OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of wget »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - wget

Pages: [1]
1
21.1 Legacy Series / xDSL pppoe route not found with recent upgrades - Muti WAN
« on: February 01, 2021, 02:10:45 pm »
Hi there,

I'm debugging the inability for my backup WAN2 (xDSL based) to be used. WAN1 is the default gateway for both IPv4 and IPv6.

Pinging or using curl against the src WAN2 address PPPoE address is now reporting 'no route found' (timing out with curl). The problem appeared with some dot releases from 20.7, but I haven't noticed which one.

Code: [Select]
curl -6 --interface 2a02:a03f:afe7:xxxxxxxxxxxxxxx -k -L -g '[2a00:1450:400e:80d::200e]'
I'm investigating what recent OPNsense changes could have caused this, but I have to admit I'm struggling finding the culprit as changing the default route to WAN2 is still giving the same issue (a far gateway issue?) :/

Does anyone could help me narrowing down the issue?

2
General Discussion / Redirecting SSH traffic to alternative WAN in a multi-wan configuration
« on: October 06, 2020, 08:28:58 pm »
Hi there,

I have two WANs. My main connection (WAN1) is using a DOCSIS modem cable which is running into issue with some SSH connections. Because of that, I need to redirect the outgoing SSH traffic to WAN2.

Up to now, I was specifying manually the IPv4 and IPv6 destination addresses in System > Routes > Configuration for each SSH service concerned by the issue.

* Do we have a way to ask OPNsense to route all the SSH based outgoing traffic to WAN2 instead of WAN1?
* If this is not possible easily, do we have a way to route based on a DNS instead of having to specify the IPv4 and IPv6 addresses manually (addresses which change after some time depending on the anycast network I'm in - geolocalized content delivered via variable CDN like GitHub).

3
General Discussion / Potential 20.7 FreeBSD 12 regression with ICMPv6 - Sensei? [FIXED]
« on: July 10, 2020, 04:15:37 pm »
In order to comply with RFC 4890 -  Recommendations for Filtering ICMPv6 Messages in Firewalls, in 20.1, I allowed the following ICMP traffic:
https://tools.ietf.org/html/rfc4890#section-4.3.1

I set them in Rules > WAN. cf. attachment

Authorizing this traffic allowed me to get 20/20 at the IPv6 test: ipv6-test.com/

A few weeks ago, I migrated to 20.7.b_181 with the FreeBSD 12 kernel (fresh install). Now, I noticed, that despite having these ICMP whitelisting rules enabled, I have been down graded to 18/20, because this ICMP specific traffic wasn't allowed to pass through anymore :/

Can anyone confirm this issue? I have Sensei installed, maybe the reason?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2