Topics

1

24.1 Legacy Series / MultiWan with Failover configuration stops Ping to OPNSense, and access to Modem

« on: March 10, 2024, 03:37:44 am »

I have Been Running OPNSense for many years but I continue to struggle to get MultiWan (Failover) working without loosing the ability to ping the OPNSense router, and access the web GUIs of the modems.
I run a single LAN (10.0.0.0/24) with OPNSense box (Router, Gateway, Firewall) at 10.0.0.1.   The box has multiple Eth ports with ports used
1. WAN connected to a Starlink Modem (Gen 1 DIshy with starlink wifi/Router removed) set as Tier1 as Primary WAN
2. WAN4g connected to a DLINK DWM-312 4G/LTE modem (set as tier 2 for backup)
3. Remaining ports are LAN1, LAN2 etc all bridged to form LAN
The Box is quite powerfull, normally using 1% CPU (Intel Core i5-8250U).

Without a Gateway Group set up, I can ping 10.0.0.1 OK, and I can access Starlink modem on 198.164.100.1 from anywhere in LAN.

I then insert a gateway Group  (WombatHollowGateway) and I still have access OK.

But I then insert the WombatHollowGateway into the "Default allow LAN to any rule" (it was set to default) and then I can no longer ping 10.0.0.1 (but I can still access OPNsense Web page on the same IP address) and  I cannot access (HTTP or Ping) Starlink Modem at 198.164.100.1  from anywhere in LAN BUT I can ping 10.0.0.1 and 198.164.100.1 (Starlink Gui) from OPNSense Interface diagnostics menu.   I can also HTTP to 198.164.100.2 which takes me back into OPNSense login!

Does anyone have any idea why adding the Group Gateway to the Rules stop this access to OPNSense, and to modem HTTP GUI.   And what is the impact of leaving the Gateway set to default in Rules.
I have created a Virtual IP for Starlink Net, and a NAT outbound rule to suit.

I have attached a screen shot of the OPNSense dashboard and a cut down copy of the OPNSense config file (sections containing nothing and a few irrelevant (hopefully) sections removed).
Ta  Ian

2

18.7 Legacy Series / OpenVPN (road warrior) with 2FA will not sustain connection

« on: March 29, 2019, 12:08:29 pm »

I managed to get a openVPN road warior connection with 2FA working but the connection only lasts a minute (i just get logged into a LAN webserver and loose it) or so and then I have to reconnect which means get a new OTP from google authenticator.  Makes the VPN useless. 
Suspect t the cause may be the poor ADSL 2 connection to the Router (6MB/350kB, it is a 3km rural connection) which I cannot do much about.

Problem affects several different clients (android with openVPN app, W10 with Velocity and OpenVPN apps)

Is there anything in settings I can do to
1. reduce it's sensitivity to dropping out
2. Not have to get a new TOTP each time
3. Not use a TOTP at all, use a different authentication method

Or should I go over and use IPSec or is there another road warior VPN solution better suited to my scenario.

Was running OPNSense 18.7 on a gen4 i5 processor with loads of RAM (it is barely working above 10%) and 10 NICs (LAN switch and router)

3

19.1 Legacy Series / [SOLVED] Since 19.1 upgrade, no new data captured for Reporting, health, Quality

« on: March 08, 2019, 01:42:33 pm »

Since the upgrade to 19.1, the quality graph under Reporting/health has shown no new data under Quality (for WAN) tab.  The data graphed stops on 6 Feb (suspect that is when I updated from 18.7) whilst all other tabs show graphs with data up to the present.

Any idea why...appears the delay and packet loss data is no longer logged, unfortunate as I found it useful for our poor quality Rural ADSL WAN connection.
Thanks

4

General Discussion / Road Warrior OpenVPN link- possible Routing and DNS issue

« on: September 05, 2018, 03:55:19 am »

I have established a OpenVPN server on the OPNSense Router and successfully connected a client (OpenVPN on Android and Viscosity on W10) remotely through to the Router as evident by the client getting a VPN IP address (10.0.2.x).
But I cannot use that connection to connect to any of servers inside my Routers domain (10.0.0.x) for HTML traffic.
Is there something I am missing in the client, or the Router that allows a request from the VPN client be directed through to the servers on the routers Domain (10.0.0.x).

Once I have that basic connectivity working, is there some smart configuration I can set up to direct IP traffic depending on how I am connected to the internet, ie
If connected to my Domain (computer WiFi or Ethernet IP is 10.0.0.x) then requests to 10.0.0.x stay in the Domain, otherwise they are routed out through the gateway to the internet.  {this already works, using unbounded DNS), but
If connected to the internet (computer WiFi or Ethernet IP is not 10.0.0.x), all IP traffic is routed over internet connection except to 10.0.0.x which is routed over VPN connection (with IP of 10.0.2.*) into my Domain.
Thanks in advance