if I try to write manually a cso it is deleted after vpn restart.
I have borrowed configuration of openvpn n3 from openvpn n2 so I do not understand why CSO works only for openvpn n2.
Can you help me?
Thanks,
Mario

6

General Discussion / Plugin for rport.io agent

« on: May 31, 2022, 04:34:41 pm »

Hi,
where I can ask for new plugin?
I am interested in putting rport.io agent as an OPNSense plugin.
Thanks,
Mario

7

High availability / openvpn and HA and multiple wan

« on: May 29, 2022, 07:16:36 pm »

Hi,
I would like to get an update about using openvpn in HA setup and multiple wan (with failover on second wan): is it possible to have both?

Thanks,
Mario

8

22.1 Legacy Series / Not able to make second openvpn server working: routing, firewall or bug?

« on: April 14, 2022, 08:46:39 pm »

Hi,
I have a licensed OPNSense on Azure.
I have put an openvpn server on it and it works. I specify  I also use CSO.
Now I have to put a second openvpn server and I am not able to route traffic.
I can see with packet capture that traffic come into openvpn interface but it stops there.
I have searched other threads no workaround works for me (disable reply-to, tried firewall groups, tried enabling interfaces)
What can I do?
Thanks,
Mario

9

22.1 Legacy Series / Static routes are not exported by ospf

« on: April 10, 2022, 08:30:19 pm »

Hi,
I have configured ospf in three OPNSense firewalls.
It works: routes are distributed.
But if in one of three OPNSense I put a static route then no matter what I do it does not get distributed to other firewalls.
Can you help me?
Thanks,
Mario

10

21.7 Legacy Series / Possible bug in Zerotier in HA configuration

« on: October 14, 2021, 07:48:12 pm »

Hello,
I have a master slave Opnsense configuration.
I have add Zerotier plugin in both.
In the slave the zerotier interface has not appeared and I cannot assign it.
Is it possible that it is due that I have added zerotier when the firewall was in slave mode so something has not worked correctly?
Any ideas?
I have reinstalled plugin but I cannot assign interface....
Thanks,
Mario

11

21.7 Legacy Series / Ospf or rip over zerotier

« on: October 12, 2021, 08:54:43 pm »

Hi,
I am using 21.7.3_3
I have added zerotier and frr plugins.
I am trying to configure osfp or rip, without success.
I asked at zerotier and they confirm that they emulate a level2 network including broadcast and multicast.
The strange thing to me is that, after configuring ospf (and rip...) I go in routing/diagnostics general...osopf...log and all is empty.
Very strange to me expecially for log. It seems frr is doing nothing.
Does someone have a working config? Are there bugs in the gui?
Thanks,
Mario

12

High availability / How can I make zerotier and HA work together?

« on: May 29, 2021, 05:35:06 pm »

Hi,
I would like to make zerotier working in an HA setup.
What should I do? Put it in master and slave? And if I have routes?
Thanks,
Mario

13

21.1 Legacy Series / Wireguard speed on OPNsense and PFsense

« on: March 28, 2021, 12:36:43 pm »

Hello,
I have made two identical hetzner VMs, one with OPNsense 21.1.3 and one with PFsense 2.5
I have tried wireguard performance:
- PFsense wireguard saturates my client with 600mbit/s
- OPNsense wireguard reaches only 40mbits with 100% cpu on OPNsense.

I ask:
- is it due because OPNsense version is not in kernel?
- is it due because I have not correctly enabled aes-ni?
- what can I do?

Thanks,
Mario

14

Virtual private networks / Openvpn speed...

« on: March 22, 2021, 08:32:52 pm »

Hi,
I am testing openvpn speed under OPNSense.
Under linux with this tricks you can reach gigabit: https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux
With OPNSense I have tried also with cipher=none and auth=none but I reach 100% with 50/100mbits and not more. Please note that I am not using cipher so cpu is only moving and reassembling packets.
What is your experience?
Thanks,
Mario

15

21.1 Legacy Series / Can I challenge let's encrypt with opnsense natted?

« on: March 07, 2021, 01:23:27 am »

Hello,
I have an opnsense under a fttc modem. The wan in opnsense has a private ip (10.0.0.42).
It is not a so strange setup.
I would like to generate a letsencrypt certificate.
I cannot use dns challenge because my dns provider does not support api.
I need to use http challenge but my public ip is not locally configured on wan.
So what can I do, can you help me?
Thanks,
Mario