Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - jaco.vandenberg

#1
20.1 Legacy Series / bug in naming convention
May 28, 2020, 11:30:33 AM
Hi,

while setting up an IPsec VPN, I checked the option "This Interface does not require an intermediate system to act as a gateway". The option is under Interfaces --> <interface created by ipsec phase 2 rule>

When checked, a Gateway is automatically created under System --> Gateways --> Single

in my case, it's AZURE-IPSEC_GW. it uses the interface name to construct a gateway name.

However, this name does not meet the restrictions for gateway names, it can not contain a dash!

So now I cannot edit the gateway, it will report "The following input errors were detected:
The name must be less than 32 characters long and may only consist of the following characters: a-z, A-Z, 0-9, _"


Workaround for now is using a very strict naming convention that never contains any other character anytime anyplace anywhere, however I think I should report this for further finetuning the interface. If this is not the place to do so, guide me  :)
#2
19.1 Legacy Series / NAT Port fwd not working
June 14, 2019, 04:31:32 PM
Hi,

we have setup a 19.1.9 vmware OPNsense appliance to regulate internet traffic. since we have a few internal hosts that need to be exposed to the internet, we wanted to use some Virtual IP's and Port forwarding to the LAN.
Although we have used this int he past , today there is no way of getting it to work.

Outbound NAT is ok (manual setup) , inbound NAT works  partially - that is, the packets reach my internal hosts. I used Wireshark on the internal hosts to monitor the traffic arriving and leaving. When the host answers , the packets get bounced at the LAN interface of OPNsense.  The OPNsense logs give no clue, ie. they do not even mention the arrival of the returned packets.
I've read there are some issues with VIP's and so, but that should not cause this problem, right ?
#3
Hi,

An IPsec tunnel used for a site-to-site VPN does not allow to manage the opnsense instance once the tunnel is up.
The opnsense is on 10.200.5.1: as soon as the tunnel is started, i can only manage the opensense webinterface from the other site: so from the other side of the tunnel, backwards through to tunnel  :-) !

All routing works as expected, only the fact that I can not manage opnsense through the gateway interface address as soon as the tunnel is started, appears odd to me.

the Anti-Lockout Rule is in place and enabled.

has anybody observed this ?

version 17.1.8 on AMD64
#4
Hi,

we are running IPSEC to a connect a site to a Fortigate firewall in the datacenter using a site-to-site VPN.
This works fine for normal  client traffic (mostly RDP over TCP) .
It turns out however, that Fragmented UPD is not send from the Fortigate site to the opnsense site .

This used to worked fine when the opnsense was a m0n0wall firewall, , however as soon as ik bring down the m0n0wall and lanuch the opnsense, it stops working. Switching back to the M0n0Wall it works fine again, so it muist be a opsense thing, blocking fragmented UDP for some reason.

opnsense is the latest version.

Any ideas what's wrong ?