Topics

1

24.7 Production Series / Can we now use the openvpn client 2.6.x for windows? (sovled) USE "File Only"

« on: October 17, 2024, 12:06:51 pm »

I remember a while ago there was a problem with openvpn where we couldn't install openvpn client 2.6.x or newer because of compatibility issues. Is this problem now fixed with the latest version of opnsense? can I simply replace my 2.5.x with 2.6.x openvpn gui clients for windows?

2

23.7 Legacy Series / Unable to delete openvpn instance static key

« on: August 04, 2023, 12:56:05 pm »

trying to delete an openvpn instance static key, but unable to do so. get an error message

3

General Discussion / opnsense box not pinging anything on the internet. But internet works!

« on: July 17, 2023, 11:42:27 am »

I have a very weird problem - opnsense box cannot do any ping to WAN/Internet.
(which is why even the WAN gateway shows offline)

- All computers on LAN can ping and access ALL resources on the internet.
- opnsense box can't ping anything on the internet
- opnsense box CAN ping everything on the LAN side
- port probe works fine (I ran a 443 check on google.com)

- for test purposes I even did a allow all rule for all protocols everywhere, it didn't work.

4

23.1 Legacy Series / Encryption algorithm (deprecated)

« on: May 20, 2023, 07:05:07 pm »

While making a new openvpn server in Opnsense (road warrior / remote access)
I saw "Encryption Algorithm" had a text saying "depcrecated"
with the following line:

"Cipher selection for older clients. Only preserved for backwards compatibility reasons."

Does that mean that it will auto negotiate select the encryption algorithm when the client connects to the openvpn server on opnsense? (for a while I thought encryption altogether is disabled, but that seemed silly )

5

23.1 Legacy Series / ALL 3 gateways flapping after latest 23.1.7 update

« on: May 05, 2023, 12:28:35 pm »

I use multiwan with different priorities for gateways.
default gateway switching is enabled.
all three gateways are marked as upstream gateways. Everything was fine until I upgraded to 23.1.17

Now all three gateways go offline and online repeatedly at the same time. This has caused a major outage.

In the release notes I read the line
:"system: restructure routing to carry out default gateway switching and address family specific reconfig"

Would this have anything to do with my problem?
Thank you.

6

21.7 Legacy Series / SOLVED - phantom interface? how do I get rid of it?

« on: September 13, 2021, 09:34:42 pm »

So long story short, MY Zerotier interface got nuked for some reason.
after deleting the plugin, deleting the /var/db/zerotier-one folder etc, I cannot seem to get rid of a phantom zerotier interface that shows up in the interface -> assignments section.

at this point there is no zerotier configuration, no networks no nothing.

see attached.

7

General Discussion / Feature Request: Description for each entry when creating aliases

« on: July 23, 2021, 05:00:42 pm »

Hello,

Is there any planned feature for having a description box for each entry in the "content" section of the aliases?

This is very handy when using a large number of IPs or domain names in the aliases.
This would allow you to identify what each of the IP/domain/entry in the content section.

I had actually seen this in Pfsense many years ago (before switching to opnsense a few years ago)
see attached

8

General Discussion / directly update to the latest version and skip everything in between?

« on: May 30, 2021, 05:27:14 pm »

Hello,

I was wondering if it was possible to just directly update to the latest version?

So for example, say I was running 19.7. Could I directly update to 21.6?
Or is it mandatory to go through all the updates in between?

Thank you.

9

21.1 Legacy Series / Running a single openvpn server on multiple WAN interfaces? SOLVED

« on: May 13, 2021, 05:55:29 pm »

Hello,

I have 3 WAN interfaces. I have created a single openvpn remote access server. Selected the interface as "any".

However, I am able to only connect via ONE specific out of the Three interfaces. I am simply changing the "remote" line in the openvpn config file to test this.

Things that I have verified:
a) Firewall rules on all all three interfaces are the same
b) I AM able to successfully able to connect via each of the WAN interfaces if I just select that specific interface in the openvpn server settings instead of "Any"

So the simple questions is: Why I am not able to connect via any WAN interface if I am setting the interfaces as "Any" in the server settings.

In a previous similar post (posted by me) . someone gave the following solution:

"One workaround would be to bind it to localhost and add port forwards from WAN interfaces and port to localhost and port."

And if the above is the only solution, what is the point of having the "Any" option

10

20.7 Legacy Series / PHP fatal error: allowed memory size exhausted

« on: December 23, 2020, 12:13:22 pm »

Tried to go to the diagnostic states summary page, but it ends with a fatal error.

Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 20480 bytes) in /usr/local/www/diag_states_summary.php on line 50

I am guessing somewhere I have to edit the PHP file? can someone tell me where it is located?

