Topics

running

OPNsense 23.7.10_1-amd64
FreeBSD 13.2-RELEASE-p7
OpenSSL 1.1.1w

Since the upgrade, it takes minutes to show folders on my NAS server. 2 minutes to open up a 11kb pdf file.

I have tried smb v2,3 webdav, used openvpn, wireguard and tailscale to test if it the vpn software itself or the protocol. there is zero packet loss, 32ms ping repsonse.

NAS server works perfectly if in the office. Firewall is basically 0%cpu, state table 485. I'm at a loss.

running:

OPNsense 19.7.4_1-amd64
FreeBSD 11.2-RELEASE-p14-HBSD
OpenSSL 1.0.2s 28 May 2019

I have configured the authoritative and server certificates, user name and cert but when I try to perform the client export i do not see "link to openvpn clients" at the bottom of the page. In addition I see an option "export type" which is not in the documentation.

AM I missing something? see screenshot for info.

Running

OPNsense 19.7.2-amd64
FreeBSD 11.2-RELEASE-p12-HBSD
OpenSSL 1.0.2s 28 May 2019

Converted over from pfsense and have this nagging issue. My home voip phone cisco spa122 used to reconnect fine after a firewall reboot or upgrade. It seems not to be able to do this with opnsense. Not sure if a state table issue, dhcp, etc, but if i reboot the spa122 it connects fine.

Any suggestions?

running:
OPNsense 19.7.1-amd64
FreeBSD 11.2-RELEASE-p11-HBSD
OpenSSL 1.0.2s 28 May 2019

I have 3 usernames defined root,admin and john. I was setting up John to use google authentication which works fine. The problem is when I try to edit the username john and click the pencil, it quickly shows john and then the screen changes to the username admin. Very weird.

The only way to circumvent this is to change the username manually to John and then start to edit and save. Editing root or admin works fine.

Can't figure this out.

The health quality graph under reporting is showing no data for zoom levels 20,60 hours and 6 years but shows fine for 77 days.


solved.  had to reset rrd data.

How do you access the graphs for the collectd plugin?

trying to block Russia but running into error message using IDS

Aug 30 12:26:13 jsb-fw1 suricata: [100103] <Notice> -- This is Suricata version 4.0.5 RELEASE
Aug 30 12:26:13 jsb-fw1 suricata: [100135] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop ip  any any -> any any (msg:"block russia";  geoip:src,RU ; sid:4294967294; rev:1;)" from file /usr/local/etc/suricata/opnsense.rules/OPNsense.rules at line 8
Aug 30 12:26:13 jsb-fw1 suricata: [100135] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.

Can someone have some advise on this please.

Running ADSL 25d/10u internet. Very stable provider. When I test with ipfire or pfsense, browsing is fine using IE. firefox or chrome. Very responsive.

When running opnsense latest, pages take up to 2 minutes to load. once in cache, they load much quicker.

DNS seems like its working fine. Tried with and without squid running. ping response to site <18 ms. No dropped packets or errors. cpu < 2%, mem 1.2gb free.

Not sure what diagnostics more to do.

My web Browsing has become extremely unreliable since the upgrade. It seems that IE,Chrome cannot connect to certain websites even though they are alive when using an external pc to test.

eg: www.scanmyspeed.com I cannot connect to.

i have checked/tried the following.
1. nslookup www.scanmyspeed.com and it resolves to 13.89.237.178 from my pc.
2. host www.scanmyspeed.com from the firewall and it resovles fine.
3. telnet www.scanmyspeed.com 443 show a successful connection.
4. ipconfig /flushdns on my pc does not resolve issue.
5. turning off proxy settings in browers.
6. tcpdump -n |grep 13.89.237.178 shows traffic flowing through firewall
root@jsb-fw1:~ # tcpdump -n | grep 13.89.237.178
12:39:45.858649 IP 192.168.0.103.28256 > 13.89.237.178.443: Flags , seq 45952176, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
12:39:45.897047 IP 13.89.237.178.443 > 192.168.0.103.28256: Flags [S.], seq 2175862255, ack 45952177, win 8192, options [mss 1420,nop,wscale 8,nop,nop,sackOK], length 0
12:39:45.897339 IP 192.168.0.103.28256 > 13.89.237.178.443: Flags [.], ack 1, win 260, length 0
12:39:50.197108 IP 192.168.0.103.28256 > 13.89.237.178.443: Flags [P.], seq 1:2, ack 1, win 260, length 1
12:39:50.309252 IP 13.89.237.178.443 > 192.168.0.103.28256: Flags [.], ack 2, win 1026, length 0
12:39:55.461958 IP 192.168.0.103.28256 > 13.89.237.178.443: Flags [F.], seq 2, ack 1, win 260, length 0
12:39:55.496678 IP 13.89.237.178.443 > 192.168.0.103.28256: Flags [R.], seq 1, ack 3, win 0, length


I have turned off web proxy, tried both dnsmasq and unbound to no avail. No ids running

I have a standby ipfire and pfsense firewalls, and my pc works fine when communicating through them.

This is perplexing. Any help would be greatly appreciated.

How can I exclude ipv6 firewall blocks from logging?

This is not a huge issue however when you setup a pppoe connection the default value of the MTU is 1500 and opnsense has a calculation value of 1492.

ie:
Calculated PPP MTU: 1492

The issue is that if you set the mtu to 1492 and click apply, the system comes back with a different calculated value of 1484. The value continues to go down as you choose the newer calculated value. I have set mine a 1492 and have ignored the calculated value. I don't believe this harms the WAN interface but I just thought I would mention it.

Just wondering were to post/request new ideas or features. Other forums I belong to have a separate tab on their forums.

Running

Versions   OPNsense 18.1.11-amd64
FreeBSD 11.1-RELEASE-p11
OpenSSL 1.0.2o 27 Mar 2018

I have followed the instructions ie:https://docs.opnsense.org/manual/how-tos/cloud_backup.html
and created the "Client ID" and saved the email address and p12 key, but still getting the following message:

The following input errors were detected:
communication failure

Silly question: what is the password supposed to be?
1. my gmail account password?
2. the p12 key password.. notasecret?
3. something else?