Topics

Hi!

We have 2 routers in the same /27 public subnet. They deal with different things: public services / workplace internet access.

Both have static IP addresses in the same subnet.

For some reason our opnsense router will not just sent traffic to the other one directly, but instead is routed across 3 hops. And the hops are not even the default gateway of the interface.

I have absolutely no idea what is going on.

Static IP, netmask and default gateway are all OK setup.

The generated routes seem also to be perfect: there is a route for the public network/27  with link#2 as gateway with is the WAN ethernet.

the upstream link is fiber of significant lower rate.

I was wondering if there may be some automatic gateway protocol (BGP?) or something, tweaking my setup without my understanding.

Any idea about what could be going on?

HI!

I have a firewall with 4 gigabit interfaces, I was wondering if it would be possible to:

- Setup Routing firewall between LAN and WAN ports (1,2)
- Setup a Transparent Bridge firewall on (3,4)

The traffic on both firewalls is not related:

The routing firewall is going to be used for "management/ops" traffic.
The bridge is for production traffic (cloud platform) traffic, which access the internet on its own lan.

Would this kind of setup work?

HI!

I am having problems with my OpenVPN tunnel, TCP connections are getting stuck.

I use SSH over the tunnel and sessions will become unresponsive.

However, ICMP during the session works flawlessly.

I know that OPNSense is to blame because I suffer the problem with different frequency/intensity. When the issue is very frequent I can restart my OPNSense and the problem goes away for some time.

I have no clue what this could be about. It started to happen about a  week ago, and it is very persistent.

I also don't understand how comes that TCP cannot recover itself, at the end of the day this is the protocol that it is supposed to handle network issues to provide a stable session. As said before  by looking at ICMP traffic you could not notice that any problem is going on.

I have now clue how to debug this, or find out which part of my setup is to blame.

Any idea what could be going on? how to debug it?

Rafael

Hi!

I have started to work on  Ansible support and I would like to implement some kind of continuous integration.

The obvious would be to test test playbooks against code changes and new versions of Ansible and OPNSense, to ensure that nothing breaks, etc.

I could start OPNSense with Vagrant, and try to run unit tests against it.

Is there a Virtual Appliance distribution? I think I saw it somewhere.

Hi!

I would like to adopt an OpenSource router/firewall that can be managed from Ansible, as we already manage everything in our network that way.

Ansible has made a lot of work on the Network device configuration front but still there seems to be no support for a product like OPNSense.

I have found 2 modules in gitlab which configure OPNSense with Ansible. The ansible mofule for HAProxy, developed by @mj84 which was announced in this forum and another module by @fpieters that I found in Github.

They both follow different strategies. one seems to use Ansible XML plugins to compose an XML file that is eventually installed in OPNSense. The other uses the REST api to modify objects in OPNSense, but unfortunately is limited to the HAProxy functionality.

I was wondering if there is a way to provide complete support to OPNSese configuration from Ansible in a generic, and easy to implement way. Perhaps using the previous 2 projects as reference.

I am not familiar with OPNSense development but I am familiar with Ansible development as I did some bindings and ansible module work for OpenNebula.

Looking at the intro in the OPNSense REST API there seems to be generic enough, with calls following the format:

https://opnsense.local/api/<module>/<controller>/<command>/[<param1>/[<param2>/...]]

Ansible has also introduced NETCONF which also seems to be generic client for network devices configuration, with SOAP envelopes but generic get-set statements inside.

The question I am wondering is then weather a generic bridge from NETCONF to OPNSense API could be (easily) developed and whether that would work well enough to develop a good base that covers most OPNSense configuration options.

Before trying to put together a small prototype, I was wondering a few things:

I was wondering if anybody else is working, or interested in working on this.

I am assuming that a NETCONF-RESTAPI bridge would be installed in OPNSense, perhaps as an optional module.

I am not sure with Language should be used for this, but looking at the Development Documentation I see some mentions to Python that should be easy and fit for the job.

I guess integration for the authentication system would also be required, but perhaps there is already python code capable of this.

I was also wondering if there are mockups for the RESTAPI that would facilitate the development.

Any commends or ideas regarding OPNSense and Ansible?

Hi!

I am new to OPNSense, in fact, I am trying to migrate our network from PFSense.

For user access devices we have been using VLAN bridged with WIFI Access point, which we find convenient in this case.

So I am creating a bridge for an VLAN and WIFI access point interfaces. Only the Bridge interface has an IP, and rungs DHCP server, etc.

It seems to be working fine for some devices, however, with some others I get: WPA: EAPOL-Key timeout

I have been searching and reading old threads about this issue in other projects:

Some threads suggested testing without WPA, which I did, and then the bridge seems to work on all devices.

Other threads suggest that the client drivers might be incomplete/outdated, but this very same configuration is working just fine with the PFSense router, which I think is a related project.

My problem is that I dont know how to dig deeper here. What to debug or try.

Any idea what could be going wrong?