Topics

1

23.1 Legacy Series / Loss of outgoing connectivity after upgrade from 22.7.11 -> 23.1

« on: February 27, 2023, 05:14:13 pm »

Hi all,

I'm experiencing an issue with outgoing WAN connectivity when I upgrade to 23.1.
I did a rollback to 22.7.11 and the problems disappeared.

The problem manifests itself when I do a ping, I get a "no route to host" error.
I found some similar issues reported in the forums, but most of these users have more complicated configurations and, in any case, I tried all the suggestions given there, nothing helps.

Any idea would be welcome.

Thanks.

2

General Discussion / Network Failure

« on: January 23, 2023, 04:45:10 pm »

Hi all,

I’m using OPNSense in straightforward setup consisting of a wired LAN with RJ45 sockets all over my house, with drop-cables going into two connected switches and, finally, the LAN port of OPNSense connected to that same LAN. There’s also WIFI, but that uses a wired Access Point connected to that same LAN, so for this issue it is not relevant.

I’m experiencing periodic network failures, not triggered by any particular event. They appear suddenly and then disappear without any concrete pattern.
I’ve been narrowing this down, starting by harassing my ISP, who played dumb as usual, but in this case, they really were not the cause. I came to that conclusion during one of the episodes when I logged on to the OPNSense console and discovered that pinging the outside world worked fine, but that I couldn’t ping any machine on the LAN! I then tried pinging machines on the LAN from other machines on the LAN, but that didn’t work either. So, during one of these episodes, my whole LAN is dead.

My next guess where the two network switches, these were indeed two old plasticky Netgear things, so I thought let’s replace them: didn’t solve the problem.

I ruled out the drop cables, because the probability that all of them went bad at the same time is zero.

In terms of cables there were two potential single points of failure: the cable between the OPNSense and the LAN switch and the cable linking the two switches together. I replaced both: didn’t solve the problem.

That leaves one potential issue that I can think of: a faulty network port on my OPNSense box (hardware issue). So here I have some questions:

• Is there a way to diagnose this? I mean, are there logs where a faulty network port would leave traces? One thing I have noticed is that the usual message about interface down/interface up, which appears when you unplug a cable, DOES NOT appear on the console when one these episodes happen.
• Is it possible that such a failure would cause my whole LAN to fall over? I can understand that losing connection to the Firewall implies a loss of internet connection, but shouldn’t the internal LAN keep functioning?

Finally, I have a more general question: aAre there any recommendations or tools to help me diagnose this issue?

Any help would be greatly appreciated, because this is driving me nuts.

Thanks

3

19.7 Legacy Series / Update hangs with "403 Forbidden" error

« on: January 05, 2020, 08:20:33 pm »

I performed an upgrade from the 19.7 to the 19.7.7 version and I'm getting stuck during the upgrade with the system showing exactly the same behaviour as shown here (https://forum.opnsense.org/index.php?topic=10689.msg48752#msg48752) and here (https://forum.opnsense.org/index.php?topic=10386.0). Concretely:

• The update hangs for a long time ("Updating... Please wait")
• Web gui is no longer accessible, even after a long time, showing error "403 Forbidden"
• Console access is no longer possible, showing error message mentioned above: "sh: /usr/local/sbin/opnsense-auth: not found"
• Reboot completely turns the device unresponsive

Recovery consists of a clean install from (19.7) installation media (USB in my case) with a recovery of my configuration.

Any ideas what's happening and how I can fix this?

Thanks.

4

19.1 Legacy Series / LDAP + OTP AUthentication

« on: March 03, 2019, 12:55:56 pm »

Just upgraded to 19.2 and was delighted to find LDAP + 2FA authentication.

I succeeded in setting up a server (LDAP + Timebased One Time Password), but now I'm stuck in the next step:

How do I set up the OTP seeds for these LDAP users?

At first I thought I would have to import them as for normal LDAP users, but that doesn't seem possible. Did I overlook something?

Thanks for your help.