Topics

1

17.7 Legacy Series / Issue with System:Gateways:Group GUI

« on: December 18, 2017, 12:05:56 pm »

I have a strange issue with the System:Gateways:Group web GUI.

All was fine until I decided to reconfigure the groups (since I was changing a PPPoE WAN connection to Ethernet).

Now whilst I can see the gateways in each group in one view if I edit any of the groups I can see the members.

Newly created ones seem to be ok.

I'm running OPNsense 17.7.10 FreeBSD 11.0-RELEASE-p17 OpenSSL 1.0.2n 7 Dec 2017

2

17.7 Legacy Series / DNS Forwarder / Resolver Query

« on: November 06, 2017, 10:27:15 pm »

I have a gap in my understanding in relation to DNS on OPNsense...

I'm using Dnsmasq with DNS Forwarder enabled.  As I understand it (because I have set the OPNsense DHCP DNS server to be my OPNsense IP address) this will mean that my clients using DHCP will use OPNsense to resolve and it in turn will use the addresses in System/Settings/General?

All the above is fine to me but what I'd like to understand if I have a static (non-DHCP) client and I set it to use some-other public DNS server will that be honoured or does OPNsense "catch" the UDP/53 request and rewrite it to use the forwarder?  Assuming this is not the case, how could I configure this?

Also, a separate question, when using DHCP if I set a different DNS server for a specific lease will that override the default configuration?

Thanks in advance.

3

17.7 Legacy Series / OpenVPN Redirect Gateway - Option from Client

« on: November 05, 2017, 11:23:00 pm »

I have OpenVPN on OPNsense installed and working with the Redirect Gateway option enabled in the server so all traffic from my clients (iPhone & Mac) is routed via the VPN connection.  This is what I want when I'm connected to public Wi-Fi services etc.  However I have another use case when I just want specific traffic to route via the VPN and other "Internet" traffic not not do this.

Is there any way to set this from the client side (I'm using the OpenVPN client on my iPhone & Viscosity on my Mac).  I'm sure I could achieve this "manually" on Mac by manipulating the routing table but not on the iPhone?

One messy/alternative solution I thought of is having two OpenVPN servers configured on OPNsense, one configured each way.

4

17.7 Legacy Series / Setup SSL VPN Road Warrior - Problems

« on: October 30, 2017, 07:52:56 am »

I've used this guide (https://wiki.opnsense.org/manual/how-tos/sslvpn_client.html) to set up OpenVPN road warrior on my OPNsense router  which is connected to the internet via a vDSL modem.

Having followed the guide, I can't get it working (I've even deleted everything and started again a couple of times too).

This is the error I'm getting, well it's the thing I spotted in the VPN logs that looks like an error to me!

Oct 30 06:45:59   openvpn[50808]: 82.132.230.13:44960 TLS Error: TLS handshake failed
Oct 30 06:45:59   openvpn[50808]: 82.132.230.13:44960 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

The WAN interface on my OPNsense is a public address and I'm using dynamic DNS.

Any thoughts appreciated.

5

17.7 Legacy Series / SkyQ

« on: October 29, 2017, 06:54:35 pm »

I have SkyQ in the UK and have a strange issue every since changing my router to OPNsense.  The SkyQ box is working fine at a basic level, i.e. I'm able to watch TV and also download some content so I know that the basic IP/Internet connectivity is fine.  Even the self-test on the SkyQ box works fine.

However when I try to look at services like Sky Store I get this helpful message:

“To enjoy this service we must have an active connection to your internet.”

But I definitely do have an internet connection from the SkyQ box.

I'm wondering if it's something like a DNS issue (I have the OPNsense box handling DNS along with opendns.

I'm going to put a Wireshark trace on the SkyQ box to see what it's trying to do and failing at, but just wondered if anyone else has had this.