Topics

1

General Discussion / PS4 port forwarding (NAT)

« on: December 21, 2018, 07:59:36 pm »

Hi, I'm trying to get my PS4 to work properly, but are having issues.

I basically followed @thegravity's guide

And then opened these ports:
TCP: 1935, 3478-3480, 9308
UDP: 3074, 3478-3479



I'm still getting NAT type 3 (ie. port forwarding not working)

Thanks, and merry christmas! *<:-)

2

18.7 Legacy Series / Go from HDD to SSD in an Dell R210II?

« on: August 21, 2018, 06:56:08 pm »

Hi all,

I'm currently running OPNsense on an Dell R210 with an old school HDD, but I now have a spare    
Samsung 850 EVO 250GB M.2 SSD.

Is it worth it to put it in the R210II?

If yes, how would you go about setting it up? Installing default and restoring the config? Clone the drive (if yes, how?)?

Thanks!

3

18.7 Legacy Series / [Solved] No longer getting WAN ip after upgrade to 18.7?

« on: August 01, 2018, 03:11:06 pm »

Hi, I recently took the jump to 18.7, but after upgrade I do not get an external ip on my WAN interface.

My network setup is: cable modem --> Opnsense --> switch --> users.

It can see the ISP dhcp server fine, but it's not getting an ip.

Any input on this?

EDIT:
I briefly got ipv6 connection

And I have this in my logfile:

Code: [Select]

opnsense: /interfaces.php: The command '/sbin/dhclient -c '/var/etc/dhclient_wan.conf' -p '/var/run/dhclient.bce0.pid' 'bce0'' returned exit code '15', the output was 'dhclient: PREINIT dhclient: Starting delete_old_states() dhclient: Comparing IPs: Old: 84.209.XXX.XXX New: dhclient: Removing states from old IP '84.209.XXX.XXX' (new IP '') 0 states cleared killed 0 src nodes from 1 sources and 0 destinations DHCPREQUEST on bce0 to 255.255.255.255 port 67 DHCPREQUEST on bce0 to 255.255.255.255 port 67 DHCPREQUEST on bce0 to 255.255.255.255 port 67 DHCPDISCOVER on bce0 to 255.255.255.255 port 67 interval 2 DHCPDISCOVER on bce0 to 255.255.255.255 port 67 interval 5 DHCPDISCOVER on bce0 to 255.255.255.255 port 67 interval 13 DHCPDISCOVER on bce0 to 255.255.255.255 port 67 interval 14'
Also I have a lot of rules going through my FW log with the source IP as my previous public IP. Even though my WAN shows an ip 0.0.0.0.

Any help i much appreciated (sorry I'm pretty new to this).

4

General Discussion / Monitor dropped packages (and latency spikes)?

« on: June 27, 2018, 12:57:27 pm »

Hi all,

any best practice to monitor dropped packages (and possible high latency spikes) on my WAN interface?

I'm currently having quite a bit of dropped packages and/or high latency, and to me it seems that it's up chain (i.e my ISP).

Thanks.

5

18.1 Legacy Series / [Solved] Strange DHCP requests? [Newbie alert]

« on: April 04, 2018, 04:00:35 pm »

Hi, I'm pretty new to all this, so please bear with me.

I'm getting flooded with requests from an internal IP I have no knowledge of. As far as I can tell (read google) it is a device wanting an IP?

The IP does not respond to ping.

Code: [Select]

Interface Time Source Destination Proto Label
WAN Apr 4 15:52:43 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:43 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:42 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:41 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:40 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:39 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:38 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:38 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:38 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:38 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:38 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:38 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:37 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:37 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:36 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:36 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:36 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:36 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:35 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:35 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 4 15:52:35 10.233.128.1:67 255.255.255.255:68 udp Block private networks from WAN

My network config:
OPNsense ip: 10.0.0.1
Subnet:   10.0.0.0
Subnet mask:   255.255.0.0
Available range   10.0.0.1 - 10.0.255.254
DHCP Range: 10.0.0.100 - 10.0.0.150

Please let me know if there is any other information I should provide.

Thanks.

6

18.1 Legacy Series / [Solved] OpenVPN problem (can only ping some devices on LAN)

« on: March 28, 2018, 08:43:34 pm »

Hi, I'm new here and to OPNsense. I have OPNsense installed on a Dell R210 II and are trying to set up an OpenVPN server, but are facing some issues.

Problem:
I can only ping some of my LAN devices from my VPN client.

- I can connect fine to the VPN from outside, but I can only ping 10.0.0.1 (OPNsense), 10.0.0.2 (router 1) and 10.0.0.3 (router 3). I can not ping ie. VMs that are located on 10.0.0.5X (static IPs) or i.e my laptop 10.0.0.110 (DHCP)
- But since I can ping 10.0.0.2 and 10.0.0.3 shouldn't I be able to ping all other devices as well?
- From OPNsense cli I can ping all devices, both the VPN client and all local devices.
- I've read around and tested quite a bit of configuration changes, but I can't seem to figure this out.

Setup/Facts:
- OPNsense 18.1.5-amd64
- Lan ports 1 to 3 bridged as the LAN interface (ie. a switch)
- 1 x port WAN
- 2 x old routers as switches (connected to two of the three lan ports mentioned above. Both running Tomato firmware with DNS server off and static ip set) [not gotten around to buying a proper switch]

Network:
- Opnsense IP: 10.0.0.1/16
- VPN network: 10.0.8.0/24
- OpenVPN default firewall rule is enabled

Code: (OpenVPN server config) [Select]

dev ovpns2
verb 1
dev-type tun
dev-node /dev/tun2
writepid /var/run/openvpn_server2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
client-connect /usr/local/etc/inc/plugins.inc.d/openvpn/attributes.sh
client-disconnect /usr/local/etc/inc/plugins.inc.d/openvpn/attributes.sh
local <removed public ip>
tls-server
server 10.0.8.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/2
username-as-common-name
auth-user-pass-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify user 'Local Database' 'false' 'server2'" via-env
tls-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify tls '<removed>' 1"
lport 1194
management /var/etc/openvpn/server2.sock unix
max-clients 5
push "route 10.0.0.0 255.255.0.0"
push "dhcp-option DNS 10.0.0.1"
duplicate-cn
ca /var/etc/openvpn/server2.ca
cert /var/etc/openvpn/server2.cert
key /var/etc/openvpn/server2.key
dh /usr/local/etc/dh-parameters.1024
tls-auth /var/etc/openvpn/server2.tls-auth 0
comp-lzo adaptive
persist-remote-ip
float
Any input on this would be appreciated!

EDIT:

Code: (Output from nmap on VPN client) [Select]

nmap -sP 10.0.0.0/16

Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-28 22:06 CEST
Nmap scan report for 10.0.0.1
Host is up (0.11s latency).
Nmap scan report for 10.0.0.2
Host is up (0.048s latency).
Nmap scan report for 10.0.0.3
Host is up (0.040s latency).
Nmap scan report for 10.0.8.1
Host is up (0.045s latency).
Nmap scan report for 10.0.8.6
Host is up (0.094s latency).