OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of tomas.morales »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - tomas.morales

Pages: [1]
1
16.7 Legacy Series / TFTP blocked
« on: August 15, 2016, 03:15:14 pm »
Hi

I need TFTP for building servers and downloading software internally in our network. Although we have rules that allow UDP/TCP on port 69, the file transfer is blocked:


Aug 15 12:52:50 ny4fw07 filterlog: 175,16777216,,0,ixl2_vlan242,match,pass,in,4,0x0,,64,0,0,DF,17,udp,98,10.132.242.14,10.132.250.203,43011,69,78
Aug 15 12:52:50 ny4fw07 filterlog: 68,16777216,,0,ixl1_vlan250,match,pass,out,4,0x0,,63,0,0,DF,17,udp,98,10.132.242.14,10.132.250.203,43011,69,78
Aug 15 12:52:50 ny4fw07 filterlog: 278,16777216,,0,ixl1_vlan250,match,block,in,4,0x0,,64,64178,0,none,17,udp,68,10.132.250.203,10.132.242.14,48105,43011,48
Aug 15 12:52:57 ny4fw07 filterlog: 278,16777216,,0,ixl1_vlan250,match,block,in,4,0x0,,64,64179,0,none,17,udp,68,10.132.250.203,10.132.242.14,55791,43011,48


I haven't able to find any reference to TFTP in opnsense doc. In pfsense there is a reference that I need a TFTP proxy....

2
16.7 Legacy Series / Intermittent traffic flow between OPnsense and Cisco ASA VPN
« on: August 12, 2016, 02:48:41 pm »
Hi all

We are trying to introduce OPNsense in our network so we are quite newbie.

We have managed to establish an IPSec VPN between  OPNsense 16.7-amd64 and a cisco ASA5545 running  asa912-smp-k8.bin.

Our problem is the traffic is not crossing the VPN while it is established.

For example, trying to ping a machine in the other end, takes more than 1 minute to respond, but the Ipsec is fully established:


$ ping 10.132.43.117
PING 10.132.43.117 (10.132.43.117) 56(84) bytes of data.
....
64 bytes from 10.132.43.117: icmp_seq=1 ttl=63 time=68.2 ms


From the cisco we see sometimes the below:

Total IKE SA: 5
....
4   IKE Peer: 104.255.200.142
    Type    : L2L             Role    : responder
    Rekey   : no              State   : MM_ACTIVE
5   IKE Peer: 104.255.200.142
    Type    : user            Role    : responder
    Rekey   : no              State   : MM_WAIT_MSG3


From opsense, it doesnt report any problem, as far as I can see. We have increased the logging for "SA Manager", "IKE SA", "IKE Child SA" and still the logs dont show anything noticeable.


Any advice for troubleshooting this problem?

Thanks
tomas

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2