OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of sol »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - sol

Pages: [1]
1
Intrusion Detection and Prevention / show total number of active drop and alert rules
« on: April 21, 2020, 09:52:48 am »
Hi there,

How can I list the total number of active drop and alert rules?
Is it possible in the gui or are there any commands for the shell.

Thx.

2
19.7 Legacy Series / kill states for multiple ips after block rule starts without using pfctl -F
« on: November 19, 2019, 09:43:14 pm »
Hi there,

some ips in my network are blocked from the internet after a schedule kicks in.
There is also a cron job to kill all states to make sure that these clients cannot connect to the internet anymore.

Instead of killing all connections with pfctl -f state
I know that with pfctl -k 192.168.1.100 this ips states will be kicked.
How can kill states for several ips with 1 rule?
Or do I have to use an own rule for each ip I want to kick the states of?

3
19.7 Legacy Series / wireguard and 2fa
« on: August 30, 2019, 08:05:06 pm »
Hi there,

openvpn supports 2fa and also client certificates.
Is there or will there be an option for wireguard as well?

4
19.1 Legacy Series / openvpn working but connection status shows unable to contact daemon
« on: February 19, 2019, 06:13:29 pm »
Hi there,

since the update to 19.1.1 I have a weird issue.
Openvpn works. I can connect to my lan and browse the web from an external wlan.
But the status under vpn / openvpn / connection status shows this:

Code: [Select]
OpenVPN Status
OpenVPN Privat UDP:1194 Client connections
Common Name Real Address Virtual Address Connected Since Bytes Sent Bytes Received
[error] Unable to contact daemon Service not running? 0 0 bytes 0 bytes



System: Diagnostics: Services also shows that openvpn isnt running, although it works. Restarting the firewall or just the service doesnt solve the issue.

This is the openvpn log
Code: [Select]
Date Message
Feb 19 17:51:49 openvpn[3190]: Exiting due to fatal error
Feb 19 17:51:49 openvpn[3190]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
Feb 19 17:51:49 openvpn[3190]: TUN/TAP device ovpns1 exists previously, keep at program end
Feb 19 17:51:49 openvpn[3190]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 19 17:51:49 openvpn[22887]: library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
Feb 19 17:51:49 openvpn[22887]: OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Feb 4 2019
Feb 19 17:13:06 openvpn[52155]: MULTI_sva: pool returned IPv4=10.10.0.6, IPv6=(Not enabled)
Feb 19 17:13:06 openvpn[52155]: 46.xxx.xx.49:56646 [stefan] Peer Connection Initiated with [AF_INET]46.xxx.28.49:56646
Feb 19 17:13:06 openvpn: user 'stefan' authenticated using 'TOTP VPN Access Server'
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_GUI_VER="net.tunnelblick.tunnelblick_5180_3.7.8__build_5180)"
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_TCPNL=1
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_COMP_STUBv2=1
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_COMP_STUB=1
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_LZO=1
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_LZ4v2=1
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_LZ4=1
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_NCP=2
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_PROTO=2
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_PLAT=mac
Feb 19 17:13:06 openvpn[52155]: 46.189.28.49:56646 peer info: IV_VER=2.4.6
Feb 19 16:13:07 openvpn[52155]: stefan/46.xxx.xx.xx:53468 MULTI_sva: pool returned IPv4=10.10.0.6, IPv6=(Not enabled)
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 [stefan] Peer Connection Initiated with [AF_INET]46.xxx.xx.xx:53468
Feb 19 16:13:07 openvpn: user 'stefan' authenticated using 'TOTP VPN Access Server'
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_GUI_VER="net.tunnelblick.tunnelblick_5180_3.7.8__build_5180)"
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_TCPNL=1
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_COMP_STUBv2=1
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_COMP_STUB=1
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_LZO=1
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_LZ4v2=1
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_LZ4=1
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_NCP=2
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_PROTO=2
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_PLAT=mac
Feb 19 16:13:07 openvpn[52155]: 46.xxx.xx.xx:53468 peer info: IV_VER=2.4.6
Feb 19 13:57:15 openvpn[97551]: Exiting due to fatal error
Feb 19 13:57:15 openvpn[97551]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
Feb 19 13:57:15 openvpn[97551]: TUN/TAP device ovpns1 exists previously, keep at program end
Feb 19 13:57:15 openvpn[97551]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 19 13:57:15 openvpn[92632]: library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
Feb 19 13:57:15 openvpn[92632]: OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Feb 4 2019
Feb 19 13:57:13 openvpn[93621]: Exiting due to fatal error
Feb 19 13:57:13 openvpn[93621]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
Feb 19 13:57:13 openvpn[93621]: TUN/TAP device ovpns1 exists previously, keep at program end
Feb 19 13:57:13 openvpn[93621]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 19 13:57:13 openvpn[28853]: library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
Feb 19 13:57:13 openvpn[28853]: OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Feb 4 2019
Feb 18 22:21:32 openvpn[52155]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]185.200.118.66:53610
Feb 18 13:27:13 openvpn[15599]: Exiting due to fatal error
Feb 18 13:27:13 openvpn[15599]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
Feb 18 13:27:13 openvpn[15599]: TUN/TAP device ovpns1 exists previously, keep at program end

