Topics

1

20.1 Legacy Series / Change of gateway settings after 19.1 series, problem setting up new settings

« on: June 30, 2020, 03:10:58 pm »

Hi,

I've tried upgrading before from 19.1 series on my A10 appliance, but it always failed because internet was no longer working from the LAN.

I first noticed (on 20.1) that the default route was pointing to my WAN_IPTV interface which of course will not work.

Then I started plaing around with the gateway settings.

I have attached my old and new gateway settings.

In 20.1 I have disabled my WAN_IPTV gateway, making the default route 'normal' and internet working.

Despite disabling the WAN_IPTV gateway, the IPTV appears to be working fine. EDIT: After 2 days the IPTV receiver will not start anymore, so it's not fine after all.

I just can't help wondering that this setup is not the setup it should be. What do you think the correct settings would be?

My setup: Xs4all fiber connection with internet on VLAN6 (PPPoE) and IPTV on VLAN4.

In gateway, logs, I find lots of the following errors:
dpinger: WAN_INTERNET_DHCP6 fe80::xxxxxx%pppoe1: sendto error: 65

IPv4 + IPV6 internet are working normal.

2

20.1 Legacy Series / Xs4all (fiber) configuration working with 19.1.x, no internet on lan with 20.1.2

« on: March 15, 2020, 07:30:14 pm »

Hi all,

Appliance: A10
Xs4all config:
Internet on VLAN6, IPTV on VLAN4.

I've used OPNsense until about July last year (I'll explain later why). Now, I did restore the configuration of last July on a fresh (serial) install on my A10.

If I do this, I don't have internet on the LAN interface, however, I can ping, from the A10, on the WAN interface to the internet.

If I disable the WAN_IPTV (Vlan 4) interface, internet starts working again, also from the LAN interface. Of course, I loose the IPTV. When I re-enable the WAN_IPTV interface, it breaks the internet on the LAN interface again.

Outbound NAT is set to automatic.

I have no manual routes configured.

Does anyone have an idea why the same configuration would cause no internet connection on LAN on 20.1?

If anyone has a suggestion, I'm going to try that. However, I must first do a serial install of 20.1, and restore the config to test. If it's not working, I have to serial install 19.1 again.

Also (but not important), an upgrade from 19.1 to 10.7 causes a bootloop in the A10 device.

Finally If anyone is interested. Last July I did get problems with internet disconnecting from time to time. I started using the Xs4all (Fritsbox) router to solve it. It turned out that a cable under the floor had a bad connection, so it was never a problem of OPNsense.

That's all for now.

I really hope someone can help.

Thanks,
Raymond

3

19.1 Legacy Series / Xs4all: I can't get IPv6 to work

« on: April 16, 2019, 02:39:09 pm »

Hi,

On my Xs4all fiber account I now have a working setup with Internet and (routed) IPTV, so that's good.

However, I can't get IPv6 working.

I have setup on my WAN interface:
IPv6 Configuration Type: DHCPv6
Configuration mode: Basic
Request only a IPv6 prefix: checked
Prefix delegation size: 48
Use IPv4 connectivity: checked
Rest: unchecked.

LAN interface:
IPv6 Configuration Type: Track interface
IPv6 Interface: WAN
IPv6 Prefix ID: 0.

If I try the same settings on my old pfSense setup, I get a IPv6 address.

It might be unrelated, really not sure, but on the Dashboard page, it shows DHCPv6 service as stopped, and it's not able to start.

Does anyone have an idea?

Firewall: A10, firmware 19.1.6.



Kind regards,
Ray

4

18.7 Legacy Series / Replaced pfSense for OPNsense, IPSEC will not connect (to SonicWALL router)

« on: November 02, 2018, 09:50:39 pm »

Hi,

I'm trying to connect a SonicWALL router with IPSEC to my new OPNsense 18.7.6 A10 appliance.

Internet is fiber from Xs4all, pppoe.

IPSEC log:
Nov 2 21:42:44 charon: 11[NET] <con2|22> sending packet: from a.a.a.a[500] to b.b.b.b[500] (80 bytes)
Nov 2 21:42:44 charon: 11[ENC] <con2|22> generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Nov 2 21:42:44 charon: 11[IKE] <con2|22> no shared key found for '%any' - 'www.bbbb.nl'
Nov 2 21:42:44 charon: 11[CFG] <con2|22> selected peer config 'con2'
Nov 2 21:42:44 charon: 11[CFG] <22> looking for peer configs matching a.a.a.a[%any]...b.b.b.b[www.bbbb.nl]
Nov 2 21:42:44 charon: 11[ENC] <22> parsed IKE_AUTH request 1 [ IDi CERTREQ AUTH SA TSi TSr N(INIT_CONTACT) ]
Nov 2 21:42:44 charon: 11[NET] <22> received packet: from b.b.b.b[500] to a.a.a.a[500] (240 bytes)
Nov 2 21:42:44 charon: 11[NET] <22> sending packet: from a.a.a.a[500] to b.b.b.b[500] (440 bytes)
Nov 2 21:42:44 charon: 11[ENC] <22> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
Nov 2 21:42:44 charon: 11[IKE] <22> b.b.b.b is initiating an IKE_SA
Nov 2 21:42:44 charon: 11[ENC] <22> received unknown vendor ID: 2a:67:75:d0:ad:2a:a7:88:7c:33:fe:1d:68:ba:f3:08:96:6f:00:01
Nov 2 21:42:44 charon: 11[ENC] <22> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V ]
Nov 2 21:42:44 charon: 11[NET] <22> received packet: from b.b.b.b[500] to a.a.a.a[500] (444 bytes)

I copied the settings from my old pfSense router, but here the tunnel will not get up.

