Topics

1

20.1 Legacy Series / IPSec Logs spammed by DPD

« on: July 13, 2020, 08:30:35 am »

Hello,

in my ipsec logs i see tons of dpd entries:

2020-07-13T08:27:09   charon: 05[ENC] <con3-000|199> parsed INFORMATIONAL_V1 request 1868979696 [ HASH N(DPD_ACK) ]
2020-07-13T08:27:09   charon: 05[NET] <con3-000|199> received packet: from 195.123.123.132[500] to 212.123.123.132[500] (108 bytes)
2020-07-13T08:27:09   charon: 05[NET] <con3-000|199> sending packet: from 212.123.123.132[500] to 195.123.123.132[500] (108 bytes)
2020-07-13T08:27:09   charon: 05[ENC] <con3-000|199> generating INFORMATIONAL_V1 request 754577938 [ HASH N(DPD) ]
2020-07-13T08:27:09   charon: 05[IKE] <con3-000|199> sending DPD request
2020-07-13T08:26:59   charon: 11[ENC] <con3-000|199> parsed INFORMATIONAL_V1 request 4129560268 [ HASH N(DPD_ACK) ]
2020-07-13T08:26:59   charon: 11[NET] <con3-000|199> received packet: from 195.123.123.132[500] to 212.123.123.132[500] (108 bytes)
2020-07-13T08:26:59   charon: 11[NET] <con3-000|199> sending packet: from 212.123.123.132[500] to 195.123.123.132[500] (108 bytes)
2020-07-13T08:26:59   charon: 11[ENC] <con3-000|199> generating INFORMATIONAL_V1 request 3506761780 [ HASH N(DPD) ]
2020-07-13T08:26:59   charon: 11[IKE] <con3-000|199> sending DPD request
2020-07-13T08:26:49   charon: 11[ENC] <con3-000|199> parsed INFORMATIONAL_V1 request 645149682 [ HASH N(DPD_ACK) ]
2020-07-13T08:26:49   charon: 11[NET] <con3-000|199> received packet: from 195.123.123.132[500] to 212.123.123.132[500] (108 bytes)
2020-07-13T08:26:49   charon: 11[NET] <con3-000|199> sending packet: from 212.123.123.132[500] to 195.123.123.132[500] (108 bytes)
2020-07-13T08:26:49   charon: 11[ENC] <con3-000|199> generating INFORMATIONAL_V1 request 178883678 [ HASH N(DPD) ]
2020-07-13T08:26:49   charon: 11[IKE] <con3-000|199> sending DPD request
2020-07-13T08:26:39   charon: 11[ENC] <con3-000|199> parsed INFORMATIONAL_V1 request 4084736993 [ HASH N(DPD_ACK) ]
2020-07-13T08:26:39   charon: 11[NET] <con3-000|199> received packet: from 195.123.123.132[500] to 212.123.123.132[500] (108 bytes)
2020-07-13T08:26:39   charon: 11[NET] <con3-000|199> sending packet: from 212.123.123.132[500] to 195.123.123.132[500] (108 bytes)
2020-07-13T08:26:39   charon: 11[ENC] <con3-000|199> generating INFORMATIONAL_V1 request 611242534 [ HASH N(DPD) ]
2020-07-13T08:26:39   charon: 11[IKE] <con3-000|199> sending DPD request
2020-07-13T08:26:29   charon: 05[ENC] <con3-000|199> parsed INFORMATIONAL_V1 request 2305290029 [ HASH N(DPD_ACK) ]
2020-07-13T08:26:29   charon: 05[NET] <con3-000|199> received packet: from 195.123.123.132[500] to 212.123.123.132[500] (108 bytes)
2020-07-13T08:26:29   charon: 05[NET] <con3-000|199> sending packet: from 212.123.123.132[500] to 195.123.123.132[500] (108 bytes)
2020-07-13T08:26:29   charon: 05[ENC] <con3-000|199> generating INFORMATIONAL_V1 request 2173662243 [ HASH N(DPD) ]
2020-07-13T08:26:29   charon: 05[IKE] <con3-000|199> sending DPD request
2020-07-13T08:26:19   charon: 05[ENC] <con3-000|199> parsed INFORMATIONAL_V1 request 1597707906 [ HASH N(DPD_ACK) ]
2020-07-13T08:26:19   charon: 05[NET] <con3-000|199> received packet: from 195.123.123.132[500] to 212.123.123.132[500] (108 bytes)
2020-07-13T08:26:19   charon: 05[NET] <con3-000|199> sending packet: from 212.123.123.132[500] to 195.123.123.132[500] (108 bytes)
2020-07-13T08:26:19   charon: 05[ENC] <con3-000|199> generating INFORMATIONAL_V1 request 2626876554 [ HASH N(DPD) ]
2020-07-13T08:26:19   charon: 05[IKE] <con3-000|199> sending DPD request
2020-07-13T08:26:09   charon: 11[ENC] <con3-000|199> parsed INFORMATIONAL_V1 request 568638514 [ HASH N(DPD_ACK) ]
2020-07-13T08:26:09   charon: 11[NET] <con3-000|199> received packet: from 195.123.123.132[500] to 212.123.123.132[500] (108 bytes)
2020-07-13T08:26:09   charon: 15[NET] <con3-000|199> sending packet: from 212.123.123.132[500] to 195.123.123.132[500] (108 bytes)
2020-07-13T08:26:09   charon: 15[ENC] <con3-000|199> generating INFORMATIONAL_V1 request 4215212232 [ HASH N(DPD) ]
2020-07-13T08:26:09   charon: 15[IKE] <con3-000|199> sending DPD request
2020-07-13T08:25:59   charon: 15[ENC] <con3-000|199> parsed INFORMATIONAL_V1 request 2770676844 [ HASH N(DPD_ACK) ]
2020-07-13T08:25:59   charon: 15[NET] <con3-000|199> received packet: from 195.123.123.132[500] to 212.123.123.132[500] (108 bytes)
2020-07-13T08:25:59   charon: 15[NET] <con3-000|199> sending packet: from 212.123.123.132[500] to 195.123.123.132[500] (108 bytes)
2020-07-13T08:25:59   charon: 15[ENC] <con3-000|199> generating INFORMATIONAL_V1 request 1988059217 [ HASH N(DPD) ]

