Topics

1

Hardware and Performance / Migrate configuration from AMD GX-416RA to AMD GX415GA

« on: September 10, 2020, 02:27:21 pm »

I have two Deciso A10 appliances. One with a GX416RA SOC, the other has a GX415GA SOC.
The first one is currently active, the second one should provide some redundancy (cold stand-by).
So I want to export the config of the GX416 and load it into the GX415.
As I already found out I have to rename the network interfaces from igb0 to em0 etc.

Now when testing I can connect to the stand-by machine and I see that its WAN interface is connected to the internet.
But not a single data packet is moving from LAN to WAN and vice versa.

What else do I need to change in the config?

2

20.1 Legacy Series / [Modified] No traffic from secondary local network to WAN

« on: April 14, 2020, 08:19:37 pm »

After the update to 20.1.4 I seeing some NAT problems.
This is on a Deciso DEC2630 or DEC2640 device.
I have two internal -  physically seperated - networks. LAN on igb0 (172.16.30.1/16) and a new one called BBB on igb2 (172.31.30.1).
WAN is on igb1 with a fixed IP.
I have some NAT rules to 172.16.x.x which are all LAN clients. These still work.
And I have some rules to 172.31.0.2 which is a server in the BBB network. These do not work anymore after the update. The server itself is listening to all ports, I checked that from behind the firewall. Coming in over WAN I only get connection timeouts (10060).
I double ( and triple) checked my rules. They look good and unchanged.

Any changes in the last update that could cause this trouble?

Is there an easy way back to 20.1.3 to do some cross checks?

Regards, stay safe
Stefan

3

18.1 Legacy Series / [SOLVED] Mysterious IP address

« on: April 11, 2018, 04:57:55 pm »

I just found an unknown IP (192.168.0.45) in our network. It replies to a ping and looking at the reply with Wireshark the answer originates from the LAN interface of our OPNsense firewall. We never used 192.168.x.x here at the company, so I'm quite sure I did not configure it somewhere. And looking through the firewall's config I don't find any place where this is set.

Clueless here, anyone with an idea?

Stefan

Edit (fabian): Mark as solved

4

17.7 Legacy Series / Blocking WEBDAV?

« on: August 07, 2017, 02:20:35 pm »

According to this

http://borncity.com/win/2017/08/07/us-cert-warns-microsoft-windows-lnk-vulnerability/

we should block outgoing SMB and WEBDAV traffic to close some attack vectors which can be used by the vulnerability.

How to block WEBDAV in OPNsense?

Stefan

5

16.7 Legacy Series / Time to upgrade?

« on: February 27, 2017, 11:26:42 am »

With 17.1.2 now out what is the common sense about upgrading from 16.7.14?
Production systems on Deciso hardware (OPN20077R-EUPC3-S2YN).
Any known risks still lurking?

Is 16.7.14 still safe? Or are there known security issues?

Best regards
  Stefan

6

16.7 Legacy Series / Captive Portal: Dropped vouchers still valid?

« on: September 28, 2016, 05:00:01 pm »

- Create voucher
- Use voucher to connect a device over WIFI -> works
- Disconnect device
- Drop voucher
- Reconnect device over WIFI -> still works

Is this WAD?
I'd expect a dropped voucher to be invalid even if its validity period is not yet expired.
 
Best regards
  StP

7

16.7 Legacy Series / Captive Portal not working with Android devices

« on: September 09, 2016, 08:48:42 am »

It seems the general discussion forum is not (regularly) visited by OPNsense developers. So I'm reposting here...
------

We did set up a guest WIFI access point following

https://docs.opnsense.org/manual/how-tos/guestnet.html?highlight=captive%20portal

It works fine for Windows PCs and iOS devices.
But Android devices do not show the login screen.
Neither automatically (as my iPhone does) nor after opening a browser and entering an arbitrary URL.

Any ideas?

