Topics

1

Zenarmor (Sensei) / Zenarmor GUI doesnt work after upgrade to Opnsense 23.7.8_1

« on: November 18, 2023, 11:22:19 am »

Hi All,

After upgrading Opnsense to version 23.7.8_1 the zenarmor GUI no longer works.

If you click any menu there you are left with a spinning wheel as below screen shot. Any ideas?

|Thanks,

Alex

2

Web Proxy Filtering and Caching / Make NGINX Reverse Proxy bind to virtual IP on WAN

« on: May 29, 2021, 05:04:06 pm »

Hi,

I have a number of virtual IPs on my WAN interface, can I make NGINX in reverse proxy mode bind to only one specific IP?

If so please point me in the direction.

Many thanks,
Alex

3

20.7 Legacy Series / WAN Interface down on reboot

« on: August 01, 2020, 07:27:25 pm »

Hi Everyone,

Whenever I reboot my firewall (Dell Server) the WAN interface does not work. I cannot ping or pass anytraffic on that interface.

If I log in to the GUI from LAN side, disable and then re-enable the WAN then everything works normally.

Why is this, and what can I do to prevent this?

Help appreciated,

Alex

4

20.7 Legacy Series / [SOLVED] upgrade from 20.1.9 to 20.7 failed

« on: August 01, 2020, 06:52:00 pm »

Hi,

I have a freshly installed hardware firewall (Dell Server). I installed and configured 20.1.9.

A couple of days later the new 20.7 was released. I checked for updates, and unlocked the 20.7 upgrade, and proceeded to upgrade from GUI.

Something was downloaded and the firewall rebooted. "EDIT: Really a very poor report of the problem by me. Sorry. I didnt pay proper attention, and left the thing to run while I went for "coffee", well it was the weekend."

Now, its stuck on 20.1.9_1 with following errors:

Code: [Select]

# opnsense-update
Updating OPNsense repository catalogue...
pkg-static: https://pkg.opnsense.org/FreeBSD:12:amd64/20.1/latest/meta.txz: Not Found
repository OPNsense has no meta file, using default settings
pkg-static: https://pkg.opnsense.org/FreeBSD:12:amd64/20.1/latest/packagesite.txz: Not Found
Unable to update repository OPNsense
Error updating repositories!
root@gw:/home/alex_rhys-hurn #

Why is it still looking for 20.1 files and not 20.7?

When I try that URL on my laptop web browser, I get File Not Found.

I notice that the URL says FreeBSD:12 and then Opnsense 20.1 That cant be right.

If I try to download https://pkg.opnsense.org/FreeBSD:12:amd64/20.7/latest/packagesite.txz manually I get a file.

How can I manually update this URL or reset the updates database so it can download afresh?

Help appreciated, thanks,

Alex

5

18.7 Legacy Series / Block bogons breaks OSPFv3

« on: September 23, 2018, 05:11:07 pm »

Hi,

Just deployed OSPFv3 on my OPNSense VM v. 18.1 using FRR 3.0.3

The firewall logs show that the Bogon rule blocked OSPF protocol from FF00 something...

SO, I go to interfaces, disable the block bogon rule, then I get a neighbour adjacency immediately.

I do have rules for both v4 and v6 allowing OSPF first in the firewall rules.

Any ideas how to fix this?

Thanks.

6

18.7 Legacy Series / [SOLVED] How does opnsense select gateway when OSPF

« on: September 23, 2018, 11:56:51 am »

I have OSPF Running, and receiving a default route. OPNSense seems to prefer the gateways manually set in the gateways page.

What is the model by which opnsense selects gateways when dynamic routing is enabled?

Thanks,

Alex

7

18.7 Legacy Series / Dynamic Routing. QUagga or FRR. which is more mature

« on: September 23, 2018, 11:52:11 am »

Hi,

I am new to OPNsense, and have just installed FRR as it seems to be the newer package, but I am having trouble with it.

My question:

Is the Quagga package more mature and stable (if out of date) than FRR, which should I choose for a production environment?

Thoughts appreciated,

Alex

8

18.7 Legacy Series / [SOLVED] Weird OSPF Behaviour FRR

« on: September 23, 2018, 11:30:42 am »

Hi All,

Your help appreciated with my situation. In summary, FRR is showing an interface that is not configured....

