Topics

1

General Discussion / How do I detect "bad" packets and prevent them from hitting the WAN?

« on: January 16, 2019, 09:11:38 am »

I'm using OPNSense to protect a small elementary school's network and we have been having frequent outages for the past 4 months.  We've investigated everything we can think of and so far haven't been able to fix the problem. 

Our ISP has suggested that our problem looks similar to other issues they've seen where there is a bad or failing component on the network that is sending out malformed packets and disrupting our service.  The cable modem sees these "bad" packets and starts dropping legitimate packets.

To me, our problem feels like a lack-of-bandwidth type of issue but everything we can see tells us that we are not oversubscribed.  When the outage happens, OPNSense is not reporting any type of bandwidth spike, our WAN traffic isn't topped out, even the firewall hardware looks fine (CPU, RAM, temp, etc.)

My question then is how do I track down the device that is causing the issue?  Is it possible to do a tcpdump on OPNsense and export that data for later evaluation?  I've installed the VnStat plugin but I don't think that is going to help.  Are there any other plugins that I should try?

2

18.1 Legacy Series / My VLAN interface isn't passing traffic and I don't know why.

« on: July 05, 2018, 10:57:56 am »

I just installed a new OPNSense system at my wife's school and everything seems to be working fine, except the Guest WiFi VLAN interface.  The Guest Wifi VLAN is supposed to be for those in the building that have personal devices, or guests that don't need to talk to the internal network (printers, etc.)

Here are the steps I went through:

• Go to Interfaces --> Other Types --> VLAN and hit the add button
• Fill out all the information (Tag, PCP, etc.)
• Go to Interfaces --> Assignments and add it to the WAN Interface
• Go to Firewall --> Rules --> LAN and clone the "any" rules and change the settings to use the new VLAN Interface
• Go to Services --> DHCPv4 --> OPT1 and enable DHCP

Everything looks good and the interface comes up without any errors.  However, when I try to connect I don't get a DHCP connection.  So, I manually gave myself and address (10.0.1.69) and tried to ping a couple of things.  I can ping the firewall at the VLAN interface (10.0.1.1) but I can't ping 8.8.8.8.  Also, DNS lookups don't work on the VLAN but they work fine on the LAN interface.

I know that I'm probably missing something obvious but I spent 3 hours yesterday trying to track down the problem and couldn't make it work.  Do you have any thoughts about what I might be doing wrong?  I've installed firewalls before but am new to OPNSense.

3

General Discussion / How can I monitor an Internet connection?

« on: April 12, 2018, 11:47:22 pm »

I'm a new convert from IPFire and am looking for a way to monitor my Internet connection and possibly show a history.  My ISP has a habit of dropping the connection and I would like to know when and for how long it was down.  I can then take this information and get a discount on my monthly bill.  I looked around OPNSense a bit but couldn't see anything that might do what I need.  Is there a plugin that might solve this problem?  Or perhaps it's already built into the core product and I don't know how to get to it.

Thanx!
Richard