P.S - The other states related pages don't open either
/diag_resetstate.php
/diag_dump_states.php

11

Virtual private networks / OpenVPN on multiple interfaces?

« on: December 23, 2020, 08:17:59 am »

Is there a way to choose multiple interfaces to run a single openvpn server on? sometimes the primary connection will go down and there's no way for VPN users to get connected. I remember pfsense having this before I migrated to OPNSense

12

20.7 Legacy Series / Unable to open some websites via opnsense - factory defaults! (SOLVED)

« on: October 12, 2020, 12:41:01 pm »

I am unable to open some websites.

Background:
- Have a PPPOE from a local ISP that hands out pvt IP addresses for WAN (they use CGNAT)
- Some websites: jbl.com retail.onlinesbi.com pioneer-india.in atlassian.com and MANY MORE Do not open.
browser says "ERR_TIMED_OUT"

However, if I directly plug the ISP into my laptop (via ethernet) and dial PPPoE all websites work!
This leads me to believe the problem is with OPNsense. This problem began about 10days ago I guess.

Things i've tried so far / diagnostics
- Reset to factory default
- Updated to the latest OPNSense version
- Made sure "block private/bogon networks" is NOT checked.
- No rules that block any of these things. Infact no rules at all except the default allow rules
- running a traceroute from both scenarios (via opensense and directly on the laptop using PPPoE) yield the same results, so its not a routing issue from the ISP or whatever.
- IPv6 configuration type is set to "None" in both LAN/WAN interfaces
- Disabled the ipv6 gateway WAN_GW that is automatically created when PPPoE is connected.
- Ensured the only ipv4 gateway is set as default
- no static route entries or any entires that show anything out of the norm.

- Also noticed, if I use a VPN program on my phone/pc, I am able to open all those websites.

So why would it work via VPN (via opnsense)
and why would it work when ISP is directly plugged in to my laptop with PPPoE
but NOT work via a factory default opnsense?

Thanks! Spent hours on this but to no avail.

13

General Discussion / HA Proxy load balancer with 2 squid servers in the backend?

« on: April 25, 2018, 10:58:39 am »

Hello,

An organization's requirements is caching as they have almost 1000 users. Currently they just have 1 squid server which is crashing all the time, with sluggish browsing speeds.

They have recently purchased 3 new servers and want to set up the following:

HA Proxy (device 1) Squid proxy 1 (device 2) Squid proxy 2 (Device 3)

So I have 2 questions:

1) Can the above scenario be achieved

2) Instead of installing centos + ha proxy + squid and managing them by hand (CLI), Can I use OPNsense instead? I was thinking turn off routing / firewall and just use HA proxy plugin with built-in caching proxy.

Thank you.

14

General Discussion / Reasons why I am seriously considering switching to OpnSense

« on: June 08, 2016, 04:38:53 pm »

This is my first post.

Don't want to start a war here. Just a first impression" IMHO.

Am currently evaluating OPNsense and what I have found so far. I am waiting for the July update (mainly because of the https proxy feature)!

1) PfSense's license!
many of us resell hardware in many forms (rebranding, customizations etc)

I respect their trademark and their names "Pfsense, etc" However,
This is the line that annoys me the most:

"All advertising materials mentioning features or use of this software must display the following acknowledgment:
"This product includes software developed by the pfSense Project for use in the pfSense® software distribution.
(http://www.pfsense.org/)."


2) OpnSense's excellent integration of 'packages' like suricata and squid / filter.
moreover, I believe future packages that you are adding to the base has the same gui (in the sense its not 'disconnected' from the core)

3) Nice documentation and wiki - for a relatively new distro, the documentation is well written

4) MOST important - Excellent builder tools and step by step instructions on how to build your own!
Most people may not require building from source, but some of us do. Even though pfSense's 2.3 build tools are now available, there is NO documentation on how to build with your own product name.
(most people who attempt it will find that it will fail few minutes after you attempt to build and they have to make their own repositories for packages which again lacks documentation)

on one hand they don't want you to use the word pfSense in the product name (which I respect and agree) But then they are not making it easy to use something else too.

Somehow I get the feeling they don't want you to build from source even if you are willing to respect ALL of their 6 clause license! most people requesting assistance in this matter on the development thread on their forums get no responses either.

5) Netflow Exports! I haven't used this or seen this yet (I downloaded 16.1. but it looks good from the screenshots in the manual. most people using pfsense were using darkstat / bandwidthD which is not integrated and runs on a separate GUI which is slightly annoying. The base system has no reporting on bandwidth used by ip addresses whatsoever which makes a sysadmin "blind" in his own network.

=====================
At this point I am just waiting for the quagga ospf package to be integrated in the GUI as I have about 15 sites depending on it.