Stefan

8

General Discussion / Using Captive Portal with Android devices

« on: September 01, 2016, 10:46:56 am »

We did set up a guest WIFI access point following

https://docs.opnsense.org/manual/how-tos/guestnet.html?highlight=captive%20portal

It works fine for Windows PCs and iOS devices.
But Android devices do not show the login screen.
Neither automatically (as my iPhone does) nor after opening a browser and entering an arbitrary URL.

Any ideas?

Stefan

9

16.7 Legacy Series / Hanging script

« on: August 16, 2016, 03:43:41 pm »

If I log into OPNsense, navigate to the dashboard and just leave it alone for some hours I get an error message about a hanging script. This is the link mentioned in the error box:

https://172.16.30.1/ui/js/d3.min.js:2

My dashboard shows:
- Traffic graph
- Interface statistics
- System information
- Interface list

OPNsense 16.7.1
Browser: Firefox 48.0

Regards
  Stefan

10

16.1 Legacy Series / [SOLVED] Captive Portal - Add user to create/drop vouchers

« on: July 28, 2016, 12:13:34 pm »

Hi,

as the topic says: I want to create a user that is allowed nothing but to create vouchers for the Captive Portal.
So I create user "VoucherAdmin" and set only one privilege "WebCfg-Services: Captive Portal".

Now I can login as "VoucherAdmin" and I see a heavily reduced UI.
But I have two problems:
1. The UI is not reduced enough - all the Captive Portal functionality is available. Not only "Vouchers" but "Administration", "Sessions" and "Log File", too. That is more than our office ladies can (and should) handle.
Anything I (or you) can do to further reduce the privilege?

2. In the reduced UI there is no "Logout" button. I see no way to login again as "admin" except waiting for a timeout.
This is not by intention, is it?

Regards
  Stefan

11

16.1 Legacy Series / [SOLVED] Unable to check for Updates

« on: March 07, 2016, 11:24:15 am »

Hi!

I have two similar Deciso firewall boxes (OPNsense A10 Quad Core SSD rack OPN20077R) with this installed:

  OPNsense 16.1.5-amd64
  FreeBSD 10.2-RELEASE-p12
  OpenSSL 1.0.2g 1 Mar 2016

When I "Click to check for Updates" on the dashboard I get this on one of the boxes:

  Warning:
  stream_socket_client(): unable to connect to unix:///var/run/configd.socket (Connection refused) in
  /usr/local/opnsense/mvc/app/library/OPNsense/Core/Backend.php on line 93 Connection Error
  Click to retry

Don't know what to do. Retry doesn't help.
The other box is working fine and shows one available update.

Any help welcome...

Best regards
  Stefan

12

15.7 Legacy Series / Status graph UI issue

« on: November 13, 2015, 01:23:39 pm »

Hi,
see attached picture.

As you can see the graph itself shows high incoming traffic and very low outgoing traffic.
In reality it is the other way around.
The list on the right has it right.
One upload from 172.16.1.23 is generating the outgoing traffic.
Incoming traffic is necligible.

Looks a bit mixed up.

Stefan

13

15.1 Legacy Series / Firewalls/Aliases: Using wildcards to allow traffic

« on: May 21, 2015, 04:53:17 pm »

Hi,

I have several machines that are not allowed to access the WAN. I have created a firewall rule for that.
Problem: All machines run Secunia's CSI agent (www.secunia.com).
The firewall requirement for this agent is: "Allow https to *.secunia.com"
How do I create such a rule? It seems wildcards are not supported.

Regards
  StP

14

15.1 Legacy Series / Blocking by MAC

« on: May 06, 2015, 11:45:49 am »

Hi,

our old CISCO security appliances allowed LAN devices to be blocked by MAC address.
It seems this is not possible with OPNsense. Correct?

StP

15

15.1 Legacy Series / [SOLVED] Traffic graph not visible in Firefox

« on: May 04, 2015, 01:21:02 pm »

Hi,

on Status->Traffic graph I can only see a textual representation of the current data, but no diagram.
OPNsense 15.1.9.2, Firefox 37.0.2
Any setting I have to activate?

Regards
  StP