Topics

1

24.7 Production Series / DNSSEC Support

« on: November 09, 2024, 04:36:04 pm »

Hi,

This is my setup:
OPNsense 24.7.8-amd64
FreeBSD 14.1-RELEASE-p6
OpenSSL 3.0.15

I'm using Unbound DNS and by accident I found a problem. I could not resolve one domain, dhl.com. All other domains as far as I can tell work fine.

When I uncheck  Enable DNSSEC Support the site from DHL is back.

What should be the cause ?

Thanks.

2

23.1 Legacy Series / Unable to resolve local IP

« on: July 27, 2023, 03:44:35 pm »

Hi all,

Setup:
OPNsense 23.1.11-amd64
FreeBSD 13.1-RELEASE-p8
OpenSSL 1.1.1u 30 May 2023

I setup some DNS records on my registrar pointing to local IP's.
After the latest update from OPNsense it looks like I'm unable to resolve local IP's,

Like this:
$ dig A www.google.com
;; ANSWER SECTION:
www.google.com.      98   IN   A   142.250.179.164

$ dig A some local domain name
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out

; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> A
;; global options: +cmd
;; no servers could be reached

$ ping 127.0.0.53
PING 127.0.0.53 (127.0.0.53) 56(84) bytes of data.
64 bytes from 127.0.0.53: icmp_seq=1 ttl=64 time=0.040 ms
64 bytes from 127.0.0.53: icmp_seq=2 ttl=64 time=0.043 ms
64 bytes from 127.0.0.53: icmp_seq=3 ttl=64 time=0.057 ms

What am I doing wrong?

3

23.1 Legacy Series / OpenVPN and TAP

« on: July 04, 2023, 08:22:51 pm »

Hi,

I have a working VPN connection with TUN interface.
I'm trying to setup the same VPN connection but now with a TAP interface.

DHCP is working. I get an IP. Status sais OK.
But that's it. I can't ping the gateway, can't ping any device on the LAN. And of course no ping outside the LAN.

I guess it has something to do with the routing table?

Any suggestions to fix this?

Thanks.

4

22.7 Legacy Series / Port Forwad fails

« on: May 30, 2023, 08:23:35 pm »

OPNsense 22.7.11_1-amd64

I have a simple NAT forward rule so my son can make an offsite backup to my NAS.
Never had any problem with

Untill now, after his IP has changed. Changed the settings in OPNSense and all I get is this error:
Default deny / state violation rule

What am I doing wrong?

5

22.7 Legacy Series / OpenVPN certificate

« on: April 18, 2023, 06:22:39 pm »

Hi all,

The users certificate to access the OpenVPN server is no longer valid.
I was wondering if it is possible to add a new certificate to a group instead of adding it to the VPN users one by one.

Thanks.

6

21.7 Legacy Series / Intrusion Detection

« on: October 22, 2021, 04:16:05 pm »

Hi all,

I noticed more and more sites were no longer loading.
Looking at the Intrusion Detection rules, there are a lot Covid related rules coming out of the blue.

I like to now what other people think of that. Who is setting up these rules?
Not able to allow traffic that seems to be safe I ended up disable the whole Intrusion Detection system.

7

General Discussion / UPS and reboot

« on: September 22, 2021, 02:38:59 pm »

I can't get over this.

OPNSense box is connected to a UPS.  NUT is properly configured and will shut down the box when needed.
When the power is back on, the box doesn’t restarted.
In the BIOS it is set that in the event of a power failure it should restart automatically.  But since the box was properly shut down, it does not start up again. Which in normal behavior.

Where am I wrong?

8

20.7 Legacy Series / Upgrade got stuck

« on: December 24, 2020, 05:18:30 pm »

Hi all,

I did a remote upgrade to OPNsense 20.7.7_1-amd64 which results in a offline network.

The reboot failed on this line:
WARNING: L1 data cache covers fewer APIC IDs than a core (0 < 1)

OPNsense is running on a Supermicro Superserver E200-9B. After a hard reset the firewall is up and running again.

9

20.1 Legacy Series / Upgrade went wrong

« on: March 09, 2020, 05:11:13 pm »

Hi,

I just upgraded to OPNsense 20.1.2-amd64 and the box did no longer boot.
 warning: L1 data cache covers less APIC IDs then a core 0 < 1

Force shutdown, reboot, no luck
After leaving it off for a minute I could start the box again.

Should I be worried?

10

19.7 Legacy Series / Nut

« on: February 23, 2020, 12:38:12 pm »

After a few power failures I want to give Nut a second try.

OPNsense is running 19.7.10_1. Every now and then in terminal I see this:
PS Smart-UPS_1500_RW is unavailable

# upsc -l
Smart-UPS_1500_RW
# upsc Smart-UPS_1500_RW
Error: Driver not connected
# service nut status
nut is running as pid 77552.

With the WUI, Services-Nut-Diagnostics I get a blanc page

Any ideas?

11

Intrusion Detection and Prevention / Synology QuickConnect

« on: August 16, 2019, 01:28:52 pm »

Hi all,

Looks like the ruleset ET open/emerging-dns blocks the QuickConnect system from Synology.

12

19.1 Legacy Series / OpenVPN not running?

« on: August 12, 2019, 11:24:07 am »

Hi,

Using OPNsense 19.1.10_1-amd64

Dashboard - OpenVPN:
Unable to contact daemon
Service not running?

Dashboard - Services
There's a red square next to OpenVPN. Starting there does not solve it.

But OpenVPN is working since I'm using it.
Any ideas? I had this before, the last update and reboot fixed it. But now it there again.

13

18.7 Legacy Series / No Data Available

« on: January 07, 2019, 01:50:31 pm »

I have this issue for quite a long time, looks like it is still there.

OPNsense 18.7.10-amd64
Reporting - Insight: No data available

I like graphics. What I’m doing wrong?

14

General Discussion / [SOLVED] OpenVPN

« on: September 28, 2017, 09:09:53 pm »

Hi,

I've setup OpenVPN on my OPNsense box a while ago. Updated the system whenever available.

I can always connect to my OPNsense box. But at work, the last month or so, I'm no longer able to. Not with Windows, IOS or Linux. The logfile shows all sorts of errors.

Here are some:
Sep 27 14:00:59 firewall openvpn[26241]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
Sep 27 14:00:59 firewall openvpn[26241]: WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
Sep 27 14:00:59 firewall openvpn[26241]: Peer Connection Initiated with [AF_INET]
Sep 27 14:00:59 firewall openvpn[26241]: MULTI_sva: pool returned IPv4=192.168.10.6, IPv6=(Not enabled)
Sep 27 14:01:01 firewall openvpn[26241]: Authenticate/Decrypt packet error: cipher final failed
Sep 27 14:01:02 firewall openvpn[26241]: Authenticate/Decrypt packet error: cipher final failed

Where do I have to start? At work or on my OPNsense box?

15

General Discussion / OpenVPN

« on: August 17, 2017, 11:26:41 pm »

Hi,

I'm trying to figger out who is causing problems with my OpenVPN file.
On all my IOS devices I can connect to my OPNSense router with OpenVPN.
However, when I try to connect with my Mint Linux laptop through the network-manager I get this error:
The file 'VPN.ovpn' could not be read or does not contain recognized VPN connection information
Error: unknown error.

When I use this file in terminal it works like a charm.
$sudo openvpn VPN.ovpn

Google was not my friend. Looking for a solution for months now, terminal is the only way to connect.

Any ideas?