Looking forward to your replies.
Thx.

PS
what does this mean
TLS Error: cannot locate HMAC in incoming packet from [AF_INET]185.200.118.66:53610

I get this from time to time from ip of the 185.200.118.xx range?
Is someone trying to connect to my openvpn using a port scan?

5
18.7 Legacy Series / ntopng data directory migration notice since last update
« on: January 08, 2019, 06:50:40 pm »
Hi there,

with the recent update ntopng wants a data migration

https://www.ntop.org/support/faq/migrate-the-data-directory-in-ntopng/

How can this guide from ntop be used the change the settings on opnsense via console / ssh?

Thank you.

6
German - Deutsch / [gelöst] Wie dyndns für openvpn auf opnsene als exposed host hinter fritzbox
« on: January 06, 2019, 06:30:49 pm »
Hi,

Anschluss ist von Netcologe mit einer Fritzbox 7590 mit der internen IP 192.168.178.1       
Opnsense ist als Exposed host hinter der Fritzbox geschaltet mit 192.168.178.42
DynDNS ist in der Fritzbox mit duckdns erfolgreich eingerichtet und die IPv4 Adresse kennt duckdns.
Port 80 und 443 und 1194 (UDP für OpenVPN) sind zusätzlich forwarded in der Fritzbox.

Internet und alles im Lan funktionieren auch wunderbar. Lan hat subnet 192.168.1.1 auf der Opnsense.
Openvpn wurde auf der OpnSense wie im guide eingerichtet, inkl. 2fa und cert.

Wie teile ich den clients nun in VPN / CLIENT EXPORT die DynDns Adresse mit, damit ich von außen auf meinen OpenVPN Server auf der Opnsense zugreifen kann?


Hatte schon einmal mit einer festen Ip und nur der Opnsense als Router erfolgreich OpenVPN betrieben.
Mit dem neuen Anschluss bekomme ich dies noch nicht hin.

Vielen Dank.

7
18.7 Legacy Series / [Solved] firehole level 1 lan rule blocks internet on windows 10 - use level 2
« on: August 31, 2018, 08:05:46 pm »
Hey there,

has anyone else experienced this too?
My Lan Rule with firehol level 1 blocks internet for windows 10.
The rule does not block it on linux, android or ios when active and set before the default allow lan to any rule.
If set after the defaul allow lan rule winodows 10 will connect to the internet of course but this wont help me in blocking those ips in the list as the allow rule overwrite the firehol rule.

Alias is set like this:
firehol    URL Table (IPs)    firehol    https://iplists.firehol.org/files/firehol_level1.netset  expiration 0 days + 12hours

See attachment for the rule setting.

Thank you!

Using Firehol level 2 works with Windows

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2021 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2