I have OPNsense running as a VM on Vsphere with VMXNET NICs:

Code: [Select]

OPNsense 18.7.3-amd64
FreeBSD 11.1-RELEASE-p14
OpenSSL 1.0.2p 14 Aug 2018
I have installed FRR v. 3.0.3

The running config is:

Code: [Select]

frr version 3.0.3
frr defaults traditional
!
log file /var/log/frr.log
!
interface vmx0
 ip ospf authentication message-digest
 ip ospf cost 10
 ip ospf message-digest-key 1 md5 MASKED
!
interface vmx1
 ip ospf authentication message-digest
 ip ospf cost 10
 ip ospf message-digest-key 1 md5 MASKED
!
router ospf
 ospf router-id 160.119.216.38
 passive-interface vmx2_vlan103
 passive-interface vmx2_vlan115
 passive-interface vmx2_vlan301
 network 160.119.216.32/29 area 0.0.0.1
 network 160.119.216.240/28 area 0.0.0.1
!
line vty
!
end
When I look at show ip ospf interfaces, I get:

Code: [Select]

sh ip ospf interface
vmx0 is up
  ifindex 1, MTU 9000 bytes, BW 10000 Mbit <UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
  Internet Address 160.119.216.38/29, Broadcast 160.119.216.39, Area 0.0.0.1
  MTU mismatch detection:enabled
  Router ID 160.119.216.38, Network Type BROADCAST, Cost: 10
  Transmit Delay is 1 sec, State Backup, Priority 1
  Backup Designated Router (ID) 160.119.216.38, Interface Address 160.119.216.38
  Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
  Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
    Hello due in 6.044s
  Neighbor Count is 1, Adjacent neighbor count is 1
vmx2_vlan115 is up
  ifindex 10, MTU 1500 bytes, BW 10000 Mbit <UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
  Internet Address 160.119.216.241/28, Broadcast 160.119.216.255, Area 0.0.0.1
  MTU mismatch detection:enabled
  Router ID 160.119.216.38, Network Type BROADCAST, Cost: 10
  Transmit Delay is 1 sec, State DR, Priority 1
  No backup designated router on this network
  Multicast group memberships: <None>
  Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
    No Hellos (Passive interface)
  Neighbor Count is 0, Adjacent neighbor count is 0

Thats not right! interface vmx2_vlan115 should be passive!!! That should read vmx1 as the interface name.

The log below shows that it even starts trying a neighbour election on the incorrect interface!

Code: [Select]

2018/09/23 12:21:51 OSPF: ospfd 3.0.3 starting: vty@2604
2018/09/23 12:21:51 ZEBRA: client 17 says hello and bids fair to announce only ospf routes
2018/09/23 12:21:51 OSPF: MPLS-TE(initialize_linkparams) Could not find corresponding OSPF Interface for enc0
2018/09/23 12:21:51 OSPF: MPLS-TE(initialize_linkparams) Could not find corresponding OSPF Interface for lo0
2018/09/23 12:21:51 OSPF: MPLS-TE(initialize_linkparams) Could not find corresponding OSPF Interface for pflog0
2018/09/23 12:21:51 OSPF: MPLS-TE(initialize_linkparams) Could not find corresponding OSPF Interface for pfsync0
2018/09/23 12:21:51 OSPF: interface 160.119.216.38 [1] join AllSPFRouters Multicast group.
2018/09/23 12:21:51 OSPF: SPF: Scheduled in 0 msec
2018/09/23 12:21:51 OSPF: MPLS-TE(initialize_linkparams) Could not find corresponding OSPF Interface for vmx2
2018/09/23 12:21:51 OSPF: SPF: Scheduled in 50 msec
2018/09/23 12:21:52 OSPF: SPF Processing Time(usecs): External Routes: 8

2018/09/23 12:22:01 OSPF: DR-Election[1st]: Backup 160.119.216.38
2018/09/23 12:22:01 OSPF: DR-Election[1st]: DR     160.119.216.33
2018/09/23 12:22:01 OSPF: DR-Election[2nd]: Backup 160.119.216.38
2018/09/23 12:22:01 OSPF: DR-Election[2nd]: DR     160.119.216.33
2018/09/23 12:22:01 OSPF: interface 160.119.216.38 [1] join AllDRouters Multicast group.
2018/09/23 12:22:01 OSPF: DR-Election[1st]: Backup 160.119.216.38
2018/09/23 12:22:01 OSPF: DR-Election[1st]: DR     160.119.216.33
2018/09/23 12:22:01 OSPF: Packet[DD]: Neighbor 160.119.216.106 Negotiation done (Slave).
2018/09/23 12:22:01 OSPF: SPF: Scheduled in 0 msec
2018/09/23 12:22:01 OSPF: SPF: Scheduled in 0 msec
2018/09/23 12:22:02 OSPF: SPF Processing Time(usecs): External Routes: 12

2018/09/23 12:22:06 OSPF: SPF: Scheduled in 0 msec
2018/09/23 12:22:06 OSPF: nsm_change_state(160.119.216.106, Loading -> Full): scheduling new router-LSA origination
2018/09/23 12:22:07 OSPF: SPF Processing Time(usecs): External Routes: 94

2018/09/23 12:22:31 OSPF: DR-Election[1st]: Backup 160.119.216.241
2018/09/23 12:22:31 OSPF: DR-Election[1st]: DR     160.119.216.241
2018/09/23 12:22:31 OSPF: DR-Election[2nd]: Backup 0.0.0.0
2018/09/23 12:22:31 OSPF: DR-Election[2nd]: DR     160.119.216.241
Thanks in advance, and best regards to all.

Alex