Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - renow

Pages1
#1
23.1 Legacy Series / Upgrade from 23.1.10_1 bloqued (I think because of broken cicada theme)
December 21, 2023, 12:09:38 AM
Hi,

I have a FW which doesn't want to upgrade (running 23.1.10_1 actually) :

from console I obtain following message  : Installation out of date. The update to opnsense-23.1.11_2 is required.

from web interface (no update available) but plugin conflict.
Plugin confilct is wuth theme cicada)


When I try to resolve conflicts :

Currently running OPNsense 23.1.10_1 at Wed Dec 20 23:57:59 CET 2023
Installation out of date. The update to opnsense-23.1.11_2 is required.

Is there a way to remove a broken plugin from shell ?

Thanks for your help.
Regards,
Renaud.

#2
Hardware and Performance / Manage led on an Sophos XG 106 reinstalled with OPNsense
March 10, 2023, 10:59:19 PM
Hi,

I have installed OPNsense on an old Sopos XG 106 FW.
Everything si working well.
Network interface, power and HDD leds are working too.
Status led is always blinking and I'd like to fix it when os loaded and maybe blink on error.

So I'm looking for a solution to manage leds.
I've seen apuled package, but /dev/led doesn't exist...

Thanks for your help.
Regards,
Renaud.
#3
High availability / [solved] some VIP always Master on Backup node
February 09, 2023, 09:31:39 PM
Hello guys,

I have 7 VIP in my configuration (each on a vlan interface).
When I start Carp, 7 VIP are Master one primary node and 7 VIP are Backup on secondary node.
After about 20s, 3 last VIP switch to Master on secondary node and stay Master on primary node.

I've tried to remove a VIP and problem still persits with 3 last VIP,
I've tried to change base freq to 3 to these VIP but problem is still there,
I've tried to configure VIP by syncing configuration from primary node or to configure them manually and it doesn't make a difference...

Is there anyone with an idea to solve this issue ?
How may I capture Carp packets ton understand this issue ?

Thanks for your help.
Best Regards,
Renaud.
#4
Virtual private networks / Doing same action of Disconnect button in VPN IPSEC Status via script
October 15, 2022, 07:33:13 PM
Hi,

I think, it's the first time in my life that a web button is better than a script command !

I have an IPSEC tunnel which lost often some of his phase 2,

- if I Disconnect from Status page, then reconnect.
-> All Phase 2 restart

If I script (for automation)
ipsec down con2
and
ipsec up con2,

-> only phase2 previously up restart...

Someone knows what more is doing disconnect button ?
Thanks for your help.
Regards,
Renaud MEDICI.
#5
22.7 Legacy Series / IPSEC VPN Status not working for users with limited access.
August 24, 2022, 10:54:14 AM
Since Upgrade to 22.7 release,

Users with limited access are not able to seen IPSEC VPN status.

Rights defined as below :


   GUI   Status: IPsec
   GUI   Status: IPsec: Leasespage
   GUI   Status: IPsec: SAD
   GUI   Status: IPsec: SPD
   GUI   Status: System logs: IPsec VPN
   GUI   VPN: IPsec

It was working before upgrade.
Thanks for your help.
Regards,
Renaud.
#6
Virtual private networks / IPSEC route propagation via OSPF
March 25, 2021, 12:05:04 PM
Hi everybody,

I'm trying to configure a configuration with 2 OPNsense Firewall in 2 different datacenter.
There a connected via a routed IPSEC link and are running OSPF v2 to share route.

If I add a static route, I see it directly on second firewall via OSPF.
But if I connect an IPSEC tunnel (runnel mode), the tunnel work well, I see the route in the route table, but I don't see it in OSFP route diagnostic on any of the firewall...

Is there a limitation in FRR for this kind of road the only difference I've seen is falgs of the route :

US for the IPSEC tunnel route
UGS for the static route

Any idea ?
Thanks for you help.
Regards,
Renaud.
#7
18.1 Legacy Series / IPSEC Nat 1 to 1 behind Router NAT
September 13, 2018, 07:00:52 PM
Hello,

I'm trying to configure an IPSEC tunnel and need to use 1 to 1 NAT because local IP network exists in remote networks.

Configuration is as follow :

HQ : Local Network : 192.168.100.1/24 : (LAN) OPN (WAN) : 192.168.1.254 ------ Router 192.168.1.1 ------- WWW
Remote : 192.168.0.0/24 --- Public IP (WWW)

Need to configure an IPSEC with translation to 192.168.111.0/24 (local) and connected to 192.168.0.0/24 (remote)

So I have configured  :

- an IPSEC P2 for network 192.168.111.0/24 to 192.168.0.0/24
- a 1 to 1 NAT on IPSEC interface with external 192.168.111.0/24 for traffic from 192.168.0.0/24 to 192.168.0.0/24

incoming ICMP traffic from remote 192.168.0.0/24 net reach a client on 192.168.100.0/24 but reply isn't redirected in the IPSEC tunnel.

I think the problem is because of WAN NAT on 192.168.1.254 for outside.

I have tried too with an IP alias on LAN with 192.168.111.1/24 and NAT on this IP before the tunnel but it doesn't work.

Does anyone tell me wich configuration may be used in my configuration ?

Thanks for your help.
Regards,
Renaud.
Pages1