how can i trim the logs down to the usefull stuff? Those DPD Infos are not very useful

Cheers,
Michael

2

18.7 Legacy Series / HA Proxy with self signed Certs + Verify SSL Certificate

« on: August 10, 2018, 01:04:21 pm »

Hello,

my goal is to set up a reverse proxy to allow https access to my exchange server only with signed certs.

Here is my setup: https://image.ibb.co/hrpUMU/opnsense_HA_Proxy.jpg

There is an  option called: "Verify SSL Certificate" in the Real Servers TAB.

I guess this is for the communication between HA_Proxy and the Real Backend Server.

Can i enable this "Verify SSL Certificate" for the public side, too?

For my Test scenario i used HTTP as a backend to make sure i dont have some ssl mistakes here.

In a nutshell: Where can i enable "Verify SSL Certificate" on the WAN/Public side?

Thanks, Mario

3

17.7 Legacy Series / Virtual PPPoE IP Alias

« on: December 22, 2017, 01:33:58 pm »

Hello!

i am trying to set up a VIP on my PPPoE Interface.
If i do that in the GUI the system does a:

/sbin/ifconfig pppoe1 inet xxx.xxx.149.33/29 alias
 It Returns: ifconfig: ioctl (SIOCAIFADDR): Destination address required

I think it should be:
/sbin/ifconfig pppoe1 inet xxx.xxx.149.33/29 alias ppoe-isp-gw-ip
  => Because that works and makes my vip available to the world.

Am i wrong?
Am i using Opnsense wrong?
Or is it a bug?

Thanks.