I have added the 3 WAN rules and 1 IPSEC to LAN rule, and applied these.

Anyone an idea?

Thanks!

5

18.7 Legacy Series / External ip from routed subnet to another router

« on: June 21, 2018, 05:31:51 pm »

Hi,

Can I forward 1 external ip from my routed subnet to another router?

Kind regards,
Ray

6

17.7 Legacy Series / Daily backup configuration on Google Drive

« on: August 16, 2017, 08:27:42 pm »

Hi,

I have setup configuration backup on Google Drive. If I press save it backups to Google Drive fine.

I'm wondering if I can save the backups on a daily basis automatically. If yes, how?

Thanks,
Ray

7

17.7 Legacy Series / 2 subnets of 64 ip addresses on a single wan interface

« on: August 15, 2017, 12:30:26 pm »

Hi,

We currently have a SonicWALL in our data center which we are looking to replace with an Opnsense appliance.

On the WAN interface of the SonicWALL we have 2 /26 (64 ip addresses).

So, I would like to know if we can configure the Opnsense appliance with for example
5.5.5.1 /26
5.5.6.1 /26

Of course we would need to be able to use NAT on all of these addresses and so on.

Looking forward for a reply, thanks!

Kind regards,
Ray

8

16.7 Legacy Series / After upgrde to 16.7.11 OpenVPN clients cannot connect anymore

« on: December 17, 2016, 02:13:10 pm »

Hi,

I just upgraded to 16.7.11, my openvpn client cannot connect anymore. Before upgrade was fine, now it stays on connecting.

Server log:
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed

The firewall rules on wan and openvpn are there, and again, was working fine.

Any ideas?

Downgrade to previous version?

Kind regards,
Ray

9

16.7 Legacy Series / With new A10QC SSD appliance WAN connection dropping frequently

« on: October 05, 2016, 10:01:57 am »

Hi,

Just had a new A10QC SSD appliance.

My WAN PPPOE connection to Xs4all drops frequently (3 - 4 times in the evening). The connection comes back up in a couple of minutes. TV continues to work.

I have a Xs4all fiber connection and followed this guide to set it up:
http://blog.firewallonline.nl/how-to-en-tutorials/xs4all-glasvezel-internet-iptv-op-pfsense-opnsense/

I did have OPNsense before on a computer with a SuperMicro board in it, and my connection never dropped before.

In the log I find this, which might be related?

Oct 4 22:53:29   opnsense: /widgets/api/get.php: The command `/usr/local/sbin/ifinfo 'pppoe1'' failed to execute
Oct 4 22:53:28   opnsense: /widgets/api/get.php: The command `/sbin/ifconfig 'pppoe1'' failed to execute
Oct 4 22:53:27   opnsense: /index.php: The command `/usr/local/sbin/ifinfo 'pppoe1'' failed to execute
Oct 4 22:53:27   opnsense: /index.php: The command `/sbin/ifconfig 'pppoe1'' failed to execute

Oct 4 22:51:59   opnsense: /usr/local/etc/rc.linkup: HOTPLUG: Configuring interface opt2
Oct 4 22:51:59   opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet attached event for opt2
Oct 4 22:51:59   configd.py: [0663a837-9193-4ea0-ae80-a856dded3adf] Linkup starting em1_vlan4
Oct 4 22:51:59   devd: Executing '/usr/local/opnsense/service/configd_ctl.py interface linkup start em1_vlan4'
Oct 4 22:51:58   configd.py: [64090e03-9389-447f-ac17-da150e4433cd] updating dyndns opt2

Does anyone have an idea what might be wrong?

Kind regards,
Ray

10

16.7 Legacy Series / Can't get ipv6 to work on Xs4all

« on: October 02, 2016, 12:31:59 am »

Hi,

I have a simular issue as oneman here: https://forum.opnsense.org/index.php?topic=3302.0

I followed the same guide (which I had working on pfsense), but here only a fe80 address on the wan interface, nothing on the lan.

bartjsmit wrote in the same topic to set a static ipv6 from a /64 subnet and enable RA on services, dhcp6, advertisements, unmanaged.

Now, all hosts on the lan get an ipv6 address through slaac, unfortunately, it's not working, I can't ping or anything else with ipv6 on the internet.

On the last part oneman writes that there are errors in dhcp6c_wan.conf and manually starting pd, which worked for him. I have no idea what to do or check!

I'm on 16.7.5-amd64.

Can anyone point me in the right direction?

Thanks,
Ray