Topics

1

24.7 Production Series / [SOLVED] DNSv6 automatically advertised in ISC DHCP

« on: July 28, 2024, 10:51:10 pm »

Hello,

When I run the DNS service on OPNSense, the IPv6 number of the router is automatically advertised with DHCP leases while I have only one IPv4 configured there.
This IPv4 number is of my Pi-hole server that is the main DNS server so I don't want let hosts use the IPv6 address directly but ONLY use the pi-hole server.

The reason I also have OPNSense DNS setup is because of resolving hostnames set by DHCP. So this is configure as conditional DNS server in PiHole config.

How can I prevent ISC DHCP also give the IPv6 address with all leases?

2

23.7 Legacy Series / Speed drop at max speed

« on: September 13, 2023, 08:41:25 pm »

Hello,

I have a N100 mini router with 4x 2.5Gb ports. This box has 16GB memory and runs OPNSense natively on its SSD.
The ISP (KPN Fiber) uplink is 1000/1000 Mbit/s and is directly connected, so no modem in between.

When I do a speed test the download speed goes right to around 930Mbit but then immediately drops to around 600Mbit.
The upload test also goes to this 930Mbit but stays around this speed and looks fine.

When I replace the OPNSense box with the providers modem then the speedtest remains stable at 930 for both down- and upload.

Any idea why I have this problem?

At max download the CPU is just having 50% load and memory is also fine.

3

23.7 Legacy Series / OpenVPN not starting in the GUI

« on: August 19, 2023, 10:55:03 pm »

For pretty long time I have the issue that OpenVPN is not starting after reboot in the GUI while it is actually started in background.
I have to kill the openvpn process manually in CLI in order to get it working again.

I found similar posts having this issue but no fix. Is there a solution already?

4

19.1 Legacy Series / [SOLVED] OpenVPN tunnel with Synology SRM

« on: March 23, 2019, 12:28:19 pm »

Hello,

I'm trying to get a OpenVPN tunnel working with static ip's and routing but I don't get it working properly.

My situation:

OPNsense LAN Network = 192.168.2.0/24
Synology Remote Network = 192.168.10.0/24
Tunnel network = 192.168.6.0/24

I do get a connection working but the Synology SRM is always getting 192.168.6.6 with 6.5 as gateway while the OPNSense has 6.1 and thinks 6.2 is the remote. Obviously the 6.5 does not exist, neither does 6.2.

I just want to have OPNSense as always be 6.1 and the Synology always get 6.2 so I can setup static routing.
Already tried client specific overrides with username as Common Name and adding ifconfig-push 192.168.6.2 192.168.6.1; but it does not help.

What can I do? Had anyone a OpenVPN tunnel working with a Synology SRM and static IP's?

Many thanks in advance.

5

19.1 Legacy Series / Site-to-Site VPN to Synology router fails

« on: March 18, 2019, 09:11:01 pm »

Hi,

I'm trying to setup a site-to-site between my OPNSense 19.1 and a Synology 1900ac router.

While I have the settings on both end exactly the same it doesn't connect.
The output is below. I changed my OPNSense address here to O and Synology to S for security reasons.

Code: [Select]

Mar 18 21:00:13 router charon: 09[NET] <412> received packet: from S.S.S.S[500] to O.O.O.O[500] (204 bytes)
Mar 18 21:00:13 router charon: 09[ENC] <412> parsed ID_PROT request 0 [ SA V V V V V V ]
Mar 18 21:00:13 router charon: 09[IKE] <412> received DPD vendor ID
Mar 18 21:00:13 router charon: 09[IKE] <412> received FRAGMENTATION vendor ID
Mar 18 21:00:13 router charon: 09[IKE] <412> received NAT-T (RFC 3947) vendor ID
Mar 18 21:00:13 router charon: 09[IKE] <412> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Mar 18 21:00:13 router charon: 09[IKE] <412> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Mar 18 21:00:13 router charon: 09[IKE] <412> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Mar 18 21:00:13 router charon: 09[IKE] <412> S.S.S.S is initiating a Main Mode IKE_SA
Mar 18 21:00:13 router charon: 09[CFG] <412> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Mar 18 21:00:13 router charon: 09[ENC] <412> generating ID_PROT response 0 [ SA V V V V ]
Mar 18 21:00:13 router charon: 09[NET] <412> sending packet: from O.O.O.O[500] to S.S.S.S[500] (160 bytes)
Mar 18 21:00:13 router charon: 09[NET] <412> received packet: from S.S.S.S[500] to O.O.O.O[500] (396 bytes)
Mar 18 21:00:13 router charon: 09[ENC] <412> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Mar 18 21:00:13 router charon: 09[ENC] <412> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Mar 18 21:00:13 router charon: 09[NET] <412> sending packet: from O.O.O.O[500] to S.S.S.S[500] (396 bytes)
Mar 18 21:00:13 router charon: 09[NET] <412> received packet: from S.S.S.S[500] to O.O.O.O[500] (92 bytes)
Mar 18 21:00:13 router charon: 09[ENC] <412> parsed ID_PROT request 0 [ ID HASH ]
Mar 18 21:00:13 router charon: 09[CFG] <412> looking for pre-shared key peer configs matching O.O.O.O...S.S.S.S[myvpn.ddns.net]
Mar 18 21:00:13 router charon: 09[IKE] <412> found 1 matching config, but none allows pre-shared key authentication using Main Mode
Mar 18 21:00:13 router charon: 09[ENC] <412> generating INFORMATIONAL_V1 request 620821303 [ HASH N(AUTH_FAILED) ]
Mar 18 21:00:13 router charon: 09[NET] <412> sending packet: from O.O.O.O[500] to S.S.S.S[500] (108 bytes)
Any idea? I already changed both to Aggressive mode, or just one on aggressive. Nothing helps.
It just changes the error to "found 1 matching config, but none allows pre-shared key authentication using Aggressive Mode"

Hope you can help.

BiTRiP

6

19.1 Legacy Series / A Problem was detected....after adding Certificate Authority

« on: March 13, 2019, 04:03:32 pm »

Hi,

I created a OpenVPN tunnel beween my OPNSense router and a remote Synology Router. The Synology is the server so OPN connects as client.
In order to get the link working I had to add an Authority with a certificate.
After successfully creating this authority I get error on login at OPNSense:

Code: [Select]

PHP Fatal error:  Uncaught ArgumentCountError: Too few arguments to function OPNsense\OpenVPN\Api\ExportController::accountsAction(), 0 passed and exactly 1 expected in /usr/local/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php:205
Stack trace:
#0 [internal function]: OPNsense\OpenVPN\Api\ExportController->accountsAction()
#1 [internal function]: Phalcon\Dispatcher->callActionMethod(Object(OPNsense\OpenVPN\Api\ExportController), 'accountsAction', Array)
#2 [internal function]: Phalcon\Dispatcher->dispatch()
#3 /usr/local/opnsense/www/api.php(26): Phalcon\Mvc\Application->handle()
#4 {main}
  thrown in /usr/local/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php on line 205
Any idea how to get rid of this error/bug?

Thanks in advance,
BiTRiP

7

18.7 Legacy Series / OpenVPN speed

« on: December 23, 2018, 04:27:42 pm »

Hello,

I'm currently running OPNsense 18.7.9-amd64 and configured a static OpenVPN connection to my vpn provider, CyberGhost.
Unfortunately, I noticed that the speed via OPNSense is much worse than using their client straight on my desktop.

Using their client I can max out my speed of 200Mbit/s. Doing the same thing via OPNSense by downloading from the same source, I get only 80Mbit.
The OPNSense machine is not doing much, just 10-11% cpu usage while downloading.

Any ideas to solve this?

Thanks.

8

18.7 Legacy Series / Specific websites via VPN

« on: November 23, 2018, 11:59:16 am »

Hi all,

I have a OpenVPN to CyberGhost running on my OPNSense.
With help of aliases and rules I can define which hosts in my network goes outbound via this OpenVPN gateway.
Works flawlessly!

For the hosts in my LAN that uses regular WAN interface to go outside I want to define specific urls to go via VPN.
So I made a new alias (type URL/IP) called "SecretSites" where I fill in sites like 'checkip.org'
Then I made another alias (type hosts) called 'Filtered_Hosts' where I define ip's in my LAN that is gonna use this rule.
So I created a rule on the LAN interface, Protocol any, source 'Filtered Hosts', destination 'SecretSites' and gateway my VPN interface. The rest is default.

Somehow it's not working. If I go to checkip.org I still see my ISP ip and not VPN ip.
What can be wrong. This rule is also above my other LAN rules. Pull and push routes are disabled on VPN.

Hope you can help.

Thanks,
